- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Fri, 11 Jan 2002 09:14:02 +0100
- To: "Clemm, Geoff" <gclemm@rational.com>, <w3c-dist-auth@w3c.org>
> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Clemm, Geoff
> From: Daniel Brotsky [mailto:dbrotsky@adobe.com]
> [...]
>
> 2. There's some well-known specification of "principal" in the
> sense of "authenticated user ID whose authorization is being used
> for the current request." Probably this is a string of some kind,
> and probably there are localization issues so we will want this
> string to be in a known encoding (e.g., UTF-8) or else all
> mechanisms that return this string must be able to return the
> encoding.
>
> In general, the user will not map 1-1 with a "principal", but rather
> a user will "match" one or more principals. Therefore I do not see
> that it is feasible or desireable to try to identify a particular
> principal for the current user.
I do not fully understand. There is always a principal for a request
(and be it {DAV:}anonymous), so it would be easy for a server to keep
this information with an active lock.
When there is a ACL privilege {DAV:}can-unlock and this is granted
to a particular principal on the locked resource, the usualy ACL
matching of principals would apply.
So, I do not see the problem with reporting a locking-principal
as part of an active lock. What am I missing? Servers without ACL?
//Stefan
Received on Friday, 11 January 2002 03:14:42 UTC