[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Standards and APIs (C LDAP API: security considerations)



>> One man's application is another man's vendor. 
>>  
>> The classical reason for standard APIs is so that you can have one  
>> application running on multiple platforms, or multiple OS  
>> versions, and have the results of that application be the same. 
>
>I don't disagree as far as it goes -- I'm just adding "results of that
>application be the same when the configured policies are the same". 

I'd suggest that to achieve this in a _standard_ API, one would also need
to specify the policy configuration options that must be provided, and
their effect on the behaviour of an API implementation, and possibly even
the mechanisms for configuring policies.  Without this, applications that
wish to depend on some particular (policy-definied) behaviour are left out
in the cold;  or, they use an API subset for which full semantics are
defined, which brings us back to Harald's position.

I suspect that policy configuration could turn out to be a rathole.

#g

------------
Graham Klyne
(GK@ACM.ORG)