[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Objections to draft-ietf-ldapext-psearch-01.txt
Alan Lloyd wrote:
audit records in, etc, etc -- how does one apply
a "control"
"capability/privilege" to users in a distributed world with things
like
this?? can we have different extension use/scope according to the
entries they involve??? Compatability is an issue.
Perhaps this was a rhetorical question, here's an answer:
In our implementation we create entries in a special DIT
location (under "cn=Features", from memory). There's
an object for each whacky extension, identified by the
control's OID. These entries can be subject to access control.
Access to the "feature entry" connotes the ability to use the
feature. This seems to simple and obvious, that I suspect
I've misunderstood Alan's point.