W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: Access Control Draft

From: Larry Masinter <masinter@parc.xerox.com>
Date: Fri, 16 May 1997 15:54:28 PDT
Message-ID: <337CE5A4.F87@parc.xerox.com>
To: Jim Whitehead <ejw@ics.uci.edu>
CC: w3c-dist-auth@w3.org
I actually thought that you could ignore access control completely
except for two things:

1) how does an author CHANGE the access policy of a resource
2) how does an author SPECIFY the access policy of a new resource

and that (2) could be defined as
   Inherit the default access policy and then do (1)
   (There's an unfortunate window when items have the wrong
    access policy).

However, it should be possible to do (1) and (2) for a wide
range of different kinds of access policies.

It might be that every resource has a related linked resource
which is its access policy, and that the access policy could
be retrieved as text/html (in which case you would get a form
that would allow you to modify it, if you were so authorized)
or as some other representation (which a program that was
knowledgable about the structure of access policies on the
particular server would be able to directly manipulate it).

It might be that access policies should be linked to 'realms'
rather than 'resources' where a 'realm' was some well-defined
extension set of resources.

I'm not sure how the discussion got off into APIs and CORBA,

Received on Friday, 16 May 1997 21:34:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:10 UTC