[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP Access Control

To: ietf-ldapext@netscape.com
Subject: RE: LDAP Access Control
From: "Williams,Ronald B" <Ronald.B.Williams@kp.org>
Date: Wed, 10 Jun 1998 14:38:37 -0700
Delivered-to: ldapext-archive@critical-angle.com
Resent-date: Wed, 10 Jun 1998 14:38:57 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"W2sGj2.0.X84.mplVr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

-----Original Message-----
From: Tim Howes [mailto:howes@netscape.com]
Sent: Tuesday, June 09, 1998 7:09 PM
To: ietf-ldapext@netscape.com
Subject: LDAP Access Control

Hi all. It appears to Mark and me, your LDAPEXT co-chairs, 
that the ACL discussions have broken down and are no longer 
producing anything constructive. This message is our attempt 
to put things back on track. To do this effectively, we need 
your help and participation.  Please read this message 
carefully and respond to the questions posed. 

We are not taking a vote, we are simply trying to gauge the 
consensus in the group. There have been several vocal views 
expressed, and we need to determine which ones (if any!) have 
the support of the group.  If this looks like rehashing of 
old ground, please bear with us one more time.  Please note 
that the reply-to on this message points to Mark and me. If 
you would like to reply to the whole list, please feel free 
to do so. 

QUESTION 1: Do you believe LDAPEXT should be trying to define 
requirements, framework, and/or a model for access control in 
LDAP directories? 
[RBW] If not LDAPEXT, who? If LDAP is going to be useful, interoperable,
and commercially viable,  coherent access control across implementations
is a necessity (IMHO). The longer it takes, the more liklihood of
proprietary solutions attempting to coerce the marketplace. 

QUESTION 2: Do you basically support the access control 
requirements draft (draft-ietf-ldapext-acl-reqts-00.txt)?
[RBW]  YES 

QUESTION 3: Do you basically support the access control model 
draft (draft-ietf-ldapext-acl-model-00.txt)?
[RBW]  YES  

QUESTION 4: Do you think we should adopt the X.500(1993) 
basic access control model as the starting point for the LDAP 
access control model? 
[RBW]  NO  

QUESTION 5: Do you think we should specify only a framework 
for identifying access control models, and not define a 
single standards-track model for LDAP at this time? 
[RBW]  A framework doesn't provide interoperability. We would look at a
single standards-track model, supported by major vendors, as a sign of
LDAP's long term viability in an enterprise security environment.  

Please let us know what you think.  If nobody responds to 
these questions, we'll assume that you support the direction 
stated in the charter and worked on in the group so far, 
which is to define an LDAP access control model, and to 
support the requirements and proposed model drafts. 

Tim Howes and Mark Wahl 

Ronald Becker Williams          e-mail:ronald.b.williams@kp.org 
Application and Security Architecture     vox:(626) 564-7680 
Technology & Systems Planning                 fax:(626) 564-7219 
Kaiser Foundation Health Plan, Inc.      pager:(626) 456-8844

Prev by Date: Re: LDAP Access Control
Next by Date: RE: LDAP Access Control
Index(es):
- Chronological
- Thread