Writeable external access to briefcase?

[ewilen]

I wonder if any thought has been given to providing users with the ability to allow external users not only to view the contents of a briefcase, but also to write to it. Perhaps on a permission-per-transaction basis?

It seems to me that with this capability, Zimbra could be a good alternative to the type of service provided by Accellion.

While email can be made secure by doing SMTP over TLS, for example, it's not currently practical to force this for all connections. However if I give my users the ability to create an externally-writeable briefcase on the fly, assign rights to specific outsiders, and if I require https for this access to zimbra--I think that would pretty much do the trick.

I'm less concerned about the issue of large file transfer than about security, but, subject to the load a briefcase upload puts on the system, this same approach would let me just add more storage to my zimbra system as needed.

Right now the main alternative of which I'm aware would be an sftp server, which involves a lot of overhead as users request changes to client access.

[uxbod]

I have filed a RFE so please vote for it :- Bug 34062 - Ability to share a briefcase to public with write capabilities

[ewilen]

Thank you, I just did so.

I'm sure it would be baby steps at first, but the features of briefcase-sharing could be extended to such things as:

• When a user adds an attachment to an email message, the user could be given the option of actually storing the file in their briefcase instead of transmitting it over email. The message would then get an auto-generated URL appended. This would simplify transmission of large files to outsiders whose email accounts have quotas that are too small.

• Some method of ensuring that the external person sending/receiving files via briefcase is indeed the intended person. Obviously the simplest method would be to just not send the credentials via email. So to establish a transmission channel where security is paramount, the Zimbra user would send an "initiation" email containing a URL for setting up credentials, and the Zimbra user would be informed to make a separate phone call to the other party to convey a key. Once the recipient has been credentialed (and the credentials could be stored and associated with email addresses, so the process wouldn't have to be repeated too often), files could be transmitted securely.