Re: March 8 Internet Draft of HTTP/1.0

Hi Roger,

> Summary: Need input on how to handle setting realm of new entity
>          and allowed methods within a realm.

What you're doing is initializing the access control list (ACL) for a
new document. There are alternatives to specifying it in the
header. If you're managing a hierarchical space, you can inherity the
ACL from the parent, or you can extend the parent to include an ACL
that descends to any new children. Or, if the space is not
hiearchical, you can define an ACL to apply to all new objects on a
per-realm, or ever per-server, basis. 

No matter what approach you take (including your current one), you
then have to deal with being able to change it later. Just as we're
slowly moving to distributed authentication/identity management
(with the MDA proposal), we'll need to go to distributed
group/attribute management, then distributed ACL management.


Received on Friday, 9 June 1995 12:47:28 UTC