[Prev][Next][Index][Thread]
Re: Access Control Draft
Jim Whitehead wrote:
>
> I'd like to throw out for discussion a "minimalist" view of access control.
> My hypothesis is the only access control necessary in the client-server
> WebDAV protocol is a method which temporarily changes the access rights of
> a resource such that only (write) lock holders may read the resource, and
> another message which reverts the access rights back to their original form
> once editing is complete (or perhaps this happens automatically once all
> locks are released). This limited access control provides document privacy
> during editing, so authors are assured that others will not be reading
> their preliminary work.
>
I agree. WEBDAV should only be concerned with security on these two
fronts.
1) Authentication.
Some operations must require that the user identify themself to the
server. This may be configured on the server to cover all access, or
possibly only editing functions. What ever it is, the server should
use HTTP 1.1 style Authentication requests to indicate a requirment
for authentication and the client should identify itself using HTTP
1.1 style responses. The choice of using HTTP methods to implement
webdav functions works well as most servers allow authentication to
be configured based on the method (Well GET and PUT anyway).
2) Access Control.
WEBDAV is largely about access control. The whole idea of locks is as
a mechanism to restrict access to a resource while something is being
done to it. There seems to me to be two main ways to do this. Either
via identification, Is the person attempting to access the document
allowed to under the restrictions of the lock?, or via the presentation
of a credential ie. a lock token. If someone has the proper token to
operate on a document, let them. I'm sure there are pro's an con's
of either mechanism, we should weight them and pick a method. The
main task here is to define the semantics of how the locks work.
Steve
--
__
Stephen Martin _ _ | /_ \ MORTICE KERN SYSTEMS INC.
smartin@mks.com ,/ \ / \ | / |( | 185 Columbia Street West
(519)883-3215 | | | |/ | \ / Waterloo, Ontario
Fax: (519)884-8861 | | | | \ | _) Canada N2L 5Z5
\__/
References: