Re: Additional WebDAV Requirements?

-----Original Message-----
From: John Stracke <francis@netscape.com>
To: Jeffrey E. Sussna <jes@kuantech.com>
Cc: w3c-dist-auth@w3.org <w3c-dist-auth@w3.org>
Date: Friday, July 31, 1998 9:45 AM
Subject: Re: Additional WebDAV Requirements?


>I think these two approaches are mutually exclusive.  Until/unless DAV
defines
>some way to reference a property by URI, a property cannot itself have
>properties.  So, if ACLs are properties, properties can't have ACLs.


Perhaps I wasn't sufficiently clear. Under the covers the server would have
to know about and treat ACL's as special things. LDAP functions the same
way. For example, it knows how to map the groupdn attribute to a particular
query on an instance of a particular objectclass. All I really meant was
that ACL's could be represented to external clients as properties (perhaps
"pseudo-property" is a better term). Doing so would make it natural for
clients to access ACL's, and for servers to apply access control to ACL
queries. In other words, when I ask to see the acl for a given object, the
server can use the same mechanism to determine whether I'm allowed to see it
that it would for any other property of that object. Again, this assumes
that ACL's can apply to properties. I think they should.

Jeff

Received on Friday, 31 July 1998 14:24:32 UTC