[Date Prev][Date Next] [Chronological] [Thread] [Top]

Disclose on Error

To: <ietf-ldapext-acm@OpenLDAP.org>
Subject: Disclose on Error
From: "Jim Sermersheim" <JIMSE@novell.com>
Date: Wed, 26 Apr 2000 11:32:10 -0600
Content-disposition: inline

I said I'd look into this since it came up on the results code draft. After reviewing our messages, I remembered what the issue was.

We deferred talking about it much because we decided it would be taken care of in the ACM draft (I was chasing my tail for a while there).

I think the way it's done in X.500 - which is via another permission - is ok, except for one thing. I believe most server implementations today *do* disclose on error. If we added this as a new permission, and if we state that in the absence of a grant, the default is deny, servers will have to act as if 'disclose on error' is turned on by default. I don't think that's a big problem though - especially since server implementations are going to need to be rev'd in order to implement ACM anyway.

So, if we decide to add a disclose on error permission, what should its mnemonic be? Would it be easier to relax the notion of limiting them to a single character?

Jim

Prev by Date: BNF with Auth Meth subject
Index(es):
- Chronological
- Thread