[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Naming of ACLs, Replication etc
Tim,
>From: Tim Howes <howes@netscape.com>
>To: Steve Kille <S.Kille@isode.com>
>Subject: Re: Naming of ACLs, Replication etc
>Date: Fri, 08 May 1998 09:20:01 -0700
>Hi Steve,
>
>One of the goals of this group is to develop a standard access
>control model for LDAP. Under this charter, it is very likely
>that anything this group produces in this area will be titled
>"LDAP Access Control Model" or something pretty darn close.
>Asking to keep LDAP out of the title is like asking the group to
>change its charter. While it's possible to have that discussion
>again, we already had it once and came to consensus. What new
>information or argument do you have that could cause us to talk
>about changing our charter? Keeping LDAP out of the title also
>does not solve the problem. I think it will only cause more
>confusion, not less.
A consequence of my proposal is that the charter should be changed.
This is a shift of emphasis, not a total replacement. It is very
reasonable and normal for groups to evolve their charter in light of
discussions and work done. Let me try to set out what I think the
charter should say:
1) Work to set out requirements for access control for directories
accessed by LDAP.
2) Evaluate whether, and to what extent, X.500 access control meets
the requirements of 1.
3) State explicitly whether or not the WG views that X.500 access
control is a suitable approach for providing access control in a
directory accessed by LDAP. If necessary, write a specification as
to how to do this.
4) Decided if one or more other access control mechanisms are needed
for directories access by LDAP, and develop specifications as needed.
****
Let me comment briefly on this charter:
1 and 4 are essentially what is currently in the charter. I have
broadened 4 to allow multiple access control schemes, as I think that
the arguments advanced by Chris Newman as to there being the need for
multiple schemes are powerful ones.
2 was an action from the last WG meeting, and is just adding this to
the charter.
3 is giving an action which arises from 2. Currently the group can
only choose to accept or reject X.500 access control. This option
allows the WG to say "X.500 access control is cool, but we think there
needs to be an alternative". It also ensures that the conclusions of
2 are made explicit.
I think that talking about "directories access by LDAP" rather than
"LDAP directories" more clearly and sensibly frames the work.
There should be something similar for replication.
>
>On the subject of multiple access control models, I agree there
>will be multiple models around, perhaps indefinitely. And we
>must address this so, for example, replication does not occur
>between servers with different models. But that's not an
>argument for not developing a standard model.
>
>Maybe I'm misinterpreting you, but it sounds like you'd rather
>have the X.500 ACL model compete with other models in the market
>than try to get the group to agree that the X.500 model should
>be adopted as the standard one. I'd rather we at least have the
>debate first. What's been missing from this debate with
>respect to X.500 is more people like you - knowledgeable
>advocates of the technology who can make a coherent complete
>proposal about what it means to use X.500 as the model, how
>it satisfies the requirements, where it falls short, etc.
>The input we've had so far has not been in the form of a
>proposal.
I am happy that X.500 access control is a good specification. I
don't feel the need to justify this to an IETF WG (and suspect that
other vendors who have implemented X.500 feel the same).
I don't think that this IETF WG should be deciding whether X.500
access control or something that it chooses to define should be the
standard way to do access control for directories access by LDAP.
It would be remarkably arrogant for an IETF WG to make an official
yes/no judgement on an ISO/ITU standard. If the WG wants to adopt the
ISO/ITU standard this is fine. If it does not, then lets let the
market decide.
>
>I see no evidence that having standard LDAP access control
>is controversial. You and other X.500 vendors most of all
>should not find this controversial. What seems to be
>controversial is whether LDAP will adopt the X.500 model
>or not. The way to fix this is for you and other X.500
>fans to get involved in the group and make your case for
>the technology. Giving up on standardizing something just
>because you fear there may be controversy over which model
>is selected or designed, or that it might not be the
>technology you advocate is no answer.
Consider the following:
1) The LDAP WG decides to standardize on X.500 Access Control. If a
vendor implements a proprietary access control scheme in it server, is
this a valid LDAP implementation?
2) If the LDAP WG decides on its own access control, is a directory
which implements X.500 Access Control a valid LDAP implementation?
I think that both of these should be considered to be valid LDAP
implementations.
I am happy to see a standards track access control mechanism defined
by an IETF WG. I am not happy to see this called "LDAP access
control", as I think that binding the access control mechanism tightly
to the directory access protocol is a fundamental mistake.
> -- Tim
>
Steve