W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

Re: WEBDAV Security

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 15 Apr 1997 23:07:28 PDT
Message-ID: <33546CA0.3F15@parc.xerox.com>
To: Yaron Goland <yarong@microsoft.com>
CC: "'Steve Carter'" <SRCarter@novell.com>, w3c-dist-auth@w3.org, slein@wrc.xerox.com
Yaron Goland wrote:
> 
> DAV is an HTTP protocol and thus is able to take full advantage of all
> generic HTTP ACL and Security work. I would recommend that the
> requirements only identify Security in general and ACLs in particular,
> as areas of concern, and then explain that they are out of scope for DAV
> because they touch on areas beyond DAV's limited authoring/versioning
> scope.
> 
> Lets not fall into the trap of trying to solve the world's problems.
> ACLs and security are best left to groups who are grabbling with just
> those issues.
> 
>                 Yaron

Nice try, but... Distributed Authoring has different security
requirements
than Document Access. A DAV server must accept data and then express
the client's requested authorization policy in how the future web
server authorizes requests. This is a greater requirement than has
been addressed by HTTP security. 

I agree you should try to limit the scope of what you handle to
be "the minimum needed to build interoperable clients", but I believe
taht the minimum exceeds what has been done so far for DAV-less HTTP.

Regards,

Larry
Received on Wednesday, 16 April 1997 02:08:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:42 GMT