@techreport{deason-afs3-acl-restrictions-01,
    number =    {draft-deason-afs3-acl-restrictions-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-deason-afs3-acl-restrictions/01/},
    author =    {Andrew Deason and Michael Meffie and Thomas Keiser},
    title =     {{Methods of Specifying Restrictions on AFS3 ACLs}},
    pagetotal = 11,
    year =      2010,
    month =     jan,
    day =       13,
    abstract =  {The AFS-3 ACL 'a' bit gives users unfettered power to grant, or revoke, privileges, with no provision for enforcing site policy. This memo provides several alternative mechanisms for creating restrictions on what powers the 'a' bit denotes. Three alternative mechanisms for restricting the power of the 'a' bit are proposed: a method for overlaying the ACL with a site-controlled ACL; a method for masking the ACL with a site-controlled privilege mask; and a finely granular meta-acl mechanism for restricting to whom privileges may be delegated, and which privileges may be given to different classes of principals. This memo will serve as a basis for the ACL restriction discussion with the AFS-3 protocol working group. The intended goal of this discussion is to reach consensus on standardization of one or more solutions, and then publish a BCP status memo.},
}