RFC 3341 (rfc3341) - Page 3 of 26

The Application Exchange (APEX) Access Service

RFC 3341     The Application Exchange (APEX) Access Service    July 2002


2. Use and Management of Access Information

   Access information is organized around access entries, each of which
   contains:

   o  an owner: an APEX address with which the entry is associated;

   o  an actor: an APEX address that is granted permission to perform
         some action in the context of the owner;

   o  a list of actions; and,

   o  a timestamp indicating when the service last created or modified
         the access entry.

   The access entry for a given owner controls access to a potentially
   large range of different APEX services, such as data delivery, access
   control, and presence information.  In addition, Section 4.5 of [1]
   discusses APEX access policies that govern such activities as peer
   authentication, message relaying, and so on.

   Management of access information falls into three categories:

   o  applications may query the access service to see if one or more
      actions are allowed;

   o  applications may retrieve access information associated with an
      owner/actor combination; and,

   o  applications may modify (i.e., create, replace, or delete) access
      information associated with an owner/actor combination.

   Each is now described in turn.

2.1 Querying Access Information

   When an application wants to determine whether one or more actions
   are allowed for an owner/actor combination, it sends a "query"
   element to the service, e.g.,

       +-------+                  +-------+
       |       | -- data -------> |       |
       | appl. |                  | relay |
       |       | <--------- ok -- |       |
       +-------+                  +-------+






Rose, et. al.               Standards Track