[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP ACLs

To: "Leslie Daigle" <leslie@Bunyip.Com>
Subject: Re: LDAP ACLs
From: "Paul Leach" <paulle@microsoft.com>
Date: Wed, 29 Apr 1998 14:54:36 -0700
Cc: <ietf-ldapext@netscape.com>
Delivered-to: ldapext-archive@critical-angle.com
Resent-date: Wed, 29 Apr 1998 14:54:05 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"N1y0u.0.0R6.o5wHr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

-----BEGIN PGP SIGNED MESSAGE-----


- -----Original Message-----
From: Leslie Daigle <leslie@Bunyip.Com>
To: Paul Leach <paulle@microsoft.com>
Cc: prasanta@netscape.com <prasanta@netscape.com>;
ietf-ldapext@netscape.com <ietf-ldapext@netscape.com>
Date: Wednesday, April 29, 1998 1:53 PM
Subject: Re: LDAP ACLs


>
>Paul,
>
>Without saying it wouldn't be useful to have the capability
>you describe, I think it is fair to say that your proposal is
>well beyond the scope of anything this group should focus on.
>
>I.e., 
>
> i.  If such a Universal ACL registry existed, it would
>     be fair to say that LDAP should be made to use it.

No such registry is needed. OIDs can be generated in a decentralized
fashion. LDAPEXT can define one OID, and one of the ACL formats. We'll
define another one of each.

>     So, when you've defined, standardized and deployed
>     it (*), come back to LDAPEXT++ and make that proposal.

>
> ii. If you want to say that LDAP is not just for people
>     anymore, but can be used successfully to solve access
>     issues for all information objects on a machine (as
>     you've laid out:  file systems, registries, etc), then
>     set up a separate initiative to demonstrate the applicability
>     of LDAP for the task, etc.

Have you seen NT5 beta 1? It's LDAP DS  has much more than people in
it (computers, disk volumes, sites, groups, organizations, to name a
few -- about 300 classes in all), even though it doesn't yet fully
integrate all files and registry objects.

Have you heard of the Directory Enabled Networks initiative? 

Is it so hard to believe that AV pairs, one of the oldest ideas in
computer science, have been used in many contexts, and that they can
be fetched with many protocols?

>
>But, I don't think it's appropriate to hold up/expand immeasurably 
the 
>development of extensions necessary to carry out the basic purpose
for 
>which LDAP was developed (i.e., whitepages) because you see a
particular
>application for the protocol.

Turning a blob into a blob preceded by an OID shouldn't hold things up
long at all, if we could just agree to it.

- ---------------------
Paul J. Leach <paulle@microsoft.com>
PGP Key ID: 0x978829DD
Fingerprint: 9EFA A405 39B4 F91F DE6F 8939 6FE9 F5D8
Key Servers: http://pgpkeys.mit.edu:11371 ldap://certserver.pgp.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 5.5.5

iQCVAwUBNUehnMqlCdSXiCndAQEPIwP9HxsSFVN9MgpMHhNF7RW2d4qnaQ+D+1Yq
uIV7ByY+mirzOZmZyfdKHyNvGJBvOy5nPJkLfhl6k3Cn6MLYOvKUXyRodlFBz02n
Mm8xVd9e5hlnG4TlFYMjHAori7+9mrxu/c0YdGY5NqGE+SkpSv+CP6hr4SVmiNAZ
NZPcN5bRveQ=
=TGnb
-----END PGP SIGNATURE-----

Prev by Date: RE: LDAP ACLs
Next by Date: RE: LDAP ACLs
Index(es):
- Chronological
- Thread