dav acls lisa dusseault microsoft. agenda background scenarios goals
TRANSCRIPT
![Page 1: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/1.jpg)
DAV ACLs
Lisa Dusseault
Microsoft
![Page 2: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/2.jpg)
Agenda
• Background
• Scenarios
• Goals
![Page 3: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/3.jpg)
Background
• draft-ietf-webdav-acreq-01.txt
• draft-ietf-webdav-acl-00.txt
• Terms– ACL– ACE– Principal
![Page 4: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/4.jpg)
File System ACLs
• Resource x principal x right --> yes/no
• Each resource (file or directory) has its own list
• Each list has entries for various principals and rights
• “All Users” principal
• Groups as well as individual users
![Page 5: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/5.jpg)
File System ACLs
• Common rights: read, write, execute
• Other rights: list members, read ACLs, write ACLs, synchronize
• Directories may be treated differently than files
• Access rights may be denied as well as granted
![Page 6: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/6.jpg)
File System ACLs
• Ownership
• Inheritance
• Rules for avoiding conflict
![Page 7: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/7.jpg)
Scenarios
• Different authors on different resources within one collection
• Deny access to a member of a group
• Delegation without relinquishing control
• Disallow from seeing the presence of a resource in a collection??
• Roles: Authors, editors, maintainers, managers, contributors...
![Page 8: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/8.jpg)
Goals
• Allow access controls to be read and set
• Support most frequently used rights– read, write, delete, add child, list children,
delete children, read ACL, write ACL
• Support grant, deny
• Access controls must apply to resources and should apply to properties
![Page 9: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/9.jpg)
Goals Continued
• Flexible principal specification– userid & domain, group & domain, all, all
authorized
• Ability to add and remove access settings without resetting entire list
![Page 10: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/10.jpg)
Inheritance goals
• Static inheritance
• Dynamic inheritance
• Top-down vs. leaf-only inheritance (“walk the path”)
• What to do if leaf has empty acls
![Page 11: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/11.jpg)
Extensibility and Discovery
• Add new types of rights to resources or types of resources
• Ability to discover new rights
![Page 12: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/12.jpg)
Security Goals
• Allow administrators to block/log access control requests
• Allow resource/collection managers to grant and deny access to read and write access settings
![Page 13: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/13.jpg)
Security: Ownership
• “Owner” is the principal to whom permissions cannot be effectively denied
• Useful to have “set owner” as well as “set ACLs” right (solves delegation scenario)
• Must be supported
![Page 14: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/14.jpg)
Security: Encryption
• Encryption could greatly reduce chance of snooping
• Snooping is particularly dangerous when account names are sent across the wire
• Recommend but not require that implementations support encryption
• Allow implementations to refuse non-encrypted requests
![Page 15: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/15.jpg)
Security: Certificates
• Could have certificates issuable which mean “I have permission to write to this resource” even though certificate holder is not known
• Would access certificates override the access list?
• Should we support this use of certificates?• DAV ACL design will be functional without
certificate-based delegation.
![Page 16: DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f185503460f94c2ef40/html5/thumbnails/16.jpg)
Predictability Goal
• Ability for clients to predict access levels
• Completeness • include all administrators that could delete the file?
• Evaluation must be unambiguously defined
• Behaviour must be entirely consistent or discoverable