As specified in [RFC2518], a WebDAV client can retrieve and set properties on a WebDAV server. A server can implement a property that represents a security descriptor in XML. A client retrieves and sets the security descriptor property on a server by using the WebDAV Protocol Security Extensions. The client can grant or deny access rights to a security principal for an entity by adding or removing access control entries (ACEs) from the security descriptor's discretionary access control list (DACL).
For example, the client might be an e-commerce application that sells access to research reports. After a customer pays for access to a given report, the application retrieves the security descriptor for the appropriate document, updates it to grant access to the security principal that represents the customer, and sets it on the server. For examples of how a client retrieves and sets the security descriptor, see section 4.