FW: Last call for ACL document, changes to WebDAV management

As you witnessed on the mailing list yesterday, the WebDAV Access Control
protocol has now been reviewed by the WebDAV WG's area director (now Ned
Freed, see below), and has begun an IETF-wide last call for comments. This
is a chance for people outside the WebDAV working group to submit comments
on the specification.

The IETF-wide last call goes for two weeks. At the end of this period, we'll
issue a new ACL specification incorporating comments from the IETF last
call, the Area Director (see below), as well as any issues brought up on the
mailing list since the -09 specification was submitted. After the -10
specification is submitted, at a future meeting the IESG will consider the
specification, and will (hopefully) approve it as a Proposed Standard.

So, ideally, we'll have an RFC number for the ACL specification by year's
end.

- Jim

-----Original Message-----
From: ned.freed@mrochek.com [mailto:ned.freed@mrochek.com]
Sent: Tuesday, October 22, 2002 5:55 PM
To: Lisa Dusseault
Cc: ned.freed@mrochek.com; paf@cisco.com; 'Jim Whitehead'
Subject: Last call for ACL document, changes to WebDAV management


Patrik and I have agreed that I will take over as Applications Area
advisor for the WebDAV group. (In case you care, Patrik is taking over
as advisor for GeoPriv). My first action as advisor has been to review
and issue a last call for draft-ietf-webdav-acl-09.txt.

I didn't find any substantive problems with the document when I reviewed it,
although I must say it has one of the most, if not the most, complex ACL
models
I've ever seen, and I wonder if all the complexity is needed.

I did find a couple of nits during my review: The
DAV:all-grant-before-any-deny
element defined in section 6.1.2. I think this element is misnamed or the
text
description is in error. Specifically, the text says (to me at least) that
this
element specifies a combinding rule where if any ACE denies access the
request
fails. Ordering therefore has nothing to do with it; the ACE that denies
access
can appear anywhere in the ACL. Assuming the description is correct, it
seems
that the use of the word "before" in the element name is a misnomer. I would
suggest that the name be changed to something like any-deny-overrides-grant.

There's also a bad line wrap on page 66.

I'm sure other nits will be found so I figure holding the document until
these
two could be fixed was pointless.

				Ned

Received on Wednesday, 23 October 2002 14:16:48 UTC