going on... pardon the braindump here.
Coming up with too many different types of situations
surrounding permissions/capabilities. Need to abstract it
out a bit.
Two basic types that can be issued to individuals or groups:
- Ticket access is granted to whomever holds the
access key. It is not tied to a specific individual or
group.
- Guest List (maybe need a better term for this)
Access is tied to a specific person or group.
Now the number of times that it can be used or if the
holders can copy it to friends are all parameters of the
capability.
What the ticket's powers are is not relevant to the ticket
itself. It's mearly a key into a door, what's behind the
door is beyond it's concern. The design of this should
reflect that. It should be able to handle any sort of
access that the coders what to give to it.
Maybe it can all be reduced down to tickets, which is what
steve seems to be saying. I feel uncomfortable not linking
it to a specific person, but perhaps that can be a
parameter as well.
The big rub is how do you give the ticket to the other
person. As long as it's in house, within the specific
universe of the application, that's easy, but how do you
get beyond that without turning into a Passport like
centralizing system where the person who controls the
system controls the world.
BING! LIGHTBULB OVER HEAD
A capabilities standard like an XML schema (such as SOAP)
that can be
exchanged between seperate systems. It can be tied to a
standard code scheme such as public private keys. Each
server broadcasts it's public keys and when the granting
server wants to generate a ticket, it grabs the public key,
encodes the ticket and BLAH BLAH BLAH yeah I know this is
all basic shit to you geeks... Anywho, this seems to fit in
well with what webdav is doing. Extend HTTP for access.
Interesting shit maynerd, but maybe this is all way beyond
me right now. I just don't understand how you can insure
transmission of a ticket to the intended party without
using public/private keyes. Has this been done already?
LINK:
Netscape Capabilities Classes This is for
applets which have very narrow goals, but it should be
interesting.