Re: Access Authorization

Tony Sanders <sanders@bsdi.com>

Mail folder: WWW Talk Jul-Oct 1993
Next message: Scott Schwartz: "Re: Plexus and syslog "
Previous message: David C. Martin: "Hypertext '93 in Seattle"

Errors-To: sanders@bsdi.com
Errors-To: sanders@bsdi.com
Message-id: <9309151709.AA29354@austin.BSDI.COM>
To: www-talk@nxoc01.cern.ch
Subject: Re: Access Authorization 
In-Reply-To: Your message of Wed, 15 Sep 93 17:07:05 +0200.
Errors-To: sanders@bsdi.com
Reply-To: sanders@bsdi.com
Organization: Berkeley Software Design, Inc.
Date: Wed, 15 Sep 1993 12:09:11 -0500
From: Tony Sanders <sanders@bsdi.com>
Status: RO

> I agree with this proposal and I'm willing to go along with it, but I
> want to make one note: A server running a certain protection scheme
> in my opinion *should not* accept anything else. For instance in this
Think ATM cards (money machine cards, whatever).  Users don't want to
have to get an account with each bank.  They want *one* account with the
bank of their choice and they want that ATM card to work everywhere.  While
in pratice that isn't always the case it's pretty close, maybe we can
do better?

We have a small complication that you need a bank card with a high
enough level of security but a user with a kerberos account shouldn't
*also* need a "basic" account should they?

[anyway the example, was just an example]

> Besides, running two parallel protection schemes on the same server
> causes some major difficulties, am I not right?
This is a piece of cake for Plexus.  No point in requiring full encryption
of a free-by-subscription service just because you have other sensitive
data on the same server, and running multiple servers shouldn't have to be
your only option because the protocol is lacking.

--sanders