: : Maybe David or someone from the X.500 crowd could comment on : why X.500 does not recursively evaluate groups and roles their : ACM.
I'd like to hear it. There are cases that come up frequently in my life (e.g. tiered support organizations) where nested groups are really important and useful as a way to control administrative overhead and reduce the chances of making security mistakes.
: X.500(93): : nested groups are not supported when evaluating access controls. :
============================================== Bruce Greenblatt, Ph. D. Directory Tools and Application Services, Inc. http://www.directory-applications.com