dav acls lisa lippert microsoft. agenda background –drafts, terms, how file systems use acls...
TRANSCRIPT
![Page 1: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/1.jpg)
DAV ACLs
Lisa Lippert
Microsoft
![Page 2: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/2.jpg)
Agenda
• Background– drafts, terms, how file systems use ACLs– Other ACLs efforts
• Scenarios
• Goals– goals, may-haves, won’t-haves
![Page 3: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/3.jpg)
Background
• Drafts:– draft-ietf-webdav-acl-reqts-00.txt – draft-ietf-webdav-acl-00.txt (expired)
• Terms– ACL– ACE– Principal
![Page 4: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/4.jpg)
File System ACLs
• Resource x principal x right --> yes/no
• Each resource (file or directory) has its own list
• Each list has entries for various principals and rights
• Users, groups, “All Users” principal
• Common rights: read, write, execute
• Other rights: list members, read ACLs, write ACLs...
• Directories may be treated differently than files
• Access rights may be denied as well as granted
• Various rules for ownership, inheritance, avoiding conflict
![Page 5: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/5.jpg)
Other ACLs efforts
• LDAP
• IMAP: rfc2086– lookup, read, write, insert, post, create, delete,
administer, keep seen/unseen info across sessions
– Rights apply only to mailboxes
• CAP (Calendar Access Protocol)
• CAT
![Page 6: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/6.jpg)
Scenarios
• Basic allow read/write scenario
• Different authors on different resources within one collection
• Deny access to a member of a group
• Delegation without relinquishing control
• High-security: no evidence that a hidden file exists
![Page 7: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/7.jpg)
Goals
• Allow access controls to be read and set
• Support most frequently used rights– read, write, delete, add child, list children,
delete children, read ACL, write ACL
• Support grant, deny
• Allow access controls to apply to resources and collections
![Page 8: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/8.jpg)
Goals Continued
• Flexible principal specification– userid & domain, group & domain, all, all
authenticated
• Ability to add and remove access settings without resetting entire list
![Page 9: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/9.jpg)
Inheritance goals
• Static inheritance
• Dynamic inheritance
![Page 10: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/10.jpg)
Extensibility and Discovery
• Add new types of rights to resources or types of resources
• Ability to discover new rights
![Page 11: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/11.jpg)
Security: Ownership
• Allow resource managers to grant and deny access to read and write access settings
• Ownership– “Owner” is the principal to whom permissions
cannot be effectively denied – Useful to have “set owner” as well as “set
ACLs” right (solves delegation scenario)– Must be supported
![Page 12: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/12.jpg)
Security: Encryption
• To protect the ACL as sensitive data– Encryption could reduce chance of snooping– Snooping is particularly dangerous when account
names are sent across the wire
• June WG decision: – there should be on-the-wire protection of ACL data– It should be possible to deny unprotected
transactions
![Page 13: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/13.jpg)
May-have
• Property-level access control
• Roles (problematic)• Management: easy to block or log ACLs
![Page 14: DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c220e5/html5/thumbnails/14.jpg)
Out of Scope
• how groups are or should be modeled
• Use of certificates to prove that a user has access
• Time-out access control
• Absolute predictability
• Sensitivity
• Delegation