• United States
by Lisa Dusseault, special to Network World

WebDAV secures collaboration

Apr 07, 20034 mins
Collaboration SoftwareSmall and Medium Business

WebDAV allows for easy and secure collaboration from any Internet location

Web-based Distributed Authoring and Versioning is an extension of HTTP that lets users collaborate via the Internet. The Internet Engineering Task Force approved it as a standards-track specification in 1998, and it has been deployed widely on multiple platforms and in applications from many vendors.

WebDAV can be found in Web servers such as Apache and Microsoft Internet Information Server and now is also supported by leading document and content management vendors. WebDAV functionality also is embedded in common desktop operating systems, including Windows and Mac OS X, and popular applications from Adobe, Lotus, Microsoft and others.

So why all the support for this lesser-known sibling of HTTP? The protocol adds new features that let users access and edit files via the Internet. Simply put, this allows for easy and secure collaboration from any Internet location.

A user editing a document stored on a WebDAV server can lock the file and protect it from anyone overwriting those changes. WebDAV version control also makes it possible for users to know which version of a file is the most current, minimizing confusion.

WebDAV access-control lists provide advanced control over read, write and sharing permissions for every file, further improving system security. Analysts recently have suggested that the file management features in WebDAV can make it a cost-effective alternative to traditional document management products.

WebDAV imposes a common data model that includes collections, resources, locks and properties, and defines a common syntax using HTTP messages with custom methods, headers and bodies.

Extending HTTP, WebDAV defines several methods for file management, such as Copy and Move, and Mkcol for creating new Web folders.

The Lock and Unlock methods let a document be protected while the author makes changes. The Propfind and Proppatch methods let folders be browsed and offer flexible management of metadata. All these methods operate on HTTP resources, so any Web server that supports WebDAV provides an integrated system for secure authoring.

Consider a few scenarios that WebDAV was built to address:

  • A sales team working from remote offices or while traveling needs to access information about their company’s latest product release. This information (price sheets, screenshots and Flash demos) is stored in a common location on the company’s WebDAV-compatible server. Although the sales team members use different applications and network access methods, they can each use HTTP and WebDAV to view and customize the sales materials for their own purposes, often without leaving their standard desktop applications.

  • A hospital needs to ensure that patient information exchanged between doctors and technicians is more secure. They realize that e-mail attachments no longer meet compliance requirements and attachments are becoming too large to share easily. They choose a WebDAV-compatible server to manage their patient files so participants can exchange secure links to the files, instead of file attachments. All file access can be authenticated against the hospital’s Lightweight Directory Access Protocol server, and all file transmissions are encrypted in Secure Sockets Layer, improving system compliance.

Most users can identify with the frustrations of not being able to access information when they’ve needed it or trying to collaborate via e-mail. FTP could help address these issues, but most users find it too complex, and it doesn’t provide the security benefits of WebDAV that many IT managers have grown to appreciate.

So, where is WebDAV headed? It’s quite possible that WebDAV will remain almost invisible to most users as it becomes part of everyday applications. The protocol is fulfilling its promise of extending current file systems beyond the LAN to include just about any user or resource on the Internet.

Dusseault is director of server development at Xythos Software and the co-chair of the WebDAV Working Group at the Internet Engineering Task Force. She can be reached at