- From: Paul Leach <paulle@microsoft.com>
- Date: Thu, 23 Oct 1997 19:04:55 -0700
- To: w3c-dist-auth@w3.org, "'Larry Masinter'" <masinter@parc.xerox.com>
> ---------- > From: Larry Masinter[SMTP:masinter@parc.xerox.com] > Sent: Wednesday, October 22, 1997 11:21 PM > To: w3c-dist-auth@w3.org > Subject: Re: ACL Draft > > > Basing ACL decisions on unauthenticated information of the kind this > > example implies is pretty worthless from a security standpoint, even > if > > it is common practice. > > If I want to restrict access to my file server so that only "Paul > Leach" > can read it, well, I probably am willing to accept that I can't > authenticate > that it's really you, and not just someone who learned your password. > All information is authenticated only to a degree. It's a policy > decision as to what information to trust in order to make access > decisions. > You are right that no security (or authentication) is perfect -- it's a truism. You are also right that whether or not to accept any particular level of security is a matter of policy. For example, the IESG has made a policy that it won't accept any new protocols that rely on weak authentication mechanisms such as plaintext passwords -- and I would argue that this is just as weak, and hence not allowed by that policy. However, as I said before, this needn't violate the model of "principal IDs". > As for user perception of the complexity of booleans: we're talking > about the PROTOCOL here. Whether you let the user's see the booleans > directly or have some kind of check-box interactive display is an > interface issue. > If you can show me at least one UI design that hides this complexity, I'll buy it. Until then, it will be true that I've never seen a UI that can make anything simpler than the underlying intrinsic complexity -- it's the law of conservation of complexity. Paul
Received on Thursday, 23 October 1997 22:05:18 UTC