OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Blended Authentication (AKA "Granular Access Control")

[ Lists Home | Date Index | Thread Index ]

Chiusano Joseph wrote:

> I have a question regarding security, particularly authentication and access
> control.


> The concept is this: authentication of not only a user for access control to
> a resource, but a combination of the user *and* a resource - i.e. "blended
> authentication".

Once again we have a suggestion which is profoundly inimical to the nature of
XML and to the benefit which XML might provide for the interoperability of
processes predicated on non-congruent understandings of similar data.
Authenticating a user for access to particular data only within a given
context means authenticating that user only for someone else's preconception
or prejudice regarding how that data is to be used or processed. The effect of
such discrimination is to prevent the uniquely useful processing of data with
a particular expertise precisely because the creator or custodian of that data
did not comprehend that expertise a priori and was therefore not competent
itself to render that particular benefit in processing. Quite simply,
obviating in the name of security the uniquely useful benefits which truly
expert processing confers is the choice of a known stupidity over an as yet
undiscovered enlightenment.


Walter Perry


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS