Are attribute subtypes considered when calculating access
control information? In other words, if I have read permission to the "name"
attribute, does that automatically give me read permission to sn, cn, givenName,
etc?
I can't find any coverage of this in X.511 or the latest ACL
draft. Due to the lack of anyone talking about it, my assumption is that, no,
permissions do not flow down attribute inheritance chains, they must be
explicitly stated for each attribute.
Of course with LDAP, this brings up the question of whether
they apply to attribute type options. It seems to make sense, under most
circumstances, to apply them in this case. Oh, what a world - what a
world.
|