[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Standards and APIs (C LDAP API: security considerations)
Paul,
If you are talking about policies whose effect is to allow/disallow an
action, then I agree.
OTOH, policies that result in different behaviours for a given operation
(which I understood --maybe incorrectly-- to be the case with referrals),
then I think that is a different kind of consideration.
#g
--
At 11:14 17/11/99 -0800, Paul Leach (Exchange) wrote:
>> Without this,
>> applications that
>> wish to depend on some particular (policy-definied) behaviour
>> are left out
>> in the cold; or, they use an API subset for which full semantics are
>> defined, which brings us back to Harald's position.
>
>Applications shouldn't need to depend on certain policies being configured.
>"Policy" is not the same as configuration "options".
>What applications will have to do is to be able to cope with being told an
>action is denied by policy. Just like they have to cope with authentication
>failures or "access denied".
------------
Graham Klyne
(GK@ACM.ORG)