Network Working Group A. Melnikov Request for Comments: 4314 Isode Ltd. Obsoletes: 2086 December 2005 Category: Standards Track
Network Working Group A. Melnikov Request for Comments: 4314 Isode Ltd. Obsoletes: 2086 December 2005 Category: Standards Track
IMAP4 Access Control List (ACL) Extension
IMAP4访问控制列表(ACL)扩展
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
The Access Control List (ACL) extension (RFC 2086) of the Internet Message Access Protocol (IMAP) permits mailbox access control lists to be retrieved and manipulated through the IMAP protocol.
Internet消息访问协议(IMAP)的访问控制列表(ACL)扩展(RFC 2086)允许通过IMAP协议检索和操作邮箱访问控制列表。
This document is a revision of RFC 2086. It defines several new access control rights and clarifies which rights are required for different IMAP commands.
本文件是RFC 2086的修订版。它定义了几个新的访问控制权限,并阐明了不同IMAP命令需要哪些权限。
Table of Contents
目录
1. Introduction and Overview .......................................3 1.1. Conventions Used in This Document ..........................3 2. Access Control ..................................................3 2.1. Standard Rights ............................................5 2.1.1. Obsolete Rights .....................................5 2.2. Rights Defined in RFC 2086 .................................8 3. Access control management commands and responses ................8 3.1. SETACL Command .............................................8 3.2. DELETEACL Command ..........................................9 3.3. GETACL Command ............................................10 3.4. LISTRIGHTS Command ........................................10 3.5. MYRIGHTS Command ..........................................11 3.6. ACL Response ..............................................11 3.7. LISTRIGHTS Response .......................................12 3.8. MYRIGHTS Response .........................................12 4. Rights Required to Perform Different IMAP4rev1 Commands ........12 5. Other Considerations ...........................................17 5.1. Additional Requirements and Implementation Notes ..........17 5.1.1. Servers ............................................17 5.1.2. Clients ............................................18 5.2. Mapping of ACL Rights to READ-WRITE and READ-ONLY Response Codes ............................................19 6. Security Considerations ........................................20 7. Formal Syntax ..................................................21 8. IANA Considerations ............................................22 9. Internationalization Considerations ............................22 Appendix A. Changes since RFC 2086 ................................23 Appendix B. Compatibility with RFC 2086 ...........................24 Appendix C. Known Deficiencies ....................................24 Appendix D. Acknowledgements ......................................25 Normative References ..............................................25 Informative References ............................................25
1. Introduction and Overview .......................................3 1.1. Conventions Used in This Document ..........................3 2. Access Control ..................................................3 2.1. Standard Rights ............................................5 2.1.1. Obsolete Rights .....................................5 2.2. Rights Defined in RFC 2086 .................................8 3. Access control management commands and responses ................8 3.1. SETACL Command .............................................8 3.2. DELETEACL Command ..........................................9 3.3. GETACL Command ............................................10 3.4. LISTRIGHTS Command ........................................10 3.5. MYRIGHTS Command ..........................................11 3.6. ACL Response ..............................................11 3.7. LISTRIGHTS Response .......................................12 3.8. MYRIGHTS Response .........................................12 4. Rights Required to Perform Different IMAP4rev1 Commands ........12 5. Other Considerations ...........................................17 5.1. Additional Requirements and Implementation Notes ..........17 5.1.1. Servers ............................................17 5.1.2. Clients ............................................18 5.2. Mapping of ACL Rights to READ-WRITE and READ-ONLY Response Codes ............................................19 6. Security Considerations ........................................20 7. Formal Syntax ..................................................21 8. IANA Considerations ............................................22 9. Internationalization Considerations ............................22 Appendix A. Changes since RFC 2086 ................................23 Appendix B. Compatibility with RFC 2086 ...........................24 Appendix C. Known Deficiencies ....................................24 Appendix D. Acknowledgements ......................................25 Normative References ..............................................25 Informative References ............................................25
The ACL (Access Control List) extension of the Internet Message Access Protocol [IMAP4] permits mailbox access control lists to be retrieved and manipulated through the IMAP protocol.
Internet消息访问协议[IMAP4]的ACL(访问控制列表)扩展允许通过IMAP协议检索和操作邮箱访问控制列表。
This document is a revision of RFC 2086 [RFC2086]. It tries to clarify different ambiguities in RFC 2086, in particular, the use of UTF-8 [UTF-8] in access identifiers, which rights are required for different IMAP4 commands, and how READ-WRITE/READ-ONLY response codes are related to ACL.
本文件是RFC 2086[RFC2086]的修订版。它试图澄清RFC 2086中的不同歧义,特别是在访问标识符中使用UTF-8[UTF-8],不同IMAP4命令需要哪些权限,以及读写/只读响应代码与ACL的关系。
In examples, "C:" and "S:" indicate lines sent by the client and server respectively.
在示例中,“C:”和“S:”分别表示客户端和服务器发送的行。
In all examples "/" character is used as hierarchy separator.
在所有示例中,“/”字符用作层次分隔符。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [KEYWORDS].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[关键词]中所述进行解释。
The phrase "ACL server" is just a shortcut for saying "IMAP server that supports ACL extension as defined in this document".
短语“ACL服务器”只是表示“支持本文档中定义的ACL扩展的IMAP服务器”的快捷方式。
The ACL extension is present in any IMAP4 implementation that returns "ACL" as one of the supported capabilities to the CAPABILITY command.
ACL扩展存在于任何将“ACL”作为支持的功能之一返回给CAPABILITY命令的IMAP4实现中。
A server implementation conformant to this document MUST also return rights (see below) not defined in Section 2.2 in the "RIGHTS=" capability.
符合本文档要求的服务器实现还必须返回“rights=”功能第2.2节中未定义的权限(见下文)。
An access control list is a set of <access identifier,rights> pairs. An ACL applies to a mailbox name.
访问控制列表是一组<access identifier,rights>对。ACL应用于邮箱名称。
Access identifier (or just "identifier") is a UTF-8 [UTF-8] string. The identifier "anyone" is reserved to refer to the universal identity (all authentications, including anonymous). All user name strings accepted by the LOGIN or AUTHENTICATE commands to authenticate to the IMAP server are reserved as identifiers for the corresponding users. Identifiers starting with a dash ("-") are reserved for "negative rights", described below. All other identifier strings are interpreted in an implementation-defined manner.
访问标识符(或简称“标识符”)是一个UTF-8[UTF-8]字符串。标识符“anywhere”保留为引用通用身份(所有身份验证,包括匿名身份验证)。LOGIN或AUTHENTICATE命令接受的用于向IMAP服务器进行身份验证的所有用户名字符串都保留为相应用户的标识符。以破折号(“-”)开头的标识符保留用于“负权限”,如下所述。所有其他标识符字符串都以实现定义的方式进行解释。
Rights is a string listing a (possibly empty) set of alphanumeric characters, each character listing a set of operations that is being controlled. Lowercase letters are reserved for "standard" rights, listed in Section 2.1. (Note that for compatibility with deployed clients and servers uppercase rights are not allowed.) The set of standard rights can only be extended by a standards-track document. Digits are reserved for implementation- or site-defined rights.
权限是一个字符串,列出一组字母数字字符(可能为空),每个字符列出一组被控制的操作。第2.1节中列出的“标准”权限保留小写字母。(请注意,为了与部署的客户端和服务器兼容,不允许使用大写权限。)标准权限集只能通过标准跟踪文档进行扩展。数字保留用于实现或站点定义的权限。
An implementation MAY tie rights together or MAY force rights to always or never be granted to particular identifiers. For example, in an implementation that uses UNIX mode bits, the rights "swite" are tied, the "a" right is always granted to the owner of a mailbox and is never granted to another user. If rights are tied in an implementation, the implementation must be conservative in granting rights in response to SETACL commands--unless all rights in a tied set are specified, none of that set should be included in the ACL entry for that identifier. A client can discover the set of rights that may be granted to a given identifier in the ACL for a given mailbox name by using the LISTRIGHTS command.
一个实现可以将权限绑定在一起,也可以强制将权限始终授予或从不授予特定标识符。例如,在使用UNIX模式位的实现中,权限“swite”是绑定的,“a”权限始终授予邮箱所有者,而从不授予其他用户。如果在实现中绑定了权限,则该实现在响应SETACL命令授予权限时必须保守——除非指定绑定集中的所有权限,否则该标识符的ACL条目中不应包括该集合中的任何权限。客户机可以通过使用LISTRIGHTS命令,发现可以授予ACL中给定邮箱名称的给定标识符的一组权限。
It is possible for multiple identifiers in an access control list to apply to a given user. For example, an ACL may include rights to be granted to the identifier matching the user, one or more implementation-defined identifiers matching groups that include the user, and/or the identifier "anyone". How these rights are combined to determine the user's access is implementation defined. An implementation may choose, for example, to use the union of the rights granted to the applicable identifiers. An implementation may instead choose, for example, to use only those rights granted to the most specific identifier present in the ACL. A client can determine the set of rights granted to the logged-in user for a given mailbox name by using the MYRIGHTS command.
访问控制列表中的多个标识符可以应用于给定用户。例如,ACL可以包括被授予与用户匹配的标识符、一个或多个与包括用户的组匹配的实现定义的标识符和/或标识符“任何人”的权利。如何组合这些权限以确定用户的访问权限是由实现定义的。例如,实现可以选择使用授予适用标识符的权利的联合。例如,实现可以选择仅使用授予ACL中存在的最特定标识符的那些权限。客户机可以使用MYRIGHTS命令确定为给定邮箱名授予登录用户的权限集。
When an identifier in an ACL starts with a dash ("-"), that indicates that associated rights are to be removed from the identifier prefixed by the dash. This is referred to as a "negative right". This differs from DELETEACL in that a negative right is added to the ACL and is a part of the calculation of the rights.
当ACL中的标识符以破折号(“-”)开头时,表示要从以破折号为前缀的标识符中删除关联的权限。这被称为“消极权利”。这与DELETEACL的不同之处在于,将负权限添加到ACL中,并且是权限计算的一部分。
Let's assume that an identifier "fred" refers to a user with login "fred". If the identifier "-fred" is granted the "w" right, that indicates that the "w" right is to be removed from users matching the identifier "fred", even though the user "fred" might have the "w" right as a consequence of some other identifier in the ACL. A DELETEACL of "fred" simply deletes the identifier "fred" from the ACL; it does not affect any rights that the user "fred" may get from another entry in the ACL, in particular it doesn't affect rights granted to the identifier "-fred".
假设标识符“fred”指的是登录名为“fred”的用户。如果标识符“-fred”被授予“w”权限,则表示将从与标识符“fred”匹配的用户中删除“w”权限,即使用户“fred”可能由于ACL中的某个其他标识符而拥有“w”权限。DELETEACL的“fred”只是从ACL中删除标识符“fred”;它不影响用户“fred”可能从ACL中的另一个条目获得的任何权限,特别是它不影响授予标识符“-fred”的权限。
Server implementations are not required to support "negative right" identifiers.
服务器实现不需要支持“负右”标识符。
The currently defined standard rights are (note that the list below doesn't list all commands that use a particular right):
当前定义的标准权限是(请注意,下面的列表没有列出使用特定权限的所有命令):
l - lookup (mailbox is visible to LIST/LSUB commands, SUBSCRIBE mailbox) r - read (SELECT the mailbox, perform STATUS) s - keep seen/unseen information across sessions (set or clear \SEEN flag via STORE, also set \SEEN during APPEND/COPY/ FETCH BODY[...]) w - write (set or clear flags other than \SEEN and \DELETED via STORE, also set them during APPEND/COPY) i - insert (perform APPEND, COPY into mailbox) p - post (send mail to submission address for mailbox, not enforced by IMAP4 itself) k - create mailboxes (CREATE new sub-mailboxes in any implementation-defined hierarchy, parent mailbox for the new mailbox name in RENAME) x - delete mailbox (DELETE mailbox, old mailbox name in RENAME) t - delete messages (set or clear \DELETED flag via STORE, set \DELETED flag during APPEND/COPY) e - perform EXPUNGE and expunge as a part of CLOSE a - administer (perform SETACL/DELETEACL/GETACL/LISTRIGHTS)
l-查找(邮箱对LIST/LSUB命令可见,订阅邮箱)r-读取(选择邮箱,执行状态)s-跨会话保持可见/不可见信息(通过存储设置或清除\seen标志,也可在追加/复制/获取正文[…]期间设置\seen)w-写入(通过存储设置或清除\SEEN和\DELETED以外的标志,在追加/复制期间也设置这些标志)i-insert(执行追加,复制到邮箱)p-post(将邮件发送到邮箱的提交地址,不由IMAP4本身强制执行)k-创建邮箱(在任何实现定义的层次结构中创建新的子邮箱,重命名中新邮箱名称的父邮箱)x-删除邮箱(删除邮箱,重命名中的旧邮箱名称)t-删除邮件(通过存储设置或清除\DELETED标志,追加/复制期间设置\DELETED标志)e-执行删除,并将删除作为关闭a的一部分-管理(执行SETACL/DELETEACL/GETACL/LISTRIGHTS)
Due to ambiguity in RFC 2086, some existing RFC 2086 server implementations use the "c" right to control the DELETE command. Others chose to use the "d" right to control the DELETE command. For the former group, let's define the "create" right as union of the "k" and "x" rights, and the "delete" right as union of the "e" and "t" rights. For the latter group, let's define the "create" rights as a synonym to the "k" right, and the "delete" right as union of the "e", "t", and "x" rights.
由于RFC2086中的模糊性,一些现有的RFC2086服务器实现使用“c”权限来控制DELETE命令。其他人选择使用“d”权限来控制DELETE命令。对于前一组,让我们将“创建”权利定义为“k”和“x”权利的并集,“删除”权利定义为“e”和“t”权利的并集。对于后一组,让我们将“创建”权利定义为“k”权利的同义词,“删除”权利定义为“e”、“t”和“x”权利的并集。
For compatibility with RFC 2086, this section defines two virtual rights "d" and "c".
为了与RFC 2086兼容,本节定义了两个虚拟权限“d”和“c”。
If a client includes the "d" right in a rights list, then it MUST be treated as if the client had included every member of the "delete" right. (It is not an error for a client to specify both the "d" right and one or more members of the "delete" right, but the effect is no different than if just the "d" right or all members of the "delete" right had been specified.)
如果客户机在权限列表中包含“d”权限,则必须将其视为客户机包含了“删除”权限的每个成员。(客户机同时指定“d”权限和“删除”权限的一个或多个成员不是错误,但其效果与仅指定了“d”权限或“删除”权限的所有成员没有区别。)
When any of the "delete" member rights is set in a list of rights, the server MUST also include the "d" right when returning the list in a MYRIGHTS or ACL response. This is to enable older clients conforming to RFC 2086 to work with newer servers. (*)
当在权限列表中设置了任何“删除”成员权限时,服务器在MYRIGHTS或ACL响应中返回列表时还必须包含“d”权限。这是为了使符合RFC 2086的旧客户端能够与新服务器一起工作。(*)
Example: C: A001 SeTacl INBOX/Drafts David lrswida S: A001 OK Setacl complete
Example: C: A001 SeTacl INBOX/Drafts David lrswida S: A001 OK Setacl complete
The client has specified the "d" right in the SETACL command above and it expands to "et" on the server:
客户端已在上面的SETACL命令中指定了“d”权限,并在服务器上扩展为“et”:
C: A002 getacl INBOX/Drafts S: * ACL INBOX Fred rwipslxcetda David lrswideta S: A002 OK Getacl complete
C: A002 getacl INBOX/Drafts S: * ACL INBOX Fred rwipslxcetda David lrswideta S: A002 OK Getacl complete
If the identifier specified in the LISTRIGHTS command can be granted any of the "delete" member rights on a mailbox, then the server MUST include the "d" right in the corresponding LISTRIGHTS response. (*) If the member rights aren't tied to non-member rights, then the "d" right is returned by itself in the LISTRIGHTS response. If any of the member rights needs to be tied to one (or more) non-member right, then the "d" right and all of the member rights need to be tied to the same non-member right(s) (**).
如果可以向LISTRIGHTS命令中指定的标识符授予邮箱上的任何“删除”成员权限,则服务器必须在相应的LISTRIGHTS响应中包含“d”权限。(*)如果成员权限未绑定到非成员权限,则在LISTRIGHTS响应中会自动返回“d”权限。如果任何成员权利需要绑定到一个(或多个)非成员权利,则“d”权利和所有成员权利需要绑定到相同的非成员权利(**)。
If a client includes the "c" right in a rights list, then it MUST be treated as if the client had included every member of the "create" right. (It is not an error for a client to specify both the "c" right and one or more members of the "create" right, but the effect is no different than if just the "c" right or all members of the "create" right had been specified.)
如果客户机在权限列表中包含“c”权限,则必须将其视为客户机包含了“创建”权限的每个成员。(客户端同时指定“c”权限和“创建”权限的一个或多个成员不是错误,但其效果与仅指定了“c”权限或“创建”权限的所有成员没有区别。)
When any of the "create" member rights is set in a list of rights, the server MUST also include the "c" right when returning the list in a MYRIGHTS or ACL response. This is to enable older clients conforming to RFC 2086 to work with newer servers. (*)
当在权限列表中设置了任何“创建”成员权限时,服务器在MYRIGHTS或ACL响应中返回列表时还必须包含“c”权限。这是为了使符合RFC 2086的旧客户端能够与新服务器一起工作。(*)
Example: C: A003 Setacl INBOX/Drafts Byron lrswikda S: A001 OK Setacl complete C: A002 getAcl INBOX/Drafts S: * ACL INBOX Fred rwipslxcetda Byron lrswikcdeta S: A002 OK Getacl complete
Example: C: A003 Setacl INBOX/Drafts Byron lrswikda S: A001 OK Setacl complete C: A002 getAcl INBOX/Drafts S: * ACL INBOX Fred rwipslxcetda Byron lrswikcdeta S: A002 OK Getacl complete
The client has specified the "d" right in the SETACL command above and it expands to "et" on the server: As the client has specified the "k" right (which is a member of the "c" right), the server also returns the "c" right.
客户端在上面的SETACL命令中指定了“d”权限,并在服务器上扩展为“et”:由于客户端指定了“k”权限(它是“c”权限的一个成员),服务器也返回“c”权限。
If the identifier specified in the LISTRIGHTS command can be granted any of the "create" member rights on a mailbox, then the server MUST include the "c" right in the corresponding LISTRIGHTS response. (*) If the member rights aren't tied to non-member rights, then the "c" right is returned by itself in the LISTRIGHTS response. If any of the member rights needs to be tied to one (or more) non-member right, then the "c" right and all of the member rights need to be tied to the same non-member right(s) (**).
如果可以向LISTRIGHTS命令中指定的标识符授予邮箱上的任何“创建”成员权限,则服务器必须在相应的LISTRIGHTS响应中包含“c”权限。(*)如果成员权限未绑定到非成员权限,则在LISTRIGHTS响应中返回“c”权限。如果任何成员权利需要绑定到一个(或多个)非成员权利,则“c”权利和所有成员权利需要绑定到相同的非成员权利(**)。
Example: The server that ties the rights as follows:
示例:按如下方式绑定权限的服务器:
lr s w i p k x t
lr s w i p k x t
and c=k
c=k
will return:
将返回:
S: * LISTRIGHTS archive/imap anyone "" lr s w i p k x t c d
S:*LISTRIGHTS archive/imap anyone“lr S w i p k x t c d
Example: The server that ties the rights as follows:
示例:按如下方式绑定权限的服务器:
lr s w i p k xte
lr s w i p k xte
and c=k
c=k
will return:
将返回:
S: * LISTRIGHTS archive/imap anyone "" lr s w i p k xte c d
S:*LISTRIGHTS archive/imap anyone“lr S w i p k xte c d
Example: The server that ties the rights as follows:
示例:按如下方式绑定权限的服务器:
lr s w i p k x te
lr s w i p k x te
and c=k
c=k
will return:
将返回:
S: * LISTRIGHTS archive/imap anyone "" lr s w i p k c x te d
S:*LISTRIGHTS archive/imap anyone“lr S w i p k c x te d
Example: The server that ties the rights as follows:
示例:按如下方式绑定权限的服务器:
lr swte i p k x
lr swte i p k x
and c=kx
c=kx
will return:
将返回:
S: * LISTRIGHTS archive/imap anyone "" lr swted i p k x c
S:*LISTRIGHTS archive/imap Anywhere“lr swted i p k x c
(*) Clients conforming to this document MUST ignore the virtual "d" and "c" rights in MYRIGHTS, ACL, and LISTRIGHTS responses.
(*)符合本文档要求的客户端必须忽略MYRIGHTS、ACL和LISTRIGHTS响应中的虚拟“d”和“c”权限。
(**) The IMAPEXT Working Group has debated this issue in great length and after reviewing existing ACL implementations concluded that this is a reasonable restriction.
(**)IMAPEXT工作组就这一问题进行了长时间的辩论,并在审查了现有ACL实现后得出结论,这是一个合理的限制。
The "RIGHTS=" capability MUST NOT include any of the rights defined in RFC 2086: "l", "r", "s", "w", "i", "p", "a", "c", "d", and the digits ("0" .. "9").
“RIGHTS=”功能不得包括RFC 2086中定义的任何权利:“l”、“r”、“s”、“w”、“i”、“p”、“a”、“c”、“d”和数字(“0”。“9”)。
Servers, when processing a command that has an identifier as a parameter (i.e., any of SETACL, DELETEACL, and LISTRIGHTS commands), SHOULD first prepare the received identifier using "SASLprep" profile [SASLprep] of the "stringprep" algorithm [Stringprep]. If the preparation of the identifier fails or results in an empty string, the server MUST refuse to perform the command with a BAD response. Note that Section 6 recommends additional identifier's verification steps.
服务器在处理以标识符作为参数的命令(即SETACL、DELETEACL和LISTRIGHTS命令中的任何一个)时,应首先使用“stringprep”算法[stringprep]的“SASLprep”配置文件[SASLprep]准备收到的标识符。如果标识符的准备失败或导致空字符串,服务器必须拒绝执行错误响应的命令。注意,第6节建议了额外的标识符验证步骤。
Arguments: mailbox name identifier access right modification
参数:邮箱名称标识符访问权限修改
Data: no specific data for this command
数据:此命令没有特定数据
Result: OK - setacl completed NO - setacl failure: can't set acl BAD - arguments invalid
Result: OK - setacl completed NO - setacl failure: can't set acl BAD - arguments invalid
The SETACL command changes the access control list on the specified mailbox so that the specified identifier is granted permissions as specified in the third argument.
SETACL命令更改指定邮箱上的访问控制列表,以便按照第三个参数中的指定授予指定标识符权限。
The third argument is a string containing an optional plus ("+") or minus ("-") prefix, followed by zero or more rights characters. If the string starts with a plus, the following rights are added to any
第三个参数是一个字符串,包含可选的加号(“+”)或减号(“-”)前缀,后跟零个或多个权限字符。如果字符串以加号开头,则以下权限将添加到任何
existing rights for the identifier. If the string starts with a minus, the following rights are removed from any existing rights for the identifier. If the string does not start with a plus or minus, the rights replace any existing rights for the identifier.
标识符的现有权限。如果字符串以减号开头,则将从标识符的任何现有权限中删除以下权限。如果字符串不以加号或减号开头,则这些权限将替换标识符的任何现有权限。
Note that an unrecognized right MUST cause the command to return the BAD response. In particular, the server MUST NOT silently ignore unrecognized rights.
请注意,无法识别的权限必须导致命令返回错误响应。特别是,服务器不能以静默方式忽略无法识别的权限。
Example: C: A001 GETACL INBOX/Drafts S: * ACL INBOX/Drafts Fred rwipslxetad Chris lrswi S: A001 OK Getacl complete C: A002 SETACL INBOX/Drafts Chris +cda S: A002 OK Setacl complete C: A003 GETACL INBOX/Drafts S: * ACL INBOX/Drafts Fred rwipslxetad Chris lrswicdakxet S: A003 OK Getacl complete
Example: C: A001 GETACL INBOX/Drafts S: * ACL INBOX/Drafts Fred rwipslxetad Chris lrswi S: A001 OK Getacl complete C: A002 SETACL INBOX/Drafts Chris +cda S: A002 OK Setacl complete C: A003 GETACL INBOX/Drafts S: * ACL INBOX/Drafts Fred rwipslxetad Chris lrswicdakxet S: A003 OK Getacl complete
C: A035 SETACL INBOX/Drafts John lrQswicda S: A035 BAD Uppercase rights are not allowed
C: A035 SETACL INBOX/Drafts John lrQswicda S: A035 BAD Uppercase rights are not allowed
C: A036 SETACL INBOX/Drafts John lrqswicda S: A036 BAD The q right is not supported
C: A036 SETACL INBOX/Drafts John lrqswicda S: A036 BAD The q right is not supported
Arguments: mailbox name identifier
参数:邮箱名称标识符
Data: no specific data for this command
数据:此命令没有特定数据
Result: OK - deleteacl completed NO - deleteacl failure: can't delete acl BAD - arguments invalid
Result: OK - deleteacl completed NO - deleteacl failure: can't delete acl BAD - arguments invalid
The DELETEACL command removes any <identifier,rights> pair for the specified identifier from the access control list for the specified mailbox.
DELETEACL命令从指定邮箱的访问控制列表中删除指定标识符的任何<identifier,rights>对。
Example: C: B001 getacl INBOX S: * ACL INBOX Fred rwipslxetad -Fred wetd $team w S: B001 OK Getacl complete C: B002 DeleteAcl INBOX Fred S: B002 OK Deleteacl complete
Example: C: B001 getacl INBOX S: * ACL INBOX Fred rwipslxetad -Fred wetd $team w S: B001 OK Getacl complete C: B002 DeleteAcl INBOX Fred S: B002 OK Deleteacl complete
C: B003 GETACL INBOX S: * ACL INBOX -Fred wetd $team w S: B003 OK Getacl complete
C: B003 GETACL INBOX S: * ACL INBOX -Fred wetd $team w S: B003 OK Getacl complete
Arguments: mailbox name
参数:邮箱名称
Data: untagged responses: ACL
数据:未标记的响应:ACL
Result: OK - getacl completed NO - getacl failure: can't get acl BAD - arguments invalid
Result: OK - getacl completed NO - getacl failure: can't get acl BAD - arguments invalid
The GETACL command returns the access control list for mailbox in an untagged ACL response.
GETACL命令返回未标记ACL响应中邮箱的访问控制列表。
Some implementations MAY permit multiple forms of an identifier to reference the same IMAP account. Usually, such implementations will have a canonical form that is stored internally. An ACL response caused by a GETACL command MAY include a canonicalized form of the identifier that might be different from the one used in the corresponding SETACL command.
某些实现可能允许多种形式的标识符引用同一IMAP帐户。通常,此类实现将具有内部存储的规范形式。由GETACL命令引起的ACL响应可能包括标识符的规范化形式,该形式可能不同于相应SETACL命令中使用的形式。
Example: C: A002 GETACL INBOX S: * ACL INBOX Fred rwipsldexta S: A002 OK Getacl complete
Example: C: A002 GETACL INBOX S: * ACL INBOX Fred rwipsldexta S: A002 OK Getacl complete
Arguments: mailbox name identifier
参数:邮箱名称标识符
Data: untagged responses: LISTRIGHTS
数据:未标记的响应:LISTRIGHTS
Result: OK - listrights completed NO - listrights failure: can't get rights list BAD - arguments invalid
Result: OK - listrights completed NO - listrights failure: can't get rights list BAD - arguments invalid
The LISTRIGHTS command takes a mailbox name and an identifier and returns information about what rights can be granted to the identifier in the ACL for the mailbox.
LISTRIGHTS命令接受邮箱名称和标识符,并返回有关可以在邮箱的ACL中向标识符授予哪些权限的信息。
Some implementations MAY permit multiple forms of an identifier to reference the same IMAP account. Usually, such implementations will have a canonical form that is stored internally. A LISTRIGHTS
某些实现可能允许多种形式的标识符引用同一IMAP帐户。通常,此类实现将具有内部存储的规范形式。列名权
response caused by a LISTRIGHTS command MUST always return the same form of an identifier as specified by the client. This is to allow the client to correlate the response with the command.
LISTRIGHTS命令引起的响应必须始终返回客户端指定的相同形式的标识符。这是为了允许客户端将响应与命令关联起来。
Example: C: a001 LISTRIGHTS ~/Mail/saved smith S: * LISTRIGHTS ~/Mail/saved smith la r swicdkxte S: a001 OK Listrights completed
Example: C: a001 LISTRIGHTS ~/Mail/saved smith S: * LISTRIGHTS ~/Mail/saved smith la r swicdkxte S: a001 OK Listrights completed
Example: C: a005 listrights archive/imap anyone S: * LISTRIGHTS archive.imap anyone "" l r s w i p k x t e c d a 0 1 2 3 4 5 6 7 8 9 S: a005 Listrights successful
Example: C: a005 listrights archive/imap anyone S: * LISTRIGHTS archive.imap anyone "" l r s w i p k x t e c d a 0 1 2 3 4 5 6 7 8 9 S: a005 Listrights successful
Arguments: mailbox name
参数:邮箱名称
Data: untagged responses: MYRIGHTS
数据:未标记的回答:百万
Result: OK - myrights completed NO - myrights failure: can't get rights BAD - arguments invalid
Result: OK - myrights completed NO - myrights failure: can't get rights BAD - arguments invalid
The MYRIGHTS command returns the set of rights that the user has to mailbox in an untagged MYRIGHTS reply.
MYRIGHTS命令返回用户在未标记的MYRIGHTS回复中对邮箱拥有的一组权限。
Example: C: A003 MYRIGHTS INBOX S: * MYRIGHTS INBOX rwiptsldaex S: A003 OK Myrights complete
Example: C: A003 MYRIGHTS INBOX S: * MYRIGHTS INBOX rwiptsldaex S: A003 OK Myrights complete
Data: mailbox name zero or more identifier rights pairs
数据:邮箱名称零个或多个标识符权限对
The ACL response occurs as a result of a GETACL command. The first string is the mailbox name for which this ACL applies. This is followed by zero or more pairs of strings; each pair contains the identifier for which the entry applies followed by the set of rights that the identifier has.
ACL响应是GETACL命令的结果。第一个字符串是应用此ACL的邮箱名称。然后是零对或多对字符串;每一对都包含条目适用的标识符,后跟该标识符拥有的一组权限。
Section 2.1.1 details additional server requirements related to handling of the virtual "d" and "c" rights.
第2.1.1节详细说明了与虚拟“d”和“c”权限处理相关的其他服务器要求。
Data: mailbox name identifier required rights list of optional rights
数据:邮箱名称标识符所需权限可选权限列表
The LISTRIGHTS response occurs as a result of a LISTRIGHTS command. The first two strings are the mailbox name and identifier for which this rights list applies. Following the identifier is a string containing the (possibly empty) set of rights the identifier will always be granted in the mailbox.
LISTRIGHTS响应是LISTRIGHTS命令的结果。前两个字符串是此权限列表适用的邮箱名称和标识符。标识符后面是一个字符串,其中包含在邮箱中始终授予该标识符的权限集(可能为空)。
Following this are zero or more strings each containing a set of rights the identifier can be granted in the mailbox. Rights mentioned in the same string are tied together. The server MUST either grant all tied rights to the identifier in the mailbox or grant none. Section 2.1.1 details additional server requirements related to handling of the virtual "d" and "c" rights.
接下来是零个或多个字符串,每个字符串包含一组可在邮箱中授予标识符的权限。同一字符串中提到的权利是捆绑在一起的。服务器必须向邮箱中的标识符授予所有绑定权限,或者不授予任何权限。第2.1.1节详细说明了与虚拟“d”和“c”权限处理相关的其他服务器要求。
The same right MUST NOT be listed more than once in the LISTRIGHTS command.
LISTRIGHTS命令中不能多次列出同一权限。
Data: mailbox name rights
数据:邮箱名称权限
The MYRIGHTS response occurs as a result of a MYRIGHTS command. The first string is the mailbox name for which these rights apply. The second string is the set of rights that the client has.
MYRIGHTS响应是MYRIGHTS命令的结果。第一个字符串是应用这些权限的邮箱名称。第二个字符串是客户端拥有的权限集。
Section 2.1.1 details additional server requirements related to handling of the virtual "d" and "c" rights.
第2.1.1节详细说明了与虚拟“d”和“c”权限处理相关的其他服务器要求。
Before executing a command, an ACL-compliant server MUST check which rights are required to perform it. This section groups command by functions they perform and list the rights required. It also gives the detailed description of any special processing required.
在执行命令之前,符合ACL的服务器必须检查执行命令所需的权限。本节按命令执行的功能对命令进行分组,并列出所需的权限。它还详细说明了所需的任何特殊处理。
For the purpose of this section the UID counterpart of a command is considered to be the same command, e.g., both UID COPY and COPY commands require the same set of rights.
在本节中,命令的UID对应项被视为同一命令,例如,UID COPY和COPY命令都需要相同的权限集。
The table below summarizes different rights or their combinations that are required in order to perform different IMAP operations. As it is not always possible to express complex right checking and interactions, the description after the table should be used as the primary reference.
下表总结了执行不同IMAP操作所需的不同权限或其组合。由于并不总是能够表达复杂的权利检查和交互,因此应将表后的描述用作主要参考。
+-------------------+---+---+---+---+---+---+---+---+---+---+---+---+ |Operations\Rights | l | r | s | w | i | k | x | t | e | a |Any|Non| +-------------------+---+---+---+---+---+---+---+---+---+---+---+---+ | commands in authenticated state | +-------------------------------------------------------------------+ | LIST | + | | | | | | | | | | | | | SUBSCRIBE | * | | | | | | | | | | | * | | UNSUBSCRIBE | | | | | | | | | | | | + | | LSUB | * | | | | | | | | | | | * | |CREATE (for parent)| | | | | | + | | | | | | | | DELETE | | ? | | | | | + | ? | ? | | | | | RENAME | | | | | | + | + | | | | | | | SELECT/EXAMINE | | + | | | | | | | | | | | | STATUS | | + | | | | | | | | | | | | SETACL/DELETEACL | | | | | | | | | | + | | | | GETACL/LISTRIGHTS | | | | | | | | | | + | | | | MYRIGHTS | | | | | | | | | | | + | | | APPEND | | | ? | ? | + | | | ? | | | | | +-------------------------------------------------------------------+ | commands in selected state | +-------------------------------------------------------------------+ | COPY | | | ? | ? | + | | | ? | | | | | | EXPUNGE | | | | | | | | | + | | | | | CLOSE | | | | | | | | | ? | | | | | FETCH | | | ? | | | | | | | | | | | STORE flags | | | ? | ? | | | | ? | | | | | +-------------------+---+---+---+---+---+---+---+---+---+---+---+---+
+-------------------+---+---+---+---+---+---+---+---+---+---+---+---+ |Operations\Rights | l | r | s | w | i | k | x | t | e | a |Any|Non| +-------------------+---+---+---+---+---+---+---+---+---+---+---+---+ | commands in authenticated state | +-------------------------------------------------------------------+ | LIST | + | | | | | | | | | | | | | SUBSCRIBE | * | | | | | | | | | | | * | | UNSUBSCRIBE | | | | | | | | | | | | + | | LSUB | * | | | | | | | | | | | * | |CREATE (for parent)| | | | | | + | | | | | | | | DELETE | | ? | | | | | + | ? | ? | | | | | RENAME | | | | | | + | + | | | | | | | SELECT/EXAMINE | | + | | | | | | | | | | | | STATUS | | + | | | | | | | | | | | | SETACL/DELETEACL | | | | | | | | | | + | | | | GETACL/LISTRIGHTS | | | | | | | | | | + | | | | MYRIGHTS | | | | | | | | | | | + | | | APPEND | | | ? | ? | + | | | ? | | | | | +-------------------------------------------------------------------+ | commands in selected state | +-------------------------------------------------------------------+ | COPY | | | ? | ? | + | | | ? | | | | | | EXPUNGE | | | | | | | | | + | | | | | CLOSE | | | | | | | | | ? | | | | | FETCH | | | ? | | | | | | | | | | | STORE flags | | | ? | ? | | | | ? | | | | | +-------------------+---+---+---+---+---+---+---+---+---+---+---+---+
Note: for all commands in the selected state, the "r" is implied, because it is required to SELECT/EXAMINE a mailbox. Servers are not required to check presence of the "r" right once a mailbox is successfully selected.
注意:对于处于选定状态的所有命令,都暗示“r”,因为选择/检查邮箱时需要它。成功选择邮箱后,服务器无需立即检查“r”的存在。
Legend: + - The right is required * - Only one of the rights marked with * is required (see description below) ? - The right is OPTIONAL (see description below) "Any" - at least one of the "l", "r", "i", "k", "x", "a" rights is required "Non" - No rights required to perform the command
图例:+-需要权限*-只需要一个标有*的权限(参见下面的说明)?-权限是可选的(参见下面的描述)“任意”-至少需要一个“l”、“r”、“i”、“k”、“x”、“a”权限“非”-执行命令不需要任何权限
Listing and subscribing/unsubscribing mailboxes: LIST - "l" right is required. However, unlike other commands (e.g., SELECT) the server MUST NOT return a NO response if it can't list a mailbox. Note that if the user has "l" right to a mailbox "A/B", but not to its parent mailbox "A", the LIST command should behave as if the mailbox "A" doesn't exist, for example:
列出和订阅/取消订阅邮箱:需要列出“l”权限。但是,与其他命令(例如SELECT)不同,如果服务器不能列出邮箱,则它不能返回NO响应。请注意,如果用户对邮箱“a/B”具有“l”权限,但对其父邮箱“a”没有权限,则LIST命令的行为应与邮箱“a”不存在一样,例如:
C: A777 LIST "" * S: * LIST (\NoInferiors) "/" "A/B" S: * LIST () "/" "C" S: * LIST (\NoInferiors) "/" "C/D" S: A777 OK LIST completed
C: A777 LIST "" * S: * LIST (\NoInferiors) "/" "A/B" S: * LIST () "/" "C" S: * LIST (\NoInferiors) "/" "C/D" S: A777 OK LIST completed
SUBSCRIBE - "l" right is required only if the server checks for mailbox existence when performing SUBSCRIBE.
订阅仅当服务器在执行订阅时检查邮箱是否存在时,才需要“l”权限。
UNSUBSCRIBE - no rights required to perform this operation.
取消订阅-执行此操作不需要任何权限。
LSUB - "l" right is required only if the server checks for mailbox existence when performing SUBSCRIBE. However, unlike other commands (e.g., SELECT) the server MUST NOT return a NO response if it can't list a subscribed mailbox.
LSUB仅当服务器在执行订阅时检查邮箱是否存在时,才需要“l”权限。但是,与其他命令(如SELECT)不同,如果服务器无法列出已订阅的邮箱,则服务器不得返回NO响应。
Mailbox management: CREATE - "k" right on a nearest existing parent mailbox. When a new mailbox is created, it SHOULD inherit the ACL from the parent mailbox (if one exists) in the defined hierarchy.
邮箱管理:在最近的现有父邮箱上创建“k”。创建新邮箱时,它应继承定义层次结构中父邮箱(如果存在)的ACL。
DELETE - "x" right on the mailbox. Note that some servers don't allow to delete a non-empty mailbox. If this is the case, the user would also need "r", "e", and "t" rights, in order to open the mailbox and empty it.
删除邮箱右侧的“x”。请注意,某些服务器不允许删除非空邮箱。如果是这种情况,用户还需要“r”、“e”和“t”权限,以便打开邮箱并清空它。
The DELETE command MUST delete the ACL associated with the deleted mailbox.
DELETE命令必须删除与已删除邮箱关联的ACL。
RENAME - Moving a mailbox from one parent to another requires the "x" right on the mailbox itself and the "k" right for the new parent. For example, if the user wants to rename the mailbox named "A/B/C" to "D/E", the user must have the "x" right for the mailbox "A/B/C" and the "k" right for the mailbox "D". The RENAME command SHOULD NOT change the ACLs on the renamed mailbox and submailboxes.
重命名-将邮箱从一个父级移动到另一个父级需要邮箱本身的“x”权限和新父级的“k”权限。例如,如果用户希望将名为“A/B/C”的邮箱重命名为“D/E”,则用户必须具有邮箱“A/B/C”的“x”权限和邮箱“D”的“k”权限。重命名命令不应更改重命名邮箱和子邮箱上的ACL。
Copying or appending messages: Before performing a COPY/APPEND command, the server MUST check if the user has "i" right for the target mailbox. If the user doesn't have "i" right, the operation fails. Otherwise for each copied/appended message the server MUST check if the user has "t" right - when the message has \Deleted flag set "s" right - when the message has \Seen flag set "w" right - for all other message flags. Only when the user has a particular right are the corresponding flags stored for the newly created message. The server MUST NOT fail a COPY/APPEND if the user has no rights to set a particular flag.
复制或追加邮件:在执行复制/追加命令之前,服务器必须检查用户是否具有目标邮箱的“i”权限。如果用户没有“i”权限,则操作失败。否则,对于每个复制/附加的消息,服务器必须检查用户是否对所有其他消息标志具有“t”权限-当消息已删除标志集“s”权限时-当消息已看到标志集“w”权限时。只有当用户具有特定权限时,才会为新创建的消息存储相应的标志。如果用户无权设置特定标志,则服务器不得使复制/附加失败。
Example: C: A003 MYRIGHTS TargetMailbox S: * MYRIGHTS TargetMailbox rwis S: A003 OK Myrights complete
Example: C: A003 MYRIGHTS TargetMailbox S: * MYRIGHTS TargetMailbox rwis S: A003 OK Myrights complete
C: A004 FETCH 1:3 (FLAGS) S: * 1 FETCH (FLAGS (\Draft \Deleted) S: * 2 FETCH (FLAGS (\Answered) S: * 3 FETCH (FLAGS ($Forwarded \Seen) S: A004 OK Fetch Completed
C: A004 FETCH 1:3 (FLAGS) S: * 1 FETCH (FLAGS (\Draft \Deleted) S: * 2 FETCH (FLAGS (\Answered) S: * 3 FETCH (FLAGS ($Forwarded \Seen) S: A004 OK Fetch Completed
C: A005 COPY 1:3 TargetMailbox S: A005 OK Copy completed
C: A005 COPY 1:3 TargetMailbox S: A005 OK Copy completed
C: A006 SELECT TargetMailbox ... S: A006 Select Completed
C: A006 SELECT TargetMailbox ... S: A006 Select Completed
Let's assume that the copied messages received message numbers 77:79.
让我们假设复制的消息接收到消息编号77:79。
C: A007 FETCH 77:79 (FLAGS) S: * 77 FETCH (FLAGS (\Draft)) S: * 78 FETCH (FLAGS (\Answered)) S: * 79 FETCH (FLAGS ($Forwarded \Seen)) S: A007 OK Fetch Completed
C: A007 FETCH 77:79 (FLAGS) S: * 77 FETCH (FLAGS (\Draft)) S: * 78 FETCH (FLAGS (\Answered)) S: * 79 FETCH (FLAGS ($Forwarded \Seen)) S: A007 OK Fetch Completed
\Deleted flag was lost on COPY, as the user has no "t" right in the target mailbox. If the MYRIGHTS command with the tag A003 would have returned:
\副本上的已删除标志丢失,因为用户在目标邮箱中没有“t”权限。如果带有标记A003的MYRIGHTS命令返回:
S: * MYRIGHTS TargetMailbox rsti
S:*万光目标邮箱rsti
the response from the FETCH with the tag A007 would have been:
来自标签为A007的提取的响应应该是:
C: A007 FETCH 77:79 (FLAGS)
C:A007获取77:79(标志)
S: * 77 FETCH (FLAGS (\Deleted)) S: * 78 FETCH (FLAGS ()) S: * 79 FETCH (FLAGS (\Seen)) S: A007 OK Fetch Completed
S: * 77 FETCH (FLAGS (\Deleted)) S: * 78 FETCH (FLAGS ()) S: * 79 FETCH (FLAGS (\Seen)) S: A007 OK Fetch Completed
In the latter case, \Answered, $Forwarded, and \Draft flags were lost on COPY, as the user has no "w" right in the target mailbox.
在后一种情况下,副本上丢失了\Answered、\Forwarded和\Draft标志,因为用户在目标邮箱中没有“w”权限。
Expunging the selected mailbox: EXPUNGE - "e" right on the selected mailbox.
删除选定邮箱:删除选定邮箱上的“e”。
CLOSE - "e" right on the selected mailbox. If the server is unable to expunge the mailbox because the user doesn't have the "e" right, the server MUST ignore the expunge request, close the mailbox, and return the tagged OK response.
右键关闭选定邮箱上的“e”。如果由于用户没有“e”权限,服务器无法删除邮箱,则服务器必须忽略删除请求,关闭邮箱,然后返回带标签的OK响应。
Fetch information about a mailbox and its messages: SELECT/EXAMINE/STATUS - "r" right on the mailbox.
获取有关邮箱及其邮件的信息:在邮箱上选择/检查/状态-“r”。
FETCH - A FETCH request that implies setting \Seen flag MUST NOT set it, if the current user doesn't have "s" right.
FETCH-如果当前用户没有“s”权限,则表示设置\Seen标志的FETCH请求不得设置该标志。
Changing flags: STORE - the server MUST check if the user has "t" right - when the user modifies \Deleted flag "s" right - when the user modifies \Seen flag "w" right - for all other message flags. STORE operation SHOULD NOT fail if the user has rights to modify at least one flag specified in the STORE, as the tagged NO response to a STORE command is not handled very well by deployed clients.
更改标志:存储-服务器必须检查用户是否具有“t”权限-当用户修改\删除标志“s”权限-当用户修改\看到标志“w”权限-所有其他消息标志。如果用户有权修改存储中指定的至少一个标志,则存储操作不应失败,因为部署的客户端无法很好地处理对存储命令的标记无响应。
Changing ACLs: SETACL/DELETEACL - "a" right on the mailbox.
更改ACL:SETACL/DELETEACL-“a”位于邮箱右侧。
Reading ACLs: GETACL - "a" right on the mailbox.
正在读取邮箱上的acl:GETACL-“a”。
MYRIGHTS - any of the following rights is required to perform the operation: "l", "r", "i", "k", "x", "a".
无数次-执行操作需要以下任何权限:“l”、“r”、“i”、“k”、“x”、“a”。
LISTRIGHTS - "a" right on the mailbox.
LISTRIGHTS—邮箱上的“a”。
This document defines an additional capability that is used to announce the list of extra rights (excluding the ones defined in RFC 2086) supported by the server. The set of rights MUST include "t", "e", "x", and "k". Note that the extra rights can appear in any order.
本文档定义了一个附加功能,用于公布服务器支持的额外权限列表(RFC 2086中定义的权限除外)。这套权利必须包括“t”、“e”、“x”和“k”。请注意,额外的权限可以以任何顺序出现。
Example: C: 1 capability S: * CAPABILITY IMAP4REV1 STARTTLS LITERAL+ ACL RIGHTS=texk S: 1 OK completed
Example: C: 1 capability S: * CAPABILITY IMAP4REV1 STARTTLS LITERAL+ ACL RIGHTS=texk S: 1 OK completed
Any server implementing an ACL extension MUST accurately reflect the current user's rights in FLAGS and PERMANENTFLAGS responses.
任何实现ACL扩展的服务器都必须在标志和永久标志响应中准确反映当前用户的权限。
Example: C: A142 SELECT INBOX S: * 172 EXISTS S: * 1 RECENT S: * OK [UNSEEN 12] Message 12 is first unseen S: * OK [UIDVALIDITY 3857529045] UIDs valid S: * OK [UIDNEXT 4392] Predicted next UID S: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) S: * OK [PERMANENTFLAGS (\Seen \Answered \Flagged \*)] L S: A142 OK [READ-WRITE] SELECT completed C: A143 MYRIGHTS INBOX S: * MYRIGHTS INBOX lrwis S: A143 OK completed
Example: C: A142 SELECT INBOX S: * 172 EXISTS S: * 1 RECENT S: * OK [UNSEEN 12] Message 12 is first unseen S: * OK [UIDVALIDITY 3857529045] UIDs valid S: * OK [UIDNEXT 4392] Predicted next UID S: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) S: * OK [PERMANENTFLAGS (\Seen \Answered \Flagged \*)] L S: A142 OK [READ-WRITE] SELECT completed C: A143 MYRIGHTS INBOX S: * MYRIGHTS INBOX lrwis S: A143 OK completed
Note that in order to get better performance the client MAY pipeline SELECT and MYRIGHTS commands:
请注意,为了获得更好的性能,客户机可以通过管道选择并执行以下命令:
C: A142 SELECT INBOX C: A143 MYRIGHTS INBOX S: * 172 EXISTS S: * 1 RECENT S: * OK [UNSEEN 12] Message 12 is first unseen S: * OK [UIDVALIDITY 3857529045] UIDs valid S: * OK [UIDNEXT 4392] Predicted next UID S: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) S: * OK [PERMANENTFLAGS (\Seen \Answered \Flagged \*)] L S: A142 OK [READ-WRITE] SELECT completed S: * MYRIGHTS INBOX lrwis S: A143 OK completed
C: A142 SELECT INBOX C: A143 MYRIGHTS INBOX S: * 172 EXISTS S: * 1 RECENT S: * OK [UNSEEN 12] Message 12 is first unseen S: * OK [UIDVALIDITY 3857529045] UIDs valid S: * OK [UIDNEXT 4392] Predicted next UID S: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) S: * OK [PERMANENTFLAGS (\Seen \Answered \Flagged \*)] L S: A142 OK [READ-WRITE] SELECT completed S: * MYRIGHTS INBOX lrwis S: A143 OK completed
Servers MAY cache the rights a user has on a mailbox when the mailbox is selected, so that if a client's rights on a mailbox are changed with SETACL or DELETEACL, commands specific to the selected state (e.g., STORE, EXPUNGE) might not reflect the changed rights until the mailbox is re-selected. If the server checks the rights on each command, then it SHOULD send FLAGS and PERMANENTFLAGS responses if they have changed. If such server detects that the user no longer has read access to the mailbox, it MAY send an untagged BYE response and close connection. It MAY also refuse to execute all commands specific to the selected state until the mailbox is closed; however, server implementors should note that most clients don't handle NO responses very well.
选择邮箱时,服务器可能会缓存用户对邮箱的权限,因此,如果客户端对邮箱的权限使用SETACL或DELETEACL更改,则特定于选定状态的命令(例如存储、删除)可能不会反映更改的权限,直到重新选择邮箱。如果服务器检查每个命令的权限,那么它应该发送标志和永久标志响应(如果它们已更改)。如果该服务器检测到用户不再具有对邮箱的读取权限,它可能会发送未标记的BYE响应并关闭连接。它还可能拒绝执行特定于所选状态的所有命令,直到邮箱关闭;然而,服务器实现者应该注意到,大多数客户端不能很好地处理NO响应。
An ACL server MAY modify one or more ACLs for one or more identifiers as a side effect of modifying the ACL specified in a SETACL/DELETEACL. If the server does that, it MUST send untagged ACL response(s) to notify the client about the changes made.
ACL服务器可以修改一个或多个标识符的一个或多个ACL,作为修改SETACL/DELETEACL中指定的ACL的副作用。如果服务器这样做,它必须发送未标记的ACL响应,以通知客户端所做的更改。
An ACL server implementation MUST treat received ACL modification commands as a possible ambiguity with respect to subsequent commands affected by the ACL, as described in Section 5.5 of [IMAP4]. Hence a pipeline SETACL + MYRIGHTS is an ambiguity with respect to the server, meaning that the server must execute the SETACL command to completion before the MYRIGHTS. However, clients are permitted to send such a pipeline.
ACL服务器实现必须将收到的ACL修改命令视为与受ACL影响的后续命令相关的可能歧义,如[IMAP4]第5.5节所述。因此,管道SETACL+MYRIGHTS对于服务器来说是不明确的,这意味着服务器必须在MYRIGHTS之前执行SETACL命令才能完成。但是,允许客户端发送这样的管道。
The following requirement is put on clients in order to allow for future extensibility. A client implementation that allows a user to read and update ACLs MUST preserve unrecognized rights that it doesn't allow the user to change. That is, if the client
为了允许将来的扩展性,对客户端提出了以下要求。允许用户读取和更新ACL的客户端实现必须保留不允许用户更改的无法识别的权限。也就是说,如果客户
1) can read ACLs and 2) can update ACLs but 3) doesn't allow the user to change the rights the client doesn't recognize, then it MUST preserve unrecognized rights.
1) 可以读取ACL,2)可以更新ACL,但3)不允许用户更改客户端无法识别的权限,则必须保留无法识别的权限。
Otherwise the client could risk unintentionally removing permissions it doesn't understand.
否则,客户端可能会冒着无意中删除它不理解的权限的风险。
A particular ACL server implementation MAY allow "shared multiuser access" to some mailboxes. "Shared multiuser access" to a mailbox means that multiple different users are able to access the same mailbox, if they have proper access rights. "Shared multiuser access" to the mailbox doesn't mean that the ACL for the mailbox is currently set to allow access by multiple users. Let's denote a "shared multiuser write access" as a "shared multiuser access" when a user can be granted flag modification rights (any of "w", "s", or "t").
特定ACL服务器实现可能允许对某些邮箱进行“共享多用户访问”。对邮箱的“共享多用户访问”意味着,如果多个不同的用户具有适当的访问权限,则可以访问同一邮箱。对邮箱的“共享多用户访问”并不意味着邮箱的ACL当前设置为允许多个用户访问。让我们将“共享多用户写入访问”表示为“共享多用户访问”,此时用户可以被授予标记修改权限(“w”、“s”或“t”中的任何一个”)。
Section 4 describes which rights are required for modifying different flags.
第4节描述了修改不同标志所需的权限。
If the ACL server implements some flags as shared for a mailbox (i.e., the ACL for the mailbox MAY be set up so that changes to those flags are visible to another user), let's call the set of rights associated with these flags (as described in Section 4) for that mailbox collectively as "shared flag rights". Note that the "shared flag rights" set MAY be different for different mailboxes.
如果ACL服务器将某些标志实现为邮箱的共享标志(即,可以设置邮箱的ACL,以便其他用户可以看到对这些标志的更改),那么让我们将与该邮箱的这些标志(如第4节所述)相关联的一组权限统称为“共享标志权限”。请注意,不同邮箱的“共享标志权限”设置可能不同。
If the server doesn't support "shared multiuser write access" to a mailbox or doesn't implement shared flags on the mailbox, "shared flag rights" for the mailbox is defined to be the empty set.
如果服务器不支持对邮箱的“共享多用户写入访问”或不在邮箱上实现共享标志,则邮箱的“共享标志权限”定义为空集。
Example 1: Mailbox "banan" allows "shared multiuser write access" and implements flags \Deleted, \Answered, and $MDNSent as shared flags. "Shared flag rights" for the mailbox "banan" is a set containing flags "t" (because system flag \Deleted requires "t" right) and "w" (because both \Answered and $MDNSent require "w" right).
示例1:邮箱“banan”允许“共享多用户写入访问”,并将标志\Deleted、\Answered和$MDNSent作为共享标志实现。邮箱“banan”的“共享标志权限”是一组包含标志“t”(因为system flag\Deleted需要“t”权限)和“w”(因为\Responsed和$MDNSent都需要“w”权限)的标志。
Example 2: Mailbox "apple" allows "shared multiuser write access" and implements \Seen system flag as shared flag. "Shared flag rights" for the mailbox "apple" contains "s" right because system flag \Seen requires "s" right.
示例2:邮箱“apple”允许“共享多用户写入访问”,并实现\Seen系统标志作为共享标志。邮箱“apple”的“共享标志权限”包含“s”权限,因为system flag\Seen需要“s”权限。
Example 3: Mailbox "pear" allows "shared multiuser write access" and implements flags \Seen, \Draft as shared flags. "Shared flag rights" for the mailbox "apple" is a set containing flags "s" (because system flag \Seen requires "s" right) and "w" (because system flag \Draft requires "w" right).
示例3:邮箱“pear”允许“共享多用户写入访问”,并将标志\Seen,\Draft实现为共享标志。邮箱“apple”的“共享标志权限”是一个包含标志“s”(因为system flag\Seen需要“s”权限)和“w”(因为system flag\Draft需要“w”权限)的集合。
The server MUST include a READ-ONLY response code in the tagged OK response to a SELECT command if none of the following rights is granted to the current user:
如果当前用户未被授予以下任何权限,则服务器必须在对SELECT命令的带标记的OK响应中包含只读响应代码:
"i", "e", and "shared flag rights"(***).
"i", "e", and "shared flag rights"(***).
The server SHOULD include a READ-WRITE response code in the tagged OK response if at least one of the "i", "e", or "shared flag rights"(***) is granted to the current user.
The server SHOULD include a READ-WRITE response code in the tagged OK response if at least one of the "i", "e", or "shared flag rights"(***) is granted to the current user.
(***) Note that a future extension to this document can extend the list of rights that causes the server to return the READ-WRITE response code.
(***) Note that a future extension to this document can extend the list of rights that causes the server to return the READ-WRITE response code.
Example 1 (continued): The user that has "lrs" rights for the mailbox "banan". The server returns READ-ONLY response code on SELECT, as none of "iewt" rights is granted to the user.
示例1(续):对邮箱“banan”具有“lrs”权限的用户。服务器在选择时返回只读响应代码,因为没有向用户授予任何“iewt”权限。
Example 2 (continued): The user that has "rit" rights for the mailbox "apple". The server returns READ-WRITE response code on SELECT, as the user has "i" right.
示例2(续):对邮箱“apple”具有“rit”权限的用户。服务器在选择时返回读写响应代码,因为用户有“i”权限。
Example 3 (continued): The user that has "rset" rights for the mailbox "pear". The server returns READ-WRITE response code on SELECT, as the user has "e" and "s" rights.
示例3(续):对邮箱“pear”具有“rset”权限的用户。服务器在选择时返回读写响应代码,因为用户具有“e”和“s”权限。
An implementation MUST make sure the ACL commands themselves do not give information about mailboxes with appropriately restricted ACLs. For example, when a user agent executes a GETACL command on a mailbox that the user has no permission to LIST, the server would respond to that request with the same error that would be used if the mailbox did not exist, thus revealing no existence information, much less the mailbox's ACL.
实现必须确保ACL命令本身不提供有关具有适当限制ACL的邮箱的信息。例如,当用户代理对用户无权列出的邮箱执行GETACL命令时,服务器将以与邮箱不存在时相同的错误响应该请求,从而显示不存在的信息,更不用说邮箱的ACL了。
IMAP clients implementing ACL that are able to modify ACLs SHOULD warn a user that wants to give full access (or even just the "a" right) to the special identifier "anyone".
实现能够修改ACL的ACL的IMAP客户端应该警告希望对特殊标识符“any”授予完全访问权(甚至只是“a”权限)的用户。
This document relies on [SASLprep] to describe steps required to perform identifier canonicalization (preparation). The preparation algorithm in SASLprep was specifically designed such that its output is canonical, and it is well-formed. However, due to an anomaly [PR29] in the specification of Unicode normalization, canonical equivalence is not guaranteed for a select few character sequences. Identifiers prepared with SASLprep can be stored and returned by an ACL server. The anomaly affects ACL manipulation and evaluation of identifiers containing the selected character sequences. These
本文档依赖于[SASLprep]来描述执行标识符规范化(准备)所需的步骤。SASLprep中的准备算法是专门设计的,因此其输出是规范的,并且格式良好。然而,由于Unicode规范化规范中存在异常[PR29],无法保证选定的几个字符序列的规范等价性。使用SASLprep准备的标识符可以由ACL服务器存储和返回。该异常会影响ACL操作和对包含选定字符序列的标识符的评估。这些
sequences, however, do not appear in well-formed text. In order to address this problem, an ACL server MAY reject identifiers containing sequences described in [PR29] by sending the tagged BAD response. This is in addition to the requirement to reject identifiers that fail SASLprep preparation as described in Section 3.
但是,序列不会出现在格式良好的文本中。为了解决这个问题,ACL服务器可以通过发送标记的错误响应来拒绝包含[PR29]中描述的序列的标识符。除此之外,还要求拒绝未通过SASLprep准备的标识符,如第3节所述。
Other security considerations described in [IMAP4] are relevant to this document. In particular, ACL information is sent in the clear over the network unless confidentiality protection is negotiated.
[IMAP4]中描述的其他安全注意事项与本文档相关。特别是,ACL信息通过网络以明文形式发送,除非协商保密保护。
This can be accomplished either by the use of STARTTLS, negotiated privacy protection in the AUTHENTICATE command, or some other protection mechanism.
这可以通过使用STARTTLS、AUTHENTICATE命令中的协商隐私保护或某些其他保护机制来实现。
Formal syntax is defined using ABNF [ABNF], extending the ABNF rules in Section 9 of [IMAP4]. Elements not defined here can be found in [ABNF] and [IMAP4].
形式语法是使用ABNF[ABNF]定义的,扩展了[IMAP4]第9节中的ABNF规则。此处未定义的元素可在[ABNF]和[IMAP4]中找到。
Except as noted otherwise, all alphabetic characters are case insensitive. The use of uppercase or lowercase characters to define token strings is for editorial clarity only. Implementations MUST accept these strings in a case-insensitive fashion.
除非另有说明,否则所有字母字符都不区分大小写。使用大写或小写字符定义标记字符串仅用于编辑清晰性。实现必须以不区分大小写的方式接受这些字符串。
LOWER-ALPHA = %x61-7A ;; a-z
LOWER-ALPHA = %x61-7A ;; a-z
acl-data = "ACL" SP mailbox *(SP identifier SP rights)
acl data=“acl”SP邮箱*(SP标识符SP权限)
capability =/ rights-capa ;;capability is defined in [IMAP4]
capability =/ rights-capa ;;capability is defined in [IMAP4]
command-auth =/ setacl / deleteacl / getacl / listrights / myrights ;;command-auth is defined in [IMAP4]
command-auth =/ setacl / deleteacl / getacl / listrights / myrights ;;command-auth is defined in [IMAP4]
deleteacl = "DELETEACL" SP mailbox SP identifier
deleteacl=“deleteacl”SP邮箱SP标识符
getacl = "GETACL" SP mailbox
getacl=“getacl”SP邮箱
identifier = astring
identifier = astring
listrights = "LISTRIGHTS" SP mailbox SP identifier
listrights=“listrights”SP邮箱SP标识符
listrights-data = "LISTRIGHTS" SP mailbox SP identifier SP rights *(SP rights)
listrights data=“listrights”SP邮箱SP标识符SP权限*(SP权限)
mailbox-data =/ acl-data / listrights-data / myrights-data ;;mailbox-data is defined in [IMAP4]
mailbox-data =/ acl-data / listrights-data / myrights-data ;;mailbox-data is defined in [IMAP4]
mod-rights = astring ;; +rights to add, -rights to remove ;; rights to replace
mod-rights = astring ;; +rights to add, -rights to remove ;; rights to replace
myrights = "MYRIGHTS" SP mailbox
myrights=“myrights”SP邮箱
myrights-data = "MYRIGHTS" SP mailbox SP rights
myrights data=“myrights”SP邮箱SP权限
new-rights = 1*LOWER-ALPHA ;; MUST include "t", "e", "x", and "k". ;; MUST NOT include standard rights listed ;; in section 2.2
new-rights = 1*LOWER-ALPHA ;; MUST include "t", "e", "x", and "k". ;; MUST NOT include standard rights listed ;; in section 2.2
rights = astring ;; only lowercase ASCII letters and digits ;; are allowed.
权利=约束;;仅限小写ASCII字母和数字;;是允许的。
rights-capa = "RIGHTS=" new-rights ;; RIGHTS=... capability
rights-capa = "RIGHTS=" new-rights ;; RIGHTS=... capability
setacl = "SETACL" SP mailbox SP identifier SP mod-rights
setacl=“setacl”SP邮箱SP标识符SP模块权限
IMAP4 capabilities are registered by publishing a standards-track or IESG-approved experimental RFC. The registry is currently located at:
IMAP4功能通过发布标准跟踪或IESG批准的实验RFC进行注册。注册处目前位于:
http://www.iana.org/assignments/imap4-capabilities
http://www.iana.org/assignments/imap4-capabilities
This document defines the RIGHTS= IMAP capability. IANA has added this capability to the registry.
本文档定义了权限=IMAP功能。IANA已将此功能添加到注册表中。
Section 3 states requirements on servers regarding internationalization of identifiers.
第3节说明了有关标识符国际化的服务器要求。
1. Changed the charset of "identifier" from US-ASCII to UTF-8. 2. Specified that mailbox deletion is controlled by the "x" right and EXPUNGE is controlled by the "e" right. 3. Added the "t" right that controls STORE \Deleted. Redefined the "d" right to be a macro for "e", "t", and possibly "x". 4. Added the "k" right that controls CREATE. Redefined the "c" right to be a macro for "k" and possibly "x". 5. Specified that the "a" right also controls DELETEACL. 6. Specified that the "r" right also controls STATUS. 7. Removed the requirement to check the "r" right for CHECK, SEARCH and FETCH, as this is required for SELECT/EXAMINE to be successful. 8. LISTRIGHTS requires the "a" right on the mailbox (same as SETACL). 9. Deleted "PARTIAL", this is a deprecated feature of RFC 1730. 10. Specified that the "w" right controls setting flags other than \Seen and \Deleted on APPEND. Also specified that the "s" right controls the \Seen flag and that the "t" right controls the \Deleted flag. 11. Specified that SUBSCRIBE is NOT allowed with the "r" right. 12. Specified that the "l" right controls SUBSCRIBE. 13. GETACL is NOT allowed with the "r" right, even though there are several implementations that allows that. If a user only has "r" right, GETACL can disclose information about identifiers existing on the mail system. 14. Clarified that RENAME requires the "k" right for the new parent and the "x" right for the old name. 15. Added new section that describes which rights are required and/or checked when performing various IMAP commands. 16. Added mail client security considerations when dealing with special identifier "anyone". 17. Clarified that negative rights are not the same as DELETEACL. 18. Added "Compatibility with RFC 2086" section. 19. Added section about mapping of ACL rights to READ-WRITE and READ-ONLY response codes. 20. Changed BNF to ABNF. 21. Added "Implementation Notes" section. 22. Updated "References" section. 23. Added more examples. 24. Clarified when the virtual "c" and "d" rights are returned in ACL, MYRIGHTS, and LISTRIGHTS responses.
1. 将“标识符”的字符集从US-ASCII更改为UTF-8。2.指定邮箱删除由“x”权限控制,删除由“e”权限控制。3.添加了控制存储的“t”权限\已删除。将“d”权限重新定义为“e”、“t”的宏,可能还有“x”。4.添加了控件创建的“k”权限。将“c”权限重新定义为“k”和“x”的宏。5.指定“a”权限还控制DELETEACL。6.指定“r”权限还控制状态。7.删除了为检查、搜索和获取而检查“r”权限的要求,因为这是成功选择/检查所必需的。8.LISTRIGHTS需要邮箱上的“a”权限(与SETACL相同)。9已删除“部分”,这是RFC 1730的一个弃用功能。10指定“w”权限控制附加时\Seen和\Deleted以外的设置标志。还指定“s”权限控制\Seen标志,“t”权限控制\Deleted标志。11指定不允许使用“r”权限进行订阅。12指定“l”右控件订阅。13GETACL不允许带有“r”权限,即使有几个实现允许这样做。如果用户只有“r”权限,则GETACL可以公开有关邮件系统上存在的标识符的信息。14澄清了重命名要求新父项具有“k”权限,旧名称具有“x”权限。15添加了新的部分,说明在执行各种IMAP命令时需要和/或检查哪些权限。16添加了处理特殊标识符“任何人”时的邮件客户端安全注意事项。17阐明了否定权限与DELETEACL不同。18增加了“与RFC 2086的兼容性”一节。19添加了关于将ACL权限映射到读写和只读响应代码的部分。20将BNF更改为ABNF。21增加了“实施说明”部分。22更新了“参考资料”部分。23增加了更多的例子。24阐明了在ACL、MYRIGHTS和LISTRIGHTS响应中返回虚拟“c”和“d”权限的时间。
This non-normative section gives guidelines as to how an existing RFC 2086 server implementation may be updated to comply with this document.
本非规范性章节给出了如何更新现有RFC 2086服务器实现以符合本文档的指南。
This document splits the "d" right into several new different rights: "t", "e", and possibly "x" (see Section 2.1.1 for more details). The "d" right remains for backward-compatibility, but it is a virtual right. There are two approaches for RFC 2086 server implementors to handle the "d" right and the new rights that have replaced it:
本文件将“d”权利分为几个新的不同权利:“t”、“e”以及可能的“x”(更多详情见第2.1.1节)。“d”权限保留为向后兼容,但它是一个虚拟权限。RFC 2086服务器实现人员有两种方法来处理“d”权限和取代它的新权限:
a. Tie "t", "e" (and possibly "x) together - almost no changes. b. Implement separate "x", "t" and "e". Return the "d" right in a MYRIGHTS response or an ACL response containing ACL information when any of the "t", "e" (and "x") is granted.
a. 将“t”、“e”(可能还有“x”)连接在一起-几乎没有任何更改。b.实现单独的“x”、“t”和“e”。在授予任何“t”、“e”(和“x”)时,在MYRIGHTS响应或包含ACL信息的ACL响应中返回“d”权限。
In a similar manner this document splits the "c" right into several new different rights: "k" and possibly "x" (see Section 2.1.1 for more details). The "c" right remains for backwards-compatibility but it is a virtual right. Again, RFC 2086 server implementors can choose to tie rights or to implement separate rights, as described above.
以类似的方式,本文件将“c”权利分为几个新的不同权利:“k”和可能的“x”(更多详情见第2.1.1节)。“c”权限保留为向后兼容,但它是一个虚拟权限。同样,RFC2086服务器实现者可以选择绑定权限或实现单独的权限,如上所述。
Also check Sections 5.1.1 and 5.1.2, as well as Appendix A, to see other changes required. Server implementors should check which rights are required to invoke different IMAP4 commands as described in Section 4.
还应检查第5.1.1节和第5.1.2节以及附录A,以查看所需的其他变更。服务器实现者应检查调用不同IMAP4命令所需的权限,如第4节所述。
This specification has some known deficiencies including:
本规范存在一些已知缺陷,包括:
1. This is inadequate to provide complete read-write access to mailboxes protected by Unix-style rights bits because there is no equivalent to "chown" and "chgrp" commands nor is there a good way to discover such limitations are present. 2. Because this extension leaves the specific semantics of how rights are combined by the server as implementation defined, the ability to build a user-friendly interface is limited. 3. Users, groups, and special identifiers (e.g., anyone) exist in the same namespace.
1. 这不足以提供对受Unix风格权限位保护的邮箱的完整读写访问,因为没有与“chown”和“chgrp”命令等效的命令,也没有发现存在此类限制的好方法。2.由于此扩展将服务器如何组合权限的特定语义保留为实现定义,因此构建用户友好界面的能力受到限制。3.用户、组和特殊标识符(例如,任何人)存在于同一命名空间中。
The work-in-progress "ACL2" extension is intended to redesign this extension to address these deficiencies without the constraint of backward-compatibility and may eventually supercede this facility.
正在进行的“ACL2”扩展旨在重新设计该扩展,以解决这些缺陷,而不受向后兼容性的限制,并可能最终取代该功能。
However, RFC 2086 is deployed in multiple implementations so this intermediate step, which fixes the straightforward deficiencies in a backward-compatible fashion, is considered worthwhile.
然而,RFC2086被部署在多个实现中,因此这个以向后兼容的方式修复直接缺陷的中间步骤被认为是值得的。
This document is a revision of RFC 2086 written by John G. Myers.
本文件是John G.Myers编写的RFC 2086的修订版。
Editor appreciates comments received from Mark Crispin, Chris Newman, Cyrus Daboo, John G. Myers, Dave Cridland, Ken Murchison, Steve Hole, Vladimir Butenko, Larry Greenfield, Robert Siemborski, Harrie Hazewinkel, Philip Guenther, Brian Candler, Curtis King, Lyndon Nerenberg, Lisa Dusseault, Arnt Gulbrandsen, and other participants of the IMAPEXT working group.
编辑感谢马克·克里斯平、克里斯·纽曼、塞勒斯·达布、约翰·G·迈尔斯、戴夫·克里德兰、肯·默奇森、史蒂夫·霍尔、弗拉基米尔·布滕科、拉里·格林菲尔德、罗伯特·西姆博斯基、哈里哈泽文克尔、菲利普·根瑟、布莱恩·坎德勒、柯蒂斯·金、林登·内伦伯格、丽莎·杜肖特、阿恩特·古尔布兰森、以及,以及IMAPEXT工作组的其他与会者。
Normative References
规范性引用文件
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 4234, October 2005.
[ABNF]Crocker,D.和P.Overell,“语法规范的扩充BNF:ABNF”,RFC 4234,2005年10月。
[IMAP4] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1", RFC 3501, March 2003.
[IMAP4]Crispin,M.,“互联网消息访问协议-版本4rev1”,RFC 35012003年3月。
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.
[UTF-8]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。
[Stringprep] Hoffman, P. and M. Blanchet, "Preparation of Internationalized Strings ("stringprep")", RFC 3454, December 2002.
[Stringprep]Hoffman,P.和M.Blanchet,“国际化弦的准备(“Stringprep”)”,RFC 3454,2002年12月。
[SASLprep] Zeilenga, K., "SASLprep: Stringprep Profile for User Names and Passwords", RFC 4013, February 2005.
[SASLprep]Zeilenga,K.,“SASLprep:Stringprep用户名和密码配置文件”,RFC 4013,2005年2月。
Informative References
资料性引用
[RFC2086] Myers, J., "IMAP4 ACL extension", RFC 2086, January 1997.
[RFC2086]迈尔斯,J.,“IMAP4 ACL扩展”,RFC2086,1997年1月。
[PR29] "Public Review Issue #29: Normalization Issue", February 2004, <http://www.unicode.org/review/pr-29.html>.
[PR29]“公共审查问题#29:规范化问题”,2004年2月<http://www.unicode.org/review/pr-29.html>.
Author's Address
作者地址
Alexey Melnikov Isode Ltd. 5 Castle Business Village 36 Station Road Hampton, Middlesex TW12 2BX GB
Alexey Melnikov Isode Ltd.米德尔塞克斯郡汉普顿车站路36号城堡商业村5号TW12 2BX GB
EMail: alexey.melnikov@isode.com
EMail: alexey.melnikov@isode.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。