[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: LDAP ACLs
> -----Original Message-----
> From: Paul Leach [SMTP:paulle@microsoft.com]
> Sent: Thursday, April 30, 1998 7:41 AM
> To: Leslie Daigle
> Cc: ietf-ldapext@netscape.com
> Subject: Re: LDAP ACLs
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Neither a standardized replication protocol nor standardized ACLs are
> absolutely needed for white pages applications.
Can I disagree here - and no doubt thousands of others would
too.
eg. why is there so many copies of the white pages on this
planet and why are the master copies protected.
> But if we're going to have ACLs, then they shouldn't force systems
> with well designed security that conforms to standard criteria for
> secure system design, to compromise security. If we can't "focus" on
> that, because we don't understand it well enough, then that says that
> it is premature to standardize on ACLs.
>
Perhaps this is true in the context of LDAP development which
considered X.500 too complex - because that contains ACI
So does this mean that the LDAP development process is nearing
completion and is and can only be just an access protocol and not a
directory system standard.
regards alan
> - ---------------------
> Paul J. Leach <paulle@microsoft.com>
> PGP Key ID: 0x978829DD
> Fingerprint: 9EFA A405 39B4 F91F DE6F 8939 6FE9 F5D8
> Key Servers: http://pgpkeys.mit.edu:11371 ldap://certserver.pgp.com
>
> - -----Original Message-----
> From: Leslie Daigle <leslie@Bunyip.Com>
> To: Paul Leach <paulle@microsoft.com>
> Cc: prasanta@netscape.com <prasanta@netscape.com>;
> ietf-ldapext@netscape.com <ietf-ldapext@netscape.com>
> Date: Wednesday, April 29, 1998 1:53 PM
> Subject: Re: LDAP ACLs
>
>
> >
> >Paul,
> >
> >Without saying it wouldn't be useful to have the capability
> >you describe, I think it is fair to say that your proposal is
> >well beyond the scope of anything this group should focus on.
> >
> >I.e.,
> >
> > i. If such a Universal ACL registry existed, it would
> > be fair to say that LDAP should be made to use it.
> > So, when you've defined, standardized and deployed
> > it (*), come back to LDAPEXT++ and make that proposal.
> >
> > ii. If you want to say that LDAP is not just for people
> > anymore, but can be used successfully to solve access
> > issues for all information objects on a machine (as
> > you've laid out: file systems, registries, etc), then
> > set up a separate initiative to demonstrate the applicability
> > of LDAP for the task, etc.
> >
> >But, I don't think it's appropriate to hold up/expand immeasurably
> the
> >development of extensions necessary to carry out the basic purpose
> for
> >which LDAP was developed (i.e., whitepages) because you see a
> particular
> >application for the protocol.
> >
> >Leslie.
> >
> >
> >(*) note the order of operations...
>
> >---------------------------------------------------------------------
> --
> - -----
> >
> > "_Be_ Leslie Daigle
> > where you
> > _are_." Bunyip Information
> Systems
> > (514) 875-8611
> > -- ThinkingCat leslie@bunyip.com
>
> >---------------------------------------------------------------------
> --
> - -----
> >
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 5.5.5
>
> iQCVAwUBNUeed8qlCdSXiCndAQEp/QP/f3nIyWRVuxLdR3g5zYWIXPRDJFGzFrxf
> MFgu0yQyvxE3z7i7U65eLIpBN+SbkOc/UjDjse4Ad+uSKn7I8jwNEfkeyvpw39Pz
> fDTxh321t11iOQrLW3xYF2MC4CxTIJHm6mgcbIc5DEk/UIRykEfsSXV7oPPYTTBs
> AcNr/pK/WkM=
> =g+g5
> -----END PGP SIGNATURE-----
>