[Cosmo-dev] current-user-privilege-set and tickets
Jeffrey Harris
jeffrey at osafoundation.org
Tue Aug 22 11:36:03 PDT 2006
Hi Folks,
Recently I had a discussion with Brian about tickets and the WebDAV
current-user-privilege-set (CUPS) property. For those precious few not
familiar with this property, WebDAV has a server calculated property for
resources which, when queried, returns a list of privileges (read,
write, etc.).
Tickets are a separate enhancement to the WebDAV spec.
To see a log of Brian's amicable conversation with me about this issue,
go to 12:33 in <http://tinyurl.com/fj6qh>.
To summarize the issue, I would like the server calculations that
determine CUPS to include privileges deriving from tickets, as well as
user authentication. WebDAV and the ticket spec are silent on this issue.
My feeling is that clients will only log in with one set of credentials,
username or a ticket, and they just want to know what they can do on the
server. They don't care how they gained privileges.
If I understand Brian correctly, he feels that tickets and user
authentication are quite different and should not be conflated.
My plan at the moment is to adjust zanshin's getPrivileges API to always
do a PROPFIND for both the ticketdiscovery property (which currently
gives credentials associated with the current ticket) and CUPS, and
merge the results.
This is a workable solution. I don't need different behavior from
Cosmo. But it still seems less than ideal to me, so I thought I'd
mention the issue on the list so there could be further discussion.
Sincerely,
Jeffrey
More information about the cosmo-dev
mailing list