From DAViCal 0.9.8 (and a little earlier, although less reliably) you can use /public.php/ in your URL where you would otherwise use /caldav.php/ but you need to firstly mark the collection as 'public' in the admin UI, so not *all* collections are public in this way - only the ones that you want to be so.
From version 0.9.9 there is also the concept of a ticket, which you can issue for a collection, and which will allow for a collection to be visible without making it available to everyone.
Collections can be accessed either via CalDAV, or via a simple GET request (as a web browser would do).
I mark the 'sportsteam' calendar as public, so everyone can see where we're playing. I send them the URL to use as follows:
The trailing '/' can also be omitted, so I could send the URL:
Furthermore, DAViCal also has some special hacks to cope with some clients who can't believe a calendar URL might not end with ".ics", so you could also send a URL like:
Though that last one won't work for CalDAV, so it will use more bandwidth, and will force a bit more load on the server for each refresh.
I don't want everyone to see my work calendar - after all it's mostly for work - but I'd really like if my wife could see it without having to create her an account on the CalDAV server...
So I create a 'ticket' granting read access to my calendar - 'TPMNAu2C' in this case, and I configure Sunbird on my wife's computer so that she can access my calendar via CalDAV, using the URL:
She can now see my calendar, and domestic harmony is restored - until she realises that this is a read-only system!