Re: Review of http://www.w3.org/TR/2007/WD-access-control-20071126/

Wed, 12 Dec 2007 08:39:13 -0800
On Wed, 12 Dec 2007 17:25:02 +0100, Williams, Stuart (HP Labs, Bristol) <[EMAIL PROTECTED]> wrote: 
Security trumps purity. Not sure what else to say here.



I think that's just a little too pithy! Corner cases are juts tricky to  
get right and A trumps B doesn't really cut it IMO - plus I think it's  
pretty to hard to make a hard security based argument - that information  
left the origin server, it passed through numerous wires, probably in  
clear, along with the access control headers (visible), through who  
knows how many proxies that could 'fiddle' with them - do you  
authenticate the access control headers (they can certainly be tampered  
with)? should you?



The information could be behind an authenticated page protected using TLS  
or something in that direction.




I think there are some problems with introducing the same
algorithm non-normatively in a contrain-based style:

  1. There might be differences
  2. It might confuse implementors



What I offered doesn't present an algorithm, it was an attempt to say,  
explicitly, what the algorithm is intended to accomplish ('what' rather  
than 'how').



The algorithm "does what it does" is hardly a good basis on which to  
review the spec.


I think we disagree on that.



Provided the algorithm is correct (ie. does what it's supposed to do)
then the imperative statement of the algorithm is indeed one way of
stating (implicitly) what it does. But how are we to tell if it's
correct if we don't say what it's supposed to do?


I think that's the wrong way of looking at it. You want to
look if for a certain (evil) input A the results of the
algorithm are not desirable.



Well, if you don't say what the algorithm is supposed to accomplish...  
no-one can review the spec for the correctness of the algorithm!



The algorithm is supposed to introduce no new security problems while  
allowing cross-site access and manipulation of representations of  
resources.




Best they can says is... "well it does what it does". Maybe there's a  
requirements document or a design document that captures what the  
algorithm is required to do which reviewers should be reviewing the  
document against?


There is no such document.


--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>























					Reply via email to