[Bug 71] New: Clarify what servers may and may not do with privileges when BIND is used


           Summary: Clarify what servers may and may not do with privileges
                    when BIND is used
           Product: WebDAV-BIND
           Version: -latest
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: 04.  BIND Method
        AssignedTo: julian.reschke@greenbytes.de
        ReportedBy: lisa@osafoundation.org
         QAContact: w3c-dist-auth@w3.org

The BIND specification doesn't say anything about what the server will do with
the privileges of a resource (particularly inherited permissions) when it is
bound into a new collection.  We should offer some guidance.

Use case: In Chandler we want a user to be able to share the same item (for
example, a calendar event) in multiple collections.  For example, I might want
to show the "OSAF holiday party" in both my work calendar share and my home
calendar share, so that other users who view either my work or my home calendar
will see the event regardless (and users who share both won't see the event twice).

The natural way to do this if the server supports bindings would be to create
the event in one collection, let's say the client will create it in my work
share where permissions are inherited so that all OSAF people can view the
event.  Then BIND the event to the other collection, where the inherited
permissions normally would automatically make it so that my family and friends
can view the event.

Do we leave it unspecified what happens in this case?  Do I end up with a
resource that is bound into my home calendar but only work people can see it
unless my client fixes up the ACLs?  Or do I end up with a resource that is
bound into both and has the sum permissions of both?

If the client has to fix up the ACLs, now what happens when I add a person to
the permissions of my home calendar share, and then apply that new permission to
all the resources in my home calendar share?  Does my client have to go through
each one and ACL each one or can the server calculate the appropriate
permissions for resources that are bound into both collections?

I can imagine a server implementing it either way depending on what they think
the common use cases are; what can the client predict or require here?  This may
be a difficult problem, but it merits at least some discussion to see if we can
make implementation issues clearer to clients, or to see if we can make
additional requirements on servers in order to make client implementations simpler.

------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Received on Thursday, 20 January 2005 00:45:45 UTC