RE: ACL Draft

1) That is an issue for the underlying access control mechanism, not the
ACL protocol.
2) Many systems do not depend upon location as a basis for access
control. So it would be more like "the basic model for access control is
that who you are and POTENTIALLY where you're connecting from
determines..."

Either way, I do not believe the issue is germane to ACLs as access
control is handled "below" the ACL protocol. The only issue the ACL
protocol need concern itself with is a mechanism by which it can
identify a principal. So for example a principal identifier might be:
<xyz-auth-mech><location>www.user.personal.com</location><userid>JoeUser
</userid></xyz-auth-mech>

As far as the ACL protocol is concerned the above is just an opaque
identifier. It may be meaningful to some particular authentication
mechanism, but the ACL protocol doesn't need to worry about that.

			Yaron

> -----Original Message-----
> From:	Larry Masinter [SMTP:masinter@parc.xerox.com]
> Sent:	Wednesday, October 22, 1997 9:09 AM
> To:	Howard Palmer
> Cc:	Yaron Goland; W3c-Dist-Auth (E-mail)
> Subject:	Re: ACL Draft
> 
> To put it another way, you'd like
> 
> >   The basic model for access control, informally expressed, is that
> >    who you are determines how you can access a resource....
> 
> to change, so that 
> 
>   the basic model for access control is that
>   who you are and where you're connecting from determines ...
> 
> Larry
> -- 
> http://www.parc.xerox.com/masinter

Received on Wednesday, 22 October 1997 14:14:30 UTC