W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2005

Re: Issue 71, Clarify what servers may and may not do with privileges when BIND is used

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 12 May 2005 21:00:38 +0200
Message-ID: <4283A7D6.6080001@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Elias Sinderson <elias@cse.ucsc.edu>, 'webdav' <w3c-dist-auth@w3.org>

Lisa Dusseault wrote:
> I agree with this.
> But what about conventions about whether resource permissions may be 
> changed when new bindings are created to it?
>  - e.g. I have a share directory
>  --> I add a binding into the share directory, to a file that's in an 
> unshared directory
> MAY the server change the permissions on the target file as a result of 
> a bind operation?  That's what I expect the user might normally want, 
> but it should probably be the responsibility of the client, not the 
> server.  So we should say the server MUST NOT change the permissions?


this issue was discussed and resolved with the text proposed by Geoff in 

The BIND operations do not add anything interesting new to the 
interaction between ACLs and namespace operations. If you feel the 
WebDAV family of specs should restrict what a server may do beyond...:

"Handling of inherited and protected ACEs is intentionally undefined to 
give server implementations flexibility in how they implement ACE 
inheritance and protection." 

then by all means raise this as issue against RFC2518 and/or RFC3744. 
This really has nothing to do with BIND.

Best regards, Julian
Received on Thursday, 12 May 2005 19:00:48 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:32 UTC