- From: Lisa Dusseault <lisa@xythos.com>
- Date: Fri, 15 Dec 2000 19:36:17 -0800
- To: <w3c-dist-auth@w3.org>
WEBDAV working group meeting minutes
Lisa Dusseault, acting WG chair
Dec 13, 2000 3:30-5:00 PM, San Diego
Notes taken by Larry Masinter
Agenda:
25 min: improved status reporting (Lisa)
50 minutes: Open issues & review of Access control
40 minutes: DeltaV report on things of general interest
Advanced Status Reporting
-------------------------
presentation by Lisa Dusseault [see separate posting to list
for contents of presentation]
The group discussed
(1) is there a problem with adding bodies to responses?
Sense of the group was probably not, since IIS5 and apache
already do.
Sense of the group was also that clients should advertise
their support for advanced status reporting so that server
can be sure not to send back unwanted information.
(2) A discussion of whether the XML response should replace
HTML bodies or be added to it
To be taken to list.
(3) response-detail could be added to 207 Multi-status body
(4) add language tag to <user-text> was agreed to be necessary
(5) discussion of registry of message codes & tags, and
whether there's a registry, what clients that don't
understand details could do besides presenting user
text.
(6) consortia could get together and define user tags
(7) syntax of lang tag is wrong in example
(8) suggestion to use "application/xml" in the examples
instead of "text/xml"
sense of the group _seemed_ to be to continue in the model
established by webDAV (text/xml) but further comments welcome
(9) Some servers translate status codes to HTML.
Roy suggested that HTML could be augmented by adding an
XML island inside the html.
On the other hand, Sean pointed out, it's not trivial to
locate an xml island within HTML.
Lisa pointed out that if clients can ask for advanced error
reporting rather than the default, they likely prefer straight
HTML and will construct their own presentation therefrom.
(10) 207 gets used for a wide variety of things
latest proposal adds to 207
(11) Whether status-codes should be marked with error-level, e.g.
fatal vs. warning vs. informational
Group consensus: no, because such information is already in the
error code used in the header of the response (100-level
informational, 200-level success at least partial, others are
probably fatal)
ACL Open Issues & Review
------------------------
Led by Eric Sedlar, Oracle
First gathered an issue list, then tackled issues one by one as
follows:
Authentication ID and general use thereof
- Could we use the "Authentication ID" as principle for dealing
with locking & discovery?
Response: write a draft. Nobody saw any reason why one coudln't
reuse "Principle URL" (but don't use authentication ID. It's
a common piece of information, a GUI might throw it up in a
common way. However, it's outside the scope of ACL draft.
* Question about why have Authentication ID at all
Principle collection set as a new property
- Why have it? Answer: the principle URLs will live in a
certain location, so it might be useful way of dealing
with users. Discussion about whether WebDAV is being used
for LDAP. Presumption that the 'principle collection'
could be used to find users who could be associated.
Hint to browser about which set of principals that might
be useful to set in an ACL.
- Clarified that there can be more than one such principle
collection set.
- Clarified that the URLs in this could be LDAP URLs.
- The "principal resources" in the principle collection set
might allow propfind or might not,
so sometimes principal is just a URI and sometimes it
has properties associated with it. At any rate it's
intended to be read-only for the purposes of this draft.
- DAV:owner is already defined
- Proposed: marshal principal-collection-set via OPTIONS
- Principle usage should be consistent (hrefs vs. a principal
element & subelement
OPTIONS usage w/ACLs (brought up by Barry Lind)
- Currently draft: Read priv does not control OPTIONS method
- Native web servers don't do this: OPTIONS
- Proposed to strike requirement that READ doesn't control OPTIONS
- Proposed: <dav:read> should be able to cover OPTIONS
Matching current user with a principal
Anne raised issue on section 5.4.1. Must supply unique ID...?
Text may need to be clarified.
Standard ACL privs
- Should <readacl> apply to <current-user-priv set>?
- Access to ACL property vs. current user priv sites:
(current user privileges lists the privilegs I am currently
granted on the resource) Access to entire ACL is different
than "what I can do". It's likely a calculated property.
- Not enough uniformity to make this a standard?
- Maybe we should specify these separate operations, not
both gated by <readacl> right?
- Or should access to another user's privileges on a
resource be governed by a separate privilege instead?
- <dav:readacl> only applies to ACL property (not
current-user-priv-set).
- Will be moved to list.
Priv extensibility
- Anne asked since Read & readacl are separate, but maybe I
could define something else entirely? What's the point
of having a standard list of privileges if some of them
don't have to be supported?
- Eric explained, a conforming application will have to support
all of these privileges, but some may be abstract.
- The client can discover which privileges are abstract
by querying the server for the privilege tree.
- A priv that's abstract is one that can't be sent by client.
Abstract is just a way of saying that you
can't set it with that.
- Sean pointed out that the client will always have to
parse the privilege tree in order to parse ACLs.
This changes how you're going to be thinking about things,
it might affect client GUI design.
- Abstract is useful for clients for only
this...
- Geoff Clemm is convinced of something by this discussion.
- Eric promised to summarize on list.
Getting <current-user-priv-set> for users other than current user?
- Of limited usefulness? Admins can already look at the ACLs.
- Maybe this would be useful, but not useful enough.
- Common servers don't let you do this.
- This is hard to implement, even current-user-priv-set.
ACL semantics (or, should we have a UNIX-style token)
- currently have tokens to inform client that the max number
of ACEs the server supports is 3. Currently draft also has
tokens to inform client what order they must be in. However,
there aren't enough tokens, or of enough flexibility, to
make client understand the limited UNIX-style permission set
of rwx (read/write/execute) for self, group and public.
- We could have tokens that indicate the ACL can only name
1 group and 1 user.
- Or, we could have a token that basically says "UNIX-style".
If we did this, where do we stop? A token for every
unique ACL system?
- Geoff suggested rather that there were a set of common
constraints that you might expect several varieties of ACL
systems to have.
- Needs further discussion, but general feeling seemed to be
to stick with the "constraints" tokens rather than move to
"platforms" tokens.
Separate priv. for write-owner and write-ACL
[Does somebody remember how this turned out?]
Properties vs. Methods
- Discussion at last webdav meeting seemed to end with the
ACL property would be set with a custom method, but read
with PROPFIND. This was a compromise to make everyone shut
up.
- Why would one want to set ACLs via a proppatch since it's
less flexible than a custom method?
- Proxy support/blocking arguments ruled out of scope by Lisa.
- Existing DAV APIs use PROPPATCH. Much easier for a client
to support a new standard property with PROPFIND and PROPPATCH
than to support a custom method.
- Why not do both? Why not allow PROPPATCH? Argument for
method... could introduce 'update' part of property method.
- Against using properties: clients that want to do caching
of property values could screw up with live properties
- Round-trip argument was made for read. Two round-trips
(or more)in order to get both live properties and dead
properties seemd pointless.
- Also it's very handy to get live properties for many resources
using tree PROPFIND.
- But setting properties is still hard. So ACL so batch
- Jim pointed out that Versioning on/off is done with a method
because it's very hard to make something versioned and at the
same time (due to atomic nature of PROPPATCH) make other
property changes.
- Lisa suggested that the transactability argument is bogus,
because one could always just specify that certain live
properties could be specified as "must be proppatched
alone", and this would have the same properties.
- In other situations, trying to do something, would
put burden on server. Lisa questions whether that's
what clients want.
Client would have to know about updating access control
entry.
- Pointed out that updating live properties has side effects,
whereas proppatching dead properties doesn't, but the client
can't tell the difference between having set a live property
and a dead one.
- Might want to stick with current proposal, but wait for
implementation experience to decide whether writing
properties is good.
- As a server implementor, rely on APIs.
Roy: no 'resource' model for ACLs. Resources & properties.
ACLs are like properties, but they're not.
Properties could be resources too, handled with the same
methods, but they're not.
The name "right" vs. "privilege" & "permission"
will be discussed offline
"DeltaV report on things of general interest,"
---------------------------------------------
Geoff Clemm, Jim Amsden
(1) "Comment" and "creator display name" properties have been
added in DeltaV
(2) "Update: yes" vs. "Overwrite: yes" vs. "Overwrite: update"
Propose modification to 2582, versioning protocol
define Update: T, replace overwrite
(3) New response bodies on 403 and 409
(4) Options request now takes a body: Roy pointed out it's
supposed to.
(5) Report method: already discussed
Report functionality: intent was rather than using POST,
have a set of requests that are required to be read-only,
(don't update visible server), but unlike PROPFIND
but rather have done parameterized PROPFIND: ask the
server to agregate a bunch of information...
Not a DAV resource?
Squeeze into parameter string? POST?
Received on Friday, 15 December 2000 22:36:38 UTC