W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: Access Control Draft

From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 15 May 1997 20:20:54 -0400 (EDT)
Message-Id: <199705160020.UAA23697@muesli.ai.mit.edu>
To: jradoff@novalink.com
Cc: gjw@wnetc.com, w3c-dist-auth@w3.org
I'm a bit worried by the direction this group is taking. It should
really do no more than propose a set of requirements for security 
problems. I do not see people who are primarilly security people
posting to this group (I may have missed them).

Please rememebr that security can be a serious rat hole, particularly 
if questions such as access control are to be discussed. to discuss
security seriously I would like to see someone such as Jeff Schiller,
Butler Lampson, Ron Rivest or Taher ElGamal involved. I would urge
the group to look to other working groups such as SPKI to solve this
aspect of the problem.

I would not particularly recommend the API approach. I have serious
doubts about GSAPI, particularly since it does not solve the problem
it was intended to (export) and I have never quite been able to wring
a coherent explanation of objectives, purpose or mechanism from 
the specs. I get the same feeling that I get when reading the 
Windows NT operating system manuals, mechanism without explanation
of stategy or architecture.

Received on Thursday, 15 May 1997 20:21:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:10 UTC