[CalendarServer-dev] Ticket 148, remove ACL method
Wilfredo Sánchez Vega
wsanchez at wsanchez.net
Mon Jan 4 14:03:49 PST 2010
On Nov 18, 2009, at 4:47 AM, Peter Mogensen wrote:
> I'm a little puzzled by the change in this ticket to completely remove the ACL method.
> I realize that it'll make it easier for a specific application of calendarserver, in which the client doesn't offer ACL control and access is defined by predefined group or proxy principals, but it would make the calendarserver a lot less general a tool.
Calendar Server isn't a general-purpose DAV server; it's a calendar service.
> It would also conflict with rfc4791 section 2.
We wouldn't be removing the ACL method altogether, but we would be returning a FORBIDDEN response to any attempts to change the ACLs of resources that are managed by the calendar system. It's legal for a server to disallow that and still comply with RFC 3744.
We will still advertise the ACL properties, which will allow clients to see what access they have.
> What are the arguments for doing this ? - aside from not having to solve the original problem i ticket 148.
The problem with the ACL method is that it's practically impossible for a client to implement it correctly such that it works with any server, due to the arbitrarily-definable privileges and hierarchy. It's just too complex to be useful.
More information about the calendarserver-dev