[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security
Folks,
As Frank Dawson writes:
"We probably need to differentiate between a few of the security terms that
have
been used in this list and at the previous calendaring summit meeting. I think
that these were AUTHORIZATION, AUTENTICATION, and ACCESS CONTROL."
Access Control in calendaring has to go beyond simple PUBLIC/PRIVATE schemes.
It needs to take into account the need for some people to have access to your
entire schedule, partially view your schedule, simply check to see if you are
busy at a given time without access to the information as to why you might be
busy or simple no access.
The SWTP take on access control goes something like this (from Section 11.2 of
the SWTP protocol (ftp://://ds.internic.net/internet-drafts/draft-spencer-swtp-
00.txt)
2. Permission levels permitting or denying access to other calen-
dars after binding. SWTP recognizes 6 different levels of secu-
rity here.
Full A user is granted full access to another
persons calendar and may modify schedules as
if that user.
ViewInvite A user may view another calendar, and invite
that person to meetings, but may not other-
wise modify that calendar.
Invite A user may invite another to meetings, and
determine if that person is available, but
may not view specific data on that calendar.
ViewOnly A user may view another schedule, but not
invite that person to meetings.
None A user may not view another calendar, nor
invite them to meetings.
Best,
Tim
--
Tim McEachern, CEO
Phase2 Software
tim@p2software.com
518.392.6928 - direct tel
518.392.4537 - direct fax