Re: Access Control Draft
H:Date: Mon, 19 May 1997 14:43:42 -0700 (PDT)
H:From: "Gregory J. Woodhouse" <firstname.lastname@example.org>
H:To: Jim Whitehead <email@example.com>
H:cc: firstname.lastname@example.org, email@example.com
H:Subject: Re: Access Control Draft
H:I agree that our approach to access control should not imply a set of
H:roles which are too specific to a particular application or document
H:management strategy. Instead, I think we should adopt a general scheme
H:such as UNIX-style groups, VMS style privileges and rights, or our system
H:of keys. Any one of these schemes would suit our needs without locking us
H:into a specific set of roles.
H:firstname.lastname@example.org / http://www.wnetc.com/home.html
H:If you're going to reinvent the wheel, at least try to come
H:up with a better one.
a silly question perhaps (excuse me if this has been discussed previously):
is there some reason why something vaguely like the "certificate"
systems being used in electronic commerce couldn't work in this
context? That is, the "document-set-owner" issues "tokens" to
authors who need to be allowed to access/modify documents in the
set. When one of those authors wants to "check in" a modified
document or document-part, he or she must be able to accompany his
work with the proper "token".
Note: I'm not saying anything about the complexity of the token, nor the
protocol for issuing or recognition nor any of the details.
I'm just sketching a model.
Howard S. Modell
Adv.Computing Technologist/2 POBox 3707, m/s 4A-25, Boeing D&SG
email@example.com Seattle, WA 98124-2207
http://warlok.ds.boeing.com/~howie/ (206)662-0189[v] (206)662-4018[f]