W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2006

Re: [Bug 226] if matching and non-existant resources

From: Elias Sinderson <elias@soe.ucsc.edu>
Date: Tue, 31 Jan 2006 23:10:18 -0800
Message-ID: <43E05EDA.9050600@cse.ucsc.edu>
To: w3c-dist-auth@w3.org

bugzilla@soe.ucsc.edu wrote:

>http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=226
>------- Additional Comments From geoffrey.clemm@us.ibm.com  2006-01-30 07:34 -------
>  
>
>>Given an unmapped URL "/x", will the condition in
>>  If: </x> (Not <DAV:foobar>)
>>evaluate to true or false?
>>    
>>
>Since "If: </x> <DAV:foobar>" would evaluate to "false", unless we adjust the 
>definition of NOT, this has to evaluate to "true".
>  
>
Agreed.

>>To complicate things, what's the situation for a URL that is mapped, but for
>>which the authenticated principal lacks access rights?
>>    
>>
>As above, it would just be the opposite of what "If: </x> <DAV:foobar>" would 
>evaluate to.  But there remains the question of what "If: </x> <DAV:foobar>" 
>would evaluate to.  The guiding priciple here is probably avoiding exposing 
>information to unauthorized users.  So an inability to see the object should 
>probably be treated the same as the object not existing, so NOT would 
>return "true".
>
I also agree with the above -- especially wrt the security implications 
therein.

Is it worth mentioning this somewhere in bis?


Best,
Elias
Received on Wednesday, 1 February 2006 07:10:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:13 GMT