Re: Naming of ACLs, Replication etc

[Steve Kille <S.Kille@isode.com>]

Bruce,

It was sloppy of me not to review the charter prior to sending my
message.   Let me comment on your extracts from the charter:

 >"LDAPv3
 >defines an information model and an authentication model, allowing
 >information to be protected via access control. 

Apart from a minor quibble that LDAPv3 uses the X.500 information
model (and thus the definition is by reference), this is basically
correct.

 >But LDAPv3 defines no
 >standard representation or semantic for this access control information.

OK

 >This work item will be to define such a standard access control model.

I would suggest changing this to "model or models".   

 >about access control.  The general overview from the charter says: "LDAP
 >version 3 has laid a solid foundation for directory access on the Internet.

Agreed.

 >More work is needed to provide a full Internet directory service. 

Agreed.   

There is an implicit statement here that this WG will undertake the
work to define this directory service.   


 >The LDAP
 >Extension working group will define and standardize extensions to the LDAP
 >version 3 protocol and extensions to the use of LDAP on the Internet."

There are two more implicit assumptions here:

1) The Internet Directory Service should be called LDAP.

2) The Internet Directory Service should be built by use of extensions
to LDAP.

I disagree strongly with both of these assumptions.   

The charter needs to state clearly what LDAP is intended to be, and
the relationship between LDAP and the "full Internet directory service".  

I think that if this is stated clearly, that the answer to my original
questions will "come out in the wash".  


Steve