ACL inheritance

Hi all,

for our implementation of a WebDAV client I need to know how inherited ACLs are handled in Tamino’s implementation of the WebDAV Access Control Protocol, meaning how to set and retrieve the information of inheritance.

As the WebDAV server is partly implemented on an older draft (draft -08) for retrieval of the information DAV:inherited-acl-set is not available.

How can I access that information for the client and modify it? Or is ACL inheritance not implemented, yet?

Another question on inheritance: Are inherited ACEs also always protected, or can they be altered?

Unfortunately implementing a client with WebDAV ACP seems to be a lot of aiming at moving targets. In what time scale is this motion expected to come to a halt, and which draft (or will it be the final spec) is the target for current developments?

Unfortunately too many questions with too few answers right now … still hoping at least for some answers.



Here’s a quick summary of what I know of tamino-webdavserver’s ACL implementation:

All ACLs are inheritable (that is, they’re set on some path, any subdirectories (or contents) of that (if the path is a collection) inherit it. Exceptions: non-inheritable ACEs are possible, and may exist (they may be set on creation in Domain.xml), they cannot be set via the ACL method, and cannot be preserved if the ACL is changed.

Inherited ACEs (i.e. where they’re actually being inherited, not just when they’re inheritable) are always protected. To change them, you should change the ACE that is being inherited (it is not protected) at the path where it is inherited from.

The ACL will specify where an ACE is inherited from (if it is).