W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2004

Re: behavior of dav:inherited-acl-set

From: Eric Sedlar <eric.sedlar@oracle.com>
Date: Wed, 8 Sep 2004 21:35:28 -0700
Message-ID: <01d201c49626$6ed3bb70$d15efea9@us.oracle.com>
To: <w3c-dist-auth@w3.org>
No, if you read the spec carefully, inherited-acl-set only inherits the ACL property, not any other access-control related properties (like inherited-acl-set).  In section 5.7, the text says:

" To have a privilege on a resource, not only must the ACL on that resource (specified in the DAV:acl property of that resource) grant the privilege, but so must the ACL of each resource identified in the DAV:inherited-acl-set property of that resource."
  ----- Original Message ----- 
  From: Ravi Murthy 
  To: w3c-dist-auth@w3.org 
  Sent: Wednesday, September 08, 2004 12:46 PM
  Subject: behavior of dav:inherited-acl-set


  Does the <dav:inherited-acl-set> property apply recursively ? i.e. if a resource R1 specifies R2 as part of its <dav:inherited-acl-set>, then in addition to the ACL on R2 (as specified by DAV:acl property), does the <dav:inherited-acl-set> property of R2 *also* apply in determining the privilege on R1 ? The RFC is not very clear on this point.

  -- Excerpt from RFC 3744
  5.7 DAV:inherited-acl-set
  This protected property contains a set of URLs that identify other resources that also control the access to this resource. To have a privilege on a resource, not only must the ACL on that resource (specified in the DAV:acl property of that resource) grant the privilege, but so must the ACL of each resource identified in the DAV:inherited-acl-set property of that resource. Effectively, the privileges granted by the current ACL are ANDed with the privileges granted by each inherited ACL. 

  -- End Excerpt

  Thanks.

  - Ravi
Received on Thursday, 9 September 2004 04:36:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:06 GMT