- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Fri, 16 May 1997 15:54:28 PDT
- To: Jim Whitehead <ejw@ics.uci.edu>
- CC: w3c-dist-auth@w3.org
I actually thought that you could ignore access control completely
except for two things:
1) how does an author CHANGE the access policy of a resource
2) how does an author SPECIFY the access policy of a new resource
and that (2) could be defined as
Inherit the default access policy and then do (1)
(There's an unfortunate window when items have the wrong
access policy).
However, it should be possible to do (1) and (2) for a wide
range of different kinds of access policies.
It might be that every resource has a related linked resource
which is its access policy, and that the access policy could
be retrieved as text/html (in which case you would get a form
that would allow you to modify it, if you were so authorized)
or as some other representation (which a program that was
knowledgable about the structure of access policies on the
particular server would be able to directly manipulate it).
It might be that access policies should be linked to 'realms'
rather than 'resources' where a 'realm' was some well-defined
extension set of resources.
I'm not sure how the discussion got off into APIs and CORBA,
though.
Larry
--
http://www.parc.xerox.com/masinter
Received on Friday, 16 May 1997 21:34:53 UTC