Re: Access Control Draft
Aren't there two issues here:
a) The "initialization" set of issues: How do I setup the access
control policy, how do I specify it, etc. (the I here could be an
author or an information provider or whatever).
b) The "steady-state" set of issues: What access control policies come
into effect based on the "state" of the resource/document.
From a protocol perspective, the second is as thorny issue to address
as the first.
Also, as I said in an earlier message, all this need to be partitioned
off based on the type of user, type of task, and possibly others.