- From: Clemm, Geoff <gclemm@rational.com>
- Date: Wed, 13 Jun 2001 14:27:53 -0400
- To: ietf-dav-versioning@w3.org
- Cc: acl@webdav.org
I don't think anyone was suggesting "either/or" here. The ACL on a version resource will always be the ACL that control access to that version resource (and can be changed, when you change your mind about who can access that version resource). Yaron was just suggesting that we add *another* property that captures the ACL of the version-controlled resource at the time of check-in. This would not be the DAV:acl property, but would be something like the DAV:checkin-acl property. In an earlier message, I indicated that I believed there is not sufficient value or interest in a DAV:checkin-acl property to merit its inclusion in either the versioning or the acl protocol. Cheers, Geoff -----Original Message----- From: Eric Sedlar [mailto:Eric.Sedlar@oracle.com] Sent: Wednesday, June 13, 2001 2:00 PM To: Clemm, Geoff; ietf-dav-versioning@w3.org Cc: acl@webdav.org Subject: RE: [ACL] RE: lock and access control lists on (working) versions If "frozen" == "checked in" then you have no way of knowing what resources an employee used to have, since they may have selected an older version with a particular workspace. I guess the basic question is whether or not ACLs are versioned like a dead property. In other words, does changing the ACL create a new version? I think that if you do create a new version when you change the ACL, you will get what you want, since by correlating the creation date of each version with the ACL on each, you can figure out what versions of the resource a particular user had access to during a particular period of time. > -----Original Message----- > From: acl-admin@webdav.org [mailto:acl-admin@webdav.org]On Behalf Of > Clemm, Geoff > Sent: Wednesday, June 13, 2001 9:47 AM > To: ietf-dav-versioning@w3.org > Cc: acl@webdav.org > Subject: RE: [ACL] RE: lock and access control lists on (working) > versions > > > "frozen" == "checked in". > > -----Original Message----- > From: Eric Sedlar [mailto:Eric.Sedlar@oracle.com] > > When is a resource frozen? Can you translate that into DeltaV terms? > > > > -----Original Message----- > > From: ietf-dav-versioning-request@w3.org > > [mailto:ietf-dav-versioning-request@w3.org]On Behalf Of Yaron Goland > > > > When I version a resource I will also likely want to version the access > > control list it had when I 'froze' it. This is very important for things > > like security checks. Imagine that an employee who was fired a year ago > > turned out to be a corporate spy, you are going to want to check what > > resources he had access to back then. This means that a version > > really needs > > two sets of ACLs. One if the ACL list it had when it was > frozen. The other > > is the ACL list it currently uses to decide who gets to see the version. > > > > > -----Original Message----- > > > From: acl-admin@webdav.org [mailto:acl-admin@webdav.org]On Behalf Of > > > Clemm, Geoff > > > > > > As Tim surmised, the answer to (1) is in fact "yes". > > > Each version is a separate resource, and each resource > > > can have its own distinct access control list. > > > > > > Cheers, > > > Geoff > > > > > > -----Original Message----- > > > From: Tim_Ellison@uk.ibm.com [mailto:Tim_Ellison@uk.ibm.com] > > > > > > "Pill, Juergen" <Juergen.Pill@softwareag.com> > > > > Hello, > > > > > > > > 1) Would it be possible with DETA-V to have different access > > > control list > > > > for different versions of a resource, e.g. V1 of resource /foo > > > will allow > > > > user A to modify and read, but V2 of resource /foo will allow > > user A to > > > read > > > > read only? > > > > > > You'd have to ask the ACL-folk that question, but I would > sincerely hope > > > the answer is 'yes'. > > > > > > > 2) Would it be possible to have two distinct locks on two different > > > > (working) resources? > > > > > > Yes. Working resources have distinct server-defined URLs. > They can be > > > locked using their URLs just like any other resource. > > > > > _______________________________________________ > acl mailing list > acl@webdav.org > http://mailman.webdav.org/mailman/listinfo/acl >
Received on Wednesday, 13 June 2001 14:28:32 UTC