- From: Jose Kahan <jose.kahan@w3.org>
- Date: Thu, 2 Mar 2006 11:58:03 +0100
- To: public-appformats@w3.org
(resending to public list. Apologies for multiple postings)
Hi,
Some brief comments on things you may want to consider:
1. Access control vocabulary
It may be useful to look at the vocabulary currently used by
TCP wrapper "ACCEPT, DENY, EXCEPT, PARANOID, UNNKOWN, LOCAL, ALL:.
In particular, it's interesting to be able to define a security
policy such as "deny all access except for ..." or the opposite
way.
2. HTTP methods?
You may want to add some web methods too (entity B can only read
this data, but should not do a post or put with it...) I'm not
sure if this is interesting for your use cases.
3. What happens when a document is stored is cached or accessed behind
a proxy?
4. What happens when an application is denied access to part of a
document. How this is going to be reported to the user? Will this
application still be able to access a well-formed XML document?
5. Prior art that may be interesting:
- University of Milan work on access control rules for documents
(server side)... it's the group of Elisa Bertino. Mail me if
you need more references.
- TCP wrapper, mentioned above
- There was an internet-draft by Dave Ragget about cross-domain
authentication, to avoid having to type the same password.
What is interesting here is the vocabulary used to specify
which domains were authorized / constrained.
Hope this helps. Looking forward to review a new version of the draft with
more use cases.
-jose
Received on Thursday, 2 March 2006 10:58:56 UTC