Presentation is loading. Please wait.

Presentation is loading. Please wait.

DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves.

Published byEdmund Barrett Modified over 9 years ago

Similar presentations

Presentation on theme: "DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves."— Presentation transcript:

1 DAV ACLs Lisa Lippert Microsoft

2 Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves

3 Background Drafts: –draft-ietf-webdav-acl-reqts-00.txt –draft-ietf-webdav-acl-00.txt (expired) Terms –ACL –ACE –Principal

4 File System ACLs Resource x principal x right --> yes/no Each resource (file or directory) has its own list Each list has entries for various principals and rights Users, groups, “All Users” principal Common rights: read, write, execute Other rights: list members, read ACLs, write ACLs... Directories may be treated differently than files Access rights may be denied as well as granted Various rules for ownership, inheritance, avoiding conflict

5 Other ACLs efforts LDAP IMAP: rfc2086 –lookup, read, write, insert, post, create, delete, administer, keep seen/unseen info across sessions –Rights apply only to mailboxes CAP (Calendar Access Protocol) CAT

6 Scenarios Basic allow read/write scenario Different authors on different resources within one collection Deny access to a member of a group Delegation without relinquishing control High-security: no evidence that a hidden file exists

7 Goals Allow access controls to be read and set Support most frequently used rights –read, write, delete, add child, list children, delete children, read ACL, write ACL Support grant, deny Allow access controls to apply to resources and collections

8 Goals Continued Flexible principal specification –userid & domain, group & domain, all, all authenticated Ability to add and remove access settings without resetting entire list

9 Inheritance goals Static inheritance Dynamic inheritance

10 Extensibility and Discovery Add new types of rights to resources or types of resources Ability to discover new rights

11 Security: Ownership Allow resource managers to grant and deny access to read and write access settings Ownership –“Owner” is the principal to whom permissions cannot be effectively denied –Useful to have “set owner” as well as “set ACLs” right (solves delegation scenario) –Must be supported

12 Security: Encryption To protect the ACL as sensitive data –Encryption could reduce chance of snooping –Snooping is particularly dangerous when account names are sent across the wire June WG decision: –there should be on-the-wire protection of ACL data –It should be possible to deny unprotected transactions

13 May-have Property-level access control Roles (problematic) Management: easy to block or log ACLs

14 Out of Scope how groups are or should be modeled Use of certificates to prove that a user has access Time-out access control Absolute predictability Sensitivity Delegation

Download ppt "DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves."

Similar presentations

Not like the State of Virginia. What is State in ASP.NET? Services (like web services) are Stateless. This means if you make a second request to a server,

Not like the State of Virginia. What is State in ASP.NET? Services (like web services) are Stateless. This means if you make a second request to a server,
Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level.

1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level.
When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Oracle Beehive Vivek Pavle Orabyte LLC www.orabyte.com Orabyte.

Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

Similar presentations

Ads by Google