- From: Lisa Dusseault <lisa@xythos.com>
- Date: Fri, 15 Dec 2000 19:36:17 -0800
- To: <w3c-dist-auth@w3.org>
WEBDAV working group meeting minutes Lisa Dusseault, acting WG chair Dec 13, 2000 3:30-5:00 PM, San Diego Notes taken by Larry Masinter Agenda: 25 min: improved status reporting (Lisa) 50 minutes: Open issues & review of Access control 40 minutes: DeltaV report on things of general interest Advanced Status Reporting ------------------------- presentation by Lisa Dusseault [see separate posting to list for contents of presentation] The group discussed (1) is there a problem with adding bodies to responses? Sense of the group was probably not, since IIS5 and apache already do. Sense of the group was also that clients should advertise their support for advanced status reporting so that server can be sure not to send back unwanted information. (2) A discussion of whether the XML response should replace HTML bodies or be added to it To be taken to list. (3) response-detail could be added to 207 Multi-status body (4) add language tag to <user-text> was agreed to be necessary (5) discussion of registry of message codes & tags, and whether there's a registry, what clients that don't understand details could do besides presenting user text. (6) consortia could get together and define user tags (7) syntax of lang tag is wrong in example (8) suggestion to use "application/xml" in the examples instead of "text/xml" sense of the group _seemed_ to be to continue in the model established by webDAV (text/xml) but further comments welcome (9) Some servers translate status codes to HTML. Roy suggested that HTML could be augmented by adding an XML island inside the html. On the other hand, Sean pointed out, it's not trivial to locate an xml island within HTML. Lisa pointed out that if clients can ask for advanced error reporting rather than the default, they likely prefer straight HTML and will construct their own presentation therefrom. (10) 207 gets used for a wide variety of things latest proposal adds to 207 (11) Whether status-codes should be marked with error-level, e.g. fatal vs. warning vs. informational Group consensus: no, because such information is already in the error code used in the header of the response (100-level informational, 200-level success at least partial, others are probably fatal) ACL Open Issues & Review ------------------------ Led by Eric Sedlar, Oracle First gathered an issue list, then tackled issues one by one as follows: Authentication ID and general use thereof - Could we use the "Authentication ID" as principle for dealing with locking & discovery? Response: write a draft. Nobody saw any reason why one coudln't reuse "Principle URL" (but don't use authentication ID. It's a common piece of information, a GUI might throw it up in a common way. However, it's outside the scope of ACL draft. * Question about why have Authentication ID at all Principle collection set as a new property - Why have it? Answer: the principle URLs will live in a certain location, so it might be useful way of dealing with users. Discussion about whether WebDAV is being used for LDAP. Presumption that the 'principle collection' could be used to find users who could be associated. Hint to browser about which set of principals that might be useful to set in an ACL. - Clarified that there can be more than one such principle collection set. - Clarified that the URLs in this could be LDAP URLs. - The "principal resources" in the principle collection set might allow propfind or might not, so sometimes principal is just a URI and sometimes it has properties associated with it. At any rate it's intended to be read-only for the purposes of this draft. - DAV:owner is already defined - Proposed: marshal principal-collection-set via OPTIONS - Principle usage should be consistent (hrefs vs. a principal element & subelement OPTIONS usage w/ACLs (brought up by Barry Lind) - Currently draft: Read priv does not control OPTIONS method - Native web servers don't do this: OPTIONS - Proposed to strike requirement that READ doesn't control OPTIONS - Proposed: <dav:read> should be able to cover OPTIONS Matching current user with a principal Anne raised issue on section 5.4.1. Must supply unique ID...? Text may need to be clarified. Standard ACL privs - Should <readacl> apply to <current-user-priv set>? - Access to ACL property vs. current user priv sites: (current user privileges lists the privilegs I am currently granted on the resource) Access to entire ACL is different than "what I can do". It's likely a calculated property. - Not enough uniformity to make this a standard? - Maybe we should specify these separate operations, not both gated by <readacl> right? - Or should access to another user's privileges on a resource be governed by a separate privilege instead? - <dav:readacl> only applies to ACL property (not current-user-priv-set). - Will be moved to list. Priv extensibility - Anne asked since Read & readacl are separate, but maybe I could define something else entirely? What's the point of having a standard list of privileges if some of them don't have to be supported? - Eric explained, a conforming application will have to support all of these privileges, but some may be abstract. - The client can discover which privileges are abstract by querying the server for the privilege tree. - A priv that's abstract is one that can't be sent by client. Abstract is just a way of saying that you can't set it with that. - Sean pointed out that the client will always have to parse the privilege tree in order to parse ACLs. This changes how you're going to be thinking about things, it might affect client GUI design. - Abstract is useful for clients for only this... - Geoff Clemm is convinced of something by this discussion. - Eric promised to summarize on list. Getting <current-user-priv-set> for users other than current user? - Of limited usefulness? Admins can already look at the ACLs. - Maybe this would be useful, but not useful enough. - Common servers don't let you do this. - This is hard to implement, even current-user-priv-set. ACL semantics (or, should we have a UNIX-style token) - currently have tokens to inform client that the max number of ACEs the server supports is 3. Currently draft also has tokens to inform client what order they must be in. However, there aren't enough tokens, or of enough flexibility, to make client understand the limited UNIX-style permission set of rwx (read/write/execute) for self, group and public. - We could have tokens that indicate the ACL can only name 1 group and 1 user. - Or, we could have a token that basically says "UNIX-style". If we did this, where do we stop? A token for every unique ACL system? - Geoff suggested rather that there were a set of common constraints that you might expect several varieties of ACL systems to have. - Needs further discussion, but general feeling seemed to be to stick with the "constraints" tokens rather than move to "platforms" tokens. Separate priv. for write-owner and write-ACL [Does somebody remember how this turned out?] Properties vs. Methods - Discussion at last webdav meeting seemed to end with the ACL property would be set with a custom method, but read with PROPFIND. This was a compromise to make everyone shut up. - Why would one want to set ACLs via a proppatch since it's less flexible than a custom method? - Proxy support/blocking arguments ruled out of scope by Lisa. - Existing DAV APIs use PROPPATCH. Much easier for a client to support a new standard property with PROPFIND and PROPPATCH than to support a custom method. - Why not do both? Why not allow PROPPATCH? Argument for method... could introduce 'update' part of property method. - Against using properties: clients that want to do caching of property values could screw up with live properties - Round-trip argument was made for read. Two round-trips (or more)in order to get both live properties and dead properties seemd pointless. - Also it's very handy to get live properties for many resources using tree PROPFIND. - But setting properties is still hard. So ACL so batch - Jim pointed out that Versioning on/off is done with a method because it's very hard to make something versioned and at the same time (due to atomic nature of PROPPATCH) make other property changes. - Lisa suggested that the transactability argument is bogus, because one could always just specify that certain live properties could be specified as "must be proppatched alone", and this would have the same properties. - In other situations, trying to do something, would put burden on server. Lisa questions whether that's what clients want. Client would have to know about updating access control entry. - Pointed out that updating live properties has side effects, whereas proppatching dead properties doesn't, but the client can't tell the difference between having set a live property and a dead one. - Might want to stick with current proposal, but wait for implementation experience to decide whether writing properties is good. - As a server implementor, rely on APIs. Roy: no 'resource' model for ACLs. Resources & properties. ACLs are like properties, but they're not. Properties could be resources too, handled with the same methods, but they're not. The name "right" vs. "privilege" & "permission" will be discussed offline "DeltaV report on things of general interest," --------------------------------------------- Geoff Clemm, Jim Amsden (1) "Comment" and "creator display name" properties have been added in DeltaV (2) "Update: yes" vs. "Overwrite: yes" vs. "Overwrite: update" Propose modification to 2582, versioning protocol define Update: T, replace overwrite (3) New response bodies on 403 and 409 (4) Options request now takes a body: Roy pointed out it's supposed to. (5) Report method: already discussed Report functionality: intent was rather than using POST, have a set of requests that are required to be read-only, (don't update visible server), but unlike PROPFIND but rather have done parameterized PROPFIND: ask the server to agregate a bunch of information... Not a DAV resource? Squeeze into parameter string? POST?
Received on Friday, 15 December 2000 22:36:38 UTC