IMAP4 ACL extension
RFC 2086
Document | Type |
RFC - Proposed Standard
(January 1997; No errata)
Obsoleted by RFC 4314
Was draft-myers-imap-acl (individual)
|
|
---|---|---|---|
Author | John Myers | ||
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 2086 (Proposed Standard) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group J. Myers Request for Comments: 2086 Carnegie Mellon Category: Standards Track January 1997 IMAP4 ACL extension Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. 1. Abstract The ACL extension of the Internet Message Access Protocol [IMAP4] permits access control lists to be manipulated through the IMAP protocol. Table of Contents 1. Abstract............................................... 1 2. Conventions Used in this Document...................... 1 3. Introduction and Overview.............................. 2 4. Commands............................................... 3 4.1. SETACL................................................. 3 4.2. DELETEACL.............................................. 4 4.3. GETACL................................................. 4 4.4. LISTRIGHTS............................................. 4 4.5. MYRIGHTS............................................... 5 5. Responses.............................................. 5 5.1. ACL.................................................... 5 5.2. LISTRIGHTS............................................. 6 5.3. MYRIGHTS............................................... 6 6. Formal Syntax.......................................... 6 7. References............................................. 7 8. Security Considerations................................ 7 9. Author's Address....................................... 8 2. Conventions Used in this Document In examples, "C:" and "S:" indicate lines sent by the client and server respectively. Myers Standards Track [Page 1] RFC 2086 ACL extension January 1997 3. Introduction and Overview The ACL extension is present in any IMAP4 implementation which returns "ACL" as one of the supported capabilities to the CAPABILITY command. An access control list is a set of <identifier,rights> pairs. Identifier is a US-ASCII string. The identifier anyone is reserved to refer to the universal identity (all authentications, including anonymous). All user name strings accepted by the LOGIN or AUTHENTICATE commands to authenticate to the IMAP server are reserved as identifiers for the corresponding user. Identifiers starting with a dash ("-") are reserved for "negative rights", described below. All other identifier strings are interpreted in an implementation- defined manner. Rights is a string listing a (possibly empty) set of alphanumeric characters, each character listing a set of operations which is being controlled. Letters are reserved for ``standard'' rights, listed below. The set of standard rights may only be extended by a standards-track document. Digits are reserved for implementation or site defined rights. The currently defined standard rights are: l - lookup (mailbox is visible to LIST/LSUB commands) r - read (SELECT the mailbox, perform CHECK, FETCH, PARTIAL, SEARCH, COPY from mailbox) s - keep seen/unseen information across sessions (STORE SEEN flag) w - write (STORE flags other than SEEN and DELETED) i - insert (perform APPEND, COPY into mailbox) p - post (send mail to submission address for mailbox, not enforced by IMAP4 itself) c - create (CREATE new sub-mailboxes in any implementation-defined hierarchy) d - delete (STORE DELETED flag, perform EXPUNGE) a - administer (perform SETACL) An implementation may tie rights together or may force rights to always or never be granted to particular identifiers. For example, in an implementation that uses unix mode bits, the rights "wisd" are tied, the "a" right is always granted to the owner of a mailbox and is never granted to another user. If rights are tied in an implementation, the implementation must be conservative in granting rights in response to SETACL commands--unless all rights in a tied set are specified, none of that set should be included in the ACL entry for that identifier. A client may discover the set of rights which may be granted to a given identifier in the ACL for a given mailbox by using the LISTRIGHTS command. Myers Standards Track [Page 2] RFC 2086 ACL extension January 1997 It is possible for multiple identifiers in an access control list to apply to a given user (or other authentication identity). ForShow full document text