Re: [Geopriv] RE: [Simple] Changes in xcap-auth

From: Henning Schulzrinne ^lt;hgs@cs.columbia.edu>
Date: Sat Nov 01 2003 - 01:16:13 EST

[Starting clean...]

There are two somewhat separate issues:

(1) Splitting into domain and user components, i.e., we could have
permissions that apply to all users in a domain and some that apply to
only specific users. That, by itself, does not break the additive model,
if specific users have at least the permissions of the specific users
within the domain.

While I don't believe that, in practice, domain-specific permissions are
all that useful for organizations of non-trivial size, the model of
"everybody within domain gets baseline permissions, special people get
more" seems plausible.

There may be other issues with the split, along the "can this be
generalized" question posed by Hannes, but other than modest additional
complexity, this seems conceptually plausible.

(2) I share Hannes concern about making exceptions on any field,
including the user or domain match. I don't see the real-world
motivation for this and it complicates the conceptual model. (In the
geopriv interim we discussed at length as to why blacklists are
generally a bad idea, even with authentication, unless you can guarantee
that the bad guys you want to keep out can't change their verified
identity to a new one.)

At one point, I thought the basic design principle was that we weren't
done until we couldn't *remove* any features - with policies, it's
always tempting to pile on more and more "could be useful somewhere"
items, so I think proponents of particular items should be held to a
fairly high standard of proof as to why a particular feature is
absolutely, positively necessary for a first version. In the geopriv
draft, we spend some time talking about future extensions and how they
are privacy-safe under certain baseline assumptions. We can't anticipate
all the things that we might need and the things that turn out to be
less than useful in practice, so I'd much rather start clean and small
and then expand based on implementation experience. We just don't have a
whole lot (if any) experience with policy languages or rule sets in the
IETF.

Henning

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Sat Nov 1 01:18:27 2003

This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:24 EST