> Where it should be specified can be discussed, but before that, I > think we should ensure that the authorization model we are going > with will allow for this. > > Note that when a node in the authorized list attempts to modify > the data, it's user name or node id cannot be used to authorize > the resource id. And the modified data will now need to be stored > with the modifier's signature. > > I think this ability for multiple nodes to modify data is crucial. > So, it is worth thinking about the authorization model that is > going to allow for this, while still getting us the properties we > want. And, I don't think these are mutually exclusive.
It's quite useful. I think probably there are other ways to implement this idea. > > Vidya > > > -----Original Message----- > > From: Bruce Lowekamp [mailto:[email protected]] > > Sent: Thursday, March 26, 2009 7:46 PM > > To: Narayanan, Vidya > > Cc: [email protected] > > Subject: Re: [P2PSIP] Access control lists for RELOAD storage > > > > I can see that this would be useful. I think the issue would > only be > > whether it is worth the complexity, and whether it would be part of > > the base or an extension. > > > > Bruce > > > > > > 2009/3/26 Narayanan, Vidya <[email protected]>: > > > At the moment, RELOAD defines some access control rules that > allows> > authorization of a node/user to store at a particular > location.> However, > > > only that node/user may modify or overwrite the data.? It does not > > allow a > > > mechanism to authorize other nodes or users to modify the > data.? I > > think it > > > is very useful to also have provisions for authorizing other > node ids > > or > > > user names that can modify the data.? As a simple use case for > this,> > consider multiple members of a family being able to > modify the > > mapping for > > > the SIP AOR of their home phone.? ?There are plenty of other > cases as > > well > > > where data created by one node may be modified by other authorized > > nodes. > > > > > > > > > > > > For this purpose, I think defining an ACL that is allowed to be > > stored with > > > the data might be appropriate.? The creator may specify a list of > > node ids > > > or user names that are authorized to modify the data. > > > > > > > > > > > > We can discuss further on the actual solution options, but, > I’d first > > like > > > to get feedback on the topic itself to see if people agree > this is > > worth > > > addressing. > > > > > > > > > > > > Thanks, > > > Vidya > > > > > > _______________________________________________ > > > P2PSIP mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/p2psip > > > > > > > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
