Re: Naming of ACLs, Replication etc

[dboreham@netscape.com (David Boreham)]

Alan Lloyd wrote:
> How on earth can you put into LDAP extensions which
> read access control
> when that is not defined. How does one deal with certficate paths and
> using attribute name values which point  into other contexts.
You don't need any extensions to the protocol for these functions.
Access control information is defined in terms of attributes with
values in DIT entries. Use attribute values which are URLs to
point to other contexts. This is the value of a strong and consistent
information model (which I think must be what you're calling
"object oriented" etc). There are entries with attributes, those have
values,
put your stuff in them, get it back out. Define what you stuff means
to yourself and anyone else sharing the information.
> oriented information systems and go to market that way - but one cannot
> design  obvject oriented scaleable distributed database standards from
> an access or communications perspective (IMHO).
There's always an explicit or implicit information model behind any
access protocol. In the case of LDAP, the model is derived from X.500.
Your statement about designing the information model from the protocol
is not applicable to LDAP (or any other protocol I can think of).
Are you saying that the X.500 information model is flawed in some way
?
If so, please tell us so we may use a better one for future LDAP work.
> It is easy to write a few pages for a new protocol and hype the name -
> its not so easy to write scaleable system design documents that the
> industry can follow..
Please post links to your documents so I may follow them.