- From: Duncan White <d.white@surrey.ac.uk>
- Date: Wed, 08 Mar 1995 16:44:51 +0000
- To: www-talk@www10.w3.org
- Cc: D.White@ee.surrey.ac.uk, alvin@eyepoint.com
Alvin Starr <alvin@eyepoint.com> wrote:
> I would argue that the agent is not as important as who's agent is it.
> If you give a person access to your system then what is wrong with giving
> their agent the same access. In this way all of the standard security rules
> that apply to normal users should apply to their agents.
Alvin now adds (in a separate message):
>If you anonymous FTP to a system and you are allowed access then at that
>point you are a user. what about loggin into a system as GUEST?. Why not
>allow "user" login and access based on other criteria then the fact that
>an administrator has created a login and password for you. Why not use the
>net ID of the person logging in. That way a system could limit access based
>on user information provided at login. Various levels of access could be
>proviede based on the ability to validate the users origin.
Ok; I agree that there could be a "guest" agent account, rather low-privilege,
with the option of gaining additional privilege only if the agent can be
proven to come from a trustworthy site/user. But you'd have to beware network
impersonations, so I guess there might have to have some unforgable digital
signature on the agent, perhaps summat like PGP?
I rather suspect that, in practice, most agents would run as the guest agent
account. I'm not entirely convinced that the complexity (digital signatures
etc) you add to get the higher levels of privilege is worth it, but that's
just a gut feeling..
I had said, in an earlier message:
> So, how about the host donating only a certain maximum run time to an
> individual agent, and running no more than a certain number of agents at once?
> ie. The host could forcibly cease interpreting/running the agent after a given
> run time has elapsed. When an agent arrives on a host, it could effectively
> negotiate its time limit with its new host. For example, the agent might
> declare that it wants to run for up to 10 minutes, whereas the host might only
> be prepared to let it run for 1 minute. The host obviously must have the last
> word (since this is cooperative processing on other people's machines), and
> could then inform the agent that 1 minute is all it's getting. This could be
> used by the script to change how "deeply" it searches, perhaps..
Alvin replies:
>Yes. Yes. Yes. All we need is more accounting and control information
>associated with files. Allong with ACL's and ICL's.
Ummm.. at the risk of showing my ignorance, what are ACLs and ICLs?
Glad you like the idea (I'm sure it's not original, but no one seemed to be
mentioning it in the discussion)... As you say, we would then need to think
about file access privilege, and a major area for a Web scripting language
must be what it does onscreen in terms of user interface control and
presentation of results etc. All these will be very important..
>Alvin Starr || voice: (905)513-6717
>Eyepoint Inc. || fax: (905)513-6718
>alvin@eyepoint.com ||
cheers,
duncan
------------------------------------------------------------------------------
Duncan C. White, Software Support Officer, Room 36BB20, Dept. of Elec Eng,
University of Surrey, Guildford, Surrey GU2 5XH, UK.
Email: D.White@ee.surrey.ac.uk Direct phone: +44 1483 259826
Fax: +44 1483 34139
URL: http://www.ee.surrey.ac.uk/showstaff?D.White
------------------------------------------------------------------------------
"Aaarrgh! There's the monster!"
"What, behind that rabbit?"
Monty Python and the Holy Grail
----------------------------------------------------------------------------
Received on Wednesday, 8 March 1995 12:11:29 UTC