- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 22 Jan 2006 10:46:10 +0100
- To: webdav <w3c-dist-auth@w3.org>
- CC: Geoffrey M Clemm <geoffrey.clemm@us.ibm.com>
Geoffrey M Clemm wrote: > > The issues/questions raised by Lisa are not related to the bind spec; > they are about dynamically inherited ACL's, which is not something that > is currently modeled in the ACL spec. So there is nothing that can > be changed about the bind spec to address this issue ... it is an ACL > spec issue. If the ACL spec were extended to model dynamically inherited > ACL's, then it would need to deal with multiple parents, but that is no > harder than dealing with the interaction of the ACL directly on a resource > with the ACL's that it inherits, so multiple bindings does not introduce > any new issues in that regard. > > Cheers, > Geoff I fully agree with Geoff here. RFC3744 doesn't define how a server handles inherited ACLs (if the inheritance isn't made explicit by specifying the resource from which the ACLs are inherited, as per <http://greenbytes.de/tech/webdav/rfc3744.html#rfc.section.5.5.4> and <http://greenbytes.de/tech/webdav/rfc3744.html#rfc.section.5.7>). Lisa's question seems to be: "how does a BIND+ACL server behave with dynamically inherited ACLs?", and the answer clearly is: "it's undefined, just like with an ACL server that does not support BIND". Now I understand that someone who wants to implement both in one server will ask the WG for opinion anyway, and that's fine. But, again: this is about a restriction in the RFC3744 ACL model and really, really doesn't have anything to do with BIND. Best regards, Julian
Received on Sunday, 22 January 2006 09:48:22 UTC