John Geldman writes:
Something that continues to come up in these discussions is
authorization, authentication and policies. As in permission for read
access of private data (for me, this is a concern before blind
manipulation) as well as permission to overwrite or delete.
It is my understanding that these concerns are outside of the scope of
this specification. It is also my expectation that those who haven't
been following the discussion won't simply know that.
This seems like an opportunity for a little more in the scope following
the proposed sentences:
"The LRW-AES transform and the key-export format are only a portion of a
secure shared storage media solution. Authentication and authorization
protocols are beyond the scope of this specification."
RNS: This looks like the right idea to me.
