mnot’s blog

Design depends largely on constraints.” — Charles Eames

Friday, 28 May 2004


WebDAV Access Control Protocol

RFC 3744 has been published:

This document specifies a set of methods, headers, message bodies, properties, and reports that define Access Control extensions to the WebDAV Distributed Authoring Protocol. This protocol permits a client to read and modify access control lists that instruct a server whether to allow or deny operations upon a resource (such as HyperText Transfer Protocol (HTTP) method invocations) by a given principal. A lightweight representation of principals as Web resources supports integration of a wide range of user management repositories. Search operations allow discovery and manipulation of principals using human names.

This is great; WebDAV is becoming more functional by the day. Congrats, WebDAV folks!

I’m interested to see how access control will surface in Web description formats; ideally, the same artefacts will be used, or there will be a direct mapping. Along those lines, I still have questions about the necessity of having privileges that are separate from HTTP methods, which I’ve been discussing with Julian.