[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: Re: draft-ietf-ldapbis-protocol - controls

To: "Jim Sermersheim" <jimse@novell.com>
Subject: Re: Fwd: Re: draft-ietf-ldapbis-protocol - controls
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 01 Apr 2005 10:06:03 -0800
Cc: <ietf-ldapbis@OpenLDAP.org>
In-reply-to: <s24d1392.094@sinclair.provo.novell.com>
References: <s24d1392.094@sinclair.provo.novell.com>

At 08:25 AM 4/1/2005, Jim Sermersheim wrote:
>I also think we are not actually solving the real original issues of:
> 
>a) how does a server fronting other servers/services advertise support for extensions

A server only publishes what controls it recognizes.  The
client's expectation is that a server will ignore any control
which the server doesn't recognize.  However, the client
should expect servers to ignore other non-critical controls,
as the server might implement a different specification
which considers the control not to be applicable, or
the server is otherwise unwilling or able to perform the
operation as extended by these controls.  As you noted,
this expectation is necessary to set if were ever going
to support distributed directory services.

The issue now is whether the client expects the server to
return an error in this case, or does the client expect
the server to ignore the non-critical controls in
performing the operation.  I believe it reasonable and
quite appropriate for clients to expect servers to
provide service when the able and willing.

>b) how does that server treat non-critical controls as they are applied over the distributed servers/services

The same as it would in single server system... in
a manner consistent with the client's expectations.

Or more to the point, the client's expectations are the
same regardless of whether the service is distributed or
not.  Why do you think the server is free to ignore
some or all of those expectations simply because it
fronting a distributed service?

Kurt

>>>> Jim Sermersheim 4/1/05 9:23:30 AM >>>
>
>
>>>> Jim Sermersheim 4/1/05 9:09:34 AM >>>
>>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 3/31/05 10:43:16 PM >>>
><snip>
>
>>I think s/appropriate/appropriate in the server's determination/
>>would be appropriately vague.
>If the WG is fine with the added behavioral differences (at the benefit of added service) this brings, then fine. We can update with this, and even add that the operation + any controls is not to be applied in a partial manner.
> 
>It's still confusing to implementors and clients. Does "appropriate for the operation in the server's determination" extend to include "and the server is willing to perform it"? Meaning, if the server can (at some early or pre stage) determine that the user has insufficient rights to perform the operation + non-critical control, can it ignore the control? "Appropriate for the operation" (whether determined by the server or not), still seems to me to indicate that the control specification named that operation as one valid for the control to be attached.
> 
>I'm not sure the reader is left with an any more clear understanding of how to implement or what to expect. If we want the behavior to be what you and Howard are suggesting, then I think replacing the word "appropriate" altogether is better. It should say "If the server is able and willing to support...". 
> 
>That's what you're really saying isn't it?

References:
- Fwd: Re: draft-ietf-ldapbis-protocol - controls
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: Re: draft-ietf-ldapbis-protocol - controls
Next by Date: Re: Fwd: Re: draft-ietf-ldapbis-protocol - controls
Index(es):
- Chronological
- Thread