Security: Certificates
Could have certificates issuable which mean “I have permission to write to this resource” even though certificate holder is not known
Would access certificates override the access list?
Should we support this use of certificates?
DAV ACL design will be functional without certificate-based delegation.