[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)

To: d.w.chadwick@salford.ac.uk
Subject: Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 25 Jul 2000 07:55:05 -0700
Cc: ietf-ldapext@netscape.com
In-reply-to: <397DA9D3.13775.1330CC2@localhost>
References: <4.3.2.7.0.20000723104708.00af3e40@infidel.boolean.net> <397ABA5E.13298.41E1213@localhost>

At 02:53 PM 7/25/00 +0100, David Chadwick wrote:
>Kurt said
>
>> Though both X.500 subentry and ldapACI offer sophisticated
>> scoping specification mechanisms, the X.500 subentry is a general
>> mechanism which can be applied to numerous features.  That is, a
>> server can implement the subentry complexity once and then apply it to
>> multiple features.  ldapACI's mechanism is specific to the feature it
>> provides.   Other attributes would have to define it's own scoping
>> mechanisms (or use X.500's subentry provided mechanism).
>> 
>
>I am not sure whether you are arguing for or against the X.500 
>subentry type of mechanism in your statements above? Or was it 
>just an observation?

I making a argument for a common scoping mechanism that can be
applied to multiple attributes.  I believe having per attribute
scoping mechanisms, such as ldapACI's subtree mechanism, is a
bad idea.

Kurt

References:
- Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
  - From: "David Chadwick" <d.w.chadwick@salford.ac.uk>
- Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
  - From: "David Chadwick" <d.w.chadwick@salford.ac.uk>

Prev by Date: refer-00.txt - separate attributes or options or object classes
Next by Date: Re: delete permission
Index(es):
- Chronological
- Thread