IMAP4 ACL extension
RFC 2086

Document Type RFC - Proposed Standard (January 1997; No errata)
Obsoleted by RFC 4314
Was draft-myers-imap-acl (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2086 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           J. Myers
Request for Comments: 2086                               Carnegie Mellon
Category: Standards Track                                   January 1997

                          IMAP4 ACL extension

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

1.   Abstract

   The ACL extension of the Internet Message Access Protocol [IMAP4]
   permits access control lists to be manipulated through the IMAP
   protocol.

Table of Contents

   1.   Abstract............................................... 1
   2.   Conventions Used in this Document...................... 1
   3.   Introduction and Overview.............................. 2
   4.   Commands............................................... 3
   4.1. SETACL................................................. 3
   4.2. DELETEACL.............................................. 4
   4.3. GETACL................................................. 4
   4.4. LISTRIGHTS............................................. 4
   4.5. MYRIGHTS............................................... 5
   5.   Responses.............................................. 5
   5.1. ACL.................................................... 5
   5.2. LISTRIGHTS............................................. 6
   5.3. MYRIGHTS............................................... 6
   6.   Formal Syntax.......................................... 6
   7.   References............................................. 7
   8.   Security Considerations................................ 7
   9.   Author's Address....................................... 8

2.   Conventions Used in this Document

   In examples, "C:" and "S:" indicate lines sent by the client and
   server respectively.

Myers                       Standards Track                     [Page 1]
RFC 2086                     ACL extension                  January 1997

3.   Introduction and Overview

   The ACL extension is present in any IMAP4 implementation which
   returns "ACL" as one of the supported capabilities to the CAPABILITY
   command.

   An access control list is a set of <identifier,rights> pairs.

   Identifier is a US-ASCII string.  The identifier anyone is reserved
   to refer to the universal identity (all authentications, including
   anonymous). All user name strings accepted by the LOGIN or
   AUTHENTICATE commands to authenticate to the IMAP server are reserved
   as identifiers for the corresponding user.  Identifiers starting with
   a dash ("-") are reserved for "negative rights", described below.
   All other identifier strings are interpreted in an implementation-
   defined manner.

   Rights is a string listing a (possibly empty) set of alphanumeric
   characters, each character listing a set of operations which is being
   controlled. Letters are reserved for ``standard'' rights, listed
   below.  The set of standard rights may only be extended by a
   standards-track document.  Digits are reserved for implementation or
   site defined rights.  The currently defined standard rights are:

   l - lookup (mailbox is visible to LIST/LSUB commands)
   r - read (SELECT the mailbox, perform CHECK, FETCH, PARTIAL,
       SEARCH, COPY from mailbox)
   s - keep seen/unseen information across sessions (STORE SEEN flag)
   w - write (STORE flags other than SEEN and DELETED)
   i - insert (perform APPEND, COPY into mailbox)
   p - post (send mail to submission address for mailbox,
       not enforced by IMAP4 itself)
   c - create (CREATE new sub-mailboxes in any implementation-defined
       hierarchy)
   d - delete (STORE DELETED flag, perform EXPUNGE)
   a - administer (perform SETACL)

   An implementation may tie rights together or may force rights to
   always or never be granted to particular identifiers.  For example,
   in an implementation that uses unix mode bits, the rights "wisd" are
   tied, the "a" right is always granted to the owner of a mailbox and
   is never granted to another user.  If rights are tied in an
   implementation, the implementation must be conservative in granting
   rights in response to SETACL commands--unless all rights in a tied
   set are specified, none of that set should be included in the ACL
   entry for that identifier.  A client may discover the set of rights
   which may be granted to a given identifier in the ACL for a given
   mailbox by using the LISTRIGHTS command.

Myers                       Standards Track                     [Page 2]
RFC 2086                     ACL extension                  January 1997

   It is possible for multiple identifiers in an access control list to
   apply to a given user (or other authentication identity).  For
Show full document text