hmm... this looks like the latest incarnation of DAV. if so, my first
read on this is that -- at least in part -- it is operating at a layer
(HTTP) below what XACML is addressing. it definitely bears further
consideration to make sure that we don't ignore a relevant standard, but
i wonder what the affects of having newly defined HTTP header variables
will have on our ability to support the spec?
being this late in the process for generating use cases how does the
group suggest that we proceed? is it an issue that can be addressed?
Example - Using allprop to Retrieve All Properties
>>Request
PROPFIND /container/ HTTP/1.1 <------ <yikes!>
Host: www.foo.bar
Depth: 1
Content-Type: text/xml; charset="utf-8"
Content-Length: xxxx
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:allprop/>
</D:propfind>
b
> "DeSouza, Edwin" wrote:
>
> Bill,
> There is a big new IETF activity happening called WebDAV (Web
> Distributed Authoring and Versioning):
> http://www.webdav.org/
>
> They understand that this will require a good Authorization model.
> So, the IETF has also created WebDAV ACL. This is out on last call:
>
> http://www.webdav.org/acl/
> http://mailman.webdav.org/pipermail/acl/
>
> Here is the Spec:
> http://www.webdav.org/acl/protocol/draft-ietf-webdav-acl-06.pdf
>
> WebDAV will permeate on web based collaboration. So, XACML cannot
> afford to ignore WebDAV ACL. XACML should be able to model WebDAV ACL.
>
> Thanks,
> Edwin.