- From: -=jack=- <jack@twaxx.twaxx.com>
- Date: Thu, 1 May 1997 10:59:15 -0700 (PDT)
- To: Jon Radoff <jradoff@novalink.com>
- cc: "Ron Daniel, Jr." <rdaniel@lanl.gov>, w3c-dist-auth@w3.org
- Message-ID: <Pine.SGI.3.95.970501105611.26909F-100000@twaxx.twaxx.com>
> as a "subcomponent." This is a component of the overall technology > that should stand on its own. ------------------ True... > An approach that could be taken would be to specify an > interface standard that would pass authentication data (user, realm, > etc.) to a component that would be responsible for obtaining > authorization information, e.g.: > > 1. Application-layer: "Is 'user' allowed to do 'x'?" > > 2. Interface communicates with seperate component, which could > be a module which would respond appropriately yet pull its > information from whatever means of access control are in > place (native OS, Web-server control lists, passwd files, etc.) > > 3. Underlying component does its thing, reports back to the > interface, and the application is told by the interface whether > the user is authorized or not. ------------------ This is nice. > If interoperability is the goal, then the focus should be specifying > an _interface_ rather than yet another ACL methodology. --------------------------- Agreed > If this sort of direction seems to be of interest, I've written some > experimental API's that implement such a concept which could serve as > as a starting point. I had previously planned to probe for interest > in discussing this as its own subject but if the momentum is here, > I am happy to go with it :) --------------- No reason not to have a look, the API is of primary concern. -=jack=- (This text composed by voice)
Received on Thursday, 1 May 1997 13:57:51 UTC