IPP> Comments on BOF Presentation -Reply -Reply

IPP> Comments on BOF Presentation -Reply -Reply

IPP> Comments on BOF Presentation -Reply -Reply

Scott Isaacson Scott_Isaacson at novell.com
Wed Dec 4 12:21:51 EST 1996


Roger,


You were confused by my response and wrote:


"I think that "verifying"  that someone is who they say they are is
authentication, not  authorization.  Once I have authenticated who you
say you are>then I see if you are authorized to perform the operation
you have  requested. This last step is what I would call authorization."


This is exactly what I meant to say!  I thought I was saying that, but I
guess I just mumbled my words so badly that it came out different than I
intended.


Thanks,
Scott


>>> <rdebry at us1.ibm.com> 12/04/96 06:03am >>>
Classification:
Prologue:
Epilogue:


<<RKD>>  Scott, I'm confused by your last answer.  I think that
"verifying"
<<RKD>> that someone is who they say they are is authentication, not
<<RKD>> authorization.  Once I have authenticated who you say you are
<<RKD>>then I see if you are authorized to perform the operation you
have
<<RKD>> requested. This last step is what I would call authorization.


---------------------- Forwarded by Roger K Debry/Boulder/IBM on
12/04/96 05:57
AM ---------------------------


        ipp-owner @ pwg.org
        12/03/96 05:11 PM




To: ipp @ pwg.org at internet
cc: kcarter @ vnet.IBM.COM at internet
Subject: IPP> Comments on BOF Presentation -Reply


Keith,


I agree with most of your comments.  My comments on yours:


************************************************************
Scott A. Isaacson
Print Services Consulting Engineer
Novell Inc., 122 E 1700 S, Provo, UT 84606
V: (801) 861-7366, (800) 453-1267 x17366
F: (801) 861-4025, E: scott_isaacson at novell.com
W: http://www.novell.com
************************************************************




>>> <kcarter at vnet.IBM.COM> 12/03/96 02:24pm >>>
4.  Under the End-User bullet, do we need to add a sub-bullet for
"Modifying
    their own print job"?  We might get asked why a user cannot modify
the
    attributes (e.g. number of copies) of a submitted print job before it
    prints since the major NOS support this capability today.  If we add this
    bullet, we must state that this function is not supported in IPP 1.0 on
    chart #3.
>>> <kcarter at vnet.IBM.COM> 12/03/96 02:24pm >>>


We had agreed that yes, modifying a job is "supported" today, however,
we chose to not need to worry about this with our self-imposed
"6-month" deadline looming over our heads.  Let's get something going,
and then make progress on these other more difficult issues later.


>>> <kcarter at vnet.IBM.COM> 12/03/96 02:24pm >>>
6.  Under the Administrator bullet, please add a sub-bullet "Access
control".
    I view authorization as the act of assigning the role of "end-user",
    "operator" and "administrator" to each user while access control
controls
    who can print on the printer (e.g. "end-users" barney and betty can
print
    on a printer but "end-users" fred and wilma cannot print on the
printer).
>>> <kcarter at vnet.IBM.COM> 12/03/96 02:24pm >>>


I disagree here.  Authroization is not assigning the role to some entity, but
verifying that some entity is who or what they claim to be.  If I call you on
the phone and say "Hi this is Scott"  first you must decide if I am really
Scot before you do anything else.  You might detect the sound of my
voice or you might look on your caller id.  Once you determine that I am
really Scott, you can decide to hang up, talk to me casually, or divulge
your companies most important secrets.  This last part is authorization:
you assign me (now verified to be Scott) a role: enemy, friend,
employee.   Assinging of roles IS authorization.    If  barney and betty can
print  on a printer, they are "end-users"  if  fred and wilma cannot print
on the printer they are not "end-users".


Scott



More information about the Ipp mailing list