On Tuesday 22 December 2009 4:59:56 am Xiong Miao wrote: > Thank you for your categorization, for it make me more clear about the > "privacy issues". > But i'm still puzzled about how to define information that SHOULD NOT > provide for ALTO servers since the information may be useful for one > client but not useful for another. It's like an access-control issues. > ALTO protocol needs something to do with this.
I agree that the ALTO Protocol should allow for access control *for requests to the ALTO Server*. That is, it should handle (3a) and (3b) in the categorization (which also entails encryption to prevent snooping on the wire). This is doable with existing techniques such as HTTP Basic/Digest authentication, and SSL/TLS presuming that we stick with a protocol built on top of HTTP. Can you clarify what you mean by "useful"? The term "useful" is a very general term that could encompass many uses, both legitimate and otherwise. For example, an ALTO Client may have a business agreement to obtain detailed network information from a network provider via ALTO, and the agreement may state that the ALTO Client cannot share the information with a 3rd party. The ALTO Client may consider it "useful" to ignore the legal agreement and sell the information to a 3rd party anyways for a large sum of money. This is the primary reason there is a distinction between (3a-b) and (3c). It is to allow the information to be protected in transit, and to protect it from being *directly* distributed to an unauthorized party. However, enforcing access control once an authorized ALTO Client has received it would entail other mechanisms (e.g., DRM) as Enrico has mentioned. Another way to summarize the difference, is that the ALTO Protocol provides access control for requests to an ALTO Server, but it *does not* provide access control for the ALTO information itself. -- Richard Alimi Department of Computer Science Yale University _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
