| draft-ietf-webdav-acl-11.txt | draft-ietf-webdav-acl-12.txt | |||
|---|---|---|---|---|
| INTERNET-DRAFT Geoffrey Clemm, IBM | INTERNET-DRAFT Geoffrey Clemm, IBM | |||
| draft-ietf-webdav-acl-11 Anne Hopkins, Microsoft Corporatio | draft-ietf-webdav-acl-12 Anne Hopkins, Microsoft Corporation | |||
| Eric Sedlar, Oracle Corporation | Eric Sedlar, Oracle Corporation | |||
| Jim Whitehead, U.C. Santa Cruz | Jim Whitehead, U.C. Santa Cruz | |||
| Expires March 10, 2004 September 10, 2003 | Expires April 10, 2004 October 10, 2003 | |||
| WebDAV Access Control Protocol | WebDAV Access Control Protocol | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is subject to all provisions of | This document is an Internet-Draft and is subject to all provisions of | |||
| Section 10 of RFC2026. | Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering Task | Internet-Drafts are working documents of the Internet Engineering Task | |||
| Force (IETF), its areas, and its working groups. Note that other groups | Force (IETF), its areas, and its working groups. Note that other groups | |||
| may also distribute working documents as Internet-Drafts. | may also distribute working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| skipping to change at line 433 | skipping to change at line 433 | |||
| implementations MUST NOT use the DAV: namespace, and instead | implementations MUST NOT use the DAV: namespace, and instead | |||
| should use a namespace that they control, such as an http scheme | should use a namespace that they control, such as an http scheme | |||
| URL. | URL. | |||
| 3.1 DAV:read Privilege | 3.1 DAV:read Privilege | |||
| The read privilege controls methods that return information about | The read privilege controls methods that return information about | |||
| the state of the resource, including the resource's properties. | the state of the resource, including the resource's properties. | |||
| Affected methods include GET and PROPFIND. Any implementation- | Affected methods include GET and PROPFIND. Any implementation- | |||
| defined privilege that also controls access to GET and PROPFIND | defined privilege that also controls access to GET and PROPFIND | |||
| must be aggregated under DAV:read—if an ACL grants access to | must be aggregated under DAV:readùif an ACL grants access to | |||
| DAV:read, the client may expect that no other privilege needs to | DAV:read, the client may expect that no other privilege needs to | |||
| be granted to have access to GET and PROPFIND. Additionally, the | be granted to have access to GET and PROPFIND. Additionally, the | |||
| read privilege MUST control the OPTIONS method. | read privilege MUST control the OPTIONS method. | |||
| <!ELEMENT read EMPTY> | <!ELEMENT read EMPTY> | |||
| 3.2 DAV:write Privilege | 3.2 DAV:write Privilege | |||
| The write privilege controls methods that lock a resource or | The write privilege controls methods that lock a resource or | |||
| modify the content, dead properties, or (in the case of a | modify the content, dead properties, or (in the case of a | |||
| collection) membership of the resource, such as PUT and PROPPATCH. | collection) membership of the resource, such as PUT and PROPPATCH. | |||
| skipping to change at line 463 | skipping to change at line 463 | |||
| <!ELEMENT write EMPTY> | <!ELEMENT write EMPTY> | |||
| 3.3 DAV:write-properties | 3.3 DAV:write-properties | |||
| The DAV:write-properties privilege controls methods that modify | The DAV:write-properties privilege controls methods that modify | |||
| the dead properties of the resource, such as PROPPATCH. Whether | the dead properties of the resource, such as PROPPATCH. Whether | |||
| this privilege may be used to control access to any live | this privilege may be used to control access to any live | |||
| properties is determined by the implementation. Any | properties is determined by the implementation. Any | |||
| implementation-defined privilege that also controls access to | implementation-defined privilege that also controls access to | |||
| methods modifying dead properties must be aggregated under | methods modifying dead properties must be aggregated under | |||
| DAV:write-properties—e.g. if an ACL grants access to DAV:write- | DAV:write-propertiesùe.g. if an ACL grants access to DAV:write- | |||
| properties, the client can safely expect that no other privilege | properties, the client can safely expect that no other privilege | |||
| needs to be granted to have access to PROPPATCH. | needs to be granted to have access to PROPPATCH. | |||
| Clemm, Hopkins, Sedlar, Whitehead [Page 9] | Clemm, Hopkins, Sedlar, Whitehead [Page 9] | |||
| <!ELEMENT write-properties EMPTY> | <!ELEMENT write-properties EMPTY> | |||
| 3.4 DAV:write-content | 3.4 DAV:write-content | |||
| The DAV:write-content privilege controls methods that modify the | The DAV:write-content privilege controls methods that modify the | |||
| content or (in the case of a collection) membership of the | content or (in the case of a collection) membership of the | |||
| resource, such as PUT and DELETE. Any implementation-defined | resource, such as PUT and DELETE. Any implementation-defined | |||
| privilege that also controls access to content or alteration of | privilege that also controls access to content or alteration of | |||
| collection membership must be aggregated under DAV:write-content— | collection membership must be aggregated under DAV:write-contentù | |||
| e.g. if an ACL grants access to DAV:write-content, the client can | e.g. if an ACL grants access to DAV:write-content, the client can | |||
| safely expect that no other privilege needs to be granted to have | safely expect that no other privilege needs to be granted to have | |||
| access to PUT or DELETE. | access to PUT or DELETE. | |||
| <!ELEMENT write-content EMPTY> | <!ELEMENT write-content EMPTY> | |||
| 3.5 DAV:unlock | 3.5 DAV:unlock | |||
| The DAV:unlock privilege controls the use of the UNLOCK method by | The DAV:unlock privilege controls the use of the UNLOCK method by | |||
| a principal other than the lock owner (the principal that created | a principal other than the lock owner (the principal that created | |||
| a lock can always perform an UNLOCK). While the set of users who | a lock can always perform an UNLOCK). While the set of users who | |||
| skipping to change at line 1021 | skipping to change at line 1021 | |||
| This is a protected property that specifies the list of access | This is a protected property that specifies the list of access | |||
| control entries (ACEs), which define what principals are to get | control entries (ACEs), which define what principals are to get | |||
| what privileges for this resource. | what privileges for this resource. | |||
| <!ELEMENT acl (ace*) > | <!ELEMENT acl (ace*) > | |||
| Each DAV:ace element specifies the set of privileges to be either | Each DAV:ace element specifies the set of privileges to be either | |||
| granted or denied to a single principal. If the DAV:acl property | granted or denied to a single principal. If the DAV:acl property | |||
| is empty, no principal is granted any privilege. | is empty, no principal is granted any privilege. | |||
| <!ELEMENT ace (invert | principal, (grant|deny), protected?, | <!ELEMENT ace ((principal | invert), (grant|deny), protected?, | |||
| inherited?)> | inherited?)> | |||
| 5.4.1 ACE Principal | 5.4.1 ACE Principal | |||
| The DAV:principal element identifies the principal to which this | The DAV:principal element identifies the principal to which this | |||
| ACE applies. | ACE applies. | |||
| <!ELEMENT principal ((href) | <!ELEMENT principal (href | |||
| | all | authenticated | unauthenticated | | all | authenticated | unauthenticated | |||
| | property | self)> | | property | self)> | |||
| The current user matches DAV:href only if that user is | The current user matches DAV:href only if that user is | |||
| authenticated as being (or being a member of) the principal | authenticated as being (or being a member of) the principal | |||
| identified by the URL contained by that DAV:href. | identified by the URL contained by that DAV:href. | |||
| The current user always matches DAV:all. | The current user always matches DAV:all. | |||
| <!ELEMENT all EMPTY> | <!ELEMENT all EMPTY> | |||
| The current user matches DAV:authenticated only if authenticated. | The current user matches DAV:authenticated only if authenticated. | |||
| skipping to change at line 1064 | skipping to change at line 1064 | |||
| Clemm, Hopkins, Sedlar, Whitehead [Page 20] | Clemm, Hopkins, Sedlar, Whitehead [Page 20] | |||
| element, the URI value of DAV:href identifies a principal, and the | element, the URI value of DAV:href identifies a principal, and the | |||
| current user is authenticated as being (or being a member of) that | current user is authenticated as being (or being a member of) that | |||
| principal. For example, if the DAV:property element contained | principal. For example, if the DAV:property element contained | |||
| <DAV:owner/>, the current user would match the DAV:property | <DAV:owner/>, the current user would match the DAV:property | |||
| principal only if the current user is authenticated as matching | principal only if the current user is authenticated as matching | |||
| the principal identified by the DAV:owner property of the | the principal identified by the DAV:owner property of the | |||
| resource. | resource. | |||
| <!ELEMENT property ANY> | <!ELEMENT property ANY> | |||
| Alternately, some servers may support ACEs applying to those users | ||||
| NOT matching the current principal, e.g. all users not in a | ||||
| particular group. This can be done by wrapping the DAV:principal | ||||
| element with DAV:invert. | ||||
| <!ELEMENT invert principal> | ||||
| The current user matches DAV:self in a DAV:acl property of the | The current user matches DAV:self in a DAV:acl property of the | |||
| resource only if that resource is a principal and that principal | resource only if that resource is a principal and that principal | |||
| matches the current user or, if the principal is a group, a member | matches the current user or, if the principal is a group, a member | |||
| of that group matches the current user. | of that group matches the current user. | |||
| <!ELEMENT self EMPTY> | <!ELEMENT self EMPTY> | |||
| Some servers may support ACEs applying to those users | ||||
| NOT matching the current principal, e.g. all users not in a | ||||
| particular group. This can be done by wrapping the DAV:principal | ||||
| element with DAV:invert. | ||||
| <!ELEMENT invert principal> | ||||
| 5.4.2 ACE Grant and Deny | 5.4.2 ACE Grant and Deny | |||
| Each DAV:grant or DAV:deny element specifies the set of privileges | Each DAV:grant or DAV:deny element specifies the set of privileges | |||
| to be either granted or denied to the specified principal. A | to be either granted or denied to the specified principal. A | |||
| DAV:grant or DAV:deny element of the DAV:acl of a resource MUST | DAV:grant or DAV:deny element of the DAV:acl of a resource MUST | |||
| only contain non-abstract elements specified in the DAV:supported- | only contain non-abstract elements specified in the DAV:supported- | |||
| privilege-set of that resource. | privilege-set of that resource. | |||
| <!ELEMENT grant (privilege+)> | <!ELEMENT grant (privilege+)> | |||
| <!ELEMENT deny (privilege+)> | <!ELEMENT deny (privilege+)> | |||
| skipping to change at line 1279 | skipping to change at line 1279 | |||
| Content-Type: text/xml; charset="utf-8" | Content-Type: text/xml; charset="utf-8" | |||
| Content-Length: xxx | Content-Length: xxx | |||
| <?xml version="1.0" encoding="utf-8" ?> | <?xml version="1.0" encoding="utf-8" ?> | |||
| <D:multistatus xmlns:D="DAV:"> | <D:multistatus xmlns:D="DAV:"> | |||
| <D:response> | <D:response> | |||
| <D:href>http://www.example.com/papers/</D:href> | <D:href>http://www.example.com/papers/</D:href> | |||
| <D:propstat> | <D:propstat> | |||
| <D:prop> | <D:prop> | |||
| <D:acl-restrictions> | <D:acl-restrictions> | |||
| <D:principal-only-one-ace/> | <D:grant-only/> | |||
| <D:required-principal> | <D:required-principal> | |||
| <D:all/> | <D:all/> | |||
| </D:required-principal> | </D:required-principal> | |||
| </D:acl-restrictions> | </D:acl-restrictions> | |||
| </D:prop> | </D:prop> | |||
| <D:status>HTTP/1.1 200 OK</D:status> | <D:status>HTTP/1.1 200 OK</D:status> | |||
| </D:propstat> | </D:propstat> | |||
| <D:response> | <D:response> | |||
| </D:multistatus> | </D:multistatus> | |||
| skipping to change at line 1585 | skipping to change at line 1585 | |||
| in access being denied. | in access being denied. | |||
| Note that the semantics of many other existing ACL systems may be | Note that the semantics of many other existing ACL systems may be | |||
| represented via this mechanism, by mixing deny and grant ACEs. | represented via this mechanism, by mixing deny and grant ACEs. | |||
| For example, consider the standard "rwx" privilege scheme used by | For example, consider the standard "rwx" privilege scheme used by | |||
| UNIX. In this scheme, if the current user is the owner of the | UNIX. In this scheme, if the current user is the owner of the | |||
| file, access is granted if the corresponding privilege bit is set | file, access is granted if the corresponding privilege bit is set | |||
| and denied if not set, regardless of the permissions set on the | and denied if not set, regardless of the permissions set on the | |||
| Clemm, Hopkins, Sedlar, Whitehead [Page 30] | Clemm, Hopkins, Sedlar, Whitehead [Page 30] | |||
| file’s group and for the world. An ACL for UNIX permissions of | fileÆs group and for the world. An ACL for UNIX permissions of | |||
| "r--rw-r--"might be constructed like: | "r--rw-r--"might be constructed like: | |||
| <D:acl> | <D:acl> | |||
| <D:ace> | <D:ace> | |||
| <D:principal><D:property> | <D:principal><D:property> | |||
| <D:owner/></D:property></D:principal> | <D:owner/></D:property></D:principal> | |||
| <D:grant><D:privilege><D:read/></D:privilege></D:grant> | <D:grant><D:privilege><D:read/></D:privilege></D:grant> | |||
| </D:ace> | </D:ace> | |||
| <D:ace> | <D:ace> | |||
| <D:principal><D:property> | <D:principal><D:property> | |||
| <D:owner/> </D:property></D:principal> | <D:owner/> </D:property></D:principal> | |||
| skipping to change at line 1615 | skipping to change at line 1615 | |||
| <D:principal><D:property> | <D:principal><D:property> | |||
| <D:group/> </D:property></D:principal> | <D:group/> </D:property></D:principal> | |||
| <D:deny><D:privilege><D:all/></D:privilege></D:deny> | <D:deny><D:privilege><D:all/></D:privilege></D:deny> | |||
| </D:ace> | </D:ace> | |||
| <D:ace> | <D:ace> | |||
| <D:principal><D:all></D:principal> | <D:principal><D:all></D:principal> | |||
| <D:grant><D:privilege><D:read/></D:privilege></D:grant> | <D:grant><D:privilege><D:read/></D:privilege></D:grant> | |||
| </D:ace> | </D:ace> | |||
| </D:acl> | </D:acl> | |||
| and the <acl-restrictions> would be defined as: | and the <acl-restrictions> would be defined as: | |||
| <D:no-invert/><D:principal-only-one-ace/> | <D:no-invert/> | |||
| <D:required-principal> | <D:required-principal> | |||
| <D:all/> | <D:all/> | |||
| <D:property><D:owner/></D:property> | <D:property><D:owner/></D:property> | |||
| <D:property><D:group/><D:group/> | <D:property><D:group/><D:group/> | |||
| </D:required-principal> | </D:required-principal> | |||
| Note that the client can still get errors from a UNIX server in | Note that the client can still get errors from a UNIX server in | |||
| spite of obeying the <acl-restrictions>, including <D:allowed- | spite of obeying the <acl-restrictions>, including <D:allowed- | |||
| principal> (adding an ACE specifying a principal other than the | principal> (adding an ACE specifying a principal other than the | |||
| ones in the ACL above) or <D:ace-conflict> (by trying to reorder | ones in the ACL above) or <D:ace-conflict> (by trying to reorder | |||
| the ACEs in the example above), as these particular implementation | the ACEs in the example above), as these particular implementation | |||
| skipping to change at line 1653 | skipping to change at line 1653 | |||
| insufficient privileges, the response body to the "403 Forbidden" | insufficient privileges, the response body to the "403 Forbidden" | |||
| error MUST contain the <DAV:error> element, which in turn contains | error MUST contain the <DAV:error> element, which in turn contains | |||
| the <DAV:need-privileges> element, which contains one or more | the <DAV:need-privileges> element, which contains one or more | |||
| <DAV:resource> elements indicating which resource had insufficient | <DAV:resource> elements indicating which resource had insufficient | |||
| privileges, and what the lacking privileges were: | privileges, and what the lacking privileges were: | |||
| <!ELEMENT need-privileges (resource)* > | <!ELEMENT need-privileges (resource)* > | |||
| <!ELEMENT resource ( href , privilege ) > | <!ELEMENT resource ( href , privilege ) > | |||
| Since some methods require multiple permissions on multiple | Since some methods require multiple permissions on multiple | |||
| resources, this information is needed to resolve any ambiguity. | resources, this information is needed to resolve any ambiguity. | |||
| There is no requirement that all privilege violations be reported— | There is no requirement that all privilege violations be reportedù | |||
| for implementation reasons, some servers may only report the first | for implementation reasons, some servers may only report the first | |||
| privilege violation. For example: | privilege violation. For example: | |||
| >> Request << | >> Request << | |||
| MOVE /a/b/ HTTP/1.1 | MOVE /a/b/ HTTP/1.1 | |||
| Host: www.example.com | Host: www.example.com | |||
| Destination: http://www.example.com/c/d | Destination: http://www.example.com/c/d | |||
| >> Response << | >> Response << | |||
| skipping to change at line 2864 | skipping to change at line 2864 | |||
| Email: ejw@cse.ucsc.edu | Email: ejw@cse.ucsc.edu | |||
| Clemm, Hopkins, Sedlar, Whitehead [Page 55] | Clemm, Hopkins, Sedlar, Whitehead [Page 55] | |||
| 19 APPENDICES | 19 APPENDICES | |||
| 19.1 WebDAV XML Document Type Definition Addendum | 19.1 WebDAV XML Document Type Definition Addendum | |||
| All XML elements defined in this Document Type Definition (DTD) | All XML elements defined in this Document Type Definition (DTD) | |||
| belong to the DAV namespace. This DTD should be viewed as an | belong to the DAV namespace. This DTD should be viewed as an | |||
| addendum to the DTD provided in [RFC2518], section 23.1. | addendum to the DTD provided in [RFC2518], section 23.1. | |||
| <!-- Privileges --> | <!-- Privileges -- (Section 3)> | |||
| <!ELEMENT read EMPTY> | <!ELEMENT read EMPTY> | |||
| <!ELEMENT write EMPTY> | <!ELEMENT write EMPTY> | |||
| <!ELEMENT write-properties EMPTY> | <!ELEMENT write-properties EMPTY> | |||
| <!ELEMENT write-content EMPTY> | <!ELEMENT write-content EMPTY> | |||
| <!ELEMENT unlock EMPTY> | <!ELEMENT unlock EMPTY> | |||
| <!ELEMENT read-acl EMPTY> | <!ELEMENT read-acl EMPTY> | |||
| <!ELEMENT read-current-user-privilege-set EMPTY> | <!ELEMENT read-current-user-privilege-set EMPTY> | |||
| <!ELEMENT write-acl EMPTY> | <!ELEMENT write-acl EMPTY> | |||
| <!ELEMENT bind EMPTY> | ||||
| <!ELEMENT unbind EMPTY> | ||||
| <!ELEMENT all EMPTY> | <!ELEMENT all EMPTY> | |||
| <!-- Principal Properties (Section 4) --> | <!-- Principal Properties (Section 4) --> | |||
| <!ELEMENT principal EMPTY> | <!ELEMENT principal EMPTY> | |||
| <!ELEMENT alternate-URI-set (href*)> | <!ELEMENT alternate-URI-set (href*)> | |||
| <!ELEMENT principal-URL (href)> | <!ELEMENT principal-URL (href)> | |||
| <!ELEMENT group-member-set (href*)> | <!ELEMENT group-member-set (href*)> | |||
| <!ELEMENT group-membership (href*)> | <!ELEMENT group-membership (href*)> | |||
| <!-- Access Control Properties (Section 5) --> | <!-- Access Control Properties (Section 5) --> | |||
| <!-- DAV:owner Property (Section 5.1) --> | <!-- DAV:owner Property (Section 5.1) --> | |||
| <!ELEMENT owner (href prop?)> | <!ELEMENT owner (href)> | |||
| <!ELEMENT prop (see [RFC2518], section 12.11)> | ||||
| <!-- DAV:supported-privilege-set Property (Section 5.2) --> | <!-- DAV:supported-privilege-set Property (Section 5.2) --> | |||
| <!ELEMENT supported-privilege-set (supported-privilege*)> | <!ELEMENT supported-privilege-set (supported-privilege*)> | |||
| <!ELEMENT supported-privilege | <!ELEMENT supported-privilege | |||
| (privilege, abstract?, description, supported-privilege*)> | (privilege, abstract?, description, supported-privilege*)> | |||
| <!ELEMENT privilege ANY> | <!ELEMENT privilege ANY> | |||
| <!ELEMENT abstract EMPTY> | <!ELEMENT abstract EMPTY> | |||
| <!ELEMENT description #PCDATA> | <!ELEMENT description #PCDATA> | |||
| <!ELEMENT privilege ANY> | ||||
| <!-- DAV:current-user-privilege-set Property (Section 5.3) --> | <!-- DAV:current-user-privilege-set Property (Section 5.3) --> | |||
| <!ELEMENT current-user-privilege-set (privilege*)> | <!ELEMENT current-user-privilege-set (privilege*)> | |||
| Clemm, Hopkins, Sedlar, Whitehead [Page 56] | Clemm, Hopkins, Sedlar, Whitehead [Page 56] | |||
| <!-- DAV:acl Property (Section 5.4) --> | <!-- DAV:acl Property (Section 5.4) --> | |||
| <!ELEMENT acl (ace)* > | <!ELEMENT acl (ace)* > | |||
| <!ELEMENT ace (invert | principal, (grant|deny), protected?, | <!ELEMENT ace ((principal | invert), (grant|deny), protected?, | |||
| inherited?)> | inherited?)> | |||
| <!ELEMENT invert principal> | ||||
| <!ELEMENT principal ((href, prop?) | <!ELEMENT principal (href) | |||
| | all | authenticated | unauthenticated | | all | authenticated | unauthenticated | |||
| | property | self)> | | property | self)> | |||
| <!ELEMENT prop (see [RFC2518], section 12.11)> | ||||
| <!ELEMENT all EMPTY> | <!ELEMENT all EMPTY> | |||
| <!ELEMENT authenticated EMPTY> | <!ELEMENT authenticated EMPTY> | |||
| <!ELEMENT unauthenticated EMPTY> | <!ELEMENT unauthenticated EMPTY> | |||
| <!ELEMENT property ANY> | <!ELEMENT property ANY> | |||
| <!ELEMENT self EMPTY> | <!ELEMENT self EMPTY> | |||
| <!ELEMENT invert principal> | ||||
| <!ELEMENT grant (privilege+)> | <!ELEMENT grant (privilege+)> | |||
| <!ELEMENT deny (privilege+)> | <!ELEMENT deny (privilege+)> | |||
| <!ELEMENT privilege ANY> | <!ELEMENT privilege ANY> | |||
| <!ELEMENT protected EMPTY> | <!ELEMENT protected EMPTY> | |||
| <!ELEMENT inherited (href)> | <!ELEMENT inherited (href)> | |||
| <!-- DAV:inherited-acl-set Property (Section 5.6) --> | <!-- DAV:acl-restrictions Property (Section 5.5) --> | |||
| <!ELEMENT inherited-acl-set (href*)> | <!ELEMENT acl-restrictions (grant-only?, no-invert?, | |||
| deny-before-grant?, required-principal?)> | ||||
| <!-- DAV:principal-collection-set Property (Section 5.6) --> | <!ELEMENT grant-only EMPTY> | |||
| <!ELEMENT no-invert EMPTY> | ||||
| <!ELEMENT deny-before-grant EMPTY> | ||||
| <!ELEMENT principal-collection-set (href*)> | <!ELEMENT required-principal | |||
| (all? | authenticated? | unauthenticated? | self? | href* | ||||
| |property*)> | ||||
| <!-- DAV:acl-semantics Property (Section 6) --> | Clemm, Hopkins, Sedlar, Whitehead [Page 57] | |||
| <!-- DAV:inherited-acl-set Property (Section 5.6) --> | ||||
| <!ELEMENT acl-semantics (ace-combination?, ace-ordering?, allowed- | <!ELEMENT inherited-acl-set (href*)> | |||
| ace?, required-principal?)> | ||||
| <!ELEMENT ace-combination | <!-- DAV:principal-collection-set Property (Section 5.6) --> | |||
| (first-match | all-grant-before-any-deny | specific-deny- | ||||
| overrides-grant)> | ||||
| <!ELEMENT first-match EMPTY> | ||||
| <!ELEMENT all-grant-before-any-deny EMPTY> | ||||
| <!ELEMENT specific-deny-overrides-grant EMPTY> | ||||
| <!ELEMENT ace-ordering (deny-before-grant)? > | <!ELEMENT principal-collection-set (href*)> | |||
| <!ELEMENT deny-before-grant EMPTY> | ||||
| Clemm, Hopkins, Sedlar, Whitehead [Page 57] | <!-- Access Control and Existing Methods (Section 7) --> | |||
| <!ELEMENT allowed-ace (grant-only | | ||||
| no-invert)*> | ||||
| <!ELEMENT grant-only EMPTY> | ||||
| <!ELEMENT no-invert EMPTY> | ||||
| <!ELEMENT required-principal | <!ELEMENT need-privileges (resource)* > | |||
| (all? | authenticated? | unauthenticated? | self? | href* | <!ELEMENT resource ( href, privilege ) | |||
| |property*)> | ||||
| <!-- ACL method preconditions (Section 8.1.1) --> | <!-- ACL method preconditions (Section 8.1.1) --> | |||
| <!ELEMENT no-ace-conflict EMPTY> | <!ELEMENT no-ace-conflict EMPTY> | |||
| <!ELEMENT no-protected-ace-conflict EMPTY> | <!ELEMENT no-protected-ace-conflict EMPTY> | |||
| <!ELEMENT no-inherited-ace-conflict EMPTY> | <!ELEMENT no-inherited-ace-conflict EMPTY> | |||
| <!ELEMENT limited-number-of-aces EMPTY> | <!ELEMENT limited-number-of-aces EMPTY> | |||
| <!ELEMENT grant-only EMPTY> | ||||
| <!ELEMENT no-invert EMPTY> | ||||
| <!ELEMENT deny-before-grant EMPTY> | ||||
| <!ELEMENT no-abstract EMPTY> | <!ELEMENT no-abstract EMPTY> | |||
| <!ELEMENT not-supported-privilege EMPTY> | <!ELEMENT not-supported-privilege EMPTY> | |||
| <!ELEMENT missing-required-principal EMPTY> | <!ELEMENT missing-required-principal EMPTY> | |||
| <!ELEMENT recognized-principal EMPTY> | <!ELEMENT recognized-principal EMPTY> | |||
| <!ELEMENT allowed-principal EMPTY> | <!ELEMENT allowed-principal EMPTY> | |||
| <!-- REPORTs (Section 9) --> | <!-- REPORTs (Section 9) --> | |||
| <!ELEMENT acl-principal-prop-set ANY> | <!ELEMENT acl-principal-prop-set ANY> | |||
| ANY value: a sequence of one or more elements, with at most one | ANY value: a sequence of one or more elements, with at most one | |||
| skipping to change at line 2999 | skipping to change at line 2996 | |||
| an href element that contains the URI of a principal | an href element that contains the URI of a principal | |||
| <!ELEMENT self EMPTY> | <!ELEMENT self EMPTY> | |||
| <!ELEMENT principal-property-search ((property-search+), prop?) > | <!ELEMENT principal-property-search ((property-search+), prop?) > | |||
| <!ELEMENT property-search (prop, match) > | <!ELEMENT property-search (prop, match) > | |||
| <!ELEMENT match #PCDATA > | <!ELEMENT match #PCDATA > | |||
| <!ELEMENT principal-search-property-set (principal-search- | <!ELEMENT principal-search-property-set (principal-search- | |||
| property*) > | property*) > | |||
| <!ELEMENT principal-search-property (prop, description) > | <!ELEMENT principal-search-property (prop, description) > | |||
| <!ELEMENT description #PCDATA > | ||||
| 19.2 WebDAV Method Privilege Table (Normative) | 19.2 WebDAV Method Privilege Table (Normative) | |||
| The following table of WebDAV methods (as defined in RFC 2518, 2616, | The following table of WebDAV methods (as defined in RFC 2518, 2616, | |||
| and 3253) clarifies which privileges are required for access for each | and 3253) clarifies which privileges are required for access for each | |||
| method. Note that the privileges listed, if denied, MUST cause access | method. Note that the privileges listed, if denied, MUST cause access | |||
| to be denied. However, given that a specific implementation MAY define | to be denied. However, given that a specific implementation MAY define | |||
| an additional custom privilege to control access to existing methods, | an additional custom privilege to control access to existing methods, | |||
| having all of the indicated privileges does not mean that access will | having all of the indicated privileges does not mean that access will | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||