- From: Elias Sinderson <elias@cse.ucsc.edu>
- Date: Tue, 26 Apr 2005 14:21:35 -0700
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: 'webdav' <w3c-dist-auth@w3.org>
Julian Reschke wrote: > [...] most of the open Bugzilla issues should have been closed [...] 71, Clarify what servers may and may not do with privileges when BIND is used As ACLs are defined on resources, not bindings, I don't see how the spec can say much that hasn't already been said. There are, however, potential issues with bindings across different security domains. If anything, I would advocate a restrictive approach to permissions. That is, permissions on bindings SHOULD default to those of the resource where possible, but MAY be restricted when bindings are made across namespaces with different permissions. Permissions MUST NOT be granted or extended in the above scenario. As I see it, this is the prudent thing to do in this situation. The only other option would be to forbid bindings across security domains that cannot maintain the existing permissions exactly as they are on the resource (if, for example, a given principledid not exist and could not be created). Comments? Best, Elias
Received on Tuesday, 26 April 2005 21:21:43 UTC