- From: Jim Whitehead <ejw@cse.ucsc.edu>
- Date: Mon, 18 Nov 2002 11:26:14 -0800
- To: "WebDAV" <w3c-dist-auth@w3.org>
Accidentally caught by the spam filter. - Jim -----Original Message----- From: ned.freed@mrochek.com [mailto:ned.freed@mrochek.com] Sent: Saturday, November 16, 2002 1:23 PM To: Jim Whitehead Cc: WebDAV Subject: [Moderator Action] Re: Status of ACL specification A status update is in order here. The WEBDAV ACL document was on the IESG telechat agenda on 14-Nov. There were a few issues raised that I believe will be easy to address: This document uses various domain names such as www.webdav.org, www.foo.org, foo.org, and www.BigCorp.com. RFCs are supposed to use specific domains in examples: example.com, example.net, etc. The introduction states, in part: This specification intentionally omits discussion of authentication, as the HTTP protocol already has a number of authentication mechanisms [RFC2617]. Some authentication mechanism (such as HTTP Digest Authentication, which all WebDAV compliant implementations are required to support) must be available to validate the identity of a principal. This should be changed to refer to the discussion of authentication in RFC 2518 section 17.1. In particular, this document needs to refer to something that makes it clear that BASIC authentication can only be used in conjunction with some sort of security layer. However, another issue arose that received substantial pushback from the IESG: The complexity of the proposed ACL facility is seen as excessive. There was some debate as to how to proceed but no conclusion was reached. This issue will be discussed again at the IESG meeting tomorrow (Sunday). I quite honestly don't know how this will go so I cannot advice the WG as to what steps to take at this point. I do think, howeve,r that some time should be set aside at the meeting to discuss this. > The intent is to publish a new Internet-Draft, draft-ietf-webdav-acl-10, > immediately after the Atlanta IETF meeting (i.e., on or about the 25th of > November). This draft will then be sent to the IESG for review, and > hopefully approval. Assuming it is approved, publication as an RFC will > happen about 1-2 months afterwards. Please go ahead and address the additional minor points raised above in the -10 revision of the document. Ned
Received on Monday, 18 November 2002 14:59:49 UTC