- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Wed, 22 Oct 1997 14:24:31 PDT
- To: Paul Leach <paulle@microsoft.com>
- CC: Howard Palmer <hep@netscape.com>, Yaron Goland <yarong@microsoft.com>, w3c-dist-auth@w3.org
> The traditional way of dealing with this is instead to say that the > "who" can contain lots of internesting info, such as where you are > connecting from. In other words, if it matters (for secuyrity purposes) > that "who" connecting from home and "who" connecting from work, then > they are different "who"s -- i.e., they are different principals. The traditional way of dealing with this in systems that support ACLs doesn't match the web's way of dealing with this. In this case, the user trying to access information has many attributes, only one of which is their authenticated identity. Now, this can get arbitrarily complex, and I'm not asking that it be arbitrarily complex, but at least complex enough to implement the *very common* authentication policy on the web: everyone from site *.blah.com has access, but users from any other site have to log in. Larry -- http://www.parc.xerox.com/masinter
Received on Wednesday, 22 October 1997 19:46:04 UTC