On Wed, 10 Dec 2003, Greg Troxel wrote:

> that expired tokens should always work locally against the acl cache,
> regardless of connectivity.  This sort of implies that the full acl
> should be cached, although one can argue that only caching the acl
> subset for tokens that have fetched/hoarded the file is ok too.

Hello Greg,

unfortunately acls cannot be used by themselves as they include Coda
identities, while in disconnected mode _all_ we have is an uid.
So while connected we have to translate acls to rights-per-uid, and we
probably do not want to do it for all uids times all cached objects,
all the time.

A "lazy" access rights calculation seems to be appropriate and sufficient.
An uid who accesses an object, leaves its rights attached to the object
(or its parent dir). I assume it is what venus does. Then of course you
cannot access an object while disconnected if you never looked at it when
your credentials were verifiable (i.e. while connected).

Such conservative approach makes is also safer against stealing local uid
identity (say physical access to a forgotten terminal session).

Regards,
--
Ivan