[Cosmo-dev] Thoughts on sharing

Elliot Lee osafoundation at intelliot.com
Tue Jul 11 08:16:31 PDT 2006 

On 7/10/06, Charles Mattair <cmattair at simdeskcorp.com> wrote:
> Some (not so) random thoughts on calendar sharing.
>
> The direction I've seen discussed is to a single server, read-only
> sharing model, using RSS or Atom.  I also haven't seen much discussion
> of credentialing and access control (if I know/can guess the URL, it's
> shared to me?).  I see this as a partial solution to a much broader
> requirement.

Well, this partial solution would allow you to share your calendar
with people outside your company. If you stored your calendar on a
calendar server accessible on the Internet, you could have "magic
cookie" private feeds -- for each calendar, one URL for read-only
access, and another for read-write.

Whoever has this long and virtually-impossible-to-guess private feed
URL can read or read-write the calendar. The Google Calendar Data API
uses a sharing scheme like this.

>
> For example, consider my experience at a previous employer.  We
> had calendars for each of our departmental conference rooms (the
> development conference room was gray so there was a "Gray
> Conference Room" calendar).  This calendar was owned by a psuedo-user
> in HR, shared read-only to everyone in the company and shared read-write
> to all the developers.  All the other conference room calendars were
> shared equivalently except the boardroom which was owned by the CEO's
> secretary and only shared read-only.  Thus, I (as a developer) could
> schedule the gray room, other departments had to go through HR or our
> departmental secretary.
>
> This model also lent itself to executive calendars wherein either
> the calendar owner (executive) or designee (administrative assistant,
> etc.) could update the calendar.
>
> However, in this model, every assessor must be known to and have valid
> authentication credentials with the server.  Thus, I couldn't share my
> personal calendar with anyone on this list (excepting someone who worked
> for the same company I did).  Even if a potential sharee had a calendar
> (or LDAP or Kerberos) server which was capable of validating his/her
> credentials, there was also no mechanism for vectoring those credentials
> from my server to theirs.
>
> I see a need for a sharing RFC which could flesh out these requirements
> and lead to a standardized way of sharing calendars between users at
> disjoint locations.  This RFC needs to address credentialing, calendar
> and cell level protections and probably other things I haven't thought
> of.
>
> Actually, in looking at the problem a little longer, this is less a
> CalDAV problem than a WebDAV one.
>
> Thoughts?
>
> cgm
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
>

More information about the cosmo-dev mailing list