[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Access Control

To: howes@netscape.com, Mark Wahl <m.wahl@critical-angle.com>
Subject: Re: LDAP Access Control
From: Sanjay.Jain@software.com (Sanjay Jain)
Date: Wed, 10 Jun 1998 11:39:33 -0700
Cc: ietf-ldapext@netscape.com
Delivered-to: ldapext-archive@critical-angle.com
Organization: Software.Com
References: <357DEAB7.696B6654@netscape.com>
Resent-date: Wed, 10 Jun 1998 11:49:56 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"rcJQr3.0.nX6.ILjVr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Tim Howes wrote:

>
>
> QUESTION 1: Do you believe LDAPEXT should be trying to define
> requirements, framework, and/or a model for access control in
> LDAP directories?

Yes. All.

>
>
> QUESTION 2: Do you basically support the access control
> requirements draft (draft-ietf-ldapext-acl-reqts-00.txt)?

Yes.

Not sure if there is a requirement that LDAP ACLs should be mappable
to/from X.500 ACLs.  If not, then do we need such a requirement.

>
>
> QUESTION 3: Do you basically support the access control model
> draft (draft-ietf-ldapext-acl-model-00.txt)?

Not sure.

>
>
> QUESTION 4: Do you think we should adopt the X.500(1993)
> basic access control model as the starting point for the LDAP
> access control model?

I would prefer a simplified or subset of X.500 ACL model which meets
theLDAP ACL requirements.  LDAP and X.500 have so many similarities in
the
information model, why create another entirely different ACL model for
LDAP.

>
>
> QUESTION 5: Do you think we should specify only a framework
> for identifying access control models, and not define a
> single standards-track model for LDAP at this time?
>

I think we need both.

sanjay

References:
- LDAP Access Control
  - From: Tim Howes <howes@netscape.com>

Prev by Date: RE: LDAP Access Control
Next by Date: Re: LDAP Access Control
Index(es):
- Chronological
- Thread