Issue with non-aggregate abstract privileges and DAV:current-user-privilege-set from Bernard Desruisseaux on 2009-05-15 (w3c-dist-auth@w3.org from April to June 2009)

From: Bernard Desruisseaux <bernard.desruisseaux@oracle.com>
Date: Fri, 15 May 2009 09:41:12 -0400
To: acl@webdav.org
CC: w3c-dist-auth@w3.org
Message-ID: <4A0D70F8.6080201@oracle.com>

In section 3 Privileges of RFC3744 
<http://tools.ietf.org/html/rfc3744#section-3> it says:

    Aggregate and non-aggregate privileges are both capable of being
    abstract.

but in section 5.4 DAV:current-user-privilege-set of RFC3744 
<http://tools.ietf.org/html/rfc3744#section-5.4> it says:

    Therefore, each element in the DAV:current-user-privilege-set
    property MUST identify a non-abstract privilege from the
    DAV:supported-privilege-set property.

In a discussion amongst CalDAV implementors, it was brought up that the 
above requirement would be problematic for implementations that supports 
non-aggregate "abstract" privileges.

That is, an implementation that allows such a privilege to be set 
individually on a resource (either by default or through a proprietary 
mechanism) would not be allowed to report this privilege in the 
DAV:current-user-privilege-set property.

Cheers,
Bernard

Received on Friday, 15 May 2009 13:42:52 UTC