[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: delete permission



Date sent:      	Tue, 18 Jul 2000 16:55:52 -0500
To:             	d.w.chadwick@salford.ac.uk, ietf-ldapext@netscape.com,
       	bgreenblatt@directory-applications.com
From:           	Ellen Stokes <stokes@austin.ibm.com>
Subject:        	Re: delete permission

> David / Bruce,
> 
> I think the ldap model should use delete in the X.500 sense - the
> object must be a leaf entry.

agreed

> 
> However, subtree delete becomes interesting if/when we decide to
> surface the scope of ACI (entry/subtree) via your entryACI /
> subtreeACI proposal.  At that point in time, then the expired subtree
> drafts become interesting because you have a way actually invoke the
> subtree operation and apply access control to the operation.
> 

Unless I have misunderstood the current model, or you have 
misunderstood my proposal, I think the separation out of subtree 
ACI into a separate attribute type is irrelevant to the subtree delete 
operation.

David

***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************