Handling of private/confidential groupware objects
Benoit Mortier
benoit.mortier at opensides.be
Thu Dec 1 22:01:42 CET 2005
Le Mercredi 30 Novembre 2005 05:25, Martin Konold a écrit :
[..]
> 3. Use a second folder namespace for the private/confidential items and
> well understood ACLs
>
> This means that for groupware folders e.g. Calendar or Contacts we create
> a hidden extra folder on demand.
>
> Example:
>
> boss/calendar
>
> user boss is granting user secretary access to her calendar using ACLs
>
> When boss creates a private appointment for the first time the client
> creates a new folder
>
> boss/calendar.private
>
> This folder shall be hidden in the GUI of the client and the if the
> client has access to the private folder (in our case only boss) the
> events shall be _merged_ in the calendar.
>
> Technically this means that the security is implemented on the server
> while the presentation/user interaction is implemented on the client.
>
> What do you think?
>
> I personally tend to prefer solution 3.
Me too i vote for solution3
Cheers
--
Benoit Mortier
CEO
www.opensides.be
More information about the format
mailing list