W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 1998

Re: Additional WebDAV Requirements?

From: Jeffrey E. Sussna <kuanjes@beaver.slip.net>
Date: Fri, 31 Jul 1998 11:22:15 -0700
Message-ID: <007001bdbcb0$2606fca0$f2c4abcf@kuantech1.slip.net>
To: "John Stracke" <francis@netscape.com>
Cc: <w3c-dist-auth@w3.org>

-----Original Message-----
From: John Stracke <francis@netscape.com>
To: Jeffrey E. Sussna <jes@kuantech.com>
Cc: w3c-dist-auth@w3.org <w3c-dist-auth@w3.org>
Date: Friday, July 31, 1998 9:45 AM
Subject: Re: Additional WebDAV Requirements?


>I think these two approaches are mutually exclusive.  Until/unless DAV
defines
>some way to reference a property by URI, a property cannot itself have
>properties.  So, if ACLs are properties, properties can't have ACLs.


Perhaps I wasn't sufficiently clear. Under the covers the server would have
to know about and treat ACL's as special things. LDAP functions the same
way. For example, it knows how to map the groupdn attribute to a particular
query on an instance of a particular objectclass. All I really meant was
that ACL's could be represented to external clients as properties (perhaps
"pseudo-property" is a better term). Doing so would make it natural for
clients to access ACL's, and for servers to apply access control to ACL
queries. In other words, when I ask to see the acl for a given object, the
server can use the same mechanism to determine whether I'm allowed to see it
that it would for any other property of that object. Again, this assumes
that ACL's can apply to properties. I think they should.

Jeff
Received on Friday, 31 July 1998 14:24:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:47 GMT