W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: Access Control Draft

From: Sankar Virdhagriswaran <sv@hunchuen.crystaliz.com>
Date: Tue, 13 May 1997 08:41:53 -0400
Message-Id: <>
To: Jon Radoff <jradoff@novalink.com>, w3c-dist-auth@w3.org, jradoff@novalink.com
>up in the Requirements draft.  If you have other issues that you
>think should be discussed, please send them to me.

Two major issues for access control in authoring situations is 

a) the partitioning of users and the type of operations that these users
can perform, and
b) State of the objects and the transactions being performed on these objects

>1.  Should an access control specification attempt to encompass any
>    of the following:
>    a) Potential extensions to HTTP;
>    b) A server-based API approach;
>    c) A file-oriented specification (e.g., an Access Control List
>       specification for the Web).

All of this should fall out from a better understanding of the
requirements. In any case, APIs have not been traditionally successful in
IETF like settings. Also, in the context of proxies, gateways, etc. dealing
with the protocol implicatin is lot more important. So perhaps we can focus
there first. File oriented specification is a start but web objects are not
just files.

Sankar Virdhagriswaran			p. no: 508 371 0404
Received on Tuesday, 13 May 1997 08:38:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:10 UTC