Re: Access Control Draft

> I'd like to throw out for discussion a "minimalist" view of access control.
> My hypothesis is the only access control necessary in the client-server
> WebDAV protocol is a method which temporarily changes the access rights of
> a resource such that only (write) lock holders may read the resource, and
> another message which reverts the access rights back to their original form
> once editing is complete (or perhaps this happens automatically once all
> locks are released).  This limited access control provides document privacy
> during editing, so authors are assured that others will not be reading
> their preliminary work.
> 

I think this is a good approach that should certainly be included.

This brings up the topic of whether the specification needs to
understand the concept of "ownership" of a particular object.

Yes, there is "ownership" in the sense of the operating system
ownership of objects, but this ownership is rarely consistent with
the identities of the actual users editing the files.  In fact, it
is also pretty rare the .htaccess-type security models have
a logical mapping to individuals involved in content creation.

Is it necessary to provide users with the ability to change
ownership of objects?  In this sense, the "WebDAV" ownership of
an object would be distinct from the "operating system" ownership
of the object.  The Web server/WEBDAV implementation would be
responsible for maintaining whatever lists are necessary for 
providing the object-to-user ownership mapping.

Another idea:  an approach that could eliminate the need for an
"ownership" concept might be the ability to assign and revoke
access "tokens" to individual objects.  For example, each object
could have a "Modify Token" which can be set to a particular value.
The WEBDAV-server implementation would check to make sure the
authenticated user "owns" that particular token before letting them
perform the related action.

Received on Friday, 16 May 1997 17:06:05 UTC