Presentation is loading. Please wait.

Presentation is loading. Please wait.

DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals.

Published byHerbert Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals."— Presentation transcript:

1 DAV ACLs Lisa Dusseault Microsoft

2 Agenda Background Scenarios Goals

3 Background draft-ietf-webdav-acreq-01.txt draft-ietf-webdav-acl-00.txt Terms –ACL –ACE –Principal

4 File System ACLs Resource x principal x right --> yes/no Each resource (file or directory) has its own list Each list has entries for various principals and rights “All Users” principal Groups as well as individual users

5 File System ACLs Common rights: read, write, execute Other rights: list members, read ACLs, write ACLs, synchronize Directories may be treated differently than files Access rights may be denied as well as granted

6 File System ACLs Ownership Inheritance Rules for avoiding conflict

7 Scenarios Different authors on different resources within one collection Deny access to a member of a group Delegation without relinquishing control Disallow from seeing the presence of a resource in a collection?? Roles: Authors, editors, maintainers, managers, contributors...

8 Goals Allow access controls to be read and set Support most frequently used rights –read, write, delete, add child, list children, delete children, read ACL, write ACL Support grant, deny Access controls must apply to resources and should apply to properties

9 Goals Continued Flexible principal specification –userid & domain, group & domain, all, all authorized Ability to add and remove access settings without resetting entire list

10 Inheritance goals Static inheritance Dynamic inheritance Top-down vs. leaf-only inheritance (“walk the path”) What to do if leaf has empty acls

11 Extensibility and Discovery Add new types of rights to resources or types of resources Ability to discover new rights

12 Security Goals Allow administrators to block/log access control requests Allow resource/collection managers to grant and deny access to read and write access settings

13 Security: Ownership “Owner” is the principal to whom permissions cannot be effectively denied Useful to have “set owner” as well as “set ACLs” right (solves delegation scenario) Must be supported

14 Security: Encryption Encryption could greatly reduce chance of snooping Snooping is particularly dangerous when account names are sent across the wire Recommend but not require that implementations support encryption Allow implementations to refuse non- encrypted requests

15 Security: Certificates Could have certificates issuable which mean “I have permission to write to this resource” even though certificate holder is not known Would access certificates override the access list? Should we support this use of certificates? DAV ACL design will be functional without certificate-based delegation.

16 Predictability Goal Ability for clients to predict access levels Completeness include all administrators that could delete the file? Evaluation must be unambiguously defined Behaviour must be entirely consistent or discoverable

Download ppt "DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals."

Similar presentations

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.

Similar presentations

Ads by Google