[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: LDAP Access Control
-----Original Message-----
From: Tim Howes [mailto:howes@netscape.com]
Sent: Tuesday, June 09, 1998 7:09 PM
To: ietf-ldapext@netscape.com
Subject: LDAP Access Control
Hi all. It appears to Mark and me, your LDAPEXT co-chairs,
that the ACL discussions have broken down and are no longer
producing anything constructive. This message is our attempt
to put things back on track. To do this effectively, we need
your help and participation. Please read this message
carefully and respond to the questions posed.
We are not taking a vote, we are simply trying to gauge the
consensus in the group. There have been several vocal views
expressed, and we need to determine which ones (if any!) have
the support of the group. If this looks like rehashing of
old ground, please bear with us one more time. Please note
that the reply-to on this message points to Mark and me. If
you would like to reply to the whole list, please feel free
to do so.
QUESTION 1: Do you believe LDAPEXT should be trying to define
requirements, framework, and/or a model for access control in
LDAP directories?
[RBW] If not LDAPEXT, who? If LDAP is going to be useful, interoperable,
and commercially viable, coherent access control across implementations
is a necessity (IMHO). The longer it takes, the more liklihood of
proprietary solutions attempting to coerce the marketplace.
QUESTION 2: Do you basically support the access control
requirements draft (draft-ietf-ldapext-acl-reqts-00.txt)?
[RBW] YES
QUESTION 3: Do you basically support the access control model
draft (draft-ietf-ldapext-acl-model-00.txt)?
[RBW] YES
QUESTION 4: Do you think we should adopt the X.500(1993)
basic access control model as the starting point for the LDAP
access control model?
[RBW] NO
QUESTION 5: Do you think we should specify only a framework
for identifying access control models, and not define a
single standards-track model for LDAP at this time?
[RBW] A framework doesn't provide interoperability. We would look at a
single standards-track model, supported by major vendors, as a sign of
LDAP's long term viability in an enterprise security environment.
Please let us know what you think. If nobody responds to
these questions, we'll assume that you support the direction
stated in the charter and worked on in the group so far,
which is to define an LDAP access control model, and to
support the requirements and proposed model drafts.
Tim Howes and Mark Wahl
Ronald Becker Williams e-mail:ronald.b.williams@kp.org
Application and Security Architecture vox:(626) 564-7680
Technology & Systems Planning fax:(626) 564-7219
Kaiser Foundation Health Plan, Inc. pager:(626) 456-8844