RE: Access Control Draft

• To: w3c-dist-auth@w3.org
• Subject: RE: Access Control Draft
• From: "Myers, James D" <jim.myers@pnl.gov>
• Date: Fri, 16 May 1997 10:30:51 -0700
• From w3c-dist-auth-request@www10.w3.org Fri May 16 13: 30:29 1997
• Message-id: <01IIXN4JSUJ68WWT4I@pnl.gov>
• X-Authentication-Warning: www10.w3.org: Host relay.pnl.gov [130.20.20.36] claimed to be pnl.gov
• X-List-URL: http://www.w3.org/pub/WWW/Archives/Public/w3c-dist-auth/
• X-Mailer: Internet Mail Service (5.0.1457.3)
• X-Priority: 3
• X-See-Also: http://www.ics.uci.edu/~ejw/authoring

	>We should however specify and API whereby the access control
can be provided >by
	>a third party application (server extension) on the server side
thereby
	>relieving the server providers from the necessity of providing
the functionality
	>(they only have to support the API).

I like this approach. The third party application would have to
understand the userid and translate from the WebDAV permission set
(read, modify, delete, ...whatever they turn out to be) to the platform
dependent security that exists, and give a yes/no response. This would
allow such a "policy engine" to decide that a certain user, who is in
some "day shift" group, can only access certain file from 9-5pm, with NO
special changes to WebDAV. The policy engine could also be a simple
direct translation to file system permissions. Doesn't matter what it
does. 
The API could simply be: send in a userid and a list of permissions
(standardized by WebDAV) to check, and get back a yes/no response.

James D. Myers, Ph.D.
Environmental Molecular Sciences Laboratory
Pacific Northwest National Laboratory
MS K1-87, 999 Battelle Blvd.
Richland, WA 99352
509-375-2252
Fax: 509-375-6631
Jim.Myers@pnl.gov, jd_myers@pnl.gov
http://www.emsl.pnl.gov:2080/docs/collab/

• Prev: Re: Access Control Draft
• Next: Re: Access Control Draft
• Index: Message index of w3c-dist-auth@w3.org mailing list
• Thread: Thread index of w3c-dist-auth@w3.org mailing list