4 Network Working Group W. Sanchez
5 Request for Comments: 5397 C. Daboo
6 Category: Standards Track Apple Inc.
10 WebDAV Current Principal Extension
14 This document specifies an Internet standards track protocol for the
15 Internet community, and requests discussion and suggestions for
16 improvements. Please refer to the current edition of the "Internet
17 Official Protocol Standards" (STD 1) for the standardization state
18 and status of this protocol. Distribution of this memo is unlimited.
22 Copyright (c) 2008 IETF Trust and the persons identified as the
23 document authors. All rights reserved.
25 This document is subject to BCP 78 and the IETF Trust's Legal
26 Provisions Relating to IETF Documents
27 (http://trustee.ietf.org/license-info) in effect on the date of
28 publication of this document. Please review these documents
29 carefully, as they describe your rights and restrictions with respect
34 This specification defines a new WebDAV property that allows clients
35 to quickly determine the principal corresponding to the current
40 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
41 2. Conventions Used in This Document . . . . . . . . . . . . . . . 2
42 3. DAV:current-user-principal . . . . . . . . . . . . . . . . . . 3
43 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4
44 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 4
45 6. Normative References . . . . . . . . . . . . . . . . . . . . . 4
55 Sanchez & Daboo Standards Track [Page 1]
57 RFC 5397 WebDAV Current Principal December 2008
62 WebDAV [RFC4918] is an extension to HTTP [RFC2616] to support
63 improved document authoring capabilities. The WebDAV Access Control
64 Protocol ("WebDAV ACL") [RFC3744] extension adds access control
65 capabilities to WebDAV. It introduces the concept of a "principal"
66 resource, which is used to represent information about authenticated
67 entities on the system.
69 Some clients have a need to determine which [RFC3744] principal a
70 server is associating with the currently authenticated HTTP user.
71 While [RFC3744] defines a DAV:current-user-privilege-set property for
72 retrieving the privileges granted to that principal, there is no
73 recommended way to identify the principal in question, which is
74 necessary to perform other useful operations. For example, a client
75 may wish to determine which groups the current user is a member of,
76 or modify a property of the principal resource associated with the
79 The DAV:principal-match REPORT provides some useful functionality,
80 but there are common situations where the results from that query can
81 be ambiguous. For example, not only is an individual user principal
82 returned, but also every group principal that the user is a member
83 of, and there is no clear way to distinguish which is which.
85 This specification proposes an extension to WebDAV ACL that adds a
86 DAV:current-user-principal property to resources under access control
87 on the server. This property provides a URL to a principal resource
88 corresponding to the currently authenticated user. This allows a
89 client to "bootstrap" itself by performing additional queries on the
90 principal resource to obtain additional information from that
91 resource, which is the purpose of this extension. Note that while it
92 is possible for multiple URLs to refer to the same principal
93 resource, or for multiple principal resources to correspond to a
94 single principal, this specification only allows for a single http(s)
95 URL in the DAV:current-user-principal property. If a client wishes
96 to obtain alternate URLs for the principal, it can query the
97 principal resource for this information; it is not the purpose of
98 this extension to provide a complete list of such URLs, but simply to
99 provide a means to locate a resource which contains that (and other)
102 2. Conventions Used in This Document
104 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
105 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
106 document are to be interpreted as described in [RFC2119].
111 Sanchez & Daboo Standards Track [Page 2]
113 RFC 5397 WebDAV Current Principal December 2008
116 When XML element types in the namespace "DAV:" are referenced in this
117 document outside of the context of an XML fragment, the string "DAV:"
118 will be prefixed to the element type names.
120 Processing of XML by clients and servers MUST follow the rules
121 defined in Section 17 of WebDAV [RFC4918].
123 Some of the declarations refer to XML elements defined by WebDAV
126 3. DAV:current-user-principal
128 Name: current-user-principal
132 Purpose: Indicates a URL for the currently authenticated user's
133 principal resource on the server.
135 Value: A single DAV:href or DAV:unauthenticated element.
137 Protected: This property is computed on a per-request basis, and
138 therefore is protected.
140 Description: The DAV:current-user-principal property contains either
141 a DAV:href or DAV:unauthenticated XML element. The DAV:href
142 element contains a URL to a principal resource corresponding to
143 the currently authenticated user. That URL MUST be one of the
144 URLs in the DAV:principal-URL or DAV:alternate-URI-set properties
145 defined on the principal resource and MUST be an http(s) scheme
146 URL. When authentication has not been done or has failed, this
147 property MUST contain the DAV:unauthenticated pseudo-principal.
149 In some cases, there may be multiple principal resources
150 corresponding to the same authenticated principal. In that case,
151 the server is free to choose any one of the principal resource
152 URIs for the value of the DAV:current-user-principal property.
153 However, servers SHOULD be consistent and use the same principal
154 resource URI for each authenticated principal.
156 COPY/MOVE behavior: This property is computed on a per-request
157 basis, and is thus never copied or moved.
161 <!ELEMENT current-user-principal (unauthenticated | href)>
162 <!-- href value: a URL to a principal resource -->
167 Sanchez & Daboo Standards Track [Page 3]
169 RFC 5397 WebDAV Current Principal December 2008
174 <D:current-user-principal xmlns:D="DAV:">
175 <D:href>/principals/users/cdaboo</D:href>
176 </D:current-user-principal>
178 4. Security Considerations
180 This specification does not introduce any additional security issues
181 beyond those defined for HTTP [RFC2616], WebDAV [RFC4918], and WebDAV
186 This specification is based on discussions that took place within the
187 Calendaring and Scheduling Consortium's CalDAV Technical Committee.
188 The authors thank the participants of that group for their input.
190 The authors thank Julian Reschke for his valuable input via the
191 WebDAV working group mailing list.
193 6. Normative References
195 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
196 Requirement Levels", BCP 14, RFC 2119, March 1997.
198 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
199 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
200 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
202 [RFC3744] Clemm, G., Reschke, J., Sedlar, E., and J. Whitehead, "Web
203 Distributed Authoring and Versioning (WebDAV)
204 Access Control Protocol", RFC 3744, May 2004.
206 [RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed
207 Authoring and Versioning (WebDAV)", RFC 4918, June 2007.
217 EMail: wsanchez@wsanchez.net
218 URI: http://www.apple.com/
223 Sanchez & Daboo Standards Track [Page 4]
225 RFC 5397 WebDAV Current Principal December 2008
234 EMail: cyrus@daboo.name
235 URI: http://www.apple.com/
279 Sanchez & Daboo Standards Track [Page 5]