ACLs within the NFSv4 Protocols
draft-dnoveck-nfsv4-acls-07
| Document | Type |
Replaced Internet-Draft
(nfsv4 WG)
Expired & archived
|
|
|---|---|---|---|
| Author | David Noveck | ||
| Last updated | 2025-11-25 (Latest revision 2025-05-24) | ||
| Replaced by | draft-ietf-nfsv4-acls-update | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Adopted by a WG | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-nfsv4-acls-update | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document is part of the set of documents intended to update the description of NFSv4 Minor Version One as part of the rfc5661bis respecification effort for NFSv4.1. It describes the structure and function of NFsv4 Access Control Lists within all existing minor versions of NFSv4. It describes the structure of NFSv4 ACLs and their role in the NFSv4 security architecture. While the focus of this document is on the role of ACLs in providing a more flexible approach to file access authorization than is made available by the POSIX-derived authorization-related attributes, the potential provision of other security-related functionality is covered as well. [Consensus Needed (Item #117a)]: Because of the failure of previous specifications to provide a satisfactory approach to either of the two ACL models for which support was originally intended, this document clarifies the status of draft-POSIX ACLs, with the expectation that support for these might be provided via a later extension. In addition, this document will include some small protocol extensions to correct protocol defects, as provided for in RFC8178. [Consensus Needed (Item #117a)]: In this document, the relationship among the multiple ACL models for which support was intended has changed. A core set of functionality, shared in large part with that derived from a subset of the functionality provided by the now- withdrawn draft-POSIX ACLs is presented as the conceptual base of the feature set. Additional sets of features used to provide the functionality within the NFSv4 ACL model and the full draft-POSIX ACL model are considered as OPTIONAL extensions to that core, with the latter not yet present in NFsv4.1. [RFC Editor: please remove this parapgraph and the following paragraph prior to publishing this document as an RFC]. The current version of the document is intended, in large part, to result in working group discussion regarding repairing problems with previous specifications of ACL-related features and to enable work to provide a greater degree of interoperability than has been available heretofore. The drafts provide a framework for addressing these issues and obtaining working group consensus regarding changes that will be necesasary before publication of RFCTBD10. When the resulting document is eventually published as an RFC, it will supersede the descriptions of ACL structure and semantics appearing in existing minor version specification documents for NFSv4.0 and NFSv4.1, thereby updating RFC7530 and RFC8881.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)