Re: increasing complexity - draft-ietf-ldapext-acl-model-08.txt

[Ryan Moats <rmoats@lemurnetworks.net>]

On Fri, Jul 06, 2001 at 11:09:14AM +0100, Mark Davidson wrote:
> 
> > > - remove authnLevel.  Don't add integrity/confidentiality
> > >   factors.
> > 
> > Having read the draft, either the authnLevel should be
> > removed or just auth mechanisms listed.  The current proposed
> > bucketization of authnLevel is a receipe for interoperability
> > nightmares.
> > 
> 
> I disagree that this is an interop nightmare. When an admin
> is constructing an ACI using an authnLevel, they are interested
> in the probability that an authenticated user is who they claim
> to be.

Sure, but that's going to depend on what the directory is used
for.

> Two systems may allow different mechanisms, but the mechanisms
> can be mapped onto the different strengths, so I think it would
> aid interop.

I couldn't disagree more.  The problem is when two different
mechanisms are mapped into the *same* strength level.  An (admittly
skewed) example is that one system has simple/passwd classified as
*strong* because, for its uses, it qualifies.  Now, (through
M&A say) a second system is added administered by a *different* administrator
who decided that strong would only be SASL/<whatever>.  Once replication
starts, strange things are going to happen.

> The strength level 'buckets' also help when a mechanism is depricated
> for some reason (eg Cram-MD5 would not have been categorized as
> weak a few years ago), or when a new mechanism is added to the server.

Listing the mechanisms solves the deprication question as well.

Ryan