On Feb 13, 2006, at 4:38 , Lisa Dusseault wrote:
The CalDAV approach to access control for free-busy is to have a
separate privilege (read-free-busy) that can be used to restrict
access to FB & not the individual events. That doesn't work so
well with tickets; one way to make this work would be to replace
the "readonly" ticket element with <privileges>. (Though, besides
read, read-free-busy & write, I'm not sure whether any other ACL
privileges are worth supported).
Tickets can be defined for any privilege according to the proposed
wire syntax. A request for a read-free-busy ticket would have a
body something like this. The server can choose to allow it or
not, of course.
<D:ticketinfo xmlns:D="DAV:" >
<D:privilege><C:read-free-busy
xmlns:C="urn:ietf:params:xml:ns:caldav"/></D:privilege>
<D:timeout>Second-3600</D:timeout>
</D:ticketinfo>
Right you are. For some reason, I had wrongly thought that the
existing syntax had a <DAV:readonly> element, not the more general
case of an arbitrary combination of privileges.
--Grant
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
