W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: ACLs

From: -=jack=- <jack@twaxx.twaxx.com>
Date: Fri, 2 May 1997 08:22:10 -0700 (PDT)
To: Dave Hollander <dmh@hpsgml.fc.hp.com>
cc: w3c-dist-auth@w3.org
Message-ID: <Pine.SGI.3.95.970502081348.28418B-100000@twaxx.twaxx.com>
> > but would focus on developing specifications for protocol extensions, 
> > ACLs and the like.
> > 
> I believe that DAV should touch on security, but please do not insist
> on ACLs. The exact binding of security attributes to system 
> implementation must be left to the application to allow alternatives
> to ACLs to grow.
> Regards,
> Dave Hollander

I believe the API approach will allow for such modularity, or
is that of concern to you?  Are there problems with the API based
approach described in the last couple days, and if so, would you
describe the inadequacies so they may be addressed?  It's nearly
possible to allow distributed authoring without access control and
related issues; what it seems we're trying to do is establish a
framework within which these issues can be addressed, and it was
my feeling that the API based approach setting a minimum level of
necessary functionality tended to allow the freedom to have things
like (what was previously called) 'authentication data', for ex.,
conform to certain specifications, but be able to go above and
beyond that to provide more.  Is this approach insufficient for
your needs?  If so, how?  Thanks ... ;-)


(This text composed by voice)
Received on Friday, 2 May 1997 11:22:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:10 UTC