draft-ietf-webdav-acl-11.txt   draft-ietf-webdav-acl-12.txt 
INTERNET-DRAFT Geoffrey Clemm, IBM INTERNET-DRAFT Geoffrey Clemm, IBM
draft-ietf-webdav-acl-11 Anne Hopkins, Microsoft Corporatio draft-ietf-webdav-acl-12 Anne Hopkins, Microsoft Corporation
Eric Sedlar, Oracle Corporation Eric Sedlar, Oracle Corporation
Jim Whitehead, U.C. Santa Cruz Jim Whitehead, U.C. Santa Cruz
Expires March 10, 2004 September 10, 2003 Expires April 10, 2004 October 10, 2003
WebDAV Access Control Protocol WebDAV Access Control Protocol
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions of This document is an Internet-Draft and is subject to all provisions of
Section 10 of RFC2026. Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at line 433 skipping to change at line 433
implementations MUST NOT use the DAV: namespace, and instead implementations MUST NOT use the DAV: namespace, and instead
should use a namespace that they control, such as an http scheme should use a namespace that they control, such as an http scheme
URL. URL.
3.1 DAV:read Privilege 3.1 DAV:read Privilege
The read privilege controls methods that return information about The read privilege controls methods that return information about
the state of the resource, including the resource's properties. the state of the resource, including the resource's properties.
Affected methods include GET and PROPFIND. Any implementation- Affected methods include GET and PROPFIND. Any implementation-
defined privilege that also controls access to GET and PROPFIND defined privilege that also controls access to GET and PROPFIND
must be aggregated under DAV:readif an ACL grants access to must be aggregated under DAV:readif an ACL grants access to
DAV:read, the client may expect that no other privilege needs to DAV:read, the client may expect that no other privilege needs to
be granted to have access to GET and PROPFIND. Additionally, the be granted to have access to GET and PROPFIND. Additionally, the
read privilege MUST control the OPTIONS method. read privilege MUST control the OPTIONS method.
<!ELEMENT read EMPTY> <!ELEMENT read EMPTY>
3.2 DAV:write Privilege 3.2 DAV:write Privilege
The write privilege controls methods that lock a resource or The write privilege controls methods that lock a resource or
modify the content, dead properties, or (in the case of a modify the content, dead properties, or (in the case of a
collection) membership of the resource, such as PUT and PROPPATCH. collection) membership of the resource, such as PUT and PROPPATCH.
skipping to change at line 463 skipping to change at line 463
<!ELEMENT write EMPTY> <!ELEMENT write EMPTY>
3.3 DAV:write-properties 3.3 DAV:write-properties
The DAV:write-properties privilege controls methods that modify The DAV:write-properties privilege controls methods that modify
the dead properties of the resource, such as PROPPATCH. Whether the dead properties of the resource, such as PROPPATCH. Whether
this privilege may be used to control access to any live this privilege may be used to control access to any live
properties is determined by the implementation. Any properties is determined by the implementation. Any
implementation-defined privilege that also controls access to implementation-defined privilege that also controls access to
methods modifying dead properties must be aggregated under methods modifying dead properties must be aggregated under
DAV:write-propertiese.g. if an ACL grants access to DAV:write- DAV:write-propertiese.g. if an ACL grants access to DAV:write-
properties, the client can safely expect that no other privilege properties, the client can safely expect that no other privilege
needs to be granted to have access to PROPPATCH. needs to be granted to have access to PROPPATCH.
Clemm, Hopkins, Sedlar, Whitehead [Page 9] Clemm, Hopkins, Sedlar, Whitehead [Page 9]
<!ELEMENT write-properties EMPTY> <!ELEMENT write-properties EMPTY>
3.4 DAV:write-content 3.4 DAV:write-content
The DAV:write-content privilege controls methods that modify the The DAV:write-content privilege controls methods that modify the
content or (in the case of a collection) membership of the content or (in the case of a collection) membership of the
resource, such as PUT and DELETE. Any implementation-defined resource, such as PUT and DELETE. Any implementation-defined
privilege that also controls access to content or alteration of privilege that also controls access to content or alteration of
collection membership must be aggregated under DAV:write-content collection membership must be aggregated under DAV:write-content
e.g. if an ACL grants access to DAV:write-content, the client can e.g. if an ACL grants access to DAV:write-content, the client can
safely expect that no other privilege needs to be granted to have safely expect that no other privilege needs to be granted to have
access to PUT or DELETE. access to PUT or DELETE.
<!ELEMENT write-content EMPTY> <!ELEMENT write-content EMPTY>
3.5 DAV:unlock 3.5 DAV:unlock
The DAV:unlock privilege controls the use of the UNLOCK method by The DAV:unlock privilege controls the use of the UNLOCK method by
a principal other than the lock owner (the principal that created a principal other than the lock owner (the principal that created
a lock can always perform an UNLOCK). While the set of users who a lock can always perform an UNLOCK). While the set of users who
skipping to change at line 1021 skipping to change at line 1021
This is a protected property that specifies the list of access This is a protected property that specifies the list of access
control entries (ACEs), which define what principals are to get control entries (ACEs), which define what principals are to get
what privileges for this resource. what privileges for this resource.
<!ELEMENT acl (ace*) > <!ELEMENT acl (ace*) >
Each DAV:ace element specifies the set of privileges to be either Each DAV:ace element specifies the set of privileges to be either
granted or denied to a single principal. If the DAV:acl property granted or denied to a single principal. If the DAV:acl property
is empty, no principal is granted any privilege. is empty, no principal is granted any privilege.
<!ELEMENT ace (invert | principal, (grant|deny), protected?, <!ELEMENT ace ((principal | invert), (grant|deny), protected?,
inherited?)> inherited?)>
5.4.1 ACE Principal 5.4.1 ACE Principal
The DAV:principal element identifies the principal to which this The DAV:principal element identifies the principal to which this
ACE applies. ACE applies.
<!ELEMENT principal ((href) <!ELEMENT principal (href
| all | authenticated | unauthenticated | all | authenticated | unauthenticated
| property | self)> | property | self)>
The current user matches DAV:href only if that user is The current user matches DAV:href only if that user is
authenticated as being (or being a member of) the principal authenticated as being (or being a member of) the principal
identified by the URL contained by that DAV:href. identified by the URL contained by that DAV:href.
The current user always matches DAV:all. The current user always matches DAV:all.
<!ELEMENT all EMPTY> <!ELEMENT all EMPTY>
The current user matches DAV:authenticated only if authenticated. The current user matches DAV:authenticated only if authenticated.
skipping to change at line 1064 skipping to change at line 1064
Clemm, Hopkins, Sedlar, Whitehead [Page 20] Clemm, Hopkins, Sedlar, Whitehead [Page 20]
element, the URI value of DAV:href identifies a principal, and the element, the URI value of DAV:href identifies a principal, and the
current user is authenticated as being (or being a member of) that current user is authenticated as being (or being a member of) that
principal. For example, if the DAV:property element contained principal. For example, if the DAV:property element contained
<DAV:owner/>, the current user would match the DAV:property <DAV:owner/>, the current user would match the DAV:property
principal only if the current user is authenticated as matching principal only if the current user is authenticated as matching
the principal identified by the DAV:owner property of the the principal identified by the DAV:owner property of the
resource. resource.
<!ELEMENT property ANY> <!ELEMENT property ANY>
Alternately, some servers may support ACEs applying to those users
NOT matching the current principal, e.g. all users not in a
particular group. This can be done by wrapping the DAV:principal
element with DAV:invert.
<!ELEMENT invert principal>
The current user matches DAV:self in a DAV:acl property of the The current user matches DAV:self in a DAV:acl property of the
resource only if that resource is a principal and that principal resource only if that resource is a principal and that principal
matches the current user or, if the principal is a group, a member matches the current user or, if the principal is a group, a member
of that group matches the current user. of that group matches the current user.
<!ELEMENT self EMPTY> <!ELEMENT self EMPTY>
Some servers may support ACEs applying to those users
NOT matching the current principal, e.g. all users not in a
particular group. This can be done by wrapping the DAV:principal
element with DAV:invert.
<!ELEMENT invert principal>
5.4.2 ACE Grant and Deny 5.4.2 ACE Grant and Deny
Each DAV:grant or DAV:deny element specifies the set of privileges Each DAV:grant or DAV:deny element specifies the set of privileges
to be either granted or denied to the specified principal. A to be either granted or denied to the specified principal. A
DAV:grant or DAV:deny element of the DAV:acl of a resource MUST DAV:grant or DAV:deny element of the DAV:acl of a resource MUST
only contain non-abstract elements specified in the DAV:supported- only contain non-abstract elements specified in the DAV:supported-
privilege-set of that resource. privilege-set of that resource.
<!ELEMENT grant (privilege+)> <!ELEMENT grant (privilege+)>
<!ELEMENT deny (privilege+)> <!ELEMENT deny (privilege+)>
skipping to change at line 1279 skipping to change at line 1279
Content-Type: text/xml; charset="utf-8" Content-Type: text/xml; charset="utf-8"
Content-Length: xxx Content-Length: xxx
<?xml version="1.0" encoding="utf-8" ?> <?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:"> <D:multistatus xmlns:D="DAV:">
<D:response> <D:response>
<D:href>http://www.example.com/papers/</D:href> <D:href>http://www.example.com/papers/</D:href>
<D:propstat> <D:propstat>
<D:prop> <D:prop>
<D:acl-restrictions> <D:acl-restrictions>
<D:principal-only-one-ace/> <D:grant-only/>
<D:required-principal> <D:required-principal>
<D:all/> <D:all/>
</D:required-principal> </D:required-principal>
</D:acl-restrictions> </D:acl-restrictions>
</D:prop> </D:prop>
<D:status>HTTP/1.1 200 OK</D:status> <D:status>HTTP/1.1 200 OK</D:status>
</D:propstat> </D:propstat>
<D:response> <D:response>
</D:multistatus> </D:multistatus>
skipping to change at line 1585 skipping to change at line 1585
in access being denied. in access being denied.
Note that the semantics of many other existing ACL systems may be Note that the semantics of many other existing ACL systems may be
represented via this mechanism, by mixing deny and grant ACEs. represented via this mechanism, by mixing deny and grant ACEs.
For example, consider the standard "rwx" privilege scheme used by For example, consider the standard "rwx" privilege scheme used by
UNIX. In this scheme, if the current user is the owner of the UNIX. In this scheme, if the current user is the owner of the
file, access is granted if the corresponding privilege bit is set file, access is granted if the corresponding privilege bit is set
and denied if not set, regardless of the permissions set on the and denied if not set, regardless of the permissions set on the
Clemm, Hopkins, Sedlar, Whitehead [Page 30] Clemm, Hopkins, Sedlar, Whitehead [Page 30]
files group and for the world. An ACL for UNIX permissions of files group and for the world. An ACL for UNIX permissions of
"r--rw-r--"might be constructed like: "r--rw-r--"might be constructed like:
<D:acl> <D:acl>
<D:ace> <D:ace>
<D:principal><D:property> <D:principal><D:property>
<D:owner/></D:property></D:principal> <D:owner/></D:property></D:principal>
<D:grant><D:privilege><D:read/></D:privilege></D:grant> <D:grant><D:privilege><D:read/></D:privilege></D:grant>
</D:ace> </D:ace>
<D:ace> <D:ace>
<D:principal><D:property> <D:principal><D:property>
<D:owner/> </D:property></D:principal> <D:owner/> </D:property></D:principal>
skipping to change at line 1615 skipping to change at line 1615
<D:principal><D:property> <D:principal><D:property>
<D:group/> </D:property></D:principal> <D:group/> </D:property></D:principal>
<D:deny><D:privilege><D:all/></D:privilege></D:deny> <D:deny><D:privilege><D:all/></D:privilege></D:deny>
</D:ace> </D:ace>
<D:ace> <D:ace>
<D:principal><D:all></D:principal> <D:principal><D:all></D:principal>
<D:grant><D:privilege><D:read/></D:privilege></D:grant> <D:grant><D:privilege><D:read/></D:privilege></D:grant>
</D:ace> </D:ace>
</D:acl> </D:acl>
and the <acl-restrictions> would be defined as: and the <acl-restrictions> would be defined as:
<D:no-invert/><D:principal-only-one-ace/> <D:no-invert/>
<D:required-principal> <D:required-principal>
<D:all/> <D:all/>
<D:property><D:owner/></D:property> <D:property><D:owner/></D:property>
<D:property><D:group/><D:group/> <D:property><D:group/><D:group/>
</D:required-principal> </D:required-principal>
Note that the client can still get errors from a UNIX server in Note that the client can still get errors from a UNIX server in
spite of obeying the <acl-restrictions>, including <D:allowed- spite of obeying the <acl-restrictions>, including <D:allowed-
principal> (adding an ACE specifying a principal other than the principal> (adding an ACE specifying a principal other than the
ones in the ACL above) or <D:ace-conflict> (by trying to reorder ones in the ACL above) or <D:ace-conflict> (by trying to reorder
the ACEs in the example above), as these particular implementation the ACEs in the example above), as these particular implementation
skipping to change at line 1653 skipping to change at line 1653
insufficient privileges, the response body to the "403 Forbidden" insufficient privileges, the response body to the "403 Forbidden"
error MUST contain the <DAV:error> element, which in turn contains error MUST contain the <DAV:error> element, which in turn contains
the <DAV:need-privileges> element, which contains one or more the <DAV:need-privileges> element, which contains one or more
<DAV:resource> elements indicating which resource had insufficient <DAV:resource> elements indicating which resource had insufficient
privileges, and what the lacking privileges were: privileges, and what the lacking privileges were:
<!ELEMENT need-privileges (resource)* > <!ELEMENT need-privileges (resource)* >
<!ELEMENT resource ( href , privilege ) > <!ELEMENT resource ( href , privilege ) >
Since some methods require multiple permissions on multiple Since some methods require multiple permissions on multiple
resources, this information is needed to resolve any ambiguity. resources, this information is needed to resolve any ambiguity.
There is no requirement that all privilege violations be reported There is no requirement that all privilege violations be reported
for implementation reasons, some servers may only report the first for implementation reasons, some servers may only report the first
privilege violation. For example: privilege violation. For example:
>> Request << >> Request <<
MOVE /a/b/ HTTP/1.1 MOVE /a/b/ HTTP/1.1
Host: www.example.com Host: www.example.com
Destination: http://www.example.com/c/d Destination: http://www.example.com/c/d
>> Response << >> Response <<
skipping to change at line 2864 skipping to change at line 2864
Email: ejw@cse.ucsc.edu Email: ejw@cse.ucsc.edu
Clemm, Hopkins, Sedlar, Whitehead [Page 55] Clemm, Hopkins, Sedlar, Whitehead [Page 55]
19 APPENDICES 19 APPENDICES
19.1 WebDAV XML Document Type Definition Addendum 19.1 WebDAV XML Document Type Definition Addendum
All XML elements defined in this Document Type Definition (DTD) All XML elements defined in this Document Type Definition (DTD)
belong to the DAV namespace. This DTD should be viewed as an belong to the DAV namespace. This DTD should be viewed as an
addendum to the DTD provided in [RFC2518], section 23.1. addendum to the DTD provided in [RFC2518], section 23.1.
<!-- Privileges --> <!-- Privileges -- (Section 3)>
<!ELEMENT read EMPTY> <!ELEMENT read EMPTY>
<!ELEMENT write EMPTY> <!ELEMENT write EMPTY>
<!ELEMENT write-properties EMPTY> <!ELEMENT write-properties EMPTY>
<!ELEMENT write-content EMPTY> <!ELEMENT write-content EMPTY>
<!ELEMENT unlock EMPTY> <!ELEMENT unlock EMPTY>
<!ELEMENT read-acl EMPTY> <!ELEMENT read-acl EMPTY>
<!ELEMENT read-current-user-privilege-set EMPTY> <!ELEMENT read-current-user-privilege-set EMPTY>
<!ELEMENT write-acl EMPTY> <!ELEMENT write-acl EMPTY>
<!ELEMENT bind EMPTY>
<!ELEMENT unbind EMPTY>
<!ELEMENT all EMPTY> <!ELEMENT all EMPTY>
<!-- Principal Properties (Section 4) --> <!-- Principal Properties (Section 4) -->
<!ELEMENT principal EMPTY> <!ELEMENT principal EMPTY>
<!ELEMENT alternate-URI-set (href*)> <!ELEMENT alternate-URI-set (href*)>
<!ELEMENT principal-URL (href)> <!ELEMENT principal-URL (href)>
<!ELEMENT group-member-set (href*)> <!ELEMENT group-member-set (href*)>
<!ELEMENT group-membership (href*)> <!ELEMENT group-membership (href*)>
<!-- Access Control Properties (Section 5) --> <!-- Access Control Properties (Section 5) -->
<!-- DAV:owner Property (Section 5.1) --> <!-- DAV:owner Property (Section 5.1) -->
<!ELEMENT owner (href prop?)> <!ELEMENT owner (href)>
<!ELEMENT prop (see [RFC2518], section 12.11)>
<!-- DAV:supported-privilege-set Property (Section 5.2) --> <!-- DAV:supported-privilege-set Property (Section 5.2) -->
<!ELEMENT supported-privilege-set (supported-privilege*)> <!ELEMENT supported-privilege-set (supported-privilege*)>
<!ELEMENT supported-privilege <!ELEMENT supported-privilege
(privilege, abstract?, description, supported-privilege*)> (privilege, abstract?, description, supported-privilege*)>
<!ELEMENT privilege ANY> <!ELEMENT privilege ANY>
<!ELEMENT abstract EMPTY> <!ELEMENT abstract EMPTY>
<!ELEMENT description #PCDATA> <!ELEMENT description #PCDATA>
<!ELEMENT privilege ANY>
<!-- DAV:current-user-privilege-set Property (Section 5.3) --> <!-- DAV:current-user-privilege-set Property (Section 5.3) -->
<!ELEMENT current-user-privilege-set (privilege*)> <!ELEMENT current-user-privilege-set (privilege*)>
Clemm, Hopkins, Sedlar, Whitehead [Page 56] Clemm, Hopkins, Sedlar, Whitehead [Page 56]
<!-- DAV:acl Property (Section 5.4) --> <!-- DAV:acl Property (Section 5.4) -->
<!ELEMENT acl (ace)* > <!ELEMENT acl (ace)* >
<!ELEMENT ace (invert | principal, (grant|deny), protected?, <!ELEMENT ace ((principal | invert), (grant|deny), protected?,
inherited?)> inherited?)>
<!ELEMENT invert principal>
<!ELEMENT principal ((href, prop?) <!ELEMENT principal (href)
| all | authenticated | unauthenticated | all | authenticated | unauthenticated
| property | self)> | property | self)>
<!ELEMENT prop (see [RFC2518], section 12.11)>
<!ELEMENT all EMPTY> <!ELEMENT all EMPTY>
<!ELEMENT authenticated EMPTY> <!ELEMENT authenticated EMPTY>
<!ELEMENT unauthenticated EMPTY> <!ELEMENT unauthenticated EMPTY>
<!ELEMENT property ANY> <!ELEMENT property ANY>
<!ELEMENT self EMPTY> <!ELEMENT self EMPTY>
<!ELEMENT invert principal>
<!ELEMENT grant (privilege+)> <!ELEMENT grant (privilege+)>
<!ELEMENT deny (privilege+)> <!ELEMENT deny (privilege+)>
<!ELEMENT privilege ANY> <!ELEMENT privilege ANY>
<!ELEMENT protected EMPTY> <!ELEMENT protected EMPTY>
<!ELEMENT inherited (href)> <!ELEMENT inherited (href)>
<!-- DAV:inherited-acl-set Property (Section 5.6) --> <!-- DAV:acl-restrictions Property (Section 5.5) -->
<!ELEMENT inherited-acl-set (href*)> <!ELEMENT acl-restrictions (grant-only?, no-invert?,
deny-before-grant?, required-principal?)>
<!-- DAV:principal-collection-set Property (Section 5.6) --> <!ELEMENT grant-only EMPTY>
<!ELEMENT no-invert EMPTY>
<!ELEMENT deny-before-grant EMPTY>
<!ELEMENT principal-collection-set (href*)> <!ELEMENT required-principal
(all? | authenticated? | unauthenticated? | self? | href*
|property*)>
<!-- DAV:acl-semantics Property (Section 6) --> Clemm, Hopkins, Sedlar, Whitehead [Page 57]
<!-- DAV:inherited-acl-set Property (Section 5.6) -->
<!ELEMENT acl-semantics (ace-combination?, ace-ordering?, allowed- <!ELEMENT inherited-acl-set (href*)>
ace?, required-principal?)>
<!ELEMENT ace-combination <!-- DAV:principal-collection-set Property (Section 5.6) -->
(first-match | all-grant-before-any-deny | specific-deny-
overrides-grant)>
<!ELEMENT first-match EMPTY>
<!ELEMENT all-grant-before-any-deny EMPTY>
<!ELEMENT specific-deny-overrides-grant EMPTY>
<!ELEMENT ace-ordering (deny-before-grant)? > <!ELEMENT principal-collection-set (href*)>
<!ELEMENT deny-before-grant EMPTY>
Clemm, Hopkins, Sedlar, Whitehead [Page 57] <!-- Access Control and Existing Methods (Section 7) -->
<!ELEMENT allowed-ace (grant-only |
no-invert)*>
<!ELEMENT grant-only EMPTY>
<!ELEMENT no-invert EMPTY>
<!ELEMENT required-principal <!ELEMENT need-privileges (resource)* >
(all? | authenticated? | unauthenticated? | self? | href* <!ELEMENT resource ( href, privilege )
|property*)>
<!-- ACL method preconditions (Section 8.1.1) --> <!-- ACL method preconditions (Section 8.1.1) -->
<!ELEMENT no-ace-conflict EMPTY> <!ELEMENT no-ace-conflict EMPTY>
<!ELEMENT no-protected-ace-conflict EMPTY> <!ELEMENT no-protected-ace-conflict EMPTY>
<!ELEMENT no-inherited-ace-conflict EMPTY> <!ELEMENT no-inherited-ace-conflict EMPTY>
<!ELEMENT limited-number-of-aces EMPTY> <!ELEMENT limited-number-of-aces EMPTY>
<!ELEMENT grant-only EMPTY>
<!ELEMENT no-invert EMPTY>
<!ELEMENT deny-before-grant EMPTY>
<!ELEMENT no-abstract EMPTY> <!ELEMENT no-abstract EMPTY>
<!ELEMENT not-supported-privilege EMPTY> <!ELEMENT not-supported-privilege EMPTY>
<!ELEMENT missing-required-principal EMPTY> <!ELEMENT missing-required-principal EMPTY>
<!ELEMENT recognized-principal EMPTY> <!ELEMENT recognized-principal EMPTY>
<!ELEMENT allowed-principal EMPTY> <!ELEMENT allowed-principal EMPTY>
<!-- REPORTs (Section 9) --> <!-- REPORTs (Section 9) -->
<!ELEMENT acl-principal-prop-set ANY> <!ELEMENT acl-principal-prop-set ANY>
ANY value: a sequence of one or more elements, with at most one ANY value: a sequence of one or more elements, with at most one
skipping to change at line 2999 skipping to change at line 2996
an href element that contains the URI of a principal an href element that contains the URI of a principal
<!ELEMENT self EMPTY> <!ELEMENT self EMPTY>
<!ELEMENT principal-property-search ((property-search+), prop?) > <!ELEMENT principal-property-search ((property-search+), prop?) >
<!ELEMENT property-search (prop, match) > <!ELEMENT property-search (prop, match) >
<!ELEMENT match #PCDATA > <!ELEMENT match #PCDATA >
<!ELEMENT principal-search-property-set (principal-search- <!ELEMENT principal-search-property-set (principal-search-
property*) > property*) >
<!ELEMENT principal-search-property (prop, description) > <!ELEMENT principal-search-property (prop, description) >
<!ELEMENT description #PCDATA >
19.2 WebDAV Method Privilege Table (Normative) 19.2 WebDAV Method Privilege Table (Normative)
The following table of WebDAV methods (as defined in RFC 2518, 2616, The following table of WebDAV methods (as defined in RFC 2518, 2616,
and 3253) clarifies which privileges are required for access for each and 3253) clarifies which privileges are required for access for each
method. Note that the privileges listed, if denied, MUST cause access method. Note that the privileges listed, if denied, MUST cause access
to be denied. However, given that a specific implementation MAY define to be denied. However, given that a specific implementation MAY define
an additional custom privilege to control access to existing methods, an additional custom privilege to control access to existing methods,
having all of the indicated privileges does not mean that access will having all of the indicated privileges does not mean that access will
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/