----- Original Message ----- From: "Peter Stamfest" <[EMAIL PROTECTED]>
To: "MUSCLE" <[EMAIL PROTECTED]>
Sent: Sunday, November 28, 2004 1:10 AM
Subject: [Muscle] [Patch] - Do not list objects/keys not usable by the currently logged in identities
Hello,
This patch changes the applet to only list objects and keys the currently logged-in identities have access to.
You argued that the enumeration is sensitive, because it releases information the logged in identity is not entitled to.
If we accept this, should a user with read only access have visibility on the other identities who have write access?
Should a user with pin-based read rights be able to assert these to learn that an object requires a particular strong authentication key, or #15 bio id?, for writing?
Should a user with pin-based read/write rights, but no strong strong authentication rights, be able to assert these to learn that an object requires a particular strong authentication key, or #15 bio id?, for writing?
Peter. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
