Just because a document is on a Web server doesn't mean that everybody can read and write it. Web pages on many public sites can be read by everybody but written only by authorized authors. The process of allowing some access to some users and not others is called access control. Administrators can configure Web servers with lists of what requests to allow, from whom, and to what resources. These lists are called access control lists (ACLs); they contain access control entries (ACEs). The WebDAV ACL proposal (in the final stages of standardization as of fall 2003) defines how a WebDAV client can interact with the server and potentially define the instructions in the server's ACLs.

WebDAV was originally standardized without ...