FW: Re: Status of ACL specification

Accidentally caught by the spam filter.

- Jim

-----Original Message-----
From: ned.freed@mrochek.com [mailto:ned.freed@mrochek.com]
Sent: Saturday, November 16, 2002 1:23 PM
To: Jim Whitehead
Cc: WebDAV
Subject: [Moderator Action] Re: Status of ACL specification




A status update is in order here.

The WEBDAV ACL document was on the IESG telechat agenda on 14-Nov. There
were a few issues raised that I believe will be easy to address:

 This document uses various domain names such as www.webdav.org,
www.foo.org,
 foo.org, and www.BigCorp.com. RFCs are supposed to use specific domains in
 examples: example.com, example.net, etc.

 The introduction states, in part:

  This specification  intentionally omits discussion of authentication, as
the
  HTTP  protocol already has a number of authentication mechanisms
[RFC2617].
  Some authentication mechanism (such as HTTP Digest  Authentication, which
all
  WebDAV compliant implementations are  required to support) must be
available
  to validate the identity of  a principal.

 This should be changed to refer to the discussion of authentication  in
 RFC 2518 section 17.1. In particular, this document needs to refer to
something
 that makes it clear that BASIC authentication can only be used in
conjunction
 with some sort of security layer.

However, another issue arose that received substantial pushback from the
IESG:
The complexity of the proposed ACL facility is seen as excessive. There was
some debate as to how to proceed but no conclusion was reached.

This issue will be discussed again at the IESG meeting tomorrow (Sunday). I
quite honestly don't know how this will go so I cannot advice the WG as to
what
steps to take at this point. I do think, howeve,r that some time should be
set aside at the meeting to discuss this.

> The intent is to publish a new Internet-Draft, draft-ietf-webdav-acl-10,
> immediately after the Atlanta IETF meeting (i.e., on or about the 25th of
> November). This draft will then be sent to the IESG for review, and
> hopefully approval. Assuming it is approved, publication as an RFC will
> happen about 1-2 months afterwards.

Please go ahead and address the additional minor points raised above in the
-10 revision of the document.

				Ned

Received on Monday, 18 November 2002 14:59:49 UTC