INTERNET-DRAFT draft-ietf-webdav-advacl-00   Expires April 16, 2001

Anne Hopkins, Microsoft Corporation   October 16, 2000

Access Control Extensions to WebDAV

Status of this Memo

This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

Abstract

This document specifies a set of methods, headers, and resource-types that define the WebDAV Advanced Access Control extensions to the HTTP/1.1 protocol.

Table of Contents

1       Introduction  2

1.1          Notational Conventions. 2

2       Advanced Access Control Properties. 3

3     ACL Inheritance. 4

3.1          Inheritable ACEs  4

3.2      Updating an inherited ACE  4

3.3          Propagate ACE but do not use for Access Check on this resource. 4

3.4          Propagate to immediate children only. 5

3.5      Protect ACL from inheritance. 5

4       Internationalization Considerations  6

5     Security Considerations  6

6       Scalability  6

7       Authentication. 6

8     IANA Considerations  6

9       Intellectual Property. 6

10          Acknowledgements  6

11       Index. 7

12          References  7

13          Authors’ Addresses. 7

14       Still to do : 7

 

1         Introduction

This protocol defines advanced extensions to the access control protocol.  In particular, finer control over inheritance and control over individual property access control is defined.

1.1        Notational Conventions

The augmented BNF used by this document to describe protocol elements is described in Section 2.1 of [RFC2068]. Because this augmented BNF uses the basic production rules provided in Section 2.2 of [RFC2068], those rules apply to this document as well.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

2         Advanced Access Control Properties

This specification defines a number of new properties for WebDAV resources.  Access control properties may be set and retrieved just like other WebDAV properties, using the PROPFIND and PROPPATCH method (subject to permissions and “liveness.”