- From: Ron Daniel, Jr. <rdaniel@lanl.gov>
- Date: Thu, 01 May 1997 08:48:23 -0600
- To: Jon Radoff <jradoff@novalink.com>
- Cc: w3c-dist-auth@w3.org
At 05:58 PM 4/30/97 -0700, Jon Radoff wrote: >I'm not so sure that ACLs should be included. I think that the issues >surrounding permissions on a network are too complex -- current ACL >infrastructures are already falling short. I think that permission >control on the network should be addressed in a separate context. Can you imagine the drubbing a vendor would take in the press and on the net if they shipped tools without any means for controlling who could and could not add pages to a site? Security of the authoring environment is a serious issue that will be addressed - if not here then by the implementors as they roll out DAV-compliant tools. The only way for the security mechanisms of those tools to stand a chance of interoperation is for this group to specify the mechanisms. The main point of your objection seems to be that current ACL mechanisms are not coping with all the complexitites of the networked environment, therefore we should not do anything about ACLs until a mechanism is found that can deal with those complexities. I have some agreement with the premise, but disagree totally with the conclusion. If this group can do only as much as specify the way to indicate Read/Write/Execute permission for Owner/Group/World then I think we will have a 95% solution to the problem. More than good enough for the needs of this group. If implementors want to go beyond that to tackle further problems in ACLs, they can use that as a selling point. Interoperation is our goal. Regards, Ron Daniel Jr. voice:+1 505 665 0597 Advanced Computing Lab fax:+1 505 665 4939 MS B287 email:rdaniel@lanl.gov Los Alamos National Lab http://www.acl.lanl.gov/~rdaniel Los Alamos, NM, USA, 87545
Received on Thursday, 1 May 1997 10:49:45 UTC