- From: Henry Sanders (Exchange) <henrysa@EXCHANGE.MICROSOFT.com>
- Date: Wed, 16 Apr 1997 09:24:04 -0700
- To: Yaron Goland <yarong@microsoft.com>, "'Larry Masinter'" <masinter@parc.xerox.com>
- Cc: "'Steve Carter'" <SRCarter@novell.com>, w3c-dist-auth@w3.org, slein@wrc.xerox.com
Larry Masinter writes: > Nice try, but... Distributed Authoring has different security > requirements > than Document Access. A DAV server must accept data and then express > the client's requested authorization policy in how the future web > server authorizes requests. This is a greater requirement than has > been addressed by HTTP security. > > There's a fine line between 'authoring a document' and 'managing a server'. DAV necessarily crosses that line somewhat, but it's not obvious to me that setting authorization policy on a document isn't too far to the 'managing a server' side. A client might also like to be able to set various cache control policies on a document that it authored, but (so far at least) that hasn't been considered to be part of DAV. How are these cases so different? I guess the real question is "How much server management should DAV take on?" My gut answer is "As little as possible", but maybe that's too naive. Henry
Received on Wednesday, 16 April 1997 12:24:14 UTC