... I dont disagree, and I have the same nervousness about using something as both the name and the access token. While I know almost nothing about...
Chuck Hinson
cmhinson@...
May 1, 2003 2:01 pm
389
From: "Michael Day" <mikeday@...> ... embedding ... it ... Except for two things: 1) the query still needs the recipient to identify themselves to the...
From: "Chuck Hinson" <cmhinson@...> ... Not entirely, I think. If you were sending a notification to multiple recipients, for instance, you would have to...
A number of the arguments made in this sub-thread about authentication have made incorrect reference to security aphorisms. I thought it would be helpful if I...
... [. . .] ... Why make a special case? And why force PUSH to only send one notification at a time? It seems like an arbitrary restriction that reduces the...
Chuck Hinson
cmhinson@...
May 1, 2003 4:23 pm
396
... I hesitate to reply since my knowledge of security is pretty limited. Perhaps I stretched the have/know aphorism a little far, but the way I look at it,...
Chuck Hinson
cmhinson@...
May 1, 2003 4:37 pm
397
... Hmm. OK. Well now that you put it that way, it seems that I've been working with a bad definition all these years. I guess a better term for what I was...
Chuck Hinson
cmhinson@...
May 1, 2003 4:54 pm
398
... That is also incorrect. "security through obfuscation" refers to a security mechanism with no theoretical backing. Typically, this means that the security ...
... Which is exactly what I meant by security through obfuscation. I'm not sure what you mean when you say it is also incorrect. ... None of which I dispute...
Chuck Hinson
cmhinson@...
May 1, 2003 7:32 pm
401
From: "Tyler Close" <tyler@...> tracks, and I thought you might want to know. ... First, this is not a messaging protocol. This is a notification...
... If you want to POST multiple notifications, you could always make multiple POSTs of single notifications over a persistent HTTP/1.1 connection. So,...
Michael Day
mikeday@...
May 2, 2003 4:53 am
403
... Thanks, I had never heard the word "nonce" used outside of Shakespeare :) In that case, replace what I said about "security through obscurity" with ...
Michael Day
mikeday@...
May 2, 2003 4:58 am
404
... I think the discussion would benefit from your input on security issues, particularly if you have some ideas in mind on security models that could be...
Michael Day
mikeday@...
May 2, 2003 5:08 am
405
I've rewritten this message based on Tyler's comments on incorrect aphorisms. There are five methods of authentication: 1. No authentication. Useful for public...
Michael Day
mikeday@...
May 2, 2003 5:18 am
406
From: "Michael Day" <mikeday@...> ... However, a recipient should not make any such assumption about the uniqueness of the user/password combination....
... Thank you. ... I do have some ideas. I hope you will give them due hearing and not jump to premature and uninformed decisions. ... Well, the first step is...
... One of the features you are aiming for with RNA, is notification that a recipient has read a message. You intend to support this feature by recording that...
From: "Tyler Close" <tyler@...> ... discover ... fails, ... There seem to be two parts to this: 1) An anonymous access of the resource. In this case,...
... I think I guessed the wrong place in your protocol for the access control check. It looks like the check takes place later. Either way, the recipient is...
... I think I've missed something here. It seems to me that all you've done is tricked Bob into thinking he wants to access the resource by providing a...
Chuck Hinson
cmhinson@...
May 2, 2003 6:06 pm
413
From: "Tyler Close" <tyler@...> ... impersonation ... notification. ... Okay. I don't see why, but I'm willing to be shown that I am wrong. ... ...
... The problem is that the ACL model makes it very difficult to not be careless with your authority. Assume the recipient has the authority to read a large...
From: "Chuck Hinson" <cmhinson@...> ... I've been continuing to give this some thought. At this point, I'm still not sure whether notifications should...
