W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

RE: WEBDAV Security

From: Henry Sanders (Exchange) <henrysa@EXCHANGE.MICROSOFT.com>
Date: Thu, 17 Apr 1997 11:13:39 -0700
Message-ID: <7D9A01DBBFD5CF11AD0F0000F8411F8A55E1C2@ROADKILL>
To: "'Larry Masinter'" <masinter@parc.xerox.com>
Cc: Yaron Goland <yarong@microsoft.com>, "'Steve Carter'" <SRCarter@novell.com>, w3c-dist-auth@w3.org, slein@wrc.xerox.com
Larry Masinter writes:

> Well, just to calibrate:
> 
>   I think from a user point of view, being able to say
> "this is public" or "this is private" for a new document
> the user has stored is far more important for DAV than
> being able to do "MOVE" or "COPY".
> 
> Do you agree?
> 
> 
A good question. At the risk of sounding evasive, I'd have to say "It
depends". There are several scenarios I'm concerned about where the user
will probably never want explicitly to alter access permissions on a
document. For example, there are small departmental web servers where
everything is always public to people in the department. Or there are
situations where you have a private directory on a server, accessible
only to you, where you author documents. When the document is finished
you COPY it to a public area. In these scenarios MOVE and COPY are more
important than the ability to specify public/private. 

On the other hand, I agree that there are scenarios where the ability to
specify public/private is really important. There are also scenarios
where the ability to specify cache-control information is more important
than either security or MOVE/COPY. And there are also situations where
it's crucial that the user be able to say "Return this document if the
requester supports frames, return this document if it doesn't."  To me
all of these situations are just variants on managing and administering
a web server. That's why I'm reluctant to address security - I'm afraid
it's the first step down a slippery slope. 

Henry
Received on Thursday, 17 April 1997 14:13:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:42 GMT