Naming of ACLs, Replication etc

[Steve Kille <S.Kille@isode.com>]

There has been quite a bit of discussions about LDAP ACLs and LDAP
Replication.

One of the nice things about LDAP (LD Access Protocol) is that it has
allowed a clean client/server protocol, which allows a range of
clients to connect to different systems with LDAP front ends.  

Access Control and Replication are system functions, which are needed
to build a distributed directory.   It seems to me that locking single
mechanisms for access control and replication onto this flexible
access protocol is a bad idea.  To me, this point has been emphasised
by the discussion which is looking at how this access control will
relate to ACAP/IMAP/WebDav.   

What I would like to suggest is that we restrict LDAP to being a
directory access protocol, and all agree to do this.   Extensions,
which are really extensions to this access protocol, can be called
this (e.g., LDAP Paged Results).  

However, system extensions, which are not directly tied into LDAP
should be called something else.  For example "Lightweight MultiMaster
Directory Replication Protocol (LMMDRP)".   Note that it would be
possible to build a directory which maintained replicas using LMMDRP,
which could be accessed by X.500 DAP and NDS, but not by LDAP.   

I think that this decoupling about how we refer to these
specifications will help general clear thinking as this work develops.


Steve Kille