W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2003

RE: WebDAV vs FTP, not an easy choice

From: Frank Lowney <frank.lowney@mac.com>
Date: Sun, 29 Jun 2003 12:23:27 -0400
Message-Id: <p0521060abb24ba377f52@[192.168.1.101]>
To: w3c-dist-auth@w3.org

Lisa Dusseault <lisa@xythos.com> comments/asks:

>Hi Frank,
>
>I'll try to answer your questions about WebDAV vs. FTP:
>
>
>>  1) WebDAV cannot be programmatically and securely applied to
>>  individual web sites.  Currently, creating an account on my MacOS X
>>  Server (Apache) programmatically creates web space whose address
>>  takes the form http://myserver.gcsu.edu/~username and
>>  programmatically enables FTP access to that web space using the un/pw
>>  assigned to the account.  This can be done on a large scale with
>>  batch methods.
>
>I'm not sure what you're asking here.  Are you asking from an
>implementor/administrator point of view, whether a server can be implemented
>that supports WebDAV and securely supports individual Web sites?  If that's
>the question, then Sharemation is an existence proof that this can be easily
>done.  The site www.sharemation.com hosts individual web sites for many
>thousands of accounts.  Although there's a Web interface to allow users to
>sign up, after registration users can manage their sites with WebDAV.  Many
>universities are now starting to provide WebDAV-enabled individual sites to
>students with this technology, but instead of allowing free signup as
>Sharemation does, these universities use batch methods to create thousands
>of accounts each semester as new students arrive.  There is no FTP access to
>these accounts because it's no longer needed.

What I hope to do is provide WebDAV-enabled sites to thousands of 
students and hundreds of faculty at our university on a very limited 
budget and without obsoleting investments already made, to wit:

o several XServe units running the latest MacOS X Server software 
(10.2.6) with includes the Apache webserver with mod_dav precompiled. 
See: http://www.apple.com/macosx/server/

o several MacOS X towers running the latest WebSTAR V Server Suite 
(5.3.x).  NOTE: WebSTAR V supports WebDAV with a very elaborate 
security model that is great for many people working on a single web 
site -- the conventional application of WebDAV.  See: 
http://www.webstar.com

I would like to be able to provide individual web site accounts 
programmatically in batched and on-demand formats using a GUI front 
end not unlike what is available to MacOS X Server and WebSTAR V 
Server Admins.

That this is possible is difficult to deny.  I now have several 
existence proofs as follows:

1) Sharemation (see: http://www.sharemation.com)
2) Apple's iDisk (part of dotMac) (see: http://www.mac.com/)
3) WebCT 3.8 and WebCT Vista (see http://www.webct.com)
    NOTE: WebCT Vista uses the BEA WebLogic server.  WebCT is a 
Courseware Management System (CMS) widely used in higher education. 
WebCT Vista has been adopted system-wide in Georgia's University 
System.  Interestingly, I see no mention of this at www.webdav.org in 
the way of an announcement.



>Or are you asking whether WebDAV can be used by a client program to manage a
>Web site remotely and automatically?  Sitecopy and GoLive are client
>programs that do this.
>
>>  2)  WebDAV does not offer disk space quota enforcement and the means
>>  with which to discover one's usage of that disk space and take
>>  corrective action.
>
>A WebDAV server implementation can offer disk space quota enforcement, as
>Apple iDisk and Xythos WFS do.  This must be managed by the administrator of
>course.  It's true that it's difficult to discover one's usage of that disk
>space however there is a HTTP error commonly used when that quota is reached
>("Insufficient Storage").  Furthermore, we're working on an extension to
>WebDAV to provide quota-related properties so that an individual user may
>discover their quota and storage usage.
>
>Are you sure that FTP offers this functionality anyway?  I didn't think that
>was part of the FTP standard.  I would think the user would have to type in
>Unix queries and understand the answer themselves, rather than be able to
>use a GUI client that is capable of parsing the quota information and issue
>warnings.

FTP Servers offer this functionality.  Two examples include Rumpus 
(http://www.maxum.com) and the FTP client bundled with the WebSTAR V 
Server Suite (see http://www.webstar.com).

Clients will report the soft limit and hard limit warning messages 
issued by these FTP servers.

>  > 3) WebDAV does not offer password management (neither does FTP but I
>>  mention it here to complete a basic feature list).
>
>Typically password management is not part of an application protocol -- as
>you point out, it's not part of FTP (nor is it part of IMAP, etc)

 From the client perspective, such functionality is needed in a way 
that **appears** to be integrated with the editing experience is 
desirable.

>Instead, typically password management is an administrative function, which
>means that it can either be done through an administration UI (not through
>the application protocol) or through LDAP.  WebDAV can work with LDAP: e.g.
>an administrator can create LDAP accounts and set passwords, then when users
>try to log into the WebDAV server the WebDAV server queries the LDAP server
>to see if the login should be allowed.  A number of universities are also
>doing this already.  I can provide you with more details if you're
>interested.

Admins need to be able to set pw criteria (# chars, composition, even 
checking pw history in a database) and enforce a pw change schedule. 
On the client side, users need to have the means with which to easily 
comply with these requirements/policies - a pw changing interface. 
Again, we seek only the **appearance** of integration from the 
client's perspective.

>Good questions!
>Lisa Dusseault


-- 
=====================================================================
Dr. Frank Lowney  flowney@mail.gcsu.edu
     Director, Electronic Instructional Services, a unit of the
     Office of Information and Instructional Technology,
     Professional Pages: http://www.gcsu.edu/oiit/eis/
     Personal Pages: http://www.faculty.de.gcsu.edu/~flowney
Voice: (478) 445-5260
=====================================================================
We don't make instruction effective, we make effective instruction 
more accessible.
Received on Sunday, 29 June 2003 12:23:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:04 GMT