W3C home > Mailing lists > Public > ietf-dav-versioning@w3.org > April to June 2001

RE: [ACL] RE: lock and access control lists on (working) versions

From: Clemm, Geoff <gclemm@rational.com>
Date: Wed, 13 Jun 2001 12:47:15 -0400
Message-ID: <3906C56A7BD1F54593344C05BD1374B1018E246C@SUS-MA1IT01>
To: ietf-dav-versioning@w3.org
Cc: acl@webdav.org
"frozen" == "checked in".

-----Original Message-----
From: Eric Sedlar [mailto:Eric.Sedlar@oracle.com]

When is a resource frozen?  Can you translate that into DeltaV terms?


> -----Original Message-----
> From: ietf-dav-versioning-request@w3.org
> [mailto:ietf-dav-versioning-request@w3.org]On Behalf Of Yaron Goland
>
> When I version a resource I will also likely want to version the access
> control list it had when I 'froze' it. This is very important for things
> like security checks. Imagine that an employee who was fired a year ago
> turned out to be a corporate spy, you are going to want to check what
> resources he had access to back then. This means that a version
> really needs
> two sets of ACLs. One if the ACL list it had when it was frozen. The other
> is the ACL list it currently uses to decide who gets to see the version.
>
> > -----Original Message-----
> > From: acl-admin@webdav.org [mailto:acl-admin@webdav.org]On Behalf Of
> > Clemm, Geoff
> >
> > As Tim surmised, the answer to (1) is in fact "yes".
> > Each version is a separate resource, and each resource
> > can have its own distinct access control list.
> >
> > Cheers,
> > Geoff
> >
> > -----Original Message-----
> > From: Tim_Ellison@uk.ibm.com [mailto:Tim_Ellison@uk.ibm.com]
> >
> > "Pill, Juergen" <Juergen.Pill@softwareag.com>
> > > Hello,
> > >
> > > 1) Would it be possible with DETA-V to have different access
> > control list
> > > for different versions of a resource, e.g. V1 of resource /foo
> > will allow
> > > user A to modify and read, but V2 of resource /foo will allow
> user A to
> > read
> > > read only?
> >
> > You'd have to ask the ACL-folk that question, but I would sincerely hope
> > the answer is 'yes'.
> >
> > > 2) Would it be possible to have two distinct locks on two different
> > > (working) resources?
> >
> > Yes.  Working resources have distinct server-defined URLs.  They can be
> > locked using their URLs just like any other resource.
> >
Received on Wednesday, 13 June 2001 12:41:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 13:57:41 GMT