[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6247)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6247)
From: hyc@symas.com
Date: Sun, 16 Aug 2009 09:19:50 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Kurt@OpenLDAP.org wrote:
> With that, I leave determination of the technical suitability to the
> Project.

It took me several passes through this discussion and the README to understand 
what the intent of this code is. Just to make sure I get it, let me restate 
what I saw:

3 extended matching rules for comparing a timestamp attribute to the server's 
current clock.

I'm not sure why the 2 additional syntaxes are useful. If you want to define a 
generalizedTime attribute that cannot be compared for ordering, simply omit 
the ORDERING rule from the attribute's definition.

The use of negatives is rather confusing. In the example, instead of 
"nowNotBefore" and "nowNotAfter" I would simply have called them "startDate" 
and "endDate".

The language is also confusing in other areas, I don't understand what 
property you're trying to convey with the terms "dead center attribute" or 
"syntactically standalone attribute".

On a slightly related note, in the context of time-relative ACLs, it would be 
worthwhile to define a behavior for time-of-day comparisons (i.e., just 
compare hours:minutes:seconds, excluding year/month/day). Companies often want 
to limit access to resources to only a set of office hours, etc. Of course to 
properly handle the "office hours" case would also require day-of-week 
matching. That may be getting to be too complicated for this particular 
submission, but it seems closely related so I mention it here.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6247)
Next by Date: (ITS#6257) libldap: getopt flag to return the SASL username
Index(es):
- Chronological
- Thread