Bruce,
I think there are some important differences between this controlType
idea and Application Defined Permissions:
1. ADPs are informational only, the controlType would affect directory
operations that had controls attached.
2. ADPs are motivated by considerations (however worthy) from outside of
LDAP. The controlType is trying to address an extensibility that is
built into LDAP, namely the ability to define controls that modify
operation semantics.
Rob.
Bruce Greenblatt wrote:
>
> I would like to see this kept out of the main draft, and moved forward as a
> separate item. I think that the rationale that is applied here should be
> similar to what was applied in my "application defined permissions"
> draft. In actuality, I think that this is really pretty much the same as
> the mechanism that I defined in the draft:
> http://search.ietf.org/internet-drafts/draft-greenblatt-ldap-perms-00.txt
>
> Bruce
>
> At 03:08 PM 7/24/01 -0500, Ellen Stokes wrote:
> >Folks,
> >
> >Mark Davidson proposed a generalized permission for
> >controls in his note dated July 6 on ACM permissions.
> >-----------------------------------------------------------------------
-------
> >ACI = rights "#" target "#" generalSubject
> >
> >permission = "x" ; execute control
> >; permission u can only be used on controls
> >
> >target = "[all]" / "[entry]" / (attribute *("," attribute)) /
> >"[controls]" / (controlType *("," controlType))
> >
> >controlType is defined in RFC2251
> >
> >Control use - can use control where aci is active (this
> >replaces the g permission in a more general way)
> >-----------------------------------------------------------------------
--------
> >
> >The authors like this idea and are working on text to
> >incorporated this into the draft and move the
> >getEffectiveRights control (and permission) in line with
> >this proposal.
> >
> >We'll be putting a synopsis of this out shortly to the list.
> >
> >In the interim, any comments?
> >
> >Ellen
>
> ==============================================
> Bruce Greenblatt, Ph. D.
> Directory Tools and Application Services, Inc.
> http://www.directory-applications.com