Re: IP Address in the ACM (Was: Comments on AccessControlModel- BNF)

[robert byrne <robert.byrne@Sun.COM>]

"Kurt D. Zeilenga" wrote:
> 
> At 05:30 PM 4/5/01 +0200, robert byrne wrote:
> >However, not specifying something as optional is
> >definitely within our control and will avoid the situation where one
> >server implements the ip subject and another server does not--simple as
> >that.
> 
> All that is necessary for protocol interoperability is for
> implementations to recognize the complete syntax.
> 

So, why don't we just specify the BNF and stop there ?

The reason is that the semantic content is important too--and we should
be defining this semantics as precisely as we can, in order to arrive
with implementations that, all else being equal, are interoperable.

> We've training our users not to expect insecure features
> in our software.  We are slowly eliminating these features
> WITH the support of our user community.  Progressing a
> Standard Track ACM which would require us to add back in
> features, or preclude us from eliminating them, is a Bad
> Thing.

Mmmm...will the next version of your product not allow the ability to
grant public access, becuase that's "insecure" ?  I suspect not--because
in some situations that's a useful policy, explicitly set by the
administrator.  It seems to me that the same is probably true of an
ip-address subject and simple authentication.

Rob.

> 
> Kurt