W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 1997

policy & protocol

From: Larry Masinter <masinter@parc.xerox.com>
Date: Tue, 11 Feb 1997 19:26:28 PST
Message-ID: <33013864.4EAA@parc.xerox.com>
To: w3c-dist-auth@w3.org
This relates to the discussion on locking but more generally
on a suite of issues we're struggling with. I think I said
this once but I don't think I typed it yet.

Short terminology (not definitions, just 'please keep them
separate')

server:  Where the docs are.
client:  The software that talks to the server.
user:    The person running the client.
customer: Whoever bought the server & clients.
policy:   What the customer wants the server to enforce.

The problem is that servers embody policies, e.g.:
- Documents must be locked before they can be edited.
- An update of a document must include certain meta-data
       that says why the document was edited.
 
The _customer_ wants the _server_ to enforce the _policy_ on the
_user_, but we would like this to be possible without the _client_
having to know about all possible policies.

Whether locking is required is a policy. Should a careful
client have to know about all possible locking policies?
The policy might be enforced per-document or per-server
area, so policy is not easily determinable in advance, anyway.

If we identify the edit life-cycle of documents, we should
allow the server to ask the client to ask the user for information
that the server's policy might require at each point in the
life cycle.

Since this is WEBDAV and not just DAV, we could define
that interaction as "the server gives the client a form that the
user is expected to fill in", since the web includes forms.

Larry
Received on Wednesday, 12 February 1997 10:14:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:42 GMT