- From: Yaron Goland <yarong@microsoft.com>
- Date: Wed, 22 Oct 1997 11:14:11 -0700
- To: "'Larry Masinter'" <masinter@parc.xerox.com>, Howard Palmer <hep@netscape.com>
- Cc: "W3c-Dist-Auth (E-mail)" <w3c-dist-auth@w3.org>
1) That is an issue for the underlying access control mechanism, not the ACL protocol. 2) Many systems do not depend upon location as a basis for access control. So it would be more like "the basic model for access control is that who you are and POTENTIALLY where you're connecting from determines..." Either way, I do not believe the issue is germane to ACLs as access control is handled "below" the ACL protocol. The only issue the ACL protocol need concern itself with is a mechanism by which it can identify a principal. So for example a principal identifier might be: <xyz-auth-mech><location>www.user.personal.com</location><userid>JoeUser </userid></xyz-auth-mech> As far as the ACL protocol is concerned the above is just an opaque identifier. It may be meaningful to some particular authentication mechanism, but the ACL protocol doesn't need to worry about that. Yaron > -----Original Message----- > From: Larry Masinter [SMTP:masinter@parc.xerox.com] > Sent: Wednesday, October 22, 1997 9:09 AM > To: Howard Palmer > Cc: Yaron Goland; W3c-Dist-Auth (E-mail) > Subject: Re: ACL Draft > > To put it another way, you'd like > > > The basic model for access control, informally expressed, is that > > who you are determines how you can access a resource.... > > to change, so that > > the basic model for access control is that > who you are and where you're connecting from determines ... > > Larry > -- > http://www.parc.xerox.com/masinter
Received on Wednesday, 22 October 1997 14:14:30 UTC