- From: Brian Korver <briank@xythos.com>
- Date: Mon, 30 Jun 2003 16:10:16 -0700
- To: Frank Lowney <frank.lowney@mac.com>
- Cc: w3c-dist-auth@w3.org
On Sunday, June 29, 2003, at 05:47 AM, Frank Lowney wrote: [snip] > 1) WebDAV cannot be programmatically and securely applied to > individual web sites. Currently, creating an account on my MacOS X > Server (Apache) programmatically creates web space whose address takes > the form http://myserver.gcsu.edu/~username and programmatically > enables FTP access to that web space using the un/pw assigned to the > account. This can be done on a large scale with batch methods. If your WebDAV server integrates with your directory service (LDAP, ActiveDirectory, NetInfo, YP, etc.), then these accounts would appear as soon as the user's account is created in the directory. I do know of vendors that produce such servers ;). > > 2) WebDAV does not offer disk space quota enforcement and the means > with which to discover one's usage of that disk space and take > corrective action. FYI: http://www.ietf.org/internet-drafts/draft-ietf-webdav-quota-01.txt > > 3) WebDAV does not offer password management (neither does FTP but I > mention it here to complete a basic feature list). > > Of course, I would like to be wrong about this and I believe that I > am. Apple seems to have accomplished a good measure of what I > describe above with "dotMac" accounts that include WebDAV access via > what it calls an "iDisk." However, the techniques behind this are not > generally and perhaps not even publicly, available. > > I would like to extend this kind of functionality to the thousands of > students and hundreds of faculty at my university but apparently > cannot due to the unavailability of critical information n the > techniques employed. Being able to drop support for FTP would > certainly make our networking a security folks happy. Being able to > supplant FTP with WebDAV would likely be viewed as progress by our > clients. Unfortunately, it does not appear to be possible right > now. > > Here, again, I hope to be shown the error of my thinking. Again, directory service integration would give you what you want. When the user changes their password using their standard password change mechanism, that password change goes into the directory, which of course the server will pick up immediately. -brian briank@xythos.com
Received on Monday, 30 June 2003 19:09:51 UTC