- From: Hallam-Baker <hallam@ai.mit.edu>
- Date: Thu, 15 May 1997 20:20:54 -0400 (EDT)
- To: jradoff@novalink.com
- Cc: gjw@wnetc.com, w3c-dist-auth@w3.org
I'm a bit worried by the direction this group is taking. It should really do no more than propose a set of requirements for security problems. I do not see people who are primarilly security people posting to this group (I may have missed them). Please rememebr that security can be a serious rat hole, particularly if questions such as access control are to be discussed. to discuss security seriously I would like to see someone such as Jeff Schiller, Butler Lampson, Ron Rivest or Taher ElGamal involved. I would urge the group to look to other working groups such as SPKI to solve this aspect of the problem. I would not particularly recommend the API approach. I have serious doubts about GSAPI, particularly since it does not solve the problem it was intended to (export) and I have never quite been able to wring a coherent explanation of objectives, purpose or mechanism from the specs. I get the same feeling that I get when reading the Windows NT operating system manuals, mechanism without explanation of stategy or architecture. Phill
Received on Thursday, 15 May 1997 20:21:31 UTC