W3C home > Mailing lists > Public > www-talk@w3.org > July to August 1995

Re: 3 Proposals: session ID, business-card auth, customer auth

From: Roy Fielding <fielding@beach.w3.org>
Date: Wed, 19 Jul 1995 21:53:36 -0400
Message-Id: <199507200153.VAA32082@beach.w3.org>
To: "Dale Dougherty" <dale@ora.com>
Cc: www-talk@www10.w3.org
Dale writes:

>I'm getting uncomfortable that you are attaching
>your policy to technical capabilities.  The information
>provider and the customer should negotiate policy.  The system should
>have every capability that's possible and practical in such an arrangement.  

Sorry, that's not always a valid argument.  Those of us that are engineers
have an ethical duty to design systems such that the user is protected.
There are quite a few technical possibilities that most users and most
information providers are not aware of, and it isn't practical to teach
them prior to an exchange of information.  Our job is to ensure that
systems are designed to allow both functionality *and* safety.

>The Web is going to have a hard time if its designers believe
>they can implement a certain kind of policy by making it 
>impossible for two parties to trade information reliably
>and efficiently.  

I don't think that was under consideration -- it is not what is
traded, but how it is traded.  The user must be prompted and in
control of any transaction.

 ....Roy T. Fielding  Department of ICS, University of California, Irvine USA
                      Visiting Scholar, MIT/LCS + World-Wide Web Consortium
                      (fielding@w3.org)                (fielding@ics.uci.edu)
Received on Wednesday, 19 July 1995 21:55:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:32:57 UTC