[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: IP Address in the ACM (Was: Comments on AccessControlModel- BNF)
At 03:22 PM 4/6/01 +0200, robert byrne wrote:
>Mmmm...will the next version of your product not allow the ability to
>grant public access, becuase that's "insecure" ?
With "public", we're going to disable it by default and require
the administrator take action to enable it when desired.
>I suspect not--because
>in some situations that's a useful policy, explicitly set by the
>administrator.
If explicitly set by the administrator, yes.
>It seems to me that the same is probably true of an
>ip-address subject and simple authentication.
If you are not on the Internet, maybe. But on the
Internet, use of simple or IP-addressed authentication
is not appropriate and we should require implementations
to such and, in fact, we should recommend against (i.e. with
a SHOULD NOT) support such in our security considerations.
Kurt