[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Naming of ACLs, Replication etc
Bruce,
It was sloppy of me not to review the charter prior to sending my
message. Let me comment on your extracts from the charter:
>"LDAPv3
>defines an information model and an authentication model, allowing
>information to be protected via access control.
Apart from a minor quibble that LDAPv3 uses the X.500 information
model (and thus the definition is by reference), this is basically
correct.
>But LDAPv3 defines no
>standard representation or semantic for this access control information.
OK
>This work item will be to define such a standard access control model.
I would suggest changing this to "model or models".
>about access control. The general overview from the charter says: "LDAP
>version 3 has laid a solid foundation for directory access on the Internet.
Agreed.
>More work is needed to provide a full Internet directory service.
Agreed.
There is an implicit statement here that this WG will undertake the
work to define this directory service.
>The LDAP
>Extension working group will define and standardize extensions to the LDAP
>version 3 protocol and extensions to the use of LDAP on the Internet."
There are two more implicit assumptions here:
1) The Internet Directory Service should be called LDAP.
2) The Internet Directory Service should be built by use of extensions
to LDAP.
I disagree strongly with both of these assumptions.
The charter needs to state clearly what LDAP is intended to be, and
the relationship between LDAP and the "full Internet directory service".
I think that if this is stated clearly, that the answer to my original
questions will "come out in the wash".
Steve