- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 31 Jan 2007 19:55:08 +0100
- To: Cyrus Daboo <cyrus@daboo.name>
- CC: WebDAV <w3c-dist-auth@w3.org>, "'acl@webdav.org'" <acl@webdav.org>
Hi Cyrus, (ccing the ACL mailing list). Cyrus Daboo schrieb: > > Hi, > What is the right way on a WebDAV server supporting ACL for a client to > determine the principal resource for the currently authenticated user? As far as I can recall, in general there simply isn't a single principal resource. > Right now the only technique I know of is to do: > > 1) PROPFIND on a resource to get DAV:principal-collection-set > 2) Iterate over each DAV:href in the set and do a DAV:principal-match > report for DAV:self. Yep. > The problem with that is that it not only returns the current user's > principal, but any group principal that one is a member of. So how would > you know from those which was the actual user principal? i.e. this > approach is not 100% reliable. Well, you can easily filter out groups, but in the end you may still end up with more than one resource. > If there really isn't a way to reliably do this now, I would propose the > following: define a new DAV:self-principal-resource (or just DAV:self) > property that is available on any resource supporting ACL and which > contains a single DAV:href pointing to the principal resource for the > currently authorized user (or is empty if anonymous). I think the spec would have defined exactly that would there have been a consensus that this kind of definition always is meaningful. > Note that in CalDAV it is important for a client to know the principal > resource, as there are properties on the principal resource that are > required to find a users calendars, inbox, outbox etc Best regards, Julian
Received on Wednesday, 31 January 2007 18:55:22 UTC