W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2005

Re: Bind and permissions

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 05 Jul 2005 19:24:20 +0200
Message-ID: <42CAC244.3060408@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Webdav WG <w3c-dist-auth@w3c.org>

Lisa Dusseault wrote:
> 
> My bad -- I don't know how I forgot that section 9 on relationship to 
> ACL  had been added to the Bind spec.  That did make things a lot better.
> 
> I'm still concerned that the combination of ACL and BIND can't be  
> implemented interoperably, but I'm starting to agree with Julian that 
> the  problem is in the ACL spec rather than the BIND spec.

I didn't say that there is a problem with the ACL spec. What the ACL 
spec says about namespace operations probably is the consensus of the 
WebDAV working group back then; so if it makes a special statement about 
namespace operations, it makes that on purpose.

> Are implementors agreed that when a resource is bound into a new  
> collection, that no new ACL initialization can be done?  So if I bind a  
> resource into a collection that I share with Jim, and this sharing is  
> handled by initialization, the server MUST NOT alter the ACL such that 
> the  resource is now readable by Jim?

I think that would be a contradiction to what the combination of the 
specs currently say. Why would BIND have different constraints than MOVE?

Best regards, Julian
Received on Tuesday, 5 July 2005 17:24:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:09 GMT