Last Call comments on draft-sanchez-webdav-current-principal-01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

this is a good proposal and I support publication as a Proposed Standard.

Below are some comments, mostly editorial:

Abstract

   This specification defines a new WebDAV property that allows clients
   to quickly determine the principal corresponding to the current
   authenticated user.

Nit: Expand WebDAV acronym on first use.

   Some clients have a need to determine the [RFC3744] principal that a
   server is associating with the currently authenticated HTTP user.
   While [RFC3744] defines a DAV:current-user-privilege-set property for
   retrieving the privileges granted to that principal, there is no
   recommended way to do identify the principal in question, which is
   necessary to perform other useful operations.  For example, a client
   may wish to determine which groups the current user is a member of,
   or modify a property of the principal resource associated with the
   current user.

Nit: say "WebDAV ACL" instead of "[RFC3744]" most of the time.

   The DAV:principal-match REPORT provides some useful functionality,
   but there are common situations where the results from that query can
   be ambiguous (e.g. not only is an individual user principal returned,
   but also every group principal that the user is a member of, and
   there is no clear way to distinguish which is which).

Nit: reference RFC3744, Section 9.3.

   When XML element types in the namespace "DAV:" are referenced in this
   document outside of the context of an XML fragment, the string "DAV:"
   will be prefixed to the element type names.

Substantial: need to state how XML fragments are to be interpreted, what
the extensibility rule is, and why it's ok to put things into the "DAV:"
namespace (for the first points refer to RFC4918, for the last you may
want to claim consensus of the WebDAV community).

   Value:  Single DAV:href element.

   Protected:  This property is computed on a per-request basis, and
      therefore is protected.

   Description:  The DAV:current-user-principal property contains either
      a DAV:href or DAV:unauthenticated XML element.  The DAV:href

Substantial: this contradicts what "Value:" says. Maybe just get rid of
that one.

   Definition:

      <!ELEMENT current-user-principal (unauthenticated | href)>
      <!-- href value: a URL to a principal resource -->

Nit: should state somewhere where unauthenticated and href come from.


BR, Julian
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]