Re: ISSUE-10 (client-server): Client and Server model [Access Control]

I don't think we have seen any alternative proposals for putting the 
policy *enforcement* on the server. It also seems very hard to me to 
rely on the server enforcing the policy, while still protecting legacy 
servers, since they currently do not perform any such enforcement.

What I have seen suggestions for though is a simpler policy language 
that doesn't send a full white-list to the client, but rather just a 
yes/no decision to the client.

/ Jonas

Received on Monday, 23 June 2008 21:35:41 UTC