- From: Paul Leach <paulle@microsoft.com>
- Date: Wed, 22 Oct 1997 15:12:13 -0700
- To: "'hep@netscape.com'" <hep@netscape.com>
- Cc: "'Larry Masinter'" <masinter@parc.xerox.com>, Yaron Goland <yarong@microsoft.com>, "W3c-Dist-Auth (E-mail)" <w3c-dist-auth@w3.org>
To stop a possibly long debate -- yes, we need to agree on what principal names are. I didn't mean to imply differently. I just said that we shouldn't do so in the ACL draft, but rather in an authentication draft. It is an issue of separation of concerns. The form of principal names and how a user or server proves that they are identified by a particular principal name is just totally orthogonal to the question of the ACL draft (as long as principal name can be encoded as a string). Futhermore, I don't want to be inventing authentication protocols in this WG -- there are other WGs for that purpose, and I want to rely on them. So, I'd be happy to say in the draft that (e.g.) Kerberos principal names (RFC 1510) are one way to specify principals -- and in the ACL draft, or some other DAV draft, we can say what the "mandatory to implement" authentication protocols are in order to insure DAV interoperability at all layers of the stack. Paul
Received on Wednesday, 22 October 1997 18:12:37 UTC