[Prev][Next][Index][Thread]

Re: Access Control Draft



Fisher Mark wrote:
> 
> 1) Authentication -- are you who you say you are?
> 2) Access Control -- are you allowed to perform this operation in this
> way?
> 3) Auditing -- just what was it that you did?
> 4) Encryption -- Is your data protected from prying eyes?
> 

I would agree that 3 and 4 are out of scope.  Defining #1 is
also out of scope, because there are many others working on that
components.  Our role here should be to determine which #1
we are going to support.

The purpose of the Access Control document will be concerned
principally with #2.


References: