- From: Frank Lowney <frank.lowney@mac.com>
- Date: Sun, 29 Jun 2003 12:23:27 -0400
- To: w3c-dist-auth@w3.org
Lisa Dusseault <lisa@xythos.com> comments/asks:
>Hi Frank,
>
>I'll try to answer your questions about WebDAV vs. FTP:
>
>
>> 1) WebDAV cannot be programmatically and securely applied to
>> individual web sites. Currently, creating an account on my MacOS X
>> Server (Apache) programmatically creates web space whose address
>> takes the form http://myserver.gcsu.edu/~username and
>> programmatically enables FTP access to that web space using the un/pw
>> assigned to the account. This can be done on a large scale with
>> batch methods.
>
>I'm not sure what you're asking here. Are you asking from an
>implementor/administrator point of view, whether a server can be implemented
>that supports WebDAV and securely supports individual Web sites? If that's
>the question, then Sharemation is an existence proof that this can be easily
>done. The site www.sharemation.com hosts individual web sites for many
>thousands of accounts. Although there's a Web interface to allow users to
>sign up, after registration users can manage their sites with WebDAV. Many
>universities are now starting to provide WebDAV-enabled individual sites to
>students with this technology, but instead of allowing free signup as
>Sharemation does, these universities use batch methods to create thousands
>of accounts each semester as new students arrive. There is no FTP access to
>these accounts because it's no longer needed.
What I hope to do is provide WebDAV-enabled sites to thousands of
students and hundreds of faculty at our university on a very limited
budget and without obsoleting investments already made, to wit:
o several XServe units running the latest MacOS X Server software
(10.2.6) with includes the Apache webserver with mod_dav precompiled.
See: http://www.apple.com/macosx/server/
o several MacOS X towers running the latest WebSTAR V Server Suite
(5.3.x). NOTE: WebSTAR V supports WebDAV with a very elaborate
security model that is great for many people working on a single web
site -- the conventional application of WebDAV. See:
http://www.webstar.com
I would like to be able to provide individual web site accounts
programmatically in batched and on-demand formats using a GUI front
end not unlike what is available to MacOS X Server and WebSTAR V
Server Admins.
That this is possible is difficult to deny. I now have several
existence proofs as follows:
1) Sharemation (see: http://www.sharemation.com)
2) Apple's iDisk (part of dotMac) (see: http://www.mac.com/)
3) WebCT 3.8 and WebCT Vista (see http://www.webct.com)
NOTE: WebCT Vista uses the BEA WebLogic server. WebCT is a
Courseware Management System (CMS) widely used in higher education.
WebCT Vista has been adopted system-wide in Georgia's University
System. Interestingly, I see no mention of this at www.webdav.org in
the way of an announcement.
>Or are you asking whether WebDAV can be used by a client program to manage a
>Web site remotely and automatically? Sitecopy and GoLive are client
>programs that do this.
>
>> 2) WebDAV does not offer disk space quota enforcement and the means
>> with which to discover one's usage of that disk space and take
>> corrective action.
>
>A WebDAV server implementation can offer disk space quota enforcement, as
>Apple iDisk and Xythos WFS do. This must be managed by the administrator of
>course. It's true that it's difficult to discover one's usage of that disk
>space however there is a HTTP error commonly used when that quota is reached
>("Insufficient Storage"). Furthermore, we're working on an extension to
>WebDAV to provide quota-related properties so that an individual user may
>discover their quota and storage usage.
>
>Are you sure that FTP offers this functionality anyway? I didn't think that
>was part of the FTP standard. I would think the user would have to type in
>Unix queries and understand the answer themselves, rather than be able to
>use a GUI client that is capable of parsing the quota information and issue
>warnings.
FTP Servers offer this functionality. Two examples include Rumpus
(http://www.maxum.com) and the FTP client bundled with the WebSTAR V
Server Suite (see http://www.webstar.com).
Clients will report the soft limit and hard limit warning messages
issued by these FTP servers.
> > 3) WebDAV does not offer password management (neither does FTP but I
>> mention it here to complete a basic feature list).
>
>Typically password management is not part of an application protocol -- as
>you point out, it's not part of FTP (nor is it part of IMAP, etc)
From the client perspective, such functionality is needed in a way
that **appears** to be integrated with the editing experience is
desirable.
>Instead, typically password management is an administrative function, which
>means that it can either be done through an administration UI (not through
>the application protocol) or through LDAP. WebDAV can work with LDAP: e.g.
>an administrator can create LDAP accounts and set passwords, then when users
>try to log into the WebDAV server the WebDAV server queries the LDAP server
>to see if the login should be allowed. A number of universities are also
>doing this already. I can provide you with more details if you're
>interested.
Admins need to be able to set pw criteria (# chars, composition, even
checking pw history in a database) and enforce a pw change schedule.
On the client side, users need to have the means with which to easily
comply with these requirements/policies - a pw changing interface.
Again, we seek only the **appearance** of integration from the
client's perspective.
>Good questions!
>Lisa Dusseault
--
=====================================================================
Dr. Frank Lowney flowney@mail.gcsu.edu
Director, Electronic Instructional Services, a unit of the
Office of Information and Instructional Technology,
Professional Pages: http://www.gcsu.edu/oiit/eis/
Personal Pages: http://www.faculty.de.gcsu.edu/~flowney
Voice: (478) 445-5260
=====================================================================
We don't make instruction effective, we make effective instruction
more accessible.
Received on Sunday, 29 June 2003 12:23:38 UTC