[Jmap] JMAP Calendars ACLs

Neil Jenkins <neilj@fastmailteam.com> Mon, 02 August 2021 06:23 UTC

Return-Path: <neilj@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93DA43A0C47 for <jmap@ietfa.amsl.com>; Sun, 1 Aug 2021 23:23:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=HwPxoDpZ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Y8WKFlsC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puI4tpN6PzfY for <jmap@ietfa.amsl.com>; Sun, 1 Aug 2021 23:23:12 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B71F3A0C46 for <jmap@ietf.org>; Sun, 1 Aug 2021 23:23:12 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 8DA2C32004CE for <jmap@ietf.org>; Mon, 2 Aug 2021 02:23:09 -0400 (EDT)
Received: from imap43 ([10.202.2.93]) by compute3.internal (MEProxy); Mon, 02 Aug 2021 02:23:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=mime-version:message-id:date:from:to:subject :content-type; s=fm3; bh=On/8HEd73/n9z75YYhVmP2pAISjblCwnZwT0Ve/ 4IbU=; b=HwPxoDpZGU+mAwV8XF5WAsoQQrxKPpwC2oWrIf3fcp+MbjbfPtqdbWS kFLJ3YHTTOIS8XI2oUYnw8rjLxaXePs1m8nRYPr4n3UuREyRp3FI6u9J/SMdmNuC dnJU3um1iibgyDcFFzSSQvGQftaLaZw+Sz/18IaEK1vDPDUAvz0asyqQvXAhpamA RWI9aJzWjagKyMb0A7uTSRu3SdmbpSMdjlRjSc8DHo3dgGh0bdyPfHce7BtQjNZh 53n6sVzt7qWGnN8einfKqmZWR2TlqRd6547peKlpGcmrxYsbZ3MUQvbWdv0KjWcV bDmYe4EGNU16i6QXxkTf9BsBZa26pkg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=On/8HEd73/n9z75YYhVmP2pAISjbl CwnZwT0Ve/4IbU=; b=Y8WKFlsCD9NUrleGTu/0jnIustyIFqAgGpS+eOZxOMx2r ojNjXp6TKfaJpD1t3w1DUXxNG8vh4lGEOq6g7mxbEMSHff2OXO25Mx1r3h3Gejv1 Qy2kXNnjaqX0S1VUCCnWZT5SLQyDHqTgUwWbr80ZyW36DAYcbcZmvomnK5hycQIV VVXUHpjyx6UsVebTXtUeufSYI7kGGEzV2Id8LkwUQIOsZxh+wG6Vw0/VfeIJ2wDK HhXp5Hrq/QFUdZ5ehmO+wghHtr2KiuE670F28WY9v77lIbDBoqC+6bnzYIun9Tln cRM4BOmTuDPckeY4QzULXeDHOPUU0+fXlgHTGGBWA==
X-ME-Sender: <xms:TY8HYetD-dNqLQXvH7BLnShgVY4vJVsTqLWO7zLVYi-3Dw-smUbNUg> <xme:TY8HYTcpweLLPtWeSj1WZzjae9uZgTxO5eaybZOFjNdU4re5r_9V1VLE_-VSgMN9p mRoJFvAPUZ-Ow>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddriedugdekjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfffhffvufgtsegrtderreerredtnecuhfhrohhmpedfpfgvihhlucfl vghnkhhinhhsfdcuoehnvghilhhjsehfrghsthhmrghilhhtvggrmhdrtghomheqnecugg ftrfgrthhtvghrnhepleevkeeuheegteekieetffffheffgfevkeevteevgfevveevvdfg ffffgedtgfefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepnhgvihhljhesfhgrshhtmhgrihhlthgvrghmrdgtohhm
X-ME-Proxy: <xmx:TY8HYZxOWr-9J4RRzesLkfqPzq1epm6cEhAwwFQcR28jkbCP6o1yTQ> <xmx:TY8HYZMMx6AKH44kMEDIpbxRtmfwffc6nucErWvSLrdjXIRvlU1i6w> <xmx:TY8HYe8w1Jcf_CxoVhnvCj5MsAveA42LX98fyNJMqtTQjyjOoxcHpQ> <xmx:TY8HYRIhmHYmkZYdeqXXHXnAtqAPxPC3-unfgj03bI-w3-xhqWL3Uw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 15676AC0E77; Mon, 2 Aug 2021 02:23:09 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1029-g70f0079d2d-fm-ubox-20210801.001-g70f0079d
Mime-Version: 1.0
Message-Id: <e2b6f607-a318-4e9f-8c32-0c46b4ad8dda@dogfood.fastmail.com>
Date: Mon, 02 Aug 2021 16:23:08 +1000
From: "Neil Jenkins" <neilj@fastmailteam.com>
To: "IETF JMAP Mailing List" <jmap@ietf.org>
Content-Type: multipart/alternative; boundary=cbcb97954e614bd08e3ee916efd583e9
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/gnxKy4eMRfdpcXmzEqHz0fhzvpI>
Subject: [Jmap] JMAP Calendars ACLs
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 06:23:18 -0000

Hi all,

Currently, in JMAP Calendars we have the following ACLs controlling what data you may write in the calendar:
 * `mayAddItems` Can add events to calendar.
 * `mayUpdateOwn` Can update events you own or have no owner.
 * `mayUpdateAll` Can update all events (implies mayUpdateOwn, mayUpdatePrivate and mayRSVP).
 * `mayRemoveOwn` Can delete events you own or have no owner.
 * `mayRemoveAll` Can delete all events (implies mayRemoveOwn).
 * `mayUpdatePrivate` Can update private properties (ones that do not affect other participants in the event, e.g. alerts) on events you don't otherwise have permission to modify.
 * `mayRSVP` Can set the RSVP status of *your* participants in events you don't otherwise have permission to modify.
I would like to propose we change the first 5 of those to just two:
 * `mayWriteOwn` The user may create, modify or destroy an event on this calendar if either they are the owner of the event or the event has no owner.
 * `mayWriteAll` The user may create, modify or destroy all events in this calendar, or move events to or from this calendar. If this is true, the mayWriteOwn, mayUpdatePrivate and mayRSVP properties MUST all also be true.
As calendar events are completely mutable (unlike messages in Email), having separate ACLs for create/update/destroy doesn't seem very helpful, and this simplifies things. Does this sound reasonable? Any objections?

Cheers,
Neil.