Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol
RFC 3744

Document Type RFC - Proposed Standard (May 2004; Errata)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3744 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Ted Hardie
Send notices to <lisa@xythos.com>
Network Working Group                                           G. Clemm
Request for Comments: 3744                                           IBM
Category: Standards Track                                     J. Reschke
                                                              greenbytes
                                                               E. Sedlar
                                                      Oracle Corporation
                                                            J. Whitehead
                                                         U.C. Santa Cruz
                                                                May 2004

           Web Distributed Authoring and Versioning (WebDAV)
                        Access Control Protocol

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document specifies a set of methods, headers, message bodies,
   properties, and reports that define Access Control extensions to the
   WebDAV Distributed Authoring Protocol.  This protocol permits a
   client to read and modify access control lists that instruct a server
   whether to allow or deny operations upon a resource (such as
   HyperText Transfer Protocol (HTTP) method invocations) by a given
   principal.  A lightweight representation of principals as Web
   resources supports integration of a wide range of user management
   repositories.  Search operations allow discovery and manipulation of
   principals using human names.

Clemm, et al.               Standards Track                     [Page 1]
RFC 3744             WebDAV Access Control Protocol             May 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
       1.1.  Terms. . . . . . . . . . . . . . . . . . . . . . . . . .  6
       1.2.  Notational Conventions . . . . . . . . . . . . . . . . .  8
   2.  Principals . . . . . . . . . . . . . . . . . . . . . . . . . .  8
   3.  Privileges . . . . . . . . . . . . . . . . . . . . . . . . . .  8
       3.1.  DAV:read Privilege . . . . . . . . . . . . . . . . . . . 10
       3.2.  DAV:write Privilege. . . . . . . . . . . . . . . . . . . 10
       3.3.  DAV:write-properties Privilege . . . . . . . . . . . . . 10
       3.4.  DAV:write-content Privilege. . . . . . . . . . . . . . . 11
       3.5.  DAV:unlock Privilege . . . . . . . . . . . . . . . . . . 11
       3.6.  DAV:read-acl Privilege . . . . . . . . . . . . . . . . . 11
       3.7.  DAV:read-current-user-privilege-set Privilege. . . . . . 12
       3.8.  DAV:write-acl Privilege. . . . . . . . . . . . . . . . . 12
       3.9.  DAV:bind Privilege . . . . . . . . . . . . . . . . . . . 12
       3.10. DAV:unbind Privilege . . . . . . . . . . . . . . . . . . 12
       3.11. DAV:all Privilege. . . . . . . . . . . . . . . . . . . . 13
       3.12. Aggregation of Predefined Privileges . . . . . . . . . . 13
   4.  Principal Properties . . . . . . . . . . . . . . . . . . . . . 13
       4.1.  DAV:alternate-URI-set. . . . . . . . . . . . . . . . . . 14
       4.2.  DAV:principal-URL. . . . . . . . . . . . . . . . . . . . 14
       4.3.  DAV:group-member-set . . . . . . . . . . . . . . . . . . 14
       4.4.  DAV:group-membership . . . . . . . . . . . . . . . . . . 14
   5.  Access Control Properties. . . . . . . . . . . . . . . . . . . 15
       5.1.  DAV:owner. . . . . . . . . . . . . . . . . . . . . . . . 15
             5.1.1. Example: Retrieving DAV:owner . . . . . . . . . . 15
             5.1.2. Example: An Attempt to Set DAV:owner. . . . . . . 16
       5.2.  DAV:group. . . . . . . . . . . . . . . . . . . . . . . . 18
       5.3.  DAV:supported-privilege-set. . . . . . . . . . . . . . . 18
             5.3.1. Example: Retrieving a List of Privileges
                    Supported on a Resource . . . . . . . . . . . . . 19
       5.4.  DAV:current-user-privilege-set . . . . . . . . . . . . . 21
             5.4.1. Example: Retrieving the User's Current Set of
                    Assigned Privileges . . . . . . . . . . . . . . . 22
       5.5.  DAV:acl. . . . . . . . . . . . . . . . . . . . . . . . . 23
             5.5.1. ACE Principal . . . . . . . . . . . . . . . . . . 23
             5.5.2. ACE Grant and Deny. . . . . . . . . . . . . . . . 25
             5.5.3. ACE Protection. . . . . . . . . . . . . . . . . . 25
             5.5.4. ACE Inheritance . . . . . . . . . . . . . . . . . 25
             5.5.5. Example: Retrieving a Resource's Access Control
Show full document text