Re: [Geopriv] RE: [Simple] Changes in xcap-auth

From: Henning Schulzrinne ^lt;hgs@cs.columbia.edu>
Date: Fri Nov 07 2003 - 10:01:26 EST

> I think a separate excepton list is very useful, corresponding to the
> exact concept of 'black list.'

It is not exactly a black list, although it can be used for that. That's
why I called it an exception list.

> Still, I'd like to have an except clause in a permission statment as
> well, which can be used for a differenct purpose, i.e., giving
> different permissions to some groups of the watchers.

I'm sorry to sound like a broken record: People requesting features that
break overall processing models should please have the kindness to
provide motivation beyond "it could be useful".

>
> I don't understand why the except clause in each permission statement
> should be dismissed while the separate exception list model can be
> supported.
>
> 1) introducing a separate exception list but not supporting it,
> 2) introducing an except clause in each permission but not supporting
> it.

See my other message.

>
> In the case of Option #1, the rule enforcer should drop all the
> permission statements in the rule set in order to prevent those
> should-be-excepted watchers from accidentally obtaining information, if
> there is an exception statement which cannot be understood. i.e., no
> permission is granted to anybody at all. In the case of Option #2, the
> rule enforcer should drop the permission statements with unknown except
> clauses, which still allows some watchers to obtain information. It
> seems to me that both options give us the ways to ensure the
> privacy-safe even if the rule enforcer does not support the except
> mechanism, and rather the latter is more elastic or fault-tolerant. Or
> is this just plausible?

Please review the discussion on why this doesn't work when rules are
composed from multiple sources.

>
> As for maintaining the row-model, I don't think the former model
> maintains the row-model, while the entire rule set has no meaning if
> the actual rule set once has an exception statement. If it means not
> supporting the exception at all, the same thing can be done with the
> except clause in each permission.

The exception-list model does support the row model. Each rule has
exactly one field value for each field, including the URI matching.

>
> I see no reason to dismiss the latter approach and would suggest to
> keep both.

If you're in Minneapolis, I'd be glad to explain this in more detail in
person, since you couldn't be at the interim meeting, where we went over
this for several hours...

>
> Regards,
> -----
> Naoko Ito / NEC

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Fri Nov 7 10:02:20 2003

This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:24 EST