- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 01 Jul 2006 10:13:27 +0200
- To: Tim Olsen <tolsen718@gmail.com>
- CC: w3c-dist-auth@w3.org
Tim Olsen schrieb: > > Section 8.1.1 > (http://greenbytes.de/tech/webdav/rfc3744.html#acl.preconditions) > of RFC 3744 specifies that deny-before-grant is a requirement. It > does not follow this with a condition stating that it only applies if > the constraint is set, as is done for grant-only and no-invert. > > Is this omission of a condition under which this preconditon holds > intentional? Is deny-before-grant a requirement? I don't think it is, that is, I think you have found a bug in the spec. So I would propose to change the description to: "(DAV:deny-before-grant): All non-inherited deny ACEs MUST precede all non-inherited grant ACEs. This precondition applies only when the ACL restrictions of the resource include the DAV:deny-before-grant constraint (defined in Section 5.6.3)." (Geoff, please confirm :-)) Best regards, Julian
Received on Saturday, 1 July 2006 08:13:48 UTC