Re: Access Control Draft
Jon Radoff wrote:
>I've volunteered and Jim has accepted me as document editor for
>the access control issue. I am currently working on a "Requirements"
>draft which will serve as the direction for a later Draft
>Specification for access control.
I'd like to thank Jon for taking the lead for coordinating work on access
control within WebDAV, and for starting a dialog on this topic.
>Fisher Mark wrote:
>> 1) Authentication -- are you who you say you are?
>> 2) Access Control -- are you allowed to perform this operation in this
>> 3) Auditing -- just what was it that you did?
>> 4) Encryption -- Is your data protected from prying eyes?
>I would agree that 3 and 4 are out of scope. Defining #1 is
>also out of scope, because there are many others working on that
>components. Our role here should be to determine which #1
>we are going to support.
>The purpose of the Access Control document will be concerned
>principally with #2.
I agree with both the slicing of the topic into the above four areas and
the assertion by Jon that we are primarily concerned with how to support
various authentication schemes (#1), and how to specify Web access control
(#2), but not #3 and #4.
I'd like to throw out for discussion a "minimalist" view of access control.
My hypothesis is the only access control necessary in the client-server
WebDAV protocol is a method which temporarily changes the access rights of
a resource such that only (write) lock holders may read the resource, and
another message which reverts the access rights back to their original form
once editing is complete (or perhaps this happens automatically once all
locks are released). This limited access control provides document privacy
during editing, so authors are assured that others will not be reading
their preliminary work.
If more sophisticated access control is needed, this can be accomplished by
using server-specific forms to modify the access rights according to the
server's specific access control scheme. I'm not convinced that
interoperability is needed for more complicated access control.
Advantages: it's very simple, most likely would be consistent with any
future access control standard, and seems to handle the most compelling
case for why there needs to be *interoperable* client-server access
control. There are many reasons for why it is desirable to have Web access
control capability, but it is a different argument to say that Web access
control must be achievable via some interoperability scheme, be it a
protocol or an API. I'd like to see some scenarios for why we need a
full-featured access control specification for WebDAV.