W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2006

Re: [Bug 226] if matching and non-existant resources

From: Elias Sinderson <elias@soe.ucsc.edu>
Date: Tue, 31 Jan 2006 23:10:18 -0800
Message-ID: <43E05EDA.9050600@cse.ucsc.edu>
To: w3c-dist-auth@w3.org

bugzilla@soe.ucsc.edu wrote:

>------- Additional Comments From geoffrey.clemm@us.ibm.com  2006-01-30 07:34 -------
>>Given an unmapped URL "/x", will the condition in
>>  If: </x> (Not <DAV:foobar>)
>>evaluate to true or false?
>Since "If: </x> <DAV:foobar>" would evaluate to "false", unless we adjust the 
>definition of NOT, this has to evaluate to "true".

>>To complicate things, what's the situation for a URL that is mapped, but for
>>which the authenticated principal lacks access rights?
>As above, it would just be the opposite of what "If: </x> <DAV:foobar>" would 
>evaluate to.  But there remains the question of what "If: </x> <DAV:foobar>" 
>would evaluate to.  The guiding priciple here is probably avoiding exposing 
>information to unauthorized users.  So an inability to see the object should 
>probably be treated the same as the object not existing, so NOT would 
>return "true".
I also agree with the above -- especially wrt the security implications 

Is it worth mentioning this somewhere in bis?

Received on Wednesday, 1 February 2006 07:10:32 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:35 UTC