At 07:44 PM 2/12/97 PST, Larry Masinter wrote:
>I was imagining that you could come up with a security
>paradigm that the authorization to modify a job once
>submitted might be independent of the authorization and
>authentication necessary to submit the job in the first place.
>That is, the submission process itself might return some
>credentials for subsequent job manipulation operations.
>>I'm worried that unless we make progress on authorization,
>we'll either have a free-for-all (no security) or else a lack
>of interoperability (there is no global authentication domain
>that works across the Internet).
>>Larry
>
Larry,
can I just point out that the IPP project has no intension to try to solve
the overall security problems on the Internet, that should be left to the
numerous groups, in the IETF and elsewhere, already working on security.
What are trying to do is to evaluate which of the existing or emerging
security solutions could be used in combination with IPP. Authentication
schemes are likely to work in intranet environments now, and might work
over the global Internernet whenever the security groups have found a
solution.
I am also not in favour of inventing any specific security paradigm for
IPP. Hopefully the IPP will inspire some of the security folks to
concentrate on better security features to support it. For now, I think we
should limit ourselves to express requirements, in areas where there are no
suitable security solutions at hand.
Carl-Uno
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com