[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: evaluation: draft-ietf-crisp-requirements

To: hardie@qualcomm.com
Subject: Re: evaluation: draft-ietf-crisp-requirements
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Thu, 26 Jun 2003 11:58:44 -0400
Cc: iesg-secretary@ietf.org, iesg@ietf.org

In message <p06001201bb20c6217d42@[129.46.227.161]>, hardie@qualcomm.com writes
:
>Steve,
>	This is meant to be covered by this text:
>
>3.1.4.1 Protocol Requirement
>
>    The protocol MUST NOT prohibit an operator from granularly assigning
>    multiple types of access to data according to the policies of the
>    operator.  The protocol MUST provide an authentication mechanism and
>    MUST NOT prohibit an operator from granting types of access based on
>    authentication.
>
>    The protocol MUST provide an anonymous access mechanism that may be
>    turned on or off based on the policy of an operator.
>
>	Since these protocol requirements apply only to distributing
>information, there is no place in it for the client to express
>privacy preferences about the data (indeed, that's likely to be covered
>by EPP).

Not very explicit, and authentication isn't the same as authorization.

But what attracted my attention was 3.1.3, which talks about tagging 
data.  What I'm asking about is language about privacy-related tags, or 
use of tags for privacy purposes.  That was the big hangup with the EPP 
document, as I recall.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Follow-Ups:
- Re: evaluation: draft-ietf-crisp-requirements
  - From: hardie@qualcomm.com

Prev by Date: Re: evaluation: draft-ietf-crisp-requirements
Next by Date: Re: Comment: draft-ietf-crisp-requirements-05.txt
Previous by thread: Re: evaluation: draft-ietf-crisp-requirements
Next by thread: Re: evaluation: draft-ietf-crisp-requirements
Index(es):
- Date
- Thread