Re: [Ietf-caldav] DAV acls
Bernard Desruisseaux <bernard.desruisseaux@oracle.com> Thu, 21 September 2006 14:36 UTC
Return-Path: <bernard.desruisseaux@oracle.com>
X-Original-To: ietf-caldav@osafoundation.org
Delivered-To: ietf-caldav@osafoundation.org
Received: from laweleka.osafoundation.org (laweleka.osafoundation.org [204.152.186.98]) by leilani.osafoundation.org (Postfix) with ESMTP id AFD877F9D9 for <ietf-caldav@osafoundation.org>; Thu, 21 Sep 2006 07:36:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by laweleka.osafoundation.org (Postfix) with ESMTP id A029D142278 for <ietf-caldav@osafoundation.org>; Thu, 21 Sep 2006 07:36:39 -0700 (PDT)
Received: from laweleka.osafoundation.org ([127.0.0.1]) by localhost (laweleka.osafoundation.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32673-03 for <ietf-caldav@osafoundation.org>; Thu, 21 Sep 2006 07:36:36 -0700 (PDT)
Received: from rgminet01.oracle.com (rgminet01.oracle.com [148.87.113.118]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by laweleka.osafoundation.org (Postfix) with ESMTP id C358514225B for <ietf-caldav@osafoundation.org>; Thu, 21 Sep 2006 07:36:36 -0700 (PDT)
Received: from rcsmt250.oracle.com (rcsmt250.oracle.com [148.87.90.195]) by rgminet01.oracle.com (Switch-3.1.6/Switch-3.1.6) with ESMTP id k8L35OGb022761; Thu, 21 Sep 2006 08:36:27 -0600
Received: from bdesruis-ca.ca.oracle.com by rcsmt251.oracle.com with ESMTP id 2020312761158849286; Thu, 21 Sep 2006 08:34:46 -0600
Message-ID: <4512A305.4050501@oracle.com>
Date: Thu, 21 Sep 2006 10:34:45 -0400
From: Bernard Desruisseaux <bernard.desruisseaux@oracle.com>
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: Jari Urpalainen <jari.urpalainen@nokia.com>
Subject: Re: [Ietf-caldav] DAV acls
References: <1158841595.2566.129.camel@esdhcp038148.research.nokia.com>
In-Reply-To: <1158841595.2566.129.camel@esdhcp038148.research.nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Whitelist: TRUE
X-Virus-Scanned: by amavisd-new and clamav at osafoundation.org
X-Spam-Status: No, hits=0.0 tagged_above=-50.0 required=4.0 tests=AWL
X-Spam-Level:
Cc: acl@webdav.org, CalDAV DevList <ietf-caldav@osafoundation.org>
X-BeenThere: ietf-caldav@osafoundation.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions on Calendar Access protocol based on WebDAV <ietf-caldav.osafoundation.org>
List-Unsubscribe: <http://lists.osafoundation.org/mailman/listinfo/ietf-caldav>, <mailto:ietf-caldav-request@osafoundation.org?subject=unsubscribe>
List-Archive: <http://lists.osafoundation.org/pipermail/ietf-caldav>
List-Post: <mailto:ietf-caldav@osafoundation.org>
List-Help: <mailto:ietf-caldav-request@osafoundation.org?subject=help>
List-Subscribe: <http://lists.osafoundation.org/mailman/listinfo/ietf-caldav>, <mailto:ietf-caldav-request@osafoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2006 14:36:39 -0000
Hi Jari, I've CCed the WebDAV ACL mailing list (acl@webdav.org). See comments below. Cheers, Bernard Jari Urpalainen wrote: > Hi all! > > Sorry that my questions/comments are on the wrong list... but caldav > requires dav acls. Anyway, I've been implementing dav acls as an apache > module for a while and there are some issues which are imo worth > discussing (sorry again if these have been discussed before...) > > First, it seems to me that it is impossible to implement a unix sticky > bit (t) like feature for a collection (like in unix /tmp), i.e. users > could safely create files into a shared collection without the fear that > others can delete them. As it stands now in the spec you'll need to have > <unbind> privilege of the parent collection to remove a file. This is correct. > So you'll > have to give that privilege to a user for him/her to delete his/her > files. And similarly all other users needs this privilege as well for > their files. So no matter how strict rules you'll have on your files > other users could still remove your files, right ? If I have understood > this correctly, imo it could e.g. be solved by changing the delete rule > so that write privilege for a resource would allow the removal of a > resource (this is actually what i've implemented). I.e. with write > privilege you can "empty" body and dead properties which is almost like > a removal of a resource. You should look at the WebDAV ACL mailing list archive (http://mailman.webdav.org/pipermail/acl/) as well as old versions of the WebDAV ACL draft (http://ietfreport.isoc.org/idref/draft-ietf-webdav-acl/). You'll notice that up to draft -10 there was a DAV:delete privilege but the WG "couldn't agree for the need of that privilege." Check: http://mailman.webdav.org/pipermail/acl/2003-November/001782.html > > Secondly, while distributed acl rules (on different servers) or > referencing distributed group principals may be cool they are quite > challenging to implement, that's why I was hoping to see a postcondition > like "DAV:no-distributed-acls" (and something similar to distributed > groups). Also this should be listed on <acl-restrictions>. What I mean, > there are other things that are optional to implement which are imo much > easier to implement than these. So probably the "generic" > "no-ace-conflict" could be used here, but it isn't that descriptive for > the client (the implementation of which in general, must be quite > flexible imo btw.). > > Still a question about acl usage with caldav: a client puts a new ics > file into a calendar collection and server does not (auto)generate any > acl for it (this is very implementation specific if/as we follow > rfc3744). Actually, a server most likely will set a default ACL on the new resource. > The client does not support acls (uses only "private" > calendars). So another client queries freebusy info, is it allowed or > not ? (probably latter). All depends on the default ACL set by the server. Currently, I would expect servers to allow users to configure the default ACL value in a proprietary way. > But agreed, this ambiguity results from rfc3744 > being "liberal". So imo, it would be clearer if servers must generate > e.g. an acl where the owner has full rights (and others none) for a new > created resource. In addition, acls would then be needed for truly > shared resources only (or allowing freebusy reports for others). Correct. Servers have no standard way to allow client to manage or discover the default/initial ACL value for new resources. Cyrus, Lisa and I had lots of discussions on whether a calendar collection should have a property (protected or not) that would allow client to discover and manage (if the property is not protected) the default ACL for new calendar object resources. We also had discussions on ACL inheritance as well. As you may have guessed, we have decided to address those issues in a separate draft... > > There are quite many other minor issues as well (or difficulties to > understand the meaning of the spec) but in general I like the basic > simplicity of the spec. But I'll hope someone can enlighten me first > with answers to these basic questions... > > thanks, > Jari > > _______________________________________________ > Ietf-caldav mailing list -- Ietf-caldav@osafoundation.org > See http://ietf.webdav.org/caldav/ for more CalDAV resources > http://lists.osafoundation.org/mailman/listinfo/ietf-caldav
- Re: [Ietf-caldav] DAV acls Bernard Desruisseaux
- [Ietf-caldav] DAV acls Jari Urpalainen
- Re: [ACL] Re: [Ietf-caldav] DAV acls Julian Reschke
- Re: [ACL] Re: [Ietf-caldav] DAV acls Jari Urpalainen
- Re: [ACL] Re: [Ietf-caldav] DAV acls Julian Reschke
- Re: [ACL] Re: [Ietf-caldav] DAV acls Jari Urpalainen
- Re: [ACL] Re: [Ietf-caldav] DAV acls Julian Reschke
- Re: [ACL] Re: [Ietf-caldav] DAV acls Jari Urpalainen
- Re: [ACL] Re: [Ietf-caldav] DAV acls Julian Reschke
- Re: [Ietf-caldav] DAV acls Jari Urpalainen