Any plans for RFC3744

["Bennett, Tony - CNF" <Be...@cnf.com>]

Are there any plans afoot to implement support
for RFC3744 - WebDav ACL, either as a stand-alone
module or by modifying mod_dav/mod_dav_fs ???

-tony

Re: Any plans for RFC3744

[Eli Marmor <ma...@netmask.it>]

Greg Stein wrote:

> ...
> storage on the server, and/or DBM database. The problem here is that any
> ACL changes would need to reach all the Apache child processes. IPC is a
> bitch, so dropping the stuff on the disk is best, where the processes can
> see what the "current" state is.

Once I developed an IPC module, based on thin patches that I did in
mpm_common.c. Currently, this module can be used to stop / restart /
graceful the server (from a module!), of course after checking that the
requester has the right privileges for that (sorry, I failed to develop
a "run" option too ;-)

I'll be happy to contribute this module (and mainly the small patch in
mpm_common.c) to the source tree.

After including it, special versions of apr_table and apr_array can be
written, that will support multi-process/thread; When SHM can't be
used, my module can be used to tell the different processes to refresh
their copy of the table/array.

This way can minimize the overhead and time response needed to read
values from the table/array (in comparison to an external file or DBM).

Of course, the overhead of writes (=modifications) will still be high,
but I assume that the ratio between reads and writes is usually
thousands or even more. So it's not an issue.

Please let me know if it's interesting anybody.

-- 
Eli Marmor
marmor@netmask.it
CTO, Founder
Netmask (El-Mar) Internet Technologies Ltd.
__________________________________________________________
Tel.:   +972-9-766-1020          8 Yad-Harutzim St.
Fax.:   +972-9-766-1314          P.O.B. 7004
Mobile: +972-50-23-7338          Kfar-Saba 44641, Israel

Re: Any plans for RFC3744

[Greg Stein <gs...@lyra.org>]

On Mon, Jun 14, 2004 at 09:49:58AM -0700, Bennett, Tony - CNF wrote:
> Are there any plans afoot to implement support
> for RFC3744 - WebDav ACL, either as a stand-alone
> module or by modifying mod_dav/mod_dav_fs ???

Hey Tony :-)

I'm not sure that anybody has specifically looked at it yet. I do know
that the Subversion guys would be interested in seeing the framework in
Apache so that they can use it, so there is possible dev/time from that
angle. Within the httpd developers... not sure.

As for whether it would be part of mod_dav, or a companion module... I'm
not sure. Ideally, the ACL support would cut across all HTTP interactions,
and it would use Apache's standard authorization hook. In that sense, it
might not be necessary to make it part of mod_dav. However, I would hope
that it enables a backend approach similar to mod_dav (there is a lot of
basic processing the frontend could do, before passing it to the back).

It might be tricky to coordinate things like PROPFIND across modules,
which may be a reason to integrate them. Personally, I'd hope for a
separable solution, and one that is generally applicable to the whole
server, rather than just DAV-enabled areas.

I believe any default implementation would require some kind of file-based
storage on the server, and/or DBM database. The problem here is that any
ACL changes would need to reach all the Apache child processes. IPC is a
bitch, so dropping the stuff on the disk is best, where the processes can
see what the "current" state is.

Have you applied much thought to the issue yet?

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/