W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2002


From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Fri, 11 Jan 2002 09:14:02 +0100
To: "Clemm, Geoff" <gclemm@rational.com>, <w3c-dist-auth@w3c.org>
Message-ID: <NDBBKJABLJNMLJELONBKIEPIDCAA.stefan.eissing@greenbytes.de>
> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Clemm, Geoff
>    From: Daniel Brotsky [mailto:dbrotsky@adobe.com]
> [...]
>    2. There's some well-known specification of "principal" in the
>    sense of "authenticated user ID whose authorization is being used
>    for the current request."  Probably this is a string of some kind,
>    and probably there are localization issues so we will want this
>    string to be in a known encoding (e.g., UTF-8) or else all
>    mechanisms that return this string must be able to return the
>    encoding.
> In general, the user will not map 1-1 with a "principal", but rather
> a user will "match" one or more principals.  Therefore I do not see
> that it is feasible or desireable to try to identify a particular
> principal for the current user.

I do not fully understand. There is always a principal for a request
(and be it {DAV:}anonymous), so it would be easy for a server to keep
this information with an active lock.

When there is a ACL privilege {DAV:}can-unlock and this is granted
to a particular principal on the locked resource, the usualy ACL
matching of principals would apply.

So, I do not see the problem with reporting a locking-principal
as part of an active lock. What am I missing? Servers without ACL?

Received on Friday, 11 January 2002 03:14:42 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:24 UTC