6.0.0-git
2019-10-23

[#4050] Free/Busy URL privacy
Summary Free/Busy URL privacy
Queue Kronolith
Queue Version 2.1.1
Type Enhancement
State Accepted
Priority 1. Low
Owners
Requester stavros (at) staff (dot) esc (dot) net (dot) au
Created 2006-06-16 (4877 days ago)
Due
Updated 2008-11-16 (3993 days ago)
Assigned
Resolved
Milestone
Patch No

History
2008-11-16 22:25:27 Chuck Hagenbuch State ⇒ Accepted
 
2008-11-06 03:37:31 Chuck Hagenbuch Comment #11 Reply to this comment
I just looked at google calendar. You have to explicitly enable 
free/busy information there. I think we should go back to the same 
thing we used to do of using the VIEW permission for free/busy info.



We can turn it on by default, perhaps as a conf.php setting.



Also, we could learn a few things about the calendar/share management 
interface from google calendar. But I suspect we all knew that 
already. :)
2008-07-06 17:56:53 Jan Schneider Summary ⇒ Free/Busy URL privacy
 
2008-07-04 11:05:38 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #10 Reply to this comment
I would prefere a solution with authentication and permissions.

But the option for users to turn the FB of and configure the Information

shown would work for our site.
2008-07-01 07:58:32 Jan Schneider Comment #9 Reply to this comment
We should check what other fb url providers do.
2008-07-01 01:14:03 Chuck Hagenbuch Comment #8 Reply to this comment
Actually I guess no one out there makes a calendar that authenticates 
to get free/busy info. So the option should be for users to turn off 
their free/busy info, or for users to mask their name/email in it?
2008-07-01 01:13:20 Chuck Hagenbuch Comment #7 Reply to this comment
True enough. What do you think of the general issue of name/email?
2008-06-30 22:25:59 Jan Schneider Comment #6 Reply to this comment
That's moot, because fb.php will always be requested from a guest 
user, thus they will never see any user name or email in the fb 
publish information or in the meeting planning interface.
2008-06-30 19:55:02 Chuck Hagenbuch Comment #5 Reply to this comment
email and name are a good point. What do other devs think about this, 
and what does the requester think of simply omitting name and email 
address from the F/B info if the user doesn't have permissions to the 
calendar?
2008-06-10 17:13:10 Chuck Hagenbuch State ⇒ Feedback
 
2008-06-10 17:11:48 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #4 Reply to this comment
As my request http://bugs.horde.org/ticket/6889 was marked as 
dublicated i will repost my sugestion here to keep it on this request.



--------------------

Make free/busy informations shares



Making the free/busy information share has some advantages.

1. It will allow the user to controll who is able to acces the information

2. The user can have more than one F/B url (with different calendars 
checked and different permisions)

3. Only users with acces to the share could connect loginid and 
Name/email addres.

    Even that could be impeded by generating an URL that does not 
contain the loginid

    If implemeted that way validating LoginIds would be impossible and geting

    emailaddresses would be much harder and only possible for users wich

    allow read acces to unauthenticated users



Followin is an example:



A professor could tell his students the URL 
horde.some.edu/kronolith/fb.php/aefhca56c4 the see the Free/Busy 
informations

which will only contain his consultation-hours as free time.



and his staff members get the URL

horde.some.edu/kronolith/fb.php/ab4h3a0815 which will contain the 
Free/Busy information for his working time



he has also a third which share which also contains his private events 
and is used when he is planing an events with attendees.


2008-06-06 13:44:30 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #3 Reply to this comment
The FB contains private data.

It allows to connect userid to Name and email Adress

It allows spammers to veryfy emailadresses by probing the FB urls



I think it would be usefull to allow users to deactivate generating of 
the FB information and/or

to use permissoins system to choose who is able to retrieve these informations


2006-06-16 11:37:26 Jan Schneider Comment #2
State ⇒ Rejected
Priority ⇒ 1. Low
Reply to this comment
The free/busy url is accessible by anyone,
That's the purpose of free/busy urls.
  and hence private information is available to anyone who wants it.
Wrong, the freebusy information doesn't contain any private data.
2006-06-16 11:16:09 stavros (at) staff (dot) esc (dot) net (dot) au Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 3. High
Summary ⇒ Free/Busy URL Security Issue
Queue ⇒ Kronolith
Reply to this comment
The free/busy url is accessible by anyone, and hence private 
information is available to anyone who wants it.

Saved Queries