prerequisites for private calendar items being private

Bernhard Reiter bernhard at intevation.de
Wed Jan 25 13:18:23 CET 2006 

Hi Holger,

Am Dienstag, 24. Januar 2006 19:30 schrieb Holger Leskien:
> On Tue, Jan 24, 2006 at 05:33:44PM +0100, Bernhard Reiter wrote:
> > Currently with Kolab, the access permissions can only set per folders,
> > and the attributes on a special appoinment can be used as an indicator
> > for the sensitivity, but will not restrict access.
>
> Yes, I understand that this is just a label. 

... then it should not change who as access to the data. 

> But if I remember correctly 
> Outlook should evaluate this label and prohibit access. Is this true?
> It's obvious that this behaviour is just security by obscurity, but in
> my case better than nothing.

This is what I have heard, too. Exchange will transport the data to the 
outlook client, which will then use the label to not display this 
information, based on (to me unkown) criteria. If this is true,
it would be bad security to rely on a client software.
Please see the kolab-format lists for some more details.

> > If you want a privat calendar, you need to create a new one and give it
> > the right permissions. This will lead to a problem when you want to have
> > a reminder on this appointment. One workaround is to make a second
> > appointment with less information in the main folders.
>
> I already suggested this to my clients, but they were not enthusiastic
> about managing two calendars.

I can understand this how this came to be,
but maybe you can use the good arguments to at least
over them a good explanation why things are like they are.

> > A real solution could be, if we can convince the connector producers
> > to change the handling of the "other" folders in
> > one or the other ways, e.g. make Reminders fire in other folders
> > or indroduce "hidden" folders holding part of the data.
>
> I think, if possible, the best solution is to repair this broken
> protocol and make the server enforcing accessment rights.

The two solutions I have briefly mentioned, and which are still subject
to debate would both mean that the server enforced the access rights.
But as always, those problems are hard to solve.
The Kolab-Konsortium has demonstrated in the past that we can solve 
such problems. However this is also a question of funding. 
Currently we do not have a customer that contracted us to find a good 
solution full steam, so the progress on the problem is a lot slower than
it could be. 

Bernhard

More information about the users mailing list