[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP ACLs

To: "Leslie Daigle" <leslie@Bunyip.Com>
Subject: Re: LDAP ACLs
From: "Paul Leach" <paulle@microsoft.com>
Date: Wed, 29 Apr 1998 14:41:12 -0700
Cc: <ietf-ldapext@netscape.com>
Delivered-to: ldapext-archive@critical-angle.com
Resent-date: Wed, 29 Apr 1998 14:40:36 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"LfXoj2.0.At5.BvvHr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

-----BEGIN PGP SIGNED MESSAGE-----

Neither a standardized replication protocol nor standardized ACLs are
absolutely needed for white pages applications.

But if we're going to have ACLs, then they shouldn't force systems
with well designed security that conforms to standard criteria for
secure system design, to compromise security. If we can't "focus" on
that, because we don't understand it well enough, then that says that
it is premature to standardize on ACLs.
- ---------------------
Paul J. Leach <paulle@microsoft.com>
PGP Key ID: 0x978829DD
Fingerprint: 9EFA A405 39B4 F91F DE6F 8939 6FE9 F5D8
Key Servers: http://pgpkeys.mit.edu:11371 ldap://certserver.pgp.com

- -----Original Message-----
From: Leslie Daigle <leslie@Bunyip.Com>
To: Paul Leach <paulle@microsoft.com>
Cc: prasanta@netscape.com <prasanta@netscape.com>;
ietf-ldapext@netscape.com <ietf-ldapext@netscape.com>
Date: Wednesday, April 29, 1998 1:53 PM
Subject: Re: LDAP ACLs


>
>Paul,
>
>Without saying it wouldn't be useful to have the capability
>you describe, I think it is fair to say that your proposal is
>well beyond the scope of anything this group should focus on.
>
>I.e., 
>
> i.  If such a Universal ACL registry existed, it would
>     be fair to say that LDAP should be made to use it.
>     So, when you've defined, standardized and deployed
>     it (*), come back to LDAPEXT++ and make that proposal.
>
> ii. If you want to say that LDAP is not just for people
>     anymore, but can be used successfully to solve access
>     issues for all information objects on a machine (as
>     you've laid out:  file systems, registries, etc), then
>     set up a separate initiative to demonstrate the applicability
>     of LDAP for the task, etc.
>
>But, I don't think it's appropriate to hold up/expand immeasurably 
the 
>development of extensions necessary to carry out the basic purpose
for 
>which LDAP was developed (i.e., whitepages) because you see a
particular
>application for the protocol.
>
>Leslie.
>
>
>(*) note the order of operations...

>-----------------------------------------------------------------------
- -----
>
>  "_Be_                                           Leslie Daigle
>             where  you                           
>                          _are_."                 Bunyip Information
Systems
>                                                  (514) 875-8611
>                      -- ThinkingCat              leslie@bunyip.com

>-----------------------------------------------------------------------
- -----
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.5.5

iQCVAwUBNUeed8qlCdSXiCndAQEp/QP/f3nIyWRVuxLdR3g5zYWIXPRDJFGzFrxf
MFgu0yQyvxE3z7i7U65eLIpBN+SbkOc/UjDjse4Ad+uSKn7I8jwNEfkeyvpw39Pz
fDTxh321t11iOQrLW3xYF2MC4CxTIJHm6mgcbIc5DEk/UIRykEfsSXV7oPPYTTBs
AcNr/pK/WkM=
=g+g5
-----END PGP SIGNATURE-----

Prev by Date: Re: LDAP ACLs
Next by Date: RE: LDAP ACLs
Index(es):
- Chronological
- Thread