Re: Automatic Entry and Forms

On Mon, 26 Feb 1996, Scott E. Preece wrote:

> 
> I guess I'd like to see the browser associate a privilege level with
> each datum it caches.  Authorization would not be required for data the
> user indicated to require no privilege.  
> I guess I would then add an ACL
> mechanism to grant specific privilages to specific domains.
> 
> Sending privileged data to an unprivileged site would require a specific
> prompt and verification.
> 
This can not be done on a per site basis since we already have org X 
and org Y sharing site www.myISP.net with relative URL's ~X and ~Y.

Additionally we have the issue that org X might have two forms. One is
published as intended for a purpose that is acceptable but the other
publically posted as used for mailing lists or some unwanted purpose.

This would lead to considering URL level ACL's.

The issue of how a forms purpose could change between visits by
a user is a sticky one. There is no way that an automatic mechanism
could detect such a change.

> |   (E.g. we could then consider functionality like allowing
> |   information XXXX.YYYY.* to site AAAAA but not site BBBBB. 
> 
> I suggested an access control mechanism above.  At any rate, the access
> control mechanism has to be in the browser and the field value cache,
> not in the naming mechanism.  The user's level of concern about each
> value has to be controlled on the user's side, not implied by the name
> of the field or its defining agency.
>
Agreed - but a logical grouping could facilitiate the user. If the
user has to manage each datum's permisions then the chore might be
too unwelcomed and hence unused. If a user could set *.Personal.* 
as private with the exceptions of URL's X,Y and Z then any newly
define personal field is already permissioned. Also to allow an
URL W to be filled with personal information one need add it only
once.

Adam
--
+1-203-730-5437 | http://www.micrognosis.com/~ajack/index.html

Received on Tuesday, 27 February 1996 09:08:07 UTC