WebDAV conference call
March 31, 2000: 11am – 12:00 pm
Attendees:
Barry Lind – Xythos
Anne Hopkins – Microsoft
Eric Sedlar – Oracle (taking
notes)
Chris Knight – NASA Ames
Murthy Chintalapatra—Sun
Microsystems
Resolved:
- A
principal will be separated into a set of element tags as follows (some of
which are required):
- DAV:principalID:
A machine-readable piece of information fully identifying a
user. This may be any
well-formed XML (required)
- DAV:principalDomain:
Either the string "local" or a URL identifying a foreign server that
can authenticate the principalID (required)
- DAV:principalName:
A human-readable string describing this principal. The DAV ACL spec treats this as
read-only (required)
- DAV:principalType:
A string identifying the type of principal. The DAV ACL spec defines the strings
"user" and "group" as possible values for this field. However, any value may be used here
by a particular implementation.
(not required)
- Implementation-specific tags…
- Authenticating principals from remote realms (where
DAV:principalDomain != "local") is out of scope
- We
need to address the goals of the ACL spec before proceeding
further
Open Issues:
|
Description |
Action |
|
Are the semantics of the XML Schema
recommendation available for WebDAV use? (Example: inheritance of tags as defined by
a schema) |
See what Jim Whitehead
thinks |
|
Need scenarios and use cases for ACL
checks and setting ACLs |
Everyone to come up with their cases
before next week |
Discussion:
Most of the call revolved around the
question of what a principal is, and how that information can be used
interoperably by server implementations.
- Some worry was expressed over the cost of lookups required to
return the human-readable name or domain identifier. However, we agreed that since the
main use of the ACL spec is to allow a user to view access control on a
resource, and set the access control on a resource, this information is
clearly required.
- Most people generally thought that maintaining principals,
listing the set of valid principals, and so forth, was outside the scope of
this spec; however, this may be revisited in light of the use cases
- A
lot of discussion about whether or not any of the principal tags should be
required, or whether we should just pack all of the information into the
machine-readable ID. Chris (??)
believes that we will need to have the domain information for real
distributed authoring support, and in a way that can be used interoperably
(so the domain cannot just be some opaque string). Most people seemed to accept this,
although the need for this will only come out as we discuss more of the
advanced issues.
- Murthy
brought up the issue of "realms", and their applicability to defining a
principal. However, the general
feeling was that this should be an implementation detail and encoded as a
part of the principalID.
- We
agreed that we should go back and review the existing goals document, adding
use cases, and update that before returning to work on this
spec.