- From: Eric Sedlar <eric.sedlar@oracle.com>
- Date: Wed, 8 Sep 2004 21:35:28 -0700
- To: <w3c-dist-auth@w3.org>
- Message-ID: <01d201c49626$6ed3bb70$d15efea9@us.oracle.com>
No, if you read the spec carefully, inherited-acl-set only inherits the ACL property, not any other access-control related properties (like inherited-acl-set). In section 5.7, the text says: " To have a privilege on a resource, not only must the ACL on that resource (specified in the DAV:acl property of that resource) grant the privilege, but so must the ACL of each resource identified in the DAV:inherited-acl-set property of that resource." ----- Original Message ----- From: Ravi Murthy To: w3c-dist-auth@w3.org Sent: Wednesday, September 08, 2004 12:46 PM Subject: behavior of dav:inherited-acl-set Does the <dav:inherited-acl-set> property apply recursively ? i.e. if a resource R1 specifies R2 as part of its <dav:inherited-acl-set>, then in addition to the ACL on R2 (as specified by DAV:acl property), does the <dav:inherited-acl-set> property of R2 *also* apply in determining the privilege on R1 ? The RFC is not very clear on this point. -- Excerpt from RFC 3744 5.7 DAV:inherited-acl-set This protected property contains a set of URLs that identify other resources that also control the access to this resource. To have a privilege on a resource, not only must the ACL on that resource (specified in the DAV:acl property of that resource) grant the privilege, but so must the ACL of each resource identified in the DAV:inherited-acl-set property of that resource. Effectively, the privileges granted by the current ACL are ANDed with the privileges granted by each inherited ACL. -- End Excerpt Thanks. - Ravi
Received on Thursday, 9 September 2004 04:36:06 UTC