WebDAV Access Control List in Cosmo
WebDAV ACL (RFC 3744)
provides an interoperable mechanism for handling discretionary access control for content and metadata managed by WebDAV servers. For Cosmo this means providing a fine grained security for every WebDAV resource handled by Cosmo which includes and is not limited to Calendar, Address book or File collection and any kind of resource like an event, address book, file etc.
A "principal" is a distinct human or computational actor that initiates access to network resources. In Cosmo as per RFC 3744 we will represent a principal as a WebDAV resource and it will be created when we create an user account. For Eg: A principal named vinu will be identified by the unique URL:
This special WebDAV Resource called principal SHOULD have the following properties:
A "group" is a principal that represents a set of other principals. WebDAV ACL does not define the group management, so in Cosmo groups are managed using Cosmo Management Protocol (CMP). Information about CMP can be found at CosmoManagementProtocol
and group specific additions to CMP can be found at CmpGroups
Basic Privileges Required by RFC 3744
DAV:bind and DAV:unbind privileges applies to collections and defines the ability to put or remove a resource respectively. For resources other than collection this privileges are ignored.
Additional properties defined on a resource (all of them will be protected properties)
Features so far:
- Complete Group Support including manipulation of group information using CMP
- A simple UI for creating groups in Cosmo repository browser.
- Models to store the ACL's and Access Control Entries associated with any item.
- Service layer and Dao layer implementation (hibernate based dao) for access control objects.
Checkout the source code from my svn sandbox:
svn co http://svn.osafoundation.org/sandbox/vinu/cosmoacl/
If you want to make this cosmo run, you should follow CosmoBuildInstructions
and use this Cosmo source instead of the default Cosmo. This version of Cosmo was constantly updated to have the latest in trunk using a distributed version tool called svk, but unfortunately svk failed to update after some point. More details about svk can be found at
- 24 Mar 2007
- 22 Aug 2006