[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
nature of the error
To better handle "don't disclose" provisions in authorization
systems, I suggest the following changes be made to
[Protocol].
In 4.1.9, after:
The server should return the result
code that best indicates the nature of the error encountered.
add:
Servers may return substitute result codes to prevent
unauthorized discloses.
In the appendix A, replace:
Servers may substitute some result codes due to access controls which
prevent their disclosure.
with:
The descriptions provided here do not fully account for
result code substitutions to prevent unauthorized
disclosures.
An alternative to the latter would be to attempt to fully
account for possible result code substitutions. However,
given that authorization is a local matter, and hence
implementors likely have a wide range of views of the
kinds of information that they might want to prevent
disclosure of, that seems a bit of a rat hole. However,
it might be good to note some of the obvious cases
(noSuchObject for insufficientAccessRights,
invalidCredentials for insufficientAccessRights)
in individual descriptions.
- Kurt