[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository ACL's

From: Greg Stein <gstein_at_lyra.org>
Date: 2003-04-17 01:03:24 CEST

On Thu, Apr 17, 2003 at 12:38:05AM +0200, Branko ?ibej wrote:
> Daniel Patterson wrote:
> > I'd like to establish whether
> >it's even possible or not (I'm getting a gut feeling that access control
> >and versioning are mutually exclusive for some reason....)
> They aren't mutually exclusive. It's just a lot harder to get a coherent
> definition of ACL semantics in the presence of versioning.

Right. I see two basic issues:

* you want ACLs to be independent of revisions. when you attach the "only
  group G can read this file" restriction when the repos is at rev 10, you
  also want it to apply to revs 1 through 9. Otherwise, people would just
  read the older file.
  Thus, you could say "ACLs should be path-based"

* when you've attached an ACL to file F, you want to have the same
  protections on that file, even if it gets copied or moved.
  Thus, you could say "ACLs attach to specific objects"

The two concerns are kind of mutually exclusive. I only say "kind of"
because I believe there is a solution in there somewhere. I stopped applying
brain-power to the problem when I recognize the big fork, and the resulting
need to unify the two.

> >* Given Subversion does not know about users,
> This bit isn't exactly true, of course. The subversion FS *currently*
> doesn't know about users, but it would, if ACLs were part of it. And
> Subversion does know about users. Authentication is another matter,
> specific to the RA method.


> > ACLs are therefore only desired for ra_dav access.
> >
> >This kind of hints to me that access control won't work at all over
> >ra_local without some other kind of backend, so perhaps the webdav
> >approach is a correct one (or at least, points to the layer where
> >access control belongs)?
> As I said, access control belongs in the FS, not in a server layer. The
> server layer must take care of authentication, of course. What we have
> to come up with is an ACL design that can be *mapped* to/from the WebDAV
> ACL semantics.

Agreed. And I think Justin's notes are using the design approach of "here is
what the WebDAV ACL has come up with, knowing that it should also apply to
versioned systems. let's see how we can map such a system onto SVN." The
result can then be analyzed for whether and how it can work with the FS and
other access mechanisms.


Greg Stein, http://www.lyra.org/
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Apr 17 01:04:07 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.