- From: Lisa Dusseault <lisa@osafoundation.org>
- Date: Mon, 04 Jul 2005 21:22:54 -0700
- To: "Webdav WG" <w3c-dist-auth@w3c.org>
This message attempts to explain my concern about the interaction of ACLs and bind. The basic question I have is this: if you have a resource with two bindings can different access control behavior be applied depending on which URL the resource is accessed through? It seems to me that there are three possible answers here: (1) No. (2) Yes. (3) It's locally defined. Others may feel differently, but my view based is that the current language in 2518, 3744, and draft-ietf-webdav-bind-11 doesn't provide a definitive answer, but that it's important that we do so. Furthermore, I would argue that the right answer is "No". A related question is if you think the answer is "No", then what is the access control status of a resource that is bound into a collection with different ACL settings (incl. inheritance) than the collection the resource is already in. However, before making an extended argument on that point, I'd like to get a sense of what people feel the current state of affairs is. Lisa
Received on Tuesday, 5 July 2005 04:23:08 UTC