RE: ID webdav acl reqts

Thanks for your feedback Jim.  On your points 1) to 4):

1) Okay -- i've changed that.
2) There isn't always a one-to-one mapping between what action a user might
want to allow/prevent, and what HTTP/DAV method is used to do that action.
Sometimes there's more than one way to do something like list the contents
of a collection.  Sometimes there's more than one way to use a single method
-- PUT can be seen as "changing a resource" or "adding a resource to a
collection", both of which may be dealt with separately in assigning rights.
However, I agree that  clarity would be improved, so how about this:

6.3. Rights

It MUST be possible to grant or deny the following rights to any principal

- to alter the body of a resource - PUT or POST
 - to alter the properties of a resource - PROPPATCH
 - to delete a resource - DELETE
- to add a child to a collection - PUT or POST
- to read the ACL on a resource - undefined method(s)
 - to change the ACL on a resource - undefined method(s)
 - to delete a child from a collection - DELETE
 - to list the contents of a collection - SEARCH or PROPFIND
 - to read the properties of a resource - PROPFIND
 - to read the body of a resource - GET

3) Thanks for the catch :)
4) The latter meaning was intended.  Perhaps the term "rewrite" would be
more informative:
"It is recommended that users be able to add access control information to
an object without having to rewrite all access control settings."

See you in Chicago next week!
Lisa L

-----Original Message-----
From: Jim Davis [mailto:jdavis@parc.xerox.com]
Sent: Tuesday, August 18, 1998 2:31 PM
To: w3c-dist-auth@w3.org
Subject: ID webdav acl reqts


Mainly it's terrific.  Good decisions about what's in and out of scope.  A
few comments:

1) In several places the ID uses the phrase "a resource or collection".  I
suggest just using the term "resource", since a collection is a kind of
resource.  The existing language implies that the two are disjoint, and
might leave some doubt as to the status of (potentially future) sub types
of resource, e.g. referential resources, versioning portals, etc.

2) Would 6.3 be clearer if it were defined in terms of the actual HTTP and
WebDAV method names (GET, PUT, DELETE) instead of generic actions ('alter
the body of a resource', 'add a child to a collection', etc)?

3) Shouldn't 6.3 also say something about 
 - retrieving the body of a resource (e.g. GET)
 - retrieving the value of a property (e.g. PROPFIND)

4) In 7.1, it is not clear whether the term 'reset' means "clear" or "set
all again".  I assume the latter is intended from the justification, but
could be wrong.

best regards

Jim



------------------------------------
http://www.parc.xerox.com/jdavis/
650-812-4301

Received on Wednesday, 19 August 1998 14:29:27 UTC