- From: Jeffrey E. Sussna <kuanjes@beaver.slip.net>
- Date: Fri, 31 Jul 1998 11:22:15 -0700
- To: "John Stracke" <francis@netscape.com>
- Cc: <w3c-dist-auth@w3.org>
-----Original Message----- From: John Stracke <francis@netscape.com> To: Jeffrey E. Sussna <jes@kuantech.com> Cc: w3c-dist-auth@w3.org <w3c-dist-auth@w3.org> Date: Friday, July 31, 1998 9:45 AM Subject: Re: Additional WebDAV Requirements? >I think these two approaches are mutually exclusive. Until/unless DAV defines >some way to reference a property by URI, a property cannot itself have >properties. So, if ACLs are properties, properties can't have ACLs. Perhaps I wasn't sufficiently clear. Under the covers the server would have to know about and treat ACL's as special things. LDAP functions the same way. For example, it knows how to map the groupdn attribute to a particular query on an instance of a particular objectclass. All I really meant was that ACL's could be represented to external clients as properties (perhaps "pseudo-property" is a better term). Doing so would make it natural for clients to access ACL's, and for servers to apply access control to ACL queries. In other words, when I ask to see the acl for a given object, the server can use the same mechanism to determine whether I'm allowed to see it that it would for any other property of that object. Again, this assumes that ACL's can apply to properties. I think they should. Jeff
Received on Friday, 31 July 1998 14:24:32 UTC