(Illustration by Gaich Muramatsu)
On Wed, 10 Dec 2003, Greg Troxel wrote: > that expired tokens should always work locally against the acl cache, > regardless of connectivity. This sort of implies that the full acl > should be cached, although one can argue that only caching the acl > subset for tokens that have fetched/hoarded the file is ok too. Hello Greg, unfortunately acls cannot be used by themselves as they include Coda identities, while in disconnected mode _all_ we have is an uid. So while connected we have to translate acls to rights-per-uid, and we probably do not want to do it for all uids times all cached objects, all the time. A "lazy" access rights calculation seems to be appropriate and sufficient. An uid who accesses an object, leaves its rights attached to the object (or its parent dir). I assume it is what venus does. Then of course you cannot access an object while disconnected if you never looked at it when your credentials were verifiable (i.e. while connected). Such conservative approach makes is also safer against stealing local uid identity (say physical access to a forgotten terminal session). Regards, -- IvanReceived on 2003-12-10 10:03:45