[saga-rg] Re: comment on SAGA strawman doc.

[Thilo Kielmann]

All,

> since we have not approached ACLs yet, and since I am not
> really knowladgable about security, I have no answer.

> > if you issue a copy command and the source is not owned by you but
> > you have read permission (say through ACLs). and it is a recursive copy;
> > how do you propagate permission information to the target? do you make
> > everything owned by the person whe issues the copy (which may be a service!)
> > or do you copy the ACLs and the permissions along with the file (ie metadata
> > copy)? how do you make sure that the same users exist then on the target 
> > site?

IMHO, there is only one sensible solution: the new owner of the copy
determines access control to the newly created file. That should be a
policy decision local to the target site.

However, controling this from the SAGA API may be 'interesting'.
So, should there be some kind of property determining access control
for files and directories to be created?
(I am afraid, we are stressing the "S" for simplicity if we are
working towards a comprehensive solution...)

Any thoughts?


Thilo
-- 
Thilo Kielmann                                 http://www.cs.vu.nl/~kielmann/