Re: [Handle-info] Re: Permissions Not Implemented?

[Konstantin Rekk <konstantin.rekk@gbv.de>]

Hi,

On Mon, 2008-02-11 at 18:07 +0000, Sean Reilly wrote:
> We do have plans to revise/update/clean-up the RFCs to clarify the  
> issue you mentioned as well as a few other minor issues. 

You are probably already working  on this too (please correct me if
I misunderstand the documentation here):

In RFCs 3652  [Page 23]
"
   If a query request does not specify any index or data type and the PO
   flag (in the Message Header) is set, the server will return all the
   handle values that have the PUBLIC_READ permission.  Clients can also
   send queries without the PO flag set.  In this case, the server will
   return all the handle values with PUBLIC_READ permission and all the
   handle values with ADMIN_READ permission.  If the query requests a
   specific handle value via the value index and the value does not have
   PUBLIC_READ permission, the server should accept the request (and
   authenticate the client) even if the request has its PO flag set."

and several other places there is mentioned that you will not be able to
read a value with no PR, AR no matter how the  admin permissions are
set.

The current implementation (what I feel is more comfortable) will read
all values in authenticated request whatever the settings for read value
in admin perms are. This can be seen by using Handle Admin tool -> query
request -> Authoritative checked, Ignore Restricted Values unchecked
(see also  net.handle.server.HandleServer.checkReadAccess() and Encoder:
message.ignoreRestrictedValues = (MSG_FLAG_PUBL & opFlags) != 0; where
MSG_FLAG_PUBL seem to be PO Flag in RFC).

Konstantin	



_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info