> Nevermann, Dr., Peter wrote: > > 1) User & group relationships will not be mapped anymore to the URI > > hierarchy > > Instead, the DAV:group-member-set and DAV:group-membership > properties are > > used which allows for many-to-many relationships between > users and groups. > > Just for my understanding. Properties of what resources?
As Martin already pointed-out: properties of principal resources (i.e. resources representing users and groups). > > 2) Action aggregation will not be mapped anymore to the URI > hierarchy > > Instead, the DAV:privilege-member-set and DAV:privilege-membership > > properties are used. [I must admit, that these two props do > not appear in > > the specs, because the spec do not require actions being resources.] > > I do not quite understand. Does this mean actions will still be > resources, but configured in Domain.xml? Yes, as principals, action continue to be resources *in Slide*. The ACL spec requires principals to be WebDAV resources but does not require it for privileges/actions. > > 3) There will be generic SubjectNode's like ALL, > UNAUTHENTICATED, etc. which > > do not need to exist in the user DB. In particular, the > node /users doesn't > > anymore represent "all" users. > > So, resources under /users will continue to exist as users? Right. It's just that the WebDAV-collection /users will not anymore represent the DAV:all token (i.e. represent all users). There are (or will be) parameters "userspath" and "groupspath" in the namespace configuration which let configure where in the namespace the server stores users and groups. > > 4) There will be a generic ActionNode ALL which do not need > to exist in the > > namespace. In particular, the node /actions doesn't anymore > represent "all" > > actions. > > > > 5) During server start-up, the active user is > UNAUTHENTICATED and all Slide > > action are mapped to a generic DEFAULT action which passes > all security and > > lock checks. So, the user DB, and the Lock and Security > stores don't need to > > be accessed. > > Ah! That's way tempaction could be removed?! That's right, "tempaction" is gone. Regards, Peter P.S. I'm about to check-in the stuff. To keep trouble for all of you as small as possible, today I created a CVS tag named SLIDE_2_0_1 to freeze a version with still the old securiry implementation.
