[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Access Control

To: ietf-calendar <ietf-calendar.imc..org.SMTP@xxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Access Control
From: Frank Dawson <fdawson@xxxxxxxxxxxxxxx>
Date: 29 Jul 96 11:51:56
Sender: owner-ietf-calendar@xxxxxxx

We probably need to differentiate between a few of the security terms that have 
been used in this list and at the previous calendaring summit meeting. I think 
that these were AUTHORIZATION, AUTENTICATION, and ACCESS CONTROL.

Typically, authorization and authentication would be done within the service 
level. If we are using an email service access, then authorization might map 
through the originator's SMTP address. The authentication might be mapped using 
some current IETF authentication service (eg, certificates). 

In many calendaring/scheduling systems, access control is defined on a per user 
or per group basis by the owner of the calendar that is being "accessed". 
Within the XAPIA and X/Open Calendaring and Scheduling API and within the 
vCalendar specifications this is initially defined in terms of three levels of 
access control. Products may implement further levels beyond this, based on 
customer requirements etc. The XAPIA/XOpen/vCalendar use of the PUBLIC, 
PRIVATE, and CONFIDENTIAL have a VERY long legacy and product basis. This is 
not to say that specific implementation would not want to go beyond this basic 
level of specification.

Cheers.

- - Frank Dawson

Follow-Ups:
- Re: Access Control
  - From: Dave Crocker

Prev by Date: Re: access control
Next by Date: Event Links
Previous by thread: Re: access control
Next by thread: Re: Access Control
Index(es):
- Date
- Thread