[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Access Control document

Sounds good - re the document - so please send.

regards
PS Datacraft was sold to others - the Defence/Directories part became a
new company call (music and fanfares please :-)) OpenDirectory - a
brilliant world leading supplier of excellent directory products ..
(what else would I say)

> -----Original Message-----
> From:	M.Pohlman [SMTP:coradon@ix.netcom.com]
> Sent:	Wednesday, February 11, 1998 5:37 AM
> To:	Alan Lloyd; Steve Kille
> Cc:	ietf-ldapext@netscape.com; ietf-asid@netscape.com;
> Frank@netscape.com; alexis.bor@directoryworks.com; howes@netscape.com;
> aschwarz@uoknor.edu; jliedel@ford.com
> Subject:	Re: Access Control document
> 
> Alan & Steve
> 
> I would be happy to volunteer to undertake a portion of this
> evaluation.
> While at on a recent contract at a Fortune 2 Client, Access Control
> was one
> of the points of contention between the Pure LDAP camp which supported
> products such as MS ADS and Netscape LDAP directory server and the
> X.500
> camp who supported products such as DataCraft and Control Data. Three
> members of this group Tim Howes, Frank Chen (Netscape) And Alexis Bor
> (Directory Works) are familiar with the project, the debate that took
> place
> and the work that was produced.
> 	As an independent party I have no qualms about modifying the
> LDAP standard
> to be more consistent with either X.500, NIS+ or any other established
> Access Control model. However, in many ways the current standards
> themselves are lacking in the realm of adaptability to client/server
> and
> object based distributed systems.
> 	Given, I have the public blessing of two of the corroborating
> parties to
> share my findings with this group (Netscape & DataCraft). I would be
> happy
> to participate and share several months' worth of directed research
> into
> potential LDAP/x.500 Access Control models & issues with any
> interested
> party.
> 
> Marlin Pohlman
> Coradon Consulting, Inc.
> 
> ----------
> > From: Steve Kille <S.Kille@isode.com>
> > To: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
> > Cc: ietf-ldapext@netscape.com; ietf-asid@netscape.com
> > Subject: Re: Access Control document
> > Date: Tuesday, February 10, 1998 2:29 AM
> > 
> > Alan,
> > 
> > Thanks for making this suggestion.   It would seem to me that IF the
> X.500
> > access control meets the requirements (or meets most of them, and it
> is
> > clear that it can be adapted to meet most or all of the remainder)
> then
> > there is a very strong case for using it as:
> >   1) It is an open standard already supported by a number of vendors
> >   2) It is clearly a natural fit with LDAP, which is based on X.500
> >   3) It will save the contentious work of defining something from
> >      scratch.
> > 
> > I'd be interested to understand if anyone disagrees with this??  
> > 
> > It seems to me unlikely, given the extensive list of requirements,
> > that a specification for Access Control which meets this list of
> > requirements is going to be much simpler than the X.500 one.   I can
> > see a case for a very simple access control scheme, but this is just
> not
> > going to arise from this requirements list.
> > 
> > It seems to me that a useful piece of work would be to evaluate the
> > X.500 access control specification (probably including the recent
> X.500(1997)
> > work, which focussed on many security aspects, including extending
> > access control in a number of useful ways) to see how far it meets
> the
> > requirements that this group is developing.   It would be a nonsense
> > to use the X.500 specifications if they did not meet the
> requirements.
> > 
> > We need to find someone to undertake this evaluation?  Ideally, this
> > should be someone "neutral" whose commercial postion would not be
> > significantly be affected by this decision.   I appreciate that it
> may
> > be hard to find someone who is both neutral and able to do the work.
> > 
> > 
> > 
> > Steve Kille
> >