[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: VCAR question

To: "Shannon J. Clark" <shannon@xxxxxxxxxx>, "John Stracke" <jstracke@xxxxxxxxxxxxxxxxxxxx>, "CalSched IETF" <ietf-calendar@xxxxxxx>
Subject: RE: VCAR question
From: "Paul B. Hill" <pbh@xxxxxxx>
Date: Tue, 11 Dec 2001 19:30:25 -0500
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-calendar/mail-archive/>
List-id: <ietf-calendar.imc.org>
List-unsubscribe: <mailto:ietf-calendar-request@imc.org?body=unsubscribe>
Sender: owner-ietf-calendar@xxxxxxxxxxxx



>...Can a VAGENDA contain a VCAR? If so then isn't having "write" permission
to
>a VAGENDA with the ability to move another VAGENDA into it the same has
>having full rights since you could create VCARS?  Or am I missing
something?

A VAGENDA can contain most things, so at first glance, having the ability to
move another VAGENDA into an existing one, or create a new sub-VAGENDA,
feels like having full rights, it might not be.

If our access control model is changed to:
1) default access is grant
2) inheritence evaluation starts at the root and you work your way down
3) evaluation stops when an explicit DENY is reached

Then you could give someone CREATE or MODIFY access on a VAGENDA to someone
and use other VCARS to still limit what could be done in the "sub" VAGENDAs
introduced by the user.

Paul

Follow-Ups:
- Re: VCAR question
  - From: Doug Royer
- RE: VCAR question
  - From: Shannon J. Clark

References:
- RE: VCAR question
  - From: Shannon J. Clark

Prev by Date: RE: VCAR question
Next by Date: RE: bearer certificates and VCARs and draft 6, oh my
Previous by thread: Re: VCAR question
Next by thread: RE: VCAR question
Index(es):
- Date
- Thread