Cosmo Security Model

Cosmo answers two main security questions when handling a request from any source (WebDAV, CalDAV, Atom, CMP, webcal, etc):

1. Authentication - who is the person or program (in other words, the principal making the request)
2. Authorization - is the principal allowed to perform the requested operation?

Authentication

Cosmo understands these types of principals:

• user - a human with a user account on the server, identifed by credentials (username and password)
• ticket - an opaque identifier that "stands in" for any number of people or programs
• anonymous - any unidentified principal

Cosmo authenticates a request by:

1. Look for user credentials (using the Basic authentication scheme for WebDAV, CMP and Atom or the J2EE-specified form inputs for the Web Console). If found, look up the identified user and compare the submitted password to the stored one. This is the only authentication mechanism supported for the Web Console.
2. If user credentials are not found, then look for a ticket id in the Ticket header or the ticket request parameter. If found, look up the identified ticket on the requested resource (or its ancestors, as tickets are inherited by descendent resources). If found, check to see if the ticket has expired.
3. If a ticket is not found, then the principal is considered to be anonymous (in other words, unauthenticated).

Authorization

An anonymous user is allowed to use the Web Console and CMP to sign up for an account and to view certain unprotected Web Console pages.

A regular or end user is allowed to perform any operation against items they own or items that exist in collections they own, with the exception of moving or deleting the home directory.

An administrator user has full access to all user accounts and resources in the repository.

A ticket is associated with one or more privileges that allow certain types of operations for a resource:

• read-only: the ticket allows only read-only operations to the resources to which the ticket is granted on.
• read-write: the ticket allows all access to the resources to which the ticket is granted on
• freebusy: the ticket allows only access to freebusy information (only relevant for CalDAV calendar collections or regular DAV collections which contain calendar collections somewhere beneath them)

Related Documentation

More notes on security model can be found here: CosmoOneDotZeroSecurityNotes

The Spring Security web site has further information on the security framework, including API documentation and a comprehensive reference manual.

The Java Servlet 2.4 Specification discusses the general web application security concepts and container-provided services that are built upon (or sometimes replaced) by Acegi Security and Cosmo.