All,
since we have not approached ACLs yet, and since I am not really knowladgable about security, I have no answer.
if you issue a copy command and the source is not owned by you but you have read permission (say through ACLs). and it is a recursive copy; how do you propagate permission information to the target? do you make everything owned by the person whe issues the copy (which may be a service!) or do you copy the ACLs and the permissions along with the file (ie metadata copy)? how do you make sure that the same users exist then on the target site?
IMHO, there is only one sensible solution: the new owner of the copy determines access control to the newly created file. That should be a policy decision local to the target site. However, controling this from the SAGA API may be 'interesting'. So, should there be some kind of property determining access control for files and directories to be created? (I am afraid, we are stressing the "S" for simplicity if we are working towards a comprehensive solution...) Any thoughts? Thilo -- Thilo Kielmann http://www.cs.vu.nl/~kielmann/