Last Call comments on draft-sanchez-webdav-current-principal-01 from Julian Reschke on 2008-07-25 (w3c-dist-auth@w3.org from July to September 2008)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 25 Jul 2008 15:07:40 +0200
To: IETF Discussion <ietf@ietf.org>
CC: WebDAV <w3c-dist-auth@w3.org>
Message-ID: <4889D01C.80204@gmx.de>

Hi,

this is a good proposal and I support publication as a Proposed Standard.

Below are some comments, mostly editorial:

> Abstract
> 
>    This specification defines a new WebDAV property that allows clients
>    to quickly determine the principal corresponding to the current
>    authenticated user.

Nit: Expand WebDAV acronym on first use.

>    Some clients have a need to determine the [RFC3744] principal that a
>    server is associating with the currently authenticated HTTP user.
>    While [RFC3744] defines a DAV:current-user-privilege-set property for
>    retrieving the privileges granted to that principal, there is no
>    recommended way to do identify the principal in question, which is
>    necessary to perform other useful operations.  For example, a client
>    may wish to determine which groups the current user is a member of,
>    or modify a property of the principal resource associated with the
>    current user.

Nit: say "WebDAV ACL" instead of "[RFC3744]" most of the time.

>    The DAV:principal-match REPORT provides some useful functionality,
>    but there are common situations where the results from that query can
>    be ambiguous (e.g. not only is an individual user principal returned,
>    but also every group principal that the user is a member of, and
>    there is no clear way to distinguish which is which).

Nit: reference RFC3744, Section 9.3.

>    When XML element types in the namespace "DAV:" are referenced in this
>    document outside of the context of an XML fragment, the string "DAV:"
>    will be prefixed to the element type names.

Substantial: need to state how XML fragments are to be interpreted, what
the extensibility rule is, and why it's ok to put things into the "DAV:"
namespace (for the first points refer to RFC4918, for the last you may
want to claim consensus of the WebDAV community).

>    Value:  Single DAV:href element.
> 
>    Protected:  This property is computed on a per-request basis, and
>       therefore is protected.
> 
>    Description:  The DAV:current-user-principal property contains either
>       a DAV:href or DAV:unauthenticated XML element.  The DAV:href

Substantial: this contradicts what "Value:" says. Maybe just get rid of
that one.

>    Definition:
> 
>       <!ELEMENT current-user-principal (unauthenticated | href)>
>       <!-- href value: a URL to a principal resource -->

Nit: should state somewhere where unauthenticated and href come from.


BR, Julian

Received on Friday, 25 July 2008 13:08:30 UTC