[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authmeth: Access controls vs. confidentialityRequired

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: authmeth: Access controls vs. confidentialityRequired
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 28 Sep 2004 22:30:54 +0200
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <6.1.2.0.0.20040928121516.048af3e0@127.0.0.1>
References: <HBF.20040927wd2r@bombur.uio.no> <6.1.2.0.0.20040927133725.041feec8@127.0.0.1> <HBF.20040928vgvg@bombur.uio.no> <6.1.2.0.0.20040928121516.048af3e0@127.0.0.1>

Kurt D. Zeilenga writes:
> At 11:23 AM 9/28/2004, Hallvard B Furuseth wrote:
>>Kurt D. Zeilenga writes:
>>> The choice of which code to return depends on what the
>>> server is trying to indicate.   For instance, if the
>>> server requires some form of data confidentiality to
>>> update the directory, returning confidentialityRequired
>>> is a good code to indicate that this requirement has
>>> been violated.
>> (...)
>>> However, if the server is willing to
>>> perform the operation but decides in that performance
>>> that some access control factor precludes completing
>>> that operation, insufficientAccessRights is good code
>>> to indicate this.
>>
>> I don't understand.  Sounds to me like either the first case is an
>> example of the second, unless you mean the second case is about how the
>> operation is implemented - that is, it starts performing the operation
>> and then runs into the access control factor, as opposed to discovering
>> the access control factor at once.  I don't see why that should affect
>> what the server says about why the operation was refused.
> 
> I'm trying to point out that the choice of code that
> is returned in such cases often depends on whether
> the decision to return the code was made within the
> access rights (authorization) subsystem or made within
> some other administrative control subsystem.

Well, yes, that's why I started this thread.  The natural way for the
server to do this does not seem to be the right way, unless it
explicitly provides another way than access control factors which should
be used to require a secure connection for access to an entity.

I've been waffling a bit over this, but lacking examples to the
contrary, I think the draft has it right 'in theory': The server MUST
return confidentialityRequired.  In practice, I suspect that's too hard
a requirement and only should be a SHOULD, with a warning that ignoring
the SHOULD can give severely misleading error responses.

-- 
Hallvard

Follow-Ups:
- Re: authmeth: Access controls vs. confidentialityRequired
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- authmeth: Access controls vs. confidentialityRequired
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: authmeth: Access controls vs. confidentialityRequired
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: authmeth: Access controls vs. confidentialityRequired
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: authmeth: Access controls vs. confidentialityRequired
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: authmeth: Access controls vs. confidentialityRequired
Next by Date: Re: authmeth: Access controls vs. confidentialityRequired
Index(es):
- Chronological
- Thread