[Bug 71] Clarify what servers may and may not do with privileges when BIND is used


------- Additional Comments From lisa@osafoundation.org  2005-01-28 10:28 -------
I can't say this isn't an issue for MOVE as well.  So perhaps we do need a bug
for RFC 2744 or RFC2518 or both.

However, let's keep the discussion to BIND and REBIND alone -- we're now
defining these.  As a client implementor now, I can tell you it would be really
great to rely on some server behavior when using BIND or REBIND to create or
move a binding.  

Can we at least discuss this?  I can throw up a straw man proposal.  How about:

"When a client uses BIND or REBIND to create/modify a binding to an existing
resource, the server has three options: treat this as a new resource and
overwrite the resource ACL with the permissions that would be inherited in the
location of the new binding, treat this as an existing resource and do no ACL
inheritance, or take a middle path and use ACL inheritance in the new location
by adding the permissions granted to the ACLs already on the resource.  A server
SHOULD follow the last approach, as being the approach assumed to be closest to
the user's desired model, where a resource bound to multiple URLs ought to be
available to principals who would be able to access that URL had it been bound
using PUT."

------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Received on Friday, 28 January 2005 18:28:30 UTC