[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP ACLs
-----BEGIN PGP SIGNED MESSAGE-----
- -----Original Message-----
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Date: Sunday, May 03, 1998 7:45 PM
>> -----Original Message-----
>> From: Paul Leach [SMTP:paulle@microsoft.com]
>> Sent: Sunday, May 03, 1998 10:14 AM
>>
>>
>> I do not doubt that, all other things being equal, everyone would
>> prefer a single ACL model. So would I. So did the people who
created
>> the "single ACL models" for IMAP and ACAP. So, there isn't going to
be
>> a "single ACL model", no matter how the WG votes. My proposal
merely
>> tries to recognize that fact.
>>
> Yes - perhaps the industry does - but there is no need to
>institutionalise that fact with confusing standards and apply them in
>every directory implementation. The directory ACL/I standard is to
>provide portability of ACI information between systems and the
ability
>to provide a common Authentication/ ACI policy across a number of
>interconnected servers(DSAs).
Excuse me, those were IETF ACL standards for "single ACL model" I was
talking about. So we've already lost portability.
>
> Does it not follow that as we evolve to X.509 based systems for
>authentication and signatures and these are applied to ACI models
>(otherwise how does ACI work if one cannot verify the user) and the
fact
>that people are mobile and want to acccess a DSA system from anywhere
- -
>that ACI needs to be consistent just like X.509 authentication
>processes.
Not at all. I, as a client, can access a DSA system from anywhere as
long as I can authenticate. I do not need to be able to manage ACLs to
be able to do that.
- -------------------
Paul J. Leach <paulle@microsoft.com>
PGP Key ID: 0x978829DD
Fingerprint: 9EFA A405 39B4 F91F DE6F 8939 6FE9 F5D8
Key Servers: http://pgpkeys.mit.edu:11371 ldap://certserver.pgp.com
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.5.5
iQCVAwUBNU51dcqlCdSXiCndAQFwAgP9F6DdohLxQrmIa34EevdxSB1xGFHEIaKU
0a6GLFT5iKBf6A1ffWYuJlTY8hyKF6yTJVSC36uAXC37zU773/IQWQpIp1Dr+EdT
T1JtN60HaJ3TuTB05aLF/F6aMKfTwpKni6NsYypIjIWoCaT5XT+7xybhFKsPQQGz
RNcShQvkOWo=
=lUGq
-----END PGP SIGNATURE-----