Re: Access Control Draft

> 
> I'm not sure where this is headed.  HTTP already defines standard methods
> which are associated with resources, "read" is known as "GET", "write" is
> known as "PUT", and "delete" is known as "DELETE."  What is the benefit of
> giving these known, well-defined methods new names?  Or are you suggesting
> something similar to the AOLserver model, where they sometimes create
> pseudo methods for assigning access control rights.

The "methods" I'm talking about here aren't HTTP methods.  It
is probably closer to the AOLserver model in that there are
"security permission methods" such as read, mody, etc.
 
> Work on CORBA is outside the scope of activity of this working group, as
> specified in our charter.  But, I agree with you, once an interface
> standard has been developed, its packaging in various other formats (CORBA,
> RPC, etc.) is much easier.

I'm not proposing that we work on a CORBA spec;  simply that an
object-based approach with security methods would support this
type of encapsulation model.

I agree that we are probably drifing into too many areas of
proposed design, but I think it may be helpful to expose weaknesses
in going down particular paths with respect to the requirements.
We don't want a requirements document which is unworkable either
within our charter or from a techno-political standpoint.

Jon

Received on Thursday, 22 May 1997 12:55:04 UTC