Where it should be specified can be discussed, but before that, I think we should ensure that the authorization model we are going with will allow for this.
Note that when a node in the authorized list attempts to modify the data, it's user name or node id cannot be used to authorize the resource id. And the modified data will now need to be stored with the modifier's signature. I think this ability for multiple nodes to modify data is crucial. So, it is worth thinking about the authorization model that is going to allow for this, while still getting us the properties we want. And, I don't think these are mutually exclusive. Vidya > -----Original Message----- > From: Bruce Lowekamp [mailto:[email protected]] > Sent: Thursday, March 26, 2009 7:46 PM > To: Narayanan, Vidya > Cc: [email protected] > Subject: Re: [P2PSIP] Access control lists for RELOAD storage > > I can see that this would be useful. I think the issue would only be > whether it is worth the complexity, and whether it would be part of > the base or an extension. > > Bruce > > > 2009/3/26 Narayanan, Vidya <[email protected]>: > > At the moment, RELOAD defines some access control rules that allows > > authorization of a node/user to store at a particular location. > However, > > only that node/user may modify or overwrite the data. It does not > allow a > > mechanism to authorize other nodes or users to modify the data. I > think it > > is very useful to also have provisions for authorizing other node ids > or > > user names that can modify the data. As a simple use case for this, > > consider multiple members of a family being able to modify the > mapping for > > the SIP AOR of their home phone. There are plenty of other cases as > well > > where data created by one node may be modified by other authorized > nodes. > > > > > > > > For this purpose, I think defining an ACL that is allowed to be > stored with > > the data might be appropriate. The creator may specify a list of > node ids > > or user names that are authorized to modify the data. > > > > > > > > We can discuss further on the actual solution options, but, I’d first > like > > to get feedback on the topic itself to see if people agree this is > worth > > addressing. > > > > > > > > Thanks, > > Vidya > > > > _______________________________________________ > > P2PSIP mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/p2psip > > > > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
