- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Wed, 18 Sep 1996 15:14:26 PDT
- To: ben@algroup.co.uk
- CC: ejw@ics.uci.edu, w3c-dist-auth@w3.org
Personally, I think that the charter should be broad enough that we
might consider specific proposals for authorization models and access
permissions, even if we don't want to deep end on the topic.
No Internet standard can progress without at least touching on the
topic of security issues, and I don't think we can just ignore the
issue, without being clear about how such things will work in
practice.
Clearly, in order to meet the general needs, we can't rely on a
specific model ("ownership" and "file permissions"), but the protocol
might allow some registry of authentication models, and tunnel access
policy issues. After all, an access policy for a particular uploaded
item isn't so different from other kinds of random metadata (PICS
rating, MARC record, etc.) that one might want to send.
Larry
Received on Wednesday, 18 September 1996 19:12:17 UTC