!ENTITY rfc2616 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2616.xml"> <!ENTITY rfc3744 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3744.xml"> <!ENTITY rfc4918 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4918.xml"> ]> WebDAV Current Principal Extension Apple Inc.

1 Infinite Loop Cupertino CA 95014 USA [email protected] http://www.apple.com/
Apple Inc.
1 Infinite Loop Cupertino CA 95014 USA [email protected] http://www.apple.com/
Applications This specification defines a new WebDAV property that allows clients to quickly determine the principal corresponding to the current authenticated user.
WebDAV is an extension to HTTP to support improved document authoring capabilities. The WebDAV Access Control Protocol ("WebDAV ACL") extension adds access control capabilities to WebDAV. It introduces the concept of a "principal" resource, which is used to represent information about authenticated entities on the system. Some clients have a need to determine which principal a server is associating with the currently authenticated HTTP user. While defines a DAV:current-user-privilege-set property for retrieving the privileges granted to that principal, there is no recommended way to identify the principal in question, which is necessary to perform other useful operations. For example, a client may wish to determine which groups the current user is a member of, or modify a property of the principal resource associated with the current user. The DAV:principal-match REPORT provides some useful functionality, but there are common situations where the results from that query can be ambiguous. For example, not only is an individual user principal returned, but also every group principal that the user is a member of, and there is no clear way to distinguish which is which. This specification proposes an extension to WebDAV ACL that adds a DAV:current-user-principal property to resources under access control on the server. This property provides a URL to a principal resource corresponding to the currently authenticated user. This allows a client to "bootstrap" itself by performing additional queries on the principal resource to obtain additional information from that resource, which is the purpose of this extension. Note that while it is possible for multiple URLs to refer to the same principal resource, or for multiple principal resources to correspond to a single principal, this specification only allows for a single http(s) URL in the DAV:current-user-principal property. If a client wishes to obtain alternate URLs for the principal, it can query the principal resource for this information; it is not the purpose of this extension to provide a complete list of such URLs, but simply to provide a means to locate a resource which contains that (and other) information.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . When XML element types in the namespace "DAV:" are referenced in this document outside of the context of an XML fragment, the string "DAV:" will be prefixed to the element type names. Processing of XML by clients and servers MUST follow the rules defined in of WebDAV . Some of the declarations refer to XML elements defined by WebDAV .
current-user-principal DAV: Indicates a URL for the currently authenticated user's principal resource on the server. A single DAV:href or DAV:unauthenticated element. This property is computed on a per-request basis, and therefore is protected. The DAV:current-user-principal property contains either a DAV:href or DAV:unauthenticated XML element. The DAV:href element contains a URL to a principal resource corresponding to the currently authenticated user. That URL MUST be one of the URLs in the DAV:principal-URL or DAV:alternate-URI-set properties defined on the principal resource and MUST be an http(s) scheme URL. When authentication has not been done or has failed, this property MUST contain the DAV:unauthenticated pseudo-principal. In some cases, there may be multiple principal resources corresponding to the same authenticated principal. In that case, the server is free to choose any one of the principal resource URIs for the value of the DAV:current-user-principal property. However, servers SHOULD be consistent and use the same principal resource URI for each authenticated principal. This property is computed on a per-request basis, and is thus never copied or moved.
<![CDATA[ <!ELEMENT current-user-principal (unauthenticated | href)> ]]>
<![CDATA[ /principals/users/cdaboo ]]>
This specification does not introduce any additional security issues beyond those defined for HTTP , WebDAV , and WebDAV ACL .
This specification is based on discussions that took place within the Calendaring and Scheduling Consortium's CalDAV Technical Committee. The authors thank the participants of that group for their input. The authors thank Julian Reschke for his valuable input via the WebDAV working group mailing list.
Key words for use in RFCs to Indicate Requirement Levels Harvard University
1350 Mass. Ave. Cambridge MA 02138 - +1 617 495 3864 [email protected]
 General keyword In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. Note that the force of these words is modified by the requirement level of the document in which they are used. Hypertext Transfer Protocol -- HTTP/1.1 Department of Information and Computer Science
University of California, Irvine Irvine CA 92697-3425 +1(949)824-1715 [email protected]
 World Wide Web Consortium
MIT Laboratory for Computer Science, NE43-356 545 Technology Square Cambridge MA 02139 +1(617)258-8682 [email protected]
 Compaq Computer Corporation
Western Research Laboratory 250 University Avenue Palo Alto CA 94305 [email protected]
 World Wide Web Consortium
MIT Laboratory for Computer Science, NE43-356 545 Technology Square Cambridge MA 02139 +1(617)258-8682 [email protected]
 Xerox Corporation
MIT Laboratory for Computer Science, NE43-356 3333 Coyote Hill Road Palo Alto CA 94034 [email protected]
 Microsoft Corporation
1 Microsoft Way Redmond WA 98052 [email protected]
 World Wide Web Consortium
MIT Laboratory for Computer Science, NE43-356 545 Technology Square Cambridge MA 02139 +1(617)258-8682 [email protected]
 The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. It is a generic, stateless, protocol which can be used for many tasks beyond its use for hypertext, such as name servers and distributed object management systems, through extension of its request methods, error codes and headers . A feature of HTTP is the typing and negotiation of data representation, allowing systems to be built independently of the data being transferred. HTTP has been in use by the World-Wide Web global information initiative since 1990. This specification defines the protocol referred to as "HTTP/1.1", and is an update to RFC 2068 . Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol IBM
20 Maguire Road Lexington MA 02421 [email protected]
 greenbytes GmbH
Salzmannstrasse 152 Muenster NW 48159 Germany [email protected]
 Oracle Corporation
500 Oracle Parkway Redwood Shores CA 94065 [email protected]
 U.C. Santa Cruz, Dept. of Computer Science
1156 High Street Santa Cruz CA 95064 [email protected]
 This document specifies a set of methods, headers, message bodies, properties, and reports that define Access Control extensions to the WebDAV Distributed Authoring Protocol. This protocol permits a client to read and modify access control lists that instruct a server whether to allow or deny operations upon a resource (such as HyperText Transfer Protocol (HTTP) method invocations) by a given principal. A lightweight representation of principals as Web resources supports integration of a wide range of user management repositories. Search operations allow discovery and manipulation of principals using human names. HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) Web Distributed Authoring and Versioning (WebDAV) consists of a set of methods, headers, and content-types ancillary to HTTP/1.1 for the management of resource properties, creation and management of resource collections, URL namespace manipulation, and resource locking (collision avoidance).</t><t> RFC 2518 was published in February 1999, and this specification obsoletes RFC 2518 with minor revisions mostly due to interoperability experience. [STANDARDS TRACK]