W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2005

Bind and permissions

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Mon, 04 Jul 2005 21:22:54 -0700
To: "Webdav WG" <w3c-dist-auth@w3c.org>
Message-ID: <op.stfaggf5eochem@lisa.local>

This message attempts to explain my concern about the interaction of
ACLs and bind. The basic question I have is this: if you have a
resource with two bindings can different access control behavior
be applied depending on which URL the resource is accessed through?

It seems to me that there are three possible answers here:

(1) No.
(2) Yes.
(3) It's locally defined.

Others may feel differently, but my view based is that the current
language in 2518, 3744, and draft-ietf-webdav-bind-11 doesn't
provide a definitive answer, but that it's important that
we do so. Furthermore, I would argue that the right answer is
"No".

A related question is if you think the answer is "No", then what
is the access control status of a resource that is bound into a
collection with different ACL settings (incl. inheritance) than
the collection the resource is already in.

However, before making an extended argument on that point,
I'd like to get a sense of what people feel the current state
of affairs is.

Lisa
Received on Tuesday, 5 July 2005 04:23:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:09 GMT