[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap PICS

To: "'Mark Wahl'" <M.Wahl@INNOSOFT.COM>, Christopher Oliva <Chris.Oliva@entrust.com>
Subject: RE: ldap PICS
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Date: Mon, 1 Jun 1998 09:42:18 +1000
Cc: "'LDAP EXT'" <ietf-ldapext@netscape.com>
Delivered-to: ldapext-archive@critical-angle.com
Resent-date: Sun, 31 May 1998 16:44:01 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"wYJsb2.0.iT4._iUSr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Mark - these documents really are just "descriptive" statements ( must
support RFC...., etc) and do not provide the customer or the supplier
with the composite document that can be assessed at a detail level in
the procurement cycle.

PICS and ISPs although considered complex - actually do form part of a
commercial agreement for the supply of conformant/compliant products.
In addition LDAP at the moment is about 5%-10% of the system compared to
that as specified by X.500 and its PICS and ISPs. So having a few
descriptive papers, rather than tables specifying mandatory and optional
features  is possible - but like LDAP that "descriptive process" for
specification wont scale.


In addition the good old LDAP process decided (for some curious reason)
to take all the X.500 schema and attributes, including certificate
related stuff - and give them all different object identifiers that have
four times the length for LDAP to that of the ones used by X.500 - and
now the good old suppliers and systems engineers and customers have to
map all this stuff so they interwork.

Certificate processing for the global distributed EC world is impossible
in LDAP (non distributed) only systems - (unless one has the LDAP
configuration army)
Certificate processing for the global distributed EC world is possible
in LDAP access to X.500 directory systems - (but requires mapping of
things all over the place... the  LDAP configuration army). All
certificate path processing codes across this planet now have to deal
with pairs of object IDs for many attributes - WHY - good old LDAP!!!!

Certificate processing for the global distributed EC world is very
efficient in DAP and X.500 systems - (and no LDAP configuration army).


As Christopher said,  the directory industry and its customers are
having to provide systems which scale and interoperate. Its just that we
now have to map all this horrible LDAP stuff to something that is more
efficient, distributed  and provides the utility demanded by large scale
EC systems - namely X.500.
ie the global focus is now on providing dirtectory systems with LDAP for
limited access - NOT LDAP non distributed servers - but in the process,
ALL suppliers and customers have to carry the schema mess created - just
because somebody somewhere thought it would be a good idea to change
some international standards information identifiers for some longer and
less efficient ones just for LDAP.

The industry needs templates to show what LDAP features are supported,
how operations are mapped (LDAP/X.500) and how schema is mapped
(LDAP/X.500) - and this will be impossible to do if LDAP keeps on adding
more and more incompatable/unscaleable features.

Does the IETF - LDAP group want to work on this? 

regards alan 


> -----Original Message-----
> From:	Mark Wahl [SMTP:M.Wahl@INNOSOFT.COM]
> Sent:	Saturday, May 30, 1998 3:33 AM
> To:	Christopher Oliva
> Cc:	'LDAP EXT'
> Subject:	Re: ldap PICS
> 
> 
> You may wish to look at the draft Open Group profiles for LDAP located
> at
> http://www.critical-angle.com/test/profile which address most of these
> 
> issues: protocol versions, SSL/TLS versions, ciphersuites, operational
> attributes, subschema subentries, attribute syntaxes...
> 
> Mark Wahl, Directory Product Architect
> Innosoft International Inc. / Critical Angle Inc.
>

Follow-Ups:
- Re: ldap PICS
  - From: Mark Wahl <M.Wahl@INNOSOFT.COM>

Prev by Date: RE: ldap PICS
Next by Date: Re: ldap PICS
Index(es):
- Chronological
- Thread