[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security

To: ietf-calendar <ietf-calendar@xxxxxxx>
Subject: Security
From: Frank Dawson <fdawson@xxxxxxxxxxxxxxx>
Date: 29 Jul 96 15:20:57
Sender: owner-ietf-calendar@xxxxxxx

Mika wrote:

1. After the  ViewInvite, I would like to add ViewInviteSubject only, which 
would allow only the time and subject of the meeting to be seen, but not the 
comments partisipants, location etc.

>>>Large organization calendaring experience suggests that if you don't
>>>want someone to see the attendees, location, description, then the 
>>>subject is probably taboo too. I would lobby that if you can't see 
>>>the event details then all you can see is the blocking time, all 
>>>else is hidden.

2 Add an access right called Autoconfirm, a right that would allow all made 
request by a set or all calendars to be automatically confirmed. This would be 
especially usefull for the resource calendars, that are not managed by someone, 
and information related to the meetings is for the participants eyes only.

>>>The autoconfirm feature is better left to the calendar
>>>implementation, not to the protocol. This can very well be 
>>>implemented in a number of ways (ie, agent technology, client 
>>>profile option, server profile option, etc). THIS SHOULD NOT BE
>>>IN THE IETF PROTOCOL!!

3. This propably belongs to the event object attributes, but an per event 
attribute Private, to make it private and override all the standard above and 
below access rights.

>>>I think that the spirit of your requirement is better met by an 
>>>event and todo property for classification of the object into 
>>>PUBLIC, PRIVATE, or CONFIDENTIAL. XAPIA CSA gives a good definition 
>>>for these access control values.

- - Frank Dawson

Prev by Date: Re: Access Control Requirements
Next by Date: Re: Access Control
Previous by thread: Re: Security
Next by thread: Access Control Requirements
Index(es):
- Date
- Thread