imap annotations was: KONSEC work on Cyrus IMAPd
Martin Konold
martin.konold at erfrakon.de
Thu Sep 7 16:18:20 EDT 2006
Am Donnerstag, 17. August 2006 18:53 schrieb Gerd v. Egidy:
Hi Gerd,
> didn't expect to read from you, thought you were on vacation ;)
Well,... in the meantime (actually yesterday) I returned from vacations.
> > How can you imagine abuse which needs to be prevented?
>
> I think Ken worries about annotations that are used to control server
> behavior. Currently e.g. squatter and cyr_expire can be controlled through
> annotations.
>
> In some environments it may make sense to limit access to these kind of
> knobs, at least for some users.
Thanks for enlighting me!.
I think we need three kinds of annotations. Each kind has different purposes
and different quota accounting rules and different ACL sets are required.
1. server annotations
- only system administration can control server annotation
- not necessarily set via imap but e.g. configuration files
- typically only root can write and everyone can read the server annotations
- no quoata or content limitations/restrictions are required as contents is ro
for imap users anyway
2. system annotations for folders
- stuff like controlling annotions for server side feature like the above
mentioned quatter and cyr_expire services.
- space required shall not be accounted for when calculating the quoata for an
users mailbox/account
- possible contents is strictly defined at compile time
- Access control is not determined by the folders ACLs
3. user annotations for folders
- generic meta data useful for some applications. This includes stuff required
for special purpose servers like Kolab (e.g. folder-type, freebusy relevance
etc.) and more generic information like folder creation timedate.
- namespace is predefined and allows for arbitrary local extensions within a
subtree
- space used shall be considered for calculating the quota
- possible contents is arbitrary and subject to the same ACLs like the folder
itself
Regards,
-- martin
--
http://www.erfrakon.com/
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the Cyrus-devel
mailing list