infrastructure (Re: WEBDAV Security)

I absolutely agree that any DAV product must provide ACLs or some other
means of access control. (For what it's worth, I believe ACLs are the way
to go.) That being said, I think we should recognize that the use of ACLs
is a matter of considerably broader interest than just DAV, and we should
probably develop an ACL proposal intended for broader application.

Actually, this is a theme that has continues to recur. HTTP/1.1 simply
does not provide adequate infrastructure for the needs of WEBDAV (though
I'm still convinced that it is an excellent foundation). As a result, we
are constantly forced to deal with issues like metadata, access control,
protocol enhancements (LINK/UNLINK, COPY, MOVE, etc.) In addition, other
groups need to deal with many of these same issues. 

What I'm leading up to is that I think WEBDAV needs an infrastructure
sub-group. The infrastructure group would not be involved with developing
DAV protocols, per se, but would focus on developing specifications for
protocol extensions, ACLs and the like. We (I work for the US Dept. of
Veterans Affairs where I'm woodhouse@forum.va.gov, but I use this account
for IETF related work) do just that. Our CIO Field Office in San Francisco
focuses entirely on infrastructure, which basically means networking,
databases, client/server, security and the like. We don't deal directly in
clinical or financial applications, and it works out very well. I suspect
that separating out an infrastructure group would allow WEBDAV specific
work to proceed more efficiently, and would have the benefit of allowing
us to develop protocol extensions, ACL mechanisms and so forth that would
be generally useful, and not so WEBDAV specific that the technology has to
be re-invented by other working groups.

---
Gregory Woodhouse
gjw@wnetc.com    /    http://www.wnetc.com/home.html
If you're going to reinvent the wheel, at least try to come
up with a better one.

Received on Thursday, 1 May 1997 17:32:28 UTC