W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2005

Re: Issue 71, Clarify what servers may and may not do with privileges when BIND is used

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 12 May 2005 21:00:38 +0200
Message-ID: <4283A7D6.6080001@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Elias Sinderson <elias@cse.ucsc.edu>, 'webdav' <w3c-dist-auth@w3.org>

Lisa Dusseault wrote:
> 
> I agree with this.
> 
> But what about conventions about whether resource permissions may be 
> changed when new bindings are created to it?
>  - e.g. I have a share directory
>  --> I add a binding into the share directory, to a file that's in an 
> unshared directory
> 
> MAY the server change the permissions on the target file as a result of 
> a bind operation?  That's what I expect the user might normally want, 
> but it should probably be the responsibility of the client, not the 
> server.  So we should say the server MUST NOT change the permissions?

Lisa,

this issue was discussed and resolved with the text proposed by Geoff in 
<http://lists.w3.org/Archives/Public/w3c-dist-auth/2005JanMar/0166.html>.

The BIND operations do not add anything interesting new to the 
interaction between ACLs and namespace operations. If you feel the 
WebDAV family of specs should restrict what a server may do beyond...:

"Handling of inherited and protected ACEs is intentionally undefined to 
give server implementations flexibility in how they implement ACE 
inheritance and protection." 
(<http://greenbytes.de/tech/webdav/rfc3744.html#rfc.section.7.3>)

then by all means raise this as issue against RFC2518 and/or RFC3744. 
This really has nothing to do with BIND.

Best regards, Julian
Received on Thursday, 12 May 2005 19:00:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:08 GMT