- From: Clemm, Geoff <gclemm@rational.com>
- Date: Tue, 15 Jan 2002 10:43:40 -0500
- To: w3c-dist-auth@w3c.org
Developing a standard format for the DAV:owner field would be fine with me. This addresses the client/client interoperability problem without introducing the overhead and security hole that capturing and displaying a "principal" introduces. The ability to submit "bogus" information is a security feature, not a bug. Cheers, Geoff -----Original Message----- From: Julian Reschke [mailto:julian.reschke@gmx.de] > From: w3c-dist-auth-request@w3.org > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Lisa Dusseault > Sent: Monday, January 14, 2002 8:26 PM > To: Clemm, Geoff; w3c-dist-auth@w3c.org > Subject: RE: HOW_TO_IDENTIFY_LOCK_OWNER > > ... > > No, this info is not necessarily available in the DAV:owner > field. Because > the client can submit this field, the client can submit bogus information, > and it's not necessarily possible for the server to decide if the > information is bogus. Furthermore, there is no standard format for this information, but this would be needed for a interoperability.
Received on Tuesday, 15 January 2002 10:44:44 UTC