Re: Automatic Entry and Forms

Adam Jack (ajack@corp.micrognosis.com)
Tue, 27 Feb 1996 09:11:22 -0500 (EST)


Date: Tue, 27 Feb 1996 09:11:22 -0500 (EST)
From: Adam Jack <ajack@corp.micrognosis.com>
To: "Scott E. Preece" <preece@predator.urbana.mcd.mot.com>
Cc: www-html@w3.org
Subject: Re: Automatic Entry and Forms 
In-Reply-To: <199602261521.JAA08341@predator.urbana.mcd.mot.com>
Message-Id: <Pine.SUN.3.91.960227084729.6610D-100000@singhi>

On Mon, 26 Feb 1996, Scott E. Preece wrote:

> 
> I guess I'd like to see the browser associate a privilege level with
> each datum it caches.  Authorization would not be required for data the
> user indicated to require no privilege.  
> I guess I would then add an ACL
> mechanism to grant specific privilages to specific domains.
> 
> Sending privileged data to an unprivileged site would require a specific
> prompt and verification.
> 
This can not be done on a per site basis since we already have org X 
and org Y sharing site www.myISP.net with relative URL's ~X and ~Y.

Additionally we have the issue that org X might have two forms. One is
published as intended for a purpose that is acceptable but the other
publically posted as used for mailing lists or some unwanted purpose.

This would lead to considering URL level ACL's.

The issue of how a forms purpose could change between visits by
a user is a sticky one. There is no way that an automatic mechanism
could detect such a change.

> |   (E.g. we could then consider functionality like allowing
> |   information XXXX.YYYY.* to site AAAAA but not site BBBBB. 
> 
> I suggested an access control mechanism above.  At any rate, the access
> control mechanism has to be in the browser and the field value cache,
> not in the naming mechanism.  The user's level of concern about each
> value has to be controlled on the user's side, not implied by the name
> of the field or its defining agency.
>
Agreed - but a logical grouping could facilitiate the user. If the
user has to manage each datum's permisions then the chore might be
too unwelcomed and hence unused. If a user could set *.Personal.* 
as private with the exceptions of URL's X,Y and Z then any newly
define personal field is already permissioned. Also to allow an
URL W to be filled with personal information one need add it only
once.

Adam
--
+1-203-730-5437 | http://www.micrognosis.com/~ajack/index.html