[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security

To: ietf-calendar@xxxxxxx
Subject: Re: Security
From: "William P. Spencer" <bill@xxxxxxxxxxxxxx>
Date: Mon, 29 Jul 1996 14:46:55 -0400 (EDT)
Sender: owner-ietf-calendar@xxxxxxx

I just wanted to elaborate on Tim M.'s comments on SWTP security.

>From a user's perspective, there are (at least) 4 types of access which 
are important

CHECK	Allow a check for free-time on my calendar.  (Can view date and time 
info only).
INVITE	Allow an invitation to be sent to me.
VIEW	Allow my calendar to be viewed.
MODIFY	Allow my calendar to be modified.

You can also imagine access privileges which are a logical or'ing of two 
or more of these access permissions.  Some of them overlap, for 
example, VIEW access always implies CHECK access.  The SWTP user-level 
permissions Tim describes, and the SWTP draft describes are derived from 
various combinations of this privilege set.

Something we left out of SWTP, which there seems to be real sentiment for 
are access permissions on a per-event basis.  This would be the 
CONFIDENTIAL event which can be VIEW'ed , MODIFY'ed or CHECK'ed only by 
the true, authenticated owner of the calendar.

I hope this helps.


Bill  <bill@p2software.com>

Prev by Date: Re: Access Control
Next by Date: Access Control
Previous by thread: RE:Security
Next by thread: Security
Index(es):
- Date
- Thread