W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

RE: WEBDAV Security

From: Henry Sanders (Exchange) <henrysa@EXCHANGE.MICROSOFT.com>
Date: Wed, 16 Apr 1997 09:24:04 -0700
Message-ID: <7D9A01DBBFD5CF11AD0F0000F8411F8A55E1B1@ROADKILL>
To: Yaron Goland <yarong@microsoft.com>, "'Larry Masinter'" <masinter@parc.xerox.com>
Cc: "'Steve Carter'" <SRCarter@novell.com>, w3c-dist-auth@w3.org, slein@wrc.xerox.com 
Larry Masinter writes:

> Nice try, but... Distributed Authoring has different security
> requirements
> than Document Access. A DAV server must accept data and then express
> the client's requested authorization policy in how the future web
> server authorizes requests. This is a greater requirement than has
> been addressed by HTTP security. 
> 
> 
There's a fine line between 'authoring a document' and 'managing a
server'. DAV necessarily crosses that line somewhat, but it's not
obvious to me that setting authorization policy on a document isn't too
far to the 'managing a server' side. A client might also like to be able
to set various cache control policies on a document that it authored,
but (so far at least) that hasn't been considered to be part of DAV. How
are these cases so different? I guess the real question is "How much
server management should DAV take on?" My gut answer is "As little as
possible", but maybe that's too naive.

Henry
Received on Wednesday, 16 April 1997 12:24:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:42 GMT