[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Standards and APIs (C LDAP API: security considerations)



Paul,

If you are talking about policies whose effect is to allow/disallow an
action, then I agree.

OTOH, policies that result in different behaviours for a given operation
(which I understood --maybe incorrectly-- to be the case with referrals),
then I think that is a different kind of consideration.

#g
--

At 11:14 17/11/99 -0800, Paul Leach (Exchange) wrote:
>> Without this, 
>> applications that
>> wish to depend on some particular (policy-definied) behaviour 
>> are left out
>> in the cold;  or, they use an API subset for which full semantics are
>> defined, which brings us back to Harald's position.
>
>Applications shouldn't need to depend on certain policies being configured.
>"Policy" is not the same as configuration "options". 
>What applications will have to do is to be able to cope with being told an
>action is denied by policy. Just like they have to cope with authentication
>failures or "access denied".

------------
Graham Klyne
(GK@ACM.ORG)