Re: WEBDAV Security

> as a "subcomponent."  This is a component of the overall technology
> that should stand on its own.

> An approach that could be taken would be to specify an
> interface standard that would pass authentication data (user, realm,
> etc.) to a component that would be responsible for obtaining
> authorization information, e.g.:
>   1.  Application-layer:  "Is 'user' allowed to do 'x'?"
>   2.  Interface communicates with seperate component, which could
>       be a module which would respond appropriately yet pull its
>       information from whatever means of access control are in
>       place (native OS, Web-server control lists, passwd files, etc.)
>   3.  Underlying component does its thing, reports back to the
>       interface, and the application is told by the interface whether
>       the user is authorized or not.
This is nice.

> If interoperability is the goal, then the focus should be specifying
> an _interface_ rather than yet another ACL methodology.

> If this sort of direction seems to be of interest, I've written
> experimental API's that implement such a concept which could serve as
> as a starting point.  I had previously planned to probe for interest
> in discussing this as its own subject but if the momentum is here,
> I am happy to go with it :)

No reason not to have a look, the API is of primary concern.


(This text composed by voice)

Follow-Ups: References: