W3C home > Mailing lists > Public > ietf-dav-versioning@w3.org > April to June 2001

RE: [ACL] RE: lock and access control lists on (working) versions

From: Yaron Goland <yaron.goland@openwave.com>
Date: Tue, 12 Jun 2001 17:30:04 -0400 (EDT)
To: "Clemm, Geoff" <gclemm@rational.com>, <ietf-dav-versioning@w3.org>
Cc: <acl@webdav.org>
Message-ID: <EOELIDMKIOLMMGCBIHNNCEFACGAA.yaron.goland@openwave.com>
When I version a resource I will also likely want to version the access
control list it had when I 'froze' it. This is very important for things
like security checks. Imagine that an employee who was fired a year ago
turned out to be a corporate spy, you are going to want to check what
resources he had access to back then. This means that a version really needs
two sets of ACLs. One if the ACL list it had when it was frozen. The other
is the ACL list it currently uses to decide who gets to see the version.

> -----Original Message-----
> From: acl-admin@webdav.org [mailto:acl-admin@webdav.org]On Behalf Of
> Clemm, Geoff
> Sent: Saturday, May 26, 2001 8:27 AM
> To: ietf-dav-versioning@w3.org
> Cc: acl@webdav.org
> Subject: [ACL] RE: lock and access control lists on (working) versions
>
>
> As Tim surmised, the answer to (1) is in fact "yes".
> Each version is a separate resource, and each resource
> can have its own distinct access control list.
>
> Cheers,
> Geoff
>
> -----Original Message-----
> From: Tim_Ellison@uk.ibm.com [mailto:Tim_Ellison@uk.ibm.com]
> Sent: Wednesday, May 16, 2001 5:42 AM
> To: ietf-dav-versioning@w3.org
> Cc: acl@webdav.org
> Subject: Re: lock and access control lists on (working) versions
>
>
>
>
> "Pill, Juergen" <Juergen.Pill@softwareag.com>
> > Hello,
> >
> > 1) Would it be possible with DETA-V to have different access
> control list
> > for different versions of a resource, e.g. V1 of resource /foo
> will allow
> > user A to modify and read, but V2 of resource /foo will allow user A to
> read
> > read only?
>
> You'd have to ask the ACL-folk that question, but I would sincerely hope
> the answer is 'yes'.
>
> > 2) Would it be possible to have two distinct locks on two different
> > (working) resources?
>
> Yes.  Working resources have distinct server-defined URLs.  They can be
> locked using their URLs just like any other resource.
>
> > Does that make sense at all?
>
> Yep.
>
> Tim
>
>
> _______________________________________________
> acl mailing list
> acl@webdav.org
> http://mailman.webdav.org/mailman/listinfo/acl
>
Received on Wednesday, 13 June 2001 11:42:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 13:57:41 GMT