behavior of dav:inherited-acl-set from Ravi Murthy on 2004-09-08 (w3c-dist-auth@w3.org from July to September 2004)

From: Ravi Murthy <ravi.murthy@oracle.com>
Date: Wed, 8 Sep 2004 12:46:15 -0700
To: <w3c-dist-auth@w3.org>
Message-ID: <009901c495dc$80ed0fe0$bcaa2382@us.oracle.com>

Does the <dav:inherited-acl-set> property apply recursively ? i.e. if a resource R1 specifies R2 as part of its <dav:inherited-acl-set>, then in addition to the ACL on R2 (as specified by DAV:acl property), does the <dav:inherited-acl-set> property of R2 *also* apply in determining the privilege on R1 ? The RFC is not very clear on this point.

-- Excerpt from RFC 3744
5.7 DAV:inherited-acl-set
This protected property contains a set of URLs that identify other resources that also control the access to this resource. To have a privilege on a resource, not only must the ACL on that resource (specified in the DAV:acl property of that resource) grant the privilege, but so must the ACL of each resource identified in the DAV:inherited-acl-set property of that resource. Effectively, the privileges granted by the current ACL are ANDed with the privileges granted by each inherited ACL. 

-- End Excerpt

Thanks.

- Ravi

Received on Wednesday, 8 September 2004 19:46:49 UTC