[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authorization (was: protocol-22 comments)
Jim Sermersheim writes:
>>>>>Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 3/9/04 7:20:19 AM
>>>>
>>> 4.2. Bind Operation
>>Here is a suggestion, though it's a bit long. Maybe the last sentence
>>should be dropped.
>>
>> Authorization is the decision of which access an operation has to
>> the directory. It may be affected by many factors, (...)
>
> I like the change but it still seems too specific. How about:
>
> Authorization is the process of enforcing policy while performing
> operations.
I prefer my variant of that sentence. A lot of policy is not
authorization, e.g.:
which bind methods and SASL mechanisms to allow,
parts of the the password policy internet-draft,
how to protect against denial of service attacks,
server-side size/time limits,
whether and when to time out idle connections.
The rest of your text is much better than my suggestion.
> Among other things, the process of authorization takes as
> input authentication information obtained during the bind operation
> and/or other acts of authentication (such as lower layer security
> services).
--
Hallvard