Skip to main content

ACAP Authorization Identifier Datasets Classes

Document Type Expired Internet-Draft (acap WG)
Expired & archived
Authors Steve Hole , Alexey Melnikov
Last updated 2002-06-16
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Most distributed (client/server) applications require an authenti- cation process between the client and the server before the server will grant access to its managed resources. Many applications pro- vide varying levels of access to server resources based on a combi- nation of authentication credentials and access control rules. The collection of information used to control access to resources is called 'authorization information'. The authorization identifer datasets contain lists of users and groups of users that can be used by applications for authorization purposes. Access control mechanisms can be abstracted from under- lying authentication mechanisms and credential formats. They can be extended to include group memberships in dynamic calculations for access rights to resources or in definition of one time autho- rization certificates. The Application Configuration Access Protocol (ACAP) supports the remote storage and access of many types of structured configuration information. The authorization identifier datasets specification describes the 'userid' and 'groupid' datasets which contain the authorization information. It also describes ACAP server capabili- ties that advertise a server's support for authorization user and group semantics.


Steve Hole
Alexey Melnikov

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)