W3C home > Mailing lists > Public > ietf-dav-versioning@w3.org > April to June 2001

RE: [ACL] RE: lock and access control lists on (working) versions

From: Eric Sedlar <Eric.Sedlar@oracle.com>
Date: Wed, 13 Jun 2001 09:08:17 -0700
To: <ietf-dav-versioning@w3.org>
Cc: <acl@webdav.org>
Message-ID: <NDBBLFOFMCKOOMBDHDBKGEOICBAA.Eric.Sedlar@oracle.com>
When is a resource frozen?  Can you translate that into DeltaV terms?


> -----Original Message-----
> From: ietf-dav-versioning-request@w3.org
> [mailto:ietf-dav-versioning-request@w3.org]On Behalf Of Yaron Goland
> Sent: Tuesday, June 12, 2001 2:30 PM
> To: Clemm, Geoff; ietf-dav-versioning@w3.org
> Cc: acl@webdav.org
> Subject: RE: [ACL] RE: lock and access control lists on (working)
> versions
>
>
> When I version a resource I will also likely want to version the access
> control list it had when I 'froze' it. This is very important for things
> like security checks. Imagine that an employee who was fired a year ago
> turned out to be a corporate spy, you are going to want to check what
> resources he had access to back then. This means that a version
> really needs
> two sets of ACLs. One if the ACL list it had when it was frozen. The other
> is the ACL list it currently uses to decide who gets to see the version.
>
> > -----Original Message-----
> > From: acl-admin@webdav.org [mailto:acl-admin@webdav.org]On Behalf Of
> > Clemm, Geoff
> > Sent: Saturday, May 26, 2001 8:27 AM
> > To: ietf-dav-versioning@w3.org
> > Cc: acl@webdav.org
> > Subject: [ACL] RE: lock and access control lists on (working) versions
> >
> >
> > As Tim surmised, the answer to (1) is in fact "yes".
> > Each version is a separate resource, and each resource
> > can have its own distinct access control list.
> >
> > Cheers,
> > Geoff
> >
> > -----Original Message-----
> > From: Tim_Ellison@uk.ibm.com [mailto:Tim_Ellison@uk.ibm.com]
> > Sent: Wednesday, May 16, 2001 5:42 AM
> > To: ietf-dav-versioning@w3.org
> > Cc: acl@webdav.org
> > Subject: Re: lock and access control lists on (working) versions
> >
> >
> >
> >
> > "Pill, Juergen" <Juergen.Pill@softwareag.com>
> > > Hello,
> > >
> > > 1) Would it be possible with DETA-V to have different access
> > control list
> > > for different versions of a resource, e.g. V1 of resource /foo
> > will allow
> > > user A to modify and read, but V2 of resource /foo will allow
> user A to
> > read
> > > read only?
> >
> > You'd have to ask the ACL-folk that question, but I would sincerely hope
> > the answer is 'yes'.
> >
> > > 2) Would it be possible to have two distinct locks on two different
> > > (working) resources?
> >
> > Yes.  Working resources have distinct server-defined URLs.  They can be
> > locked using their URLs just like any other resource.
> >
> > > Does that make sense at all?
> >
> > Yep.
> >
> > Tim
> >
> >
> > _______________________________________________
> > acl mailing list
> > acl@webdav.org
> > http://mailman.webdav.org/mailman/listinfo/acl
> >
>
>
>
>
Received on Wednesday, 13 June 2001 12:17:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 13:57:41 GMT