RE: WEBDAV Security

Larry Masinter writes:

> Nice try, but... Distributed Authoring has different security
> requirements
> than Document Access. A DAV server must accept data and then express
> the client's requested authorization policy in how the future web
> server authorizes requests. This is a greater requirement than has
> been addressed by HTTP security. 
> 
> 
There's a fine line between 'authoring a document' and 'managing a
server'. DAV necessarily crosses that line somewhat, but it's not
obvious to me that setting authorization policy on a document isn't too
far to the 'managing a server' side. A client might also like to be able
to set various cache control policies on a document that it authored,
but (so far at least) that hasn't been considered to be part of DAV. How
are these cases so different? I guess the real question is "How much
server management should DAV take on?" My gut answer is "As little as
possible", but maybe that's too naive.

Henry

Received on Wednesday, 16 April 1997 12:24:14 UTC