W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2003

RE: ACL and lockdiscovery

From: Eric Sedlar <eric.sedlar@oracle.com>
Date: Wed, 17 Sep 2003 11:16:33 -0700
Message-Id: <200309171816.h8HIGr214383@rgmgw6.us.oracle.com>
To: "'Horst Liermann'" <horst.liermann@ixos.de>, <w3c-dist-auth@w3.org>

The ACL spec hasn't defined a privilege specifically to control read access
to the lockdiscovery property, or even a privilege to control access to all
the privileges in total.  An individual server implementation could provide
such a privilege and aggregate it under <dav:read>, but this isn't required.

--Eric

> -----Original Message-----
> From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-request@w3.org]
> On Behalf Of Horst Liermann
> Sent: Wednesday, September 17, 2003 10:08 AM
> To: 'w3c-dist-auth@w3.org'
> 
> 
> Hi all,
> 
> some questions about lockdiscovery and ACL's
> 
> Suppose, you have a server with WebDAV ( including lock) and it support's
> ACL. What is the behavior for lockdiscovery, can I see all lock token or
> am
> I only allowed to see the tokens where I am the owner of the lock ? As far
> as I understand, lockdiscovery reports all locks. Is this a security leak
> ?
> 
> Best Regards
>    Horst
Received on Wednesday, 17 September 2003 14:17:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:04 GMT