[Date Prev][Date Next]
Re: draft-ietf-ldapbis-protocol - controls
Kurt D. Zeilenga wrote:
But this does not address a distributed environment where a server
chaining a request may not know the capabilities of the servers it may
chain a request to. A search request or a tree delete request may be
chained to multiple servers, each with different capabilities. The only
way to enforce the requirements you have stated is to never apply the
At 10:14 PM 3/31/2005, Mark Ennis wrote:
Kurt D. Zeilenga wrote:
At 08:49 PM 3/31/2005, Jim Sermersheim wrote:
I believe the broad interpretation of "appropriate" leads to
far more interoperability problems than the narrow view. I'm
glad to see that you don't believe a control can be partially
This, I think, needs to be made crystal clear.
A control which results in modification of multiple objects must
not be partially applied, but what about a control that modifies
the behaviour of a query?
Meaning that given a request+control where the control is
non-critical, the server is to perform either the operation indicated
by the request OR to perform the operation indicated by
The server cannot perform a portion of the operation as indicated by
request+control and a portion of the operation as indicated by
request. For instance, it would be inappropriate for a server, in
response to a search+manageDsaIt request, to only apply the semantics
indicated by the manageDsaIt to a subset of the results. The server
is obligated to apply those semantics across all results or no
The example I quote is a request for information about what parts of
entries are modifiable, not a request to modify anything. Again, in a
distributed environment, servers supporting the control may return a
control response indicating the information as requested. Servers not
supporting the control may ignore the control. The application of the
control in this case would be "partial" and quite safe.
A control requesting extra information from each entry in a search
result, for example a control to reproduce the behaviour of the
modifyRightsRequest in a DAP read operation, may be partially
applied, without having any serious implications.
Different kind of "apply". If the prescribed semantics of the
operation indicated by request+control allow for some of these
modifications to be applied to the DIT and others not, that fine. But
if the prescribed semantics of this operation required that all or
none of these modifications to be applied to the DIT, then that's
what has to be done in performance of that operation.
This assumes complete knowledge by the server of how the control will be
applied over the entire area affected by the operation. In a distributed
environment, this knowledge cannot be guaranteed, meaning the above
requirements can only be met by never doing request+control in these
To what extent should the allowance to partially apply a control be
regulated by the specification controlling the infrastructure, i.e.
[protocols], versus the control specification?
The control specification defines what operation to perform in
response to a request+control message.
Where the control is non-critical, the server has a choice of perform
either: the operation indicated by the request as extended by the
control or the operation indicated by the request.
Performing some other operation is not an option.
For example, a control specification for a tree delete control
should include a discussion of considerations relating to
application of the control in a distributed environment or across
different contexts, regardless of what [protocols] may say.