[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap ACI draft status (from version 08)



Folks,

Since the release of version 8 of the ldap access control
model draft, we've been attempting to close the open items.
This note reflects the state of those open items.
You will also see separate additional notes on each remaining
open item.  The plan is to resolve in the next 2 weeks so the
draft can be updated and a last call issued right after the
IETF meeting in August.

Resolved items:

1.  expansion of groups/roles...  reference Rob Byrne's note
of July 10 that sketches the resolution.

2.  authnLevel:  From discussion on the mailing list after
the issuance of draft 07, consensus was reached to change
authnLevel to reflect hierarchical levels and not authn
mechanisms.  After issuance of draft 08, the number of
comments solicited on this topic per Rob Byrne's July 13
note on authnLevels did not produce a statistically
compelling reason to change the draft (3 (different) responses.
So authnLevel as defined in draft 08 will not change.

3.  Use of subentries will be removed from new draft...reference
note from Kurt Z. and Ellen S. on prescriptive and subentry ACI
of July 18/19.


Open items:

1.  generalization of permission for controls: (Mark Davidson
of July 6 on ACM permission)

2.  too many permissions:  proposal from author Rob Byrne to
remove some permission, reference note July 13 on too many
permissions

3.  equality matching of ACI:  proposal from Steven Legg,
reference note July 19/20 on Equality Matching of ACI Values

Separate notes on these items will be emailed shortly.

Ellen