[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: new internet draft - LDAP Extensions Style Guide
At 08:52 AM 8/16/00 -0400, Miklos, Sue A. wrote:
>clarification request, please - I interpret the first statement below (Bind
>discussion) to indicate that any authentication/authorization information is
>ONLY conveyed during the Bind argument/response exchange. Is this correct?
No. The restriction is that controls upon requests only impact
the operation associated with the request. This does not
imply that Bind is the only operation which may convey
authentication/authorization information.
>Can subsequent operations also convey information useful to an access
>control decision function?
Yes. Request control can convey such in the context of the
operation they are attached to. And one can define extended
operations which convey such information. And, of course,
the access control may use other factors in the decision
function (such as IP host/port, sky is green, msgid is prime).
Kurt