W3C home > Mailing lists > Public > www-html@w3.org > February 1996

Re: Automatic Entry and Forms

From: Adam Jack <ajack@corp.micrognosis.com>
Date: Tue, 27 Feb 1996 09:11:22 -0500 (EST)
To: "Scott E. Preece" <preece@predator.urbana.mcd.mot.com>
Cc: www-html@w3.org
Message-Id: <Pine.SUN.3.91.960227084729.6610D-100000@singhi>
On Mon, 26 Feb 1996, Scott E. Preece wrote:

> I guess I'd like to see the browser associate a privilege level with
> each datum it caches.  Authorization would not be required for data the
> user indicated to require no privilege.  
> I guess I would then add an ACL
> mechanism to grant specific privilages to specific domains.
> Sending privileged data to an unprivileged site would require a specific
> prompt and verification.
This can not be done on a per site basis since we already have org X 
and org Y sharing site www.myISP.net with relative URL's ~X and ~Y.

Additionally we have the issue that org X might have two forms. One is
published as intended for a purpose that is acceptable but the other
publically posted as used for mailing lists or some unwanted purpose.

This would lead to considering URL level ACL's.

The issue of how a forms purpose could change between visits by
a user is a sticky one. There is no way that an automatic mechanism
could detect such a change.

> |   (E.g. we could then consider functionality like allowing
> |   information XXXX.YYYY.* to site AAAAA but not site BBBBB. 
> I suggested an access control mechanism above.  At any rate, the access
> control mechanism has to be in the browser and the field value cache,
> not in the naming mechanism.  The user's level of concern about each
> value has to be controlled on the user's side, not implied by the name
> of the field or its defining agency.
Agreed - but a logical grouping could facilitiate the user. If the
user has to manage each datum's permisions then the chore might be
too unwelcomed and hence unused. If a user could set *.Personal.* 
as private with the exceptions of URL's X,Y and Z then any newly
define personal field is already permissioned. Also to allow an
URL W to be filled with personal information one need add it only

+1-203-730-5437 | http://www.micrognosis.com/~ajack/index.html
Received on Tuesday, 27 February 1996 09:08:07 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 30 April 2020 16:20:18 UTC