[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access Control

To: Ned Freed <Ned.Freed@xxxxxxxxxxxx>
Subject: Re: Access Control
From: Dave Crocker <dcrocker@xxxxxxxxxxxxxxx>
Date: Mon, 29 Jul 1996 14:29:43 -0700
Cc: Frank Dawson <fdawson@xxxxxxxxxxxxxxx>, ietf-calendar <ietf-calendar@xxxxxxx>
In-reply-to: <>
References: "Your message dated Mon, 29 Jul 1996 11:06:59 -0700"<><>
Sender: owner-ietf-calendar@xxxxxxx

At 1:23 PM -0700 7/29/96, Ned Freed wrote:
>> 	fact of life:  there is no IETF authentication standard in general
>> deployment and I don't think there is anything that one would even call a
>> standard.  This is a problem on several fronts and one which I think we
>> should push for solution to, this year.
>
>Whether or not this assessment is correct depends very much on what you
>mean by
>"authentication". If you're talking about end-to-end authentication across a

	actually, it primarily depends upon my typing.

	I meant authorization, not authentication and apologize muchly for
the error.  Having already had two cups of coffee at that point of the day,
I can't blame it on anything outside of my control.

	We have various authentication mechanisms that are standardized and
even deployed.  None particularly massively, but at least they're real.

	Such is not the case for a net-wide authorization scheme and mechanism.

>store-and-forward protocol like email, then yes I agree absolutely. But if
>you're talking about point-to-point authentication, I disagree. We have

	but since my note triggered this point from you, let me strongly
agree and make sure folks appreciate your point.  "Channel" mechanisms
between an interactive pair are in tolerable shape.  "Object" mechanisms
are not.  S/Mime, PGP, etc., all hope to solve that.  It's another 1-2
years before we'll know (IMO).

>Note also that authentication is only one part of access control. Both IMAP4
>and ACAP share a core access control model that I would strongly recommend
>as a
>starting point for any access control model for calendering. There are obvious
>differences, of course, but having these be as close to each other as possible
>would again be a major win in my opinion.

	this is in the realm I MEANT to cite in my previous, mangled, message.
>
>> 	I'm not clear about the distinction you are making between
>> authorization and access control.  I'm used to treating them as synonyms.
>
>Authorization is normally just a means of identifying someone. Access control

	???  I'm used to using the term "identification" for specifying a
label/name; authentication for certifying its validity; and authorization
for applying it to give/withhold permission.  Mumble.

d/

--------------------
Dave Crocker                                            +1 408 246 8253
Brandenburg Consulting                             fax: +1 408 249 6205
675 Spruce Dr.                                 dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                       http://www.brandenburg.com

Internet Mail Consortium               http://www.imc.org, info@imc.org

References:
- Re: Access Control
  - From: Dave Crocker
- Access Control
  - From: Frank Dawson
- Re: Access Control
  - From: Ned Freed

Prev by Date: Re: Access Control
Next by Date: Re: Access Control Requirements
Previous by thread: Re: Access Control
Next by thread: Re: Access Control
Index(es):
- Date
- Thread