IPP Mail Archive: IPP> Comments on BOF Presentation -Reply

IPP> Comments on BOF Presentation -Reply

rdebry@us1.ibm.com
Wed, 4 Dec 1996 08:03:08 -0500

Classification:
Prologue:
Epilogue:

<<RKD>> Scott, I'm confused by your last answer. I think that "verifying"
<<RKD>> that someone is who they say they are is authentication, not
<<RKD>> authorization. Once I have authenticated who you say you are
<<RKD>>then I see if you are authorized to perform the operation you have
<<RKD>> requested. This last step is what I would call authorization.

---------------------- Forwarded by Roger K Debry/Boulder/IBM on 12/04/96 05:57
AM ---------------------------

ipp-owner @ pwg.org
12/03/96 05:11 PM

To: ipp @ pwg.org@internet
cc: kcarter @ vnet.IBM.COM@internet
Subject: IPP> Comments on BOF Presentation -Reply

Keith,

I agree with most of your comments. My comments on yours:

************************************************************
Scott A. Isaacson
Print Services Consulting Engineer
Novell Inc., 122 E 1700 S, Provo, UT 84606
V: (801) 861-7366, (800) 453-1267 x17366
F: (801) 861-4025, E: scott_isaacson@novell.com
W: http://www.novell.com
************************************************************

>>> <kcarter@vnet.IBM.COM> 12/03/96 02:24pm >>>
4. Under the End-User bullet, do we need to add a sub-bullet for
"Modifying
their own print job"? We might get asked why a user cannot modify
the
attributes (e.g. number of copies) of a submitted print job before it
prints since the major NOS support this capability today. If we add this
bullet, we must state that this function is not supported in IPP 1.0 on
chart #3.
>>> <kcarter@vnet.IBM.COM> 12/03/96 02:24pm >>>

We had agreed that yes, modifying a job is "supported" today, however,
we chose to not need to worry about this with our self-imposed
"6-month" deadline looming over our heads. Let's get something going,
and then make progress on these other more difficult issues later.

>>> <kcarter@vnet.IBM.COM> 12/03/96 02:24pm >>>
6. Under the Administrator bullet, please add a sub-bullet "Access
control".
I view authorization as the act of assigning the role of "end-user",
"operator" and "administrator" to each user while access control
controls
who can print on the printer (e.g. "end-users" barney and betty can
print
on a printer but "end-users" fred and wilma cannot print on the
printer).
>>> <kcarter@vnet.IBM.COM> 12/03/96 02:24pm >>>

I disagree here. Authroization is not assigning the role to some entity, but
verifying that some entity is who or what they claim to be. If I call you on
the phone and say "Hi this is Scott" first you must decide if I am really
Scot before you do anything else. You might detect the sound of my
voice or you might look on your caller id. Once you determine that I am
really Scott, you can decide to hang up, talk to me casually, or divulge
your companies most important secrets. This last part is authorization:
you assign me (now verified to be Scott) a role: enemy, friend,
employee. Assinging of roles IS authorization. If barney and betty can
print on a printer, they are "end-users" if fred and wilma cannot print
on the printer they are not "end-users".

Scott