W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2008

Re: AW: DAV:principal-URL

From: Geoffrey M Clemm <geoffrey.clemm@us.ibm.com>
Date: Wed, 14 May 2008 15:31:01 -0400
To: Julian Reschke <julian.reschke@gmx.de>
Cc: acl@webdav.org, Konstantin Breu <Konstantin.Breu@gmx.net>, "'WebDAV'" <w3c-dist-auth@w3.org>, w3c-dist-auth-request@w3.org, "'Wilfredo Sánchez Vega'" <wsanchez@wsanchez.net>
Message-ID: <OF517DF972.93266283-ON85257449.006AD20D-85257449.006B35F2@us.ibm.com>
If we believe that it is reasonable to require that the DAV:principal-URL 
be an HTTP URL, then I'm fine with just requiring this in RFC3774bis.
If we don't require that, then I don't think we can require that there be 
a way to "find" that principal, since as you say, if you can find it using 
the information in the DAV:principal-URL, you should have been able to 
format that information as an HTTP URL.

Cheers,
Geoff

w3c-dist-auth-request@w3.org wrote on 05/14/2008 03:16:01 PM:

> 
> Geoffrey M Clemm wrote:
> > 
> > So here's the problem:  The primary purpose of the DAV:principal-URL 
is 
> > to specify the "identity" of a principal (so you can use it to check 
for 
> > equality).  But you might not have an HTTP URI that can be used as the 

> > "identity" (you might need to use some URN URI, for example).  So you 
> > might be forced to use a non-HTTP URL in the DAV:principal-URL 
property.
> 
> Not totally convinced. If you can make a URN work, you can probably make 

> an HTTP URI work as well. Maybe not a pretty one, though. But anyway...
> 
> > So the spec says that there must be an HTTP URL for a principal, but 
it 
> > does not require that the HTTP URL be the one that appears in the 
> > DAV:principal-URL property.
> > 
> > At least that's how I remember it ... I could of course be wrong (it's 

> > been a while :-).
> 
> OK, let's start with the assumption that you are right, usually a safe 
> position :-).
> 
> The spec say that the principal-URL must be used in ACL requests. Does 
> this also mean it will be the one that will be used in the Access 
> Control Properties, such as DAV:acl? I would think so, otherwise 
> roundtripping will be messy...
> 
> If this is the case, the only way to actually get to the HTTP principal 
> URL the spec requires in to use one of the reports, such as 
> DAV:principal-property-search? If yes, I'd argue we probably write down 
> an example showing how to do that, and add that to RFC3744bis...
> 
> BR, Julian
> 
> 
> 
> 
Received on Wednesday, 14 May 2008 19:31:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:16 GMT