This should be discussed at the webdav mailinglist directly as it is of
interest for all other WebDAV-server vendors.
I'd encourage everyone to join the w3c-dist-auth at w3.org mailing list.
Cheers,
Daniel
Slide Users Mailing List slide-user@jakarta.apache.org schrieb am 13.01.05
04:02:17:
circumstances...
Anyhow, at least I know now how to proceed. thanks again
Nick
-Original Message-
From: Oliver Zeigermann [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 2:09 PM
To: Slide Users Mailing List
Subject: Re: Question - is ACL negotiation unchangeable w/ competing
negotiation unchangeable w/ competing rights
?
I read the spec at
http://www.greenbytes.de/tech/webdav/rfc3744.html#acl.evaluation
such that the order is important and not strictness. Slide code says the
same.
Oliver
On Wed, 12 Jan 2005 13:15:16 -0500, Nick Longinow
[EMAIL PROTECTED
Nick Longinow wrote:
Thanks all for replies.
This basically means that if a principal has read access in one group and
read-write in another, then if the read group comes first, then when a
webdav request is made to edit the document, the resource will be streamed
to the user in read-only mode.
On Fri, 2005-01-14 at 10:11 +1100, Michael Smith wrote:
... snip ...
Now, a client can _also_ use a request for the acl property on a
resource to figure out what permissions the user has. So it's possible
(though somewhat tricky) to figure out whether the user would be able to
write the
From a security standpoint the concept of an all-powerful admin is a bad
thing. The new ACL-type implementations I've seen seem to moving to a
more localized security policy where it's easier to control who has
access to a resource and it's easier to contain a security breach (since
no one account
Well I wasn't meaning having an all-powerful admin, let's change in my
example, full access to write access. We still have the issue that
denying write access to another group which that particular user happens
to belong to, will deny the user write access even if belongs to a group
that
Hi
If a resource (document) in Slide has an ACL with multiple entries for the
same principal, the spec (as I recall it) says that the lesser permission is
applied to requests. ie, if user has read-only access as a member of one
group, and read-write as a member of another group, both of which are
I read the spec at
http://www.greenbytes.de/tech/webdav/rfc3744.html#acl.evaluation
such that the order is important and not strictness. Slide code says the same.
Oliver
On Wed, 12 Jan 2005 13:15:16 -0500, Nick Longinow
[EMAIL PROTECTED] wrote:
Hi
If a resource (document) in Slide has an ACL
Nick Longinow wrote:
Hi
If a resource (document) in Slide has an ACL with multiple entries for the
same principal, the spec (as I recall it) says that the lesser permission is
applied to requests. ie, if user has read-only access as a member of one
group, and read-write as a member of another
Michael Oliver wrote:
Michael, this is EXCELLENT and a very good thing to go into the
Wiki...please! I would but you should get the credit.
Ok. I've put it on the (more-or-less empty, previously) Security page.
Feel free to edit it however you want.
Mike
This is ok, but the issue is that when checking the ACL for a user
belonging to several groups, the first one that explicitly grants/denies
access is the one that takes effect. This sounds right but sometimes is
not what you expect. For example, you have an admin group that you've
given full
12 matches
Mail list logo
