[Subversion Wiki] Update of "AuthzImprovements" by brane

[Apache subversion Wiki <co...@subversion.apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "AuthzImprovements" page has been changed by brane:
https://wiki.apache.org/subversion/AuthzImprovements?action=diff&rev1=11&rev2=12

  
  == Goals ==
  
- The current (1.9) implementation of authz is lacking in two areas:
+ The current (1.9) implementation of authz is lacking in three areas:
  
   * Performance when a large number of paths needs to be checked.
   Affected operations are mainly checkout / export and log.
@@ -20, +20 @@

   zero to many full segments. For example, "/*/**/*" will match any path that contains at least 2 segments
   and is equivalent to "/**/*/*" as well as "/*/*/**".
  
+  * The right to know about the existence of a node (a.k.a. lookup access rights and/or directory traversal rights) is implied by read access and cannot be manipulated separately. See [[http://subversion.tigris.org/issues/show_bug.cgi?id=3380|Issue 3380]] for previous discussion of this topic, and the [[http://svn.apache.org/repos/asf/subversion/branches/authz-overhaul/BRANCH-README|authz-overhaul branch]] for an attempt at implementing this distinction. [[http://mail-archives.apache.org/mod_mbox/subversion-dev/201411.mbox/%3C5478AAD4.3070306%40skynet.ie%3E|this thread]] on the dev@ mailing list is a recent example of the problems caused by implicit lookup access.
+ 
  == Terminology ==
  
  A '''path''' consists of '''segments''', separated by "/".
@@ -65, +67 @@

  
   9. If multiple ACEs of a given ACL apply to a user, the union of
   all individually granted access rights is granted.
- 
- {{{#!wiki caution 
- Suggest writing "union of ... rights" not "sum of ... rights" to avoid ambiguity.
- }}}
  
  == Design ==