W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Last Call: Access Control Protocol

From: Jim Whitehead <ejw@cse.ucsc.edu>
Date: Mon, 12 Nov 2001 10:26:33 -0800
To: "WebDAV" <w3c-dist-auth@w3.org>
Message-ID: <AMEPKEBLDJJCCDEJHAMIKEGEDLAA.ejw@cse.ucsc.edu>
>  2) This protocol has departed from the Web interface of access
>     control being set on a per-method basis.  The effect of this
>     change is that access control will now have to be governed
>     by both the Web server and whatever handler within the Web
>     server is interpreting WebDAV methods, resulting in a
>     pointless duplication of code (and effort, if the resource
>     requires both forms be active).  Eventually, someone will have to
>     define an HTTP access control protocol.

In a file-based Apache installation, reading a particular resource requires
that GET is enabled, and that read permissions are set on a specific file.
So, in stock Apache, the read operation is governed by both the "Web server"
and the code interpreting the GET method. The DAV ACL protocol is the same.

Our goal was to create an access control protocol for remote collaborative
authoring of Web resources, not a remote Web server configuration protocol.
There was room for consensus on the former, not on the latter.

>  3) The protocol does not differentiate between writing to a
>     resource (PUT) and appending to a resource (POST), and
>     thus cannot be used to control shared access for things
>     like guest-books, log files, or collection-like bulletin
>     board resources.

If you can identify a single DAV client that uses POST to append to a
resource, I might consider this a valid case that should be accommodated by
the protocol.

At present, POST is almost exclusively used for forms submission and
HTTP-tunneled RPCs of various types.  We felt that each individual use of
POST (i.e., each RPC scheme) would require one or more privileges to be
defined for them. We didn't want to guess, a priori, as to which privileges
they might need.

- Jim
Received on Monday, 12 November 2001 13:26:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:59 GMT