W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2007

Re: Find my principal resource

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 31 Jan 2007 19:55:08 +0100
Message-ID: <45C0E60C.4080301@gmx.de>
To: Cyrus Daboo <cyrus@daboo.name>
CC: WebDAV <w3c-dist-auth@w3.org>, "'acl@webdav.org'" <acl@webdav.org>

Hi Cyrus,

(ccing the ACL mailing list).

Cyrus Daboo schrieb:
> 
> Hi,
> What is the right way on a WebDAV server supporting ACL for a client to 
> determine the principal resource for the currently authenticated user?

As far as I can recall, in general there simply isn't a single principal 
resource.

> Right now the only technique I know of is to do:
> 
> 1) PROPFIND on a resource to get DAV:principal-collection-set
> 2) Iterate over each DAV:href in the set and do a DAV:principal-match 
> report for DAV:self.

Yep.

> The problem with that is that it not only returns the current user's 
> principal, but any group principal that one is a member of. So how would 
> you know from those which was the actual user principal? i.e. this 
> approach is not 100% reliable.

Well, you can easily filter out groups, but in the end you may still end 
up with more than one resource.

> If there really isn't a way to reliably do this now, I would propose the 
> following: define a new DAV:self-principal-resource (or just DAV:self) 
> property that is available on any resource supporting ACL and which 
> contains a single DAV:href pointing to the principal resource for the 
> currently authorized user (or is empty if anonymous).

I think the spec would have defined exactly that would there have been a 
consensus that this kind of definition always is meaningful.

> Note that in CalDAV it is important for a client to know the principal 
> resource, as there are properties on the principal resource that are 
> required to find a users calendars, inbox, outbox etc

Best regards, Julian
Received on Wednesday, 31 January 2007 18:55:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:15 GMT