W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2002


From: <gclemm@rational.com>
Date: Sun, 27 Jan 2002 09:38:49 -0500
Message-ID: <3906C56A7BD1F54593344C05BD1374B105A31904@SUS-MA1IT01>
To: w3c-dist-auth@w3c.org
Yes.  A server must be able to check if the current user
"matches" a given principal URL, but this could be one of
many principal URL's (from the same or different domains)
that the current user matches, and
there is no interoperable way for the client to ask the server 
"what principal am I", and then try to match that principal
against the one stored with the lock.


-----Original Message-----
From: Jason Crawford [mailto:ccjason@us.ibm.com]
Sent: Saturday, January 26, 2002 11:00 AM
To: Clemm, Geoff
Cc: w3c-dist-auth@w3c.org

The ACL spec does not associate a principal URL with an authenticated
user, and therefore a principal URL is not in general available.
Geoff, could you explain what this sentence means?  Are you saying a server
can't necessarily map an authenticated user to a principal URL.  But it can
(and actually must be able to) check if a *given* principal URL includes a
given authenticated user?

Please elaborate.


Phone: 914-784-7569,   ccjason@us.ibm.com
Received on Sunday, 27 January 2002 09:39:53 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:24 UTC