Re: [web-annotation] Client can't determine if user has authorization to modify annotation from Frederick Hirsch via GitHub on 2016-01-12 (public-annotation@w3.org from January 2016)

From: Frederick Hirsch via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Jan 2016 12:32:55 +0000
To: public-annotation@w3.org
Message-ID: <issue_comment.created-170897966-1452601974-sysbot+gh@w3.org>

permission is given by whom? 

Can an annotation can be stored on a variety of servers (e.g. "via" 
discussion?) Thus server side permissions could become inconsistent 
depending on local policy. 

Can an annotation creator specify permissions, e.g. create an 
annotation that cannot be modified? If so then the permissions are 
naturally part of the annotation itself.

I don't think a security expert can resolve the issue until we are 
clearer on the use model of how permissions relate to annotations and 
servers that store them and the sharing of annotations.

-- 
GitHub Notification of comment by fhirsch
Please view or discuss this issue at 
https://github.com/w3c/web-annotation/issues/19#issuecomment-170897966
 using your GitHub account

Received on Tuesday, 12 January 2016 12:32:56 UTC