- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Tue, 15 Apr 1997 23:07:28 PDT
- To: Yaron Goland <yarong@microsoft.com>
- CC: "'Steve Carter'" <SRCarter@novell.com>, w3c-dist-auth@w3.org, slein@wrc.xerox.com
Yaron Goland wrote: > > DAV is an HTTP protocol and thus is able to take full advantage of all > generic HTTP ACL and Security work. I would recommend that the > requirements only identify Security in general and ACLs in particular, > as areas of concern, and then explain that they are out of scope for DAV > because they touch on areas beyond DAV's limited authoring/versioning > scope. > > Lets not fall into the trap of trying to solve the world's problems. > ACLs and security are best left to groups who are grabbling with just > those issues. > > Yaron Nice try, but... Distributed Authoring has different security requirements than Document Access. A DAV server must accept data and then express the client's requested authorization policy in how the future web server authorizes requests. This is a greater requirement than has been addressed by HTTP security. I agree you should try to limit the scope of what you handle to be "the minimum needed to build interoperable clients", but I believe taht the minimum exceeds what has been done so far for DAV-less HTTP. Regards, Larry
Received on Wednesday, 16 April 1997 02:08:01 UTC