RE: LDAP Access Control

[Bruce Greenblatt <Bgreenblatt@rsa.com>]

<snip>
 
> QUESTION 1: Do you believe LDAPEXT should be trying to define 
> requirements, framework, and/or a model for access control in 
> LDAP directories? 
> 
[> ]  yes!

> QUESTION 2: Do you basically support the access control 
> requirements draft (draft-ietf-ldapext-acl-reqts-00.txt)? 
> 
[> ]  YES!

> QUESTION 3: Do you basically support the access control model 
> draft (draft-ietf-ldapext-acl-model-00.txt)? 
> 
[> ]  I'd prefer to see something simpler.  See Requirement U1 in section
3.3 of the requirements!  It seems that there out to be something similar to
the Access Control Rules in the UMich 3.3 distribution that meets nearly all
of the requirements specified in the requirements document.

> QUESTION 4: Do you think we should adopt the X.500(1993) 
> basic access control model as the starting point for the LDAP 
> access control model? 
> 
[> ]  Not unless it can be shown to meet the requirements specified in the
requirements document.  I'm still waiting to see a draft that explains the
X.500 (1993) base Access control model that shows how it meets the
requirements specified in the requirements draft.

> QUESTION 5: Do you think we should specify only a framework 
> for identifying access control models, and not define a 
> single standards-track model for LDAP at this time? 
> 
[> ]  I think that both are needed!

> Please let us know what you think.  If nobody responds to 
> these questions, we'll assume that you support the direction 
> stated in the charter and worked on in the group so far, 
> which is to define an LDAP access control model, and to 
> support the requirements and proposed model drafts. 
> 
> Tim Howes and Mark Wahl 
>