W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2007

Re: bind, inherited locks, and access control

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Fri, 12 Jan 2007 09:25:42 +0100
Message-Id: <6A3249FD-0559-4526-A81B-8B272E393532@greenbytes.de>
Cc: "Julian Reschke" <julian.reschke@gmx.de>, w3c-dist-auth@w3.org
To: Tim Olsen <tolsen718@gmail.com>

Am 12.01.2007 um 01:15 schrieb Tim Olsen:

> On 1/11/07, Julian Reschke <julian.reschke@gmx.de> wrote:
>> Tim Olsen schrieb:
>> >
>> > Hi,
>> >
>> > Let's say a user has an infinite-depth lock on collection C.   
>> There is
>> > a resource R under a different collection for which the user  
>> does not
>> > have DAV:write-content permission on (which is normally needed to
>> > perform LOCK on).  Can the user BIND the resource R under C  
>> (thereby
>> > having R inherit the lock) with only DAV:bind permission on C?   
>> Or is
>> > DAV:write-content permission also required on R ?
>> I'm tempted to say "edge case", thus it depends.
>> A server could allow the BIND, but that wouldn't affect the  
>> permissions,
>> thus the resource wouldn't suddenly become writable by somebody else.
>> Or it could reject the request.
>> The important thing here is that the BIND request can't be used work
>> around the security model, which seems be the case in both cases.
> But if the server allows the BIND then the user can exclusively lock
> any resource just by binding it under a locked collection that he or
> she owns.  Maybe it's best then to require DAV:write-content as well

First, depth locks for BIND operations are crazy. Second, depth locks  
are a overblown idea anyway as of the personal opinion of yours  
truly. Third, what you describe seems to be a DoS by a (on almost all  
servers) authorized user.

I don't think this justifies as a reason to make the bind spec more  


Received on Friday, 12 January 2007 08:25:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:41 UTC