rather than adding a few examples among the descriptions, I used the two given examples at the end of the new text like this:
The descriptions provided here do not fully account for result code substitutions used to prevent unauthorized disclosures (such as substitution of noSuchObject for insufficientAccessRights, or invalidCredentials for insufficientAccessRights).
This way we don't give the impression that we're either prescribing substitution, or covering all cases.
>>> "Jim Sermersheim" <firstname.lastname@example.org> 10/23/05 11:06:48 am >>>
I don't have a problem with this. Anyone else?
>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 10/22/05 9:23:55 am >>>
To better handle "don't disclose" provisions in authorization
systems, I suggest the following changes be made to
In 4.1.9, after:
The server should return the result
code that best indicates the nature of the error encountered.
Servers may return substitute result codes to prevent
In the appendix A, replace:
Servers may substitute some result codes due to access controls which
prevent their disclosure.
The descriptions provided here do not fully account for
result code substitutions to prevent unauthorized
An alternative to the latter would be to attempt to fully
account for possible result code substitutions. However,
given that authorization is a local matter, and hence
implementors likely have a wide range of views of the
kinds of information that they might want to prevent
disclosure of, that seems a bit of a rat hole. However,
it might be good to note some of the obvious cases
(noSuchObject for insufficientAccessRights,
invalidCredentials for insufficientAccessRights)
in individual descriptions.