- From: Clemm, Geoff <gclemm@rational.com>
- Date: Fri, 11 Jan 2002 09:40:43 -0500
- To: w3c-dist-auth@w3c.org
From: Stefan Eissing [mailto:stefan.eissing@greenbytes.de]
...scanning acl spec...done.
I see what you mean. There could be an ACL server which just has
"group" principals and no principals with one-one relation to users
(well it could even skip user credentials and just have credentials
matching groups).
As for identifying the owner of a lock this means one of the following:
a) the server has a "primary" principal and could report it as lock
owner.
It may nevertheless choose not to do so, due to confidentiality
reasons.
b) the server has no such thing and thus cannot report who owns a lock.
It only can tell if your credentials are sufficient to lock/unlock
a resource.
That leaves possible lock-owner information up to the client. Either it
provides something meaningful to others (e.g. mailto:) or it is silent.
Would that be a feasible way forward?
Yes, I believe there is agreement that the current DAV:owner field
in the DAV:lockinfo should be used for this purpose (and is client
defined).
If you add the definition of appropriate privileges (e.g. DAV:can-lock
and DAV:can-unlock), then I believe we have all we need, while
supporting servers that fall into those cases you describe above
(i.e. do not want to repot principals for confidentiality reasons,
or have no such principal to report).
Cheers,
Geoff
Received on Friday, 11 January 2002 09:44:15 UTC