Handling of private/confidential groupware objects

Martin Konold martin.konold at erfrakon.de
Wed Jan 11 13:00:16 CET 2006

Am Mittwoch, 7. Dezember 2005 06:55 schrieb Joon Radley:

Hi Joon,

> > The "privat" flag is a marker in Kontact and for Outlook it
> > is also some access control switch.
> > (This has been known during the Proko2 contract, so it is not news.)
> Policy must be enforced by the server else is just smoke and mirrors.
> Having clients honor the "private" setting will just leave the perception
> of policy enforcement where in reality anybody with access to the folder
> can read the private messages if they wished by using a non-honoring
> client.

Actually further investigation into OL/EX showed that MS actually does exactly 
that. On the wire the "private" information is fully available and it is only 
hidden in the OL GUI!

This seems to be known in the OL community.

see also: http://www.slipstick.com/emo/2006/up060105.htm#private

"Are they any other ways private items can be seen? Sure. If the item is 
viewed using a program that doesn't honor the private flag, others will see 
it. This would typically happen with third party applications that access 
calendar or contact items."

For Kolab this means that we could go the same route. The disadvantage would 
be that the this concept breaks with third party clients like web mail 

Due to the fact that our data format is not as obscure as MS Exchange we would 
need further "protection". A trivial means for providing this kind of 
obscurity could be a shared key. This key would be shared by all "Kolab.org 
approved" clients.

We would then use copyright in order to prevent other clients to use our 
key ;-)

Seriously: IMHO the way how MS handles the issue is broken by design. I have 
serious doubts that my above proposal is the right way[tm] to solve the 

I therefore want to repeat my proposal with the "hidden" private subfolder.

Please answer ASAP.

-- martin

Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker

More information about the format mailing list