draft-ietf-imapext-acl-05.txt   draft-ietf-imapext-acl-06.txt 
IMAPEXT Working Group A. Melnikov IMAPEXT Working Group A. Melnikov
Internet Draft Editor Internet Draft Editor
Document: draft-ietf-imapext-acl-05.txt June 2002 Document: draft-ietf-imapext-acl-06.txt October 2002
IMAP4 ACL extension IMAP4 ACL extension
Status of this Memo Status of this Memo
This document is an Internet Draft and is in full conformance with This document is an Internet Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. all provisions of Section 10 of RFC 2026.
Internet Drafts are working documents of the Internet Engineering Internet Drafts are working documents of the Internet Engineering
Task Force (IETF), its Areas, and its Working Groups. Note that Task Force (IETF), its Areas, and its Working Groups. Note that
skipping to change at line 323 skipping to change at line 323
Changing flags: Changing flags:
STORE - the server MUST check if the user has STORE - the server MUST check if the user has
"t" right - when the user modifies \Deleted flag "t" right - when the user modifies \Deleted flag
"s" right - when the user modifies \Seen flag "s" right - when the user modifies \Seen flag
"w" right for all other message flags. "w" right for all other message flags.
STORE operation SHOULD NOT fail if the user has rights to modify at least one flag STORE operation SHOULD NOT fail if the user has rights to modify at least one flag
specified in the STORE. specified in the STORE.
Changing ACLs: Changing ACLs:
ACL STORE/DELETE/SET - "a" right on the mailbox. ACL STORE/DELETE/SET - "a" right on the mailbox (*).
Reading ACLs: Reading ACLs:
ACL GET - "a" right on the mailbox. ACL GET - "a" right on the mailbox (*).
<<Several implementations allow GETACL (ACL GET) with "r" right. If this is allowed, <<Several implementations allow GETACL (ACL GET) with "r" right. If this is allowed,
ACL GET can disclose some identifiers existing on a mail system>> ACL GET can disclose some identifiers existing on a mail system>>
MYRIGHTS - any of the following rights is required to perform the operation: MYRIGHTS - any of the following rights is required to perform the operation:
"l", "r", "i", "c", "x", "e", "a". "l", "r", "i", "c", "x", "e", "a".
ACL LIST - same as for MYRIGHTS. ACL LIST - same as for MYRIGHTS(*).
(*) Note, that when one or more mailbox pattern is specified,
'l' right is required for each mailbox matching the mailbox pattern(s).
4. Commands 4. Commands
All ACL commands (i.e. ACL STORE/DELETE/SET/GET/LIST, except for MYRIGHTS)
accept either a single mailbox name or several mailbox patterns as a
parameter. Mailbox pattern is a mailbox with wildcards, wildcards are
interpreted as described in [IMAP4] LIST command. In order to distinguish
between a mailbox name (that is allowed to have wildcard characters '*'
and '%') and a mailbox pattern, the latter is always represented as a
parenthesized list.
For simplicity the bahaviour of ACL STORE/DELETE/SET/GET/LIST commands
is described for a single mailbox case. When one or more mailbox pattern
is specified, the server internally performs LIST command for all specified
patterns and than it combines the results. Note, that only mailboxes for
which the user has 'l' right are included in the combined result. If the
combined result has no mailboxes, an ACL operation completes with success
and the tagged OK response is sent. Otherwise the requested operation is
performed for each mailbox in the combined result. If a particular mailbox
causes the operation to fail (e.g. insufficient permissions), instead of
failing the whole command, an untagged ACLFAILED response is sent for this
mailbox and the operation continues for the rest of the mailboxes.
If the server knows that the operation will fail in the same
manner for all matching mailboxes (e.g. user doesn't exist), it SHOULD
return tagged NO response instead of sending several untagged ACLFAILED
responses.
Example: C: A002 ACL SET (INBOX Personal/*) user=Fred rwist
S: * ACLFAILED Personal/ABC
S: A002 OK acl set complete
<<Add some responses caused by side effects>>
Example: C: A002 ACL SET (Fruits/Apples/*) user=Zak lrs
S: A002 NO User Zak doesn't exist
4.1. ACL STORE 4.1. ACL STORE
Arguments: mailbox name Arguments: mailbox name or one or more mailbox masks
authentication identifier authentication identifier
access right modification access right modification
Data: OPTIONAL untagged responses: ACLINFO Data: OPTIONAL untagged responses: ACLINFO
Result: OK - ACL STORE completed Result: OK - ACL STORE completed
NO - ACL STORE failure: can't set acl NO - ACL STORE failure: can't set acl
BAD - command unknown or arguments invalid BAD - command unknown or arguments invalid
The ACL STORE command changes the access control list on the The ACL STORE command changes the access control list on the
skipping to change at line 374 skipping to change at line 410
<ACL DELETE mailbox identifier>. Also note that these two commands <ACL DELETE mailbox identifier>. Also note that these two commands
don't have the same result for "ACL2=MOST-SPECIFIC". don't have the same result for "ACL2=MOST-SPECIFIC".
An ACL2 server MAY modify one or more ACL for one or more identifier An ACL2 server MAY modify one or more ACL for one or more identifier
as a side effect of modifying the ACL specified in ACL STORE. If the as a side effect of modifying the ACL specified in ACL STORE. If the
server does that it MUST send untagged ACLINFO response to notify the server does that it MUST send untagged ACLINFO response to notify the
client about the changes made. client about the changes made.
4.2. ACL DELETE 4.2. ACL DELETE
Arguments: mailbox name Arguments: mailbox name or one or more mailbox masks
authentication identifier authentication identifier
Data: OPTIONAL untagged responses: ACLINFO Data: OPTIONAL untagged responses: ACLINFO
Result: OK - ACL DELETE completed Result: OK - ACL DELETE completed
NO - ACL DELETE failure: can't delete acl NO - ACL DELETE failure: can't delete acl
BAD - command unknown or arguments invalid BAD - command unknown or arguments invalid
The ACL DELETE command removes any <identifier,rights> pair for the The ACL DELETE command removes any <identifier,rights> pair for the
specified identifier from the access control list for the specified identifier from the access control list for the
specified mailbox. specified mailbox.
An ACL2 server MAY modify one or more ACL for one or more identifier An ACL2 server MAY modify one or more ACL for one or more identifier
as a side effect of modifying the ACL specified in ACL DELETE. If the as a side effect of modifying the ACL specified in ACL DELETE. If the
server does that it MUST send untagged ACLINFO response to notify the server does that it MUST send untagged ACLINFO response to notify the
client about the changes made. client about the changes made.
4.3. ACL SET 4.3. ACL SET
Arguments: mailbox name Arguments: mailbox name or one or more mailbox masks
list of (authentication identifier, access rights) pairs list of (authentication identifier, access rights) pairs
Data: OPTIONAL untagged responses: ACLINFO Data: OPTIONAL untagged responses: ACLINFO
Result: OK - replaceacl completed Result: OK - replaceacl completed
NO - replaceacl failure: can't replace acl NO - replaceacl failure: can't replace acl
BAD - command unknown or arguments invalid BAD - command unknown or arguments invalid
The ACL SET command replaces the access control list of the The ACL SET command replaces the access control list of the
specified mailbox with the one provided as the second parameter to specified mailbox with the one provided as the second parameter to
skipping to change at line 423 skipping to change at line 459
the second parameter of ACL SET perform the second parameter of ACL SET perform
ACL STORE <mailbox name> AIA RA ACL STORE <mailbox name> AIA RA
An ACL2 server MAY modify one or more ACL for one or more identifier An ACL2 server MAY modify one or more ACL for one or more identifier
as a side effect of modifying the ACL specified in ACL SET. If the as a side effect of modifying the ACL specified in ACL SET. If the
server does that it MUST send untagged ACLINFO response to notify the server does that it MUST send untagged ACLINFO response to notify the
client about the changes made. client about the changes made.
4.4. ACL GET 4.4. ACL GET
Arguments: mailbox name Arguments: mailbox name or one or more mailbox masks
Data: REQUIRED untagged responses: ACLINFO Data: REQUIRED untagged responses: ACLINFO
Result: OK - ACL GET completed Result: OK - ACL GET completed
NO - ACL GET failure: can't get acl NO - ACL GET failure: can't get acl
BAD - command unknown or arguments invalid BAD - command unknown or arguments invalid
The ACL GET command returns the access control list for mailbox in The ACL GET command returns the access control list for mailbox in
an untagged ACLINFO reply. an untagged ACLINFO reply.
Example: C: A002 ACL GET INBOX Example: C: A002 ACL GET INBOX
S: * ACLINFO INBOX user=Fred rwipslextda S: * ACLINFO INBOX user=Fred rwipslextda
S: A002 OK acl get complete S: A002 OK acl get complete
4.5. ACL LIST 4.5. ACL LIST
Arguments: mailbox name Arguments: mailbox name or one or more mailbox masks
authentication identifier authentication identifier
Data: untagged responses: RIGHTS-INFO Data: untagged responses: RIGHTS-INFO
Result: OK - ACL LIST completed Result: OK - ACL LIST completed
NO - ACL LIST failure: can't get rights list NO - ACL LIST failure: can't get rights list
BAD - command unknown or arguments invalid BAD - command unknown or arguments invalid
The ACL LIST command takes a mailbox name and an identifier and The ACL LIST command takes a mailbox name and an identifier and
returns information about what rights may be granted to the returns information about what rights may be granted to the
skipping to change at line 537 skipping to change at line 573
identifier is a string containing the (possibly empty) set of identifier is a string containing the (possibly empty) set of
rights the identifier will always be granted in the mailbox. rights the identifier will always be granted in the mailbox.
Following this are zero or more strings each containing a set of Following this are zero or more strings each containing a set of
rights the identifier may be granted in the mailbox. Rights rights the identifier may be granted in the mailbox. Rights
mentioned in the same string are tied together--either all must be mentioned in the same string are tied together--either all must be
granted to the identifier in the mailbox or none may be granted. granted to the identifier in the mailbox or none may be granted.
The same right may not be listed more than once in the RIGHTS-INFO The same right may not be listed more than once in the RIGHTS-INFO
response. response.
5.3. MYRIGHTS untagged response 5.3. ACLFAILED untagged response
Contents: OPTIONAL response code (failure reason)
mailbox name
The ACLFAILED response containing a mailbox name indicates that
the ACL operations failed for the specified mailbox. The
reason for failure may be described by the response code
(if included).
Example: C: A002 ACL SET (INBOX Personal/*) user=Fred rwist
S: * ACLFAILED Personal/ABC
S: A002 OK acl set complete
<<Add human readable text?>>
<<Currently no existing response code can be used in ACLFAILED>>
5.4. MYRIGHTS untagged response
Data: mailbox name Data: mailbox name
rights rights
The MYRIGHTS response occurs as a result of a MYRIGHTS command. The MYRIGHTS response occurs as a result of a MYRIGHTS command.
The first string is the mailbox name for which these rights apply. The first string is the mailbox name for which these rights apply.
The second string is the set of rights that the client has. The second string is the set of rights that the client has.
5.4. MYRIGHTS response code 5.5. MYRIGHTS response code
Data: rights Data: rights
The MYRIGHTS response code is sent in an untagged OK response The MYRIGHTS response code is sent in an untagged OK response
that results from SELECT/EXAMINE. Also this response code can be that results from SELECT/EXAMINE. Also this response code can be
sent at any time after opening a mailbox when the server detects sent at any time after opening a mailbox when the server detects
that the set of rights allowed for the logged in user has changed. that the set of rights allowed for the logged in user has changed.
The MYRIGHT response code is equivalent to MYRIGHTS untagged response The MYRIGHT response code is equivalent to MYRIGHTS untagged response
for the selected mailbox. for the selected mailbox.
skipping to change at line 577 skipping to change at line 631
MUST accept these strings in a case-insensitive fashion. MUST accept these strings in a case-insensitive fashion.
acl2_command = myrights | "ACL" SPACE acl2_subcommand acl2_command = myrights | "ACL" SPACE acl2_subcommand
acl2_subcommand = replaceacl | deleteacl | updateacl | getacl | listrights acl2_subcommand = replaceacl | deleteacl | updateacl | getacl | listrights
acl_data = "ACLINFO" SPACE mailbox *(SPACE identifier SPACE rights) acl_data = "ACLINFO" SPACE mailbox *(SPACE identifier SPACE rights)
always_granted = rights always_granted = rights
deleteacl = "DELETE" SPACE mailbox SPACE identifier deleteacl = "DELETE" SPACE mbox_or_pat SPACE identifier
getacl = "GET" SPACE mailbox getacl = "GET" SPACE mbox_or_pat
identifier = astring identifier = astring
;; UTF-8 ;; UTF-8
<< Specify more detailed syntax for identifiers? >> << Specify more detailed syntax for identifiers? >>
listrights = "LIST" SPACE mailbox SPACE identifier listrights = "LIST" SPACE mbox_or_pat SPACE identifier
listrights_data = "RIGHTS-INFO" SPACE mailbox SPACE identifier listrights_data = "RIGHTS-INFO" SPACE mailbox SPACE identifier
SPACE always_granted *(SPACE rights) SPACE always_granted *(SPACE rights)
mod_rights = quoted mod_rights = quoted
;; +rights to add, -rights to remove ;; +rights to add, -rights to remove
myrights = "MYRIGHTS" SPACE mailbox myrights = "MYRIGHTS" SPACE mailbox
myrights_data = "MYRIGHTS" SPACE mailbox SPACE rights myrights_data = "MYRIGHTS" SPACE mailbox SPACE rights
myrights_rspcod = "MYRIGHTS" SPACE rights myrights_rspcod = "MYRIGHTS" SPACE rights
replaceacl = "SET" SPACE mailbox *(SPACE identifier SPACE rights) replaceacl = "SET" SPACE mbox_or_pat *(SPACE identifier SPACE rights)
resp-text-code =/ myrights_data resp-text-code =/ myrights_data
rights = quoted rights = quoted
;; MUST NOT contain leading "+" or "-" ;; MUST NOT contain leading "+" or "-"
updateacl = "STORE" SPACE mailbox SPACE identifier SPACE mod_rights updateacl = "STORE" SPACE mbox_or_pat SPACE identifier SPACE mod_rights
mbox_or_pat = mailbox / patterns
patterns = "(" list-mailbox *(list-mailbox) ")"
partialfail_rsp = "ACLFAILED" [SPACE "[" resp-text-code "]" ] SPACE mailbox
;; May contain optional failure reason
7. IANA considerations 7. IANA considerations
7.1. ACL access calculation rule Registration Template 7.1. ACL access calculation rule Registration Template
When an access calculation rule for ACL2 extension is registered, the When an access calculation rule for ACL2 extension is registered, the
following information is supplied: following information is supplied:
Rule Identification: specify a string that identifies this Rule Identification: specify a string that identifies this
rule. Unless the rule is registered with the IANA, the rule. Unless the rule is registered with the IANA, the
skipping to change at line 751 skipping to change at line 812
Example 3: Mailbox "pear" allows "shared multiuser write access" and Example 3: Mailbox "pear" allows "shared multiuser write access" and
implements flags \Seen, \Draft as shared flags. "Shared flag implements flags \Seen, \Draft as shared flags. "Shared flag
rights" for the mailbox "apple" is a set containing flags "s" rights" for the mailbox "apple" is a set containing flags "s"
(because system flag \Seen requires "s" right) and "w" (because system flag \Seen requires "s" right) and "w"
(because system flag \Draft requires "w" right). (because system flag \Draft requires "w" right).
<<Editor: I know this looks ugly, but this is required for interoperability. <<Editor: I know this looks ugly, but this is required for interoperability.
Please check whether this makes any sense!>> Please check whether this makes any sense!>>
The server MUST include a READ-ONLY prefix in the tagged OK response to The server MUST include a READ-ONLY prefix in the tagged OK response to
a SELECT command if all of the following rights are not granted to the a SELECT command if none of the following rights is granted to the
current user: current user:
"i", "e" and "shared flag rights". "i", "e" and "shared flag rights".
The server SHOULD include a READ-WRITE prefix in the tagged OK response The server SHOULD include a READ-WRITE prefix in the tagged OK response
if either of the "i", "e" or "shared flag rights" is granted to the if at least one of the "i", "e" or "shared flag rights" is granted to the
current user. current user.
<<Continue examples 1-3>> Example 1 (continue): The user that has "lrs" rights for the mailbox
"banan". The server returns READ-ONLY response
code on SELECT, as none of "iewt" rights is
granted to the user.
Example 2 (continue): The user that has "rit" rights for the mailbox
"apple". The server returns READ-WRITE response
code on SELECT, as the user has "i" right.
Example 3 (continue): The user that has "rset" rights for the mailbox
"pear". The server returns READ-WRITE response
code on SELECT, as the user has "e" and "s" rights.
10.4. Additional requirements and Implementation notes 10.4. Additional requirements and Implementation notes
Any server implementing an ACL2 extension MUST accurately reflect the current Any server implementing an ACL2 extension MUST accurately reflect the current
user's rights in FLAGS and PERMANENTFLAGS responses. The server SHOULD issue user's rights in FLAGS and PERMANENTFLAGS responses. The server SHOULD issue
a MYRIGHTS response code in an untagged OK response as a result of a SELECT a MYRIGHTS response code in an untagged OK response as a result of a SELECT
or EXAMINE command. or EXAMINE command.
Example: C: A142 SELECT INBOX Example: C: A142 SELECT INBOX
S: * 172 EXISTS S: * 172 EXISTS
skipping to change at line 815 skipping to change at line 887
Editor appreciates comments received from Mark Crispin, Chris Newman, Editor appreciates comments received from Mark Crispin, Chris Newman,
Cyrus Daboo, John G. Myers, Curtis King, Lyndon Nerenberg, Larry Greenfield, Cyrus Daboo, John G. Myers, Curtis King, Lyndon Nerenberg, Larry Greenfield,
Vladimir Butenko, Dave Cridland and other members of IMAPEXT working group. Vladimir Butenko, Dave Cridland and other members of IMAPEXT working group.
13. Editor's Address 13. Editor's Address
Alexey Melnikov Alexey Melnikov
mailto: mel@messagingdirect.com mailto: mel@messagingdirect.com
ACI WorldWide/MessagingDirect ACI WorldWide/MessagingDirect
22 The Quadrant, Richmond, 59 Clarendon Road, Watford,
Surrey, United Kingdom, TW9 1BP Hertfordshire, United Kingdom, WD17 1FQ
Phone: +44 1923 81 2877
14. Full Copyright Statement 14. Full Copyright Statement
Copyright (C) The Internet Society 2002. All Rights Reserved. Copyright (C) The Internet Society 2002. All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph kind, provided that the above copyright notice and this paragraph
skipping to change at line 939 skipping to change at line 1013
MYRIGHTS was left as is MYRIGHTS was left as is
Changed syntax of ACL2 responses: Changed syntax of ACL2 responses:
ACL => ACLINFO ACL => ACLINFO
LISTRIGHTS => RIGHTS-INFO LISTRIGHTS => RIGHTS-INFO
MYRIGHTS was left as is MYRIGHTS was left as is
Any better suggestions for names are welcome. Any better suggestions for names are welcome.
31. Added mailbox patterns and partial failures. Updated ABNF.
To Do List: To Do List:
1). Cleanup appendix A before publication as RFC, as some changes don't 1). Cleanup appendix A before publication as RFC, as some changes don't
apply to RFC 2086. apply to RFC 2086.
2). Editorial: Convert to nroff, Word or XML format.
3). Update syntax to allow for multiple mailboxes and masks.
Describe partial failures.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/