Hi all. It appears to Mark and me, your LDAPEXT co-chairs, that the ACL discussions have broken down and are no longer producing anything constructive. This message is our attempt to put things back on track. To do this effectively, we need your help and participation. Please read this message carefully and respond to the questions posed.
We are not taking a vote, we are simply trying to gauge the consensus in the group. There have been several vocal views expressed, and we need to determine which ones (if any!) have the support of the group. If this looks like rehashing of old ground, please bear with us one more time. Please note that the reply-to on this message points to Mark and me. If you would like to reply to the whole list, please feel free to do so.
QUESTION 1: Do you believe LDAPEXT should be trying to define requirements, framework, and/or a model for access control in LDAP directories?
Yes, all 3
QUESTION 2: Do you basically support the access control requirements draft (draft-ietf-ldapext-acl-reqts-00.txt)?
I support the vast majority of it, but have the following comments to make on it
S8. I dont agree with this, nor follow the logic of why "dont care" should be allowed if "deny" is. What is the purpose of an ACL that says "I dont care if you can read this entry or not".
U6. I agree with this, but it should be stated somewhere that an administrative area can span multiple servers. This is essential for ease of management of a distributed system.
U14. I strongly disagree with the notion that it must be possible to stop users traversing entries. This would allow, for example, the administrator of a country entry to effectively ban anyone from searching an entire country's DIT. Traversing is not the same as retreiving or modifying. Stopping the latter obviously should be supported, but an administrator of a higher domain must not be able to stop users traversing to a lower DIT domain under different administrative control.
QUESTION 3: Do you basically support the access control model draft (draft-ietf-ldapext-acl-model-00.txt)?
Need to read it carefully before I can comment.
QUESTION 4: Do you think we should adopt the X.500(1993) basic access control model as the starting point for the LDAP access control model?
Yes, as a starting point, but I would like to see a simpler subset of it created for LDAP (in the same way as LDAP is a simple subset of DAP)
QUESTION 5: Do you think we should specify only a framework for identifying access control models, and not define a single standards-track model for LDAP at this time?
No, that would be counter productive. Replication needs a SINGLE standard access control model. This is essential. Otherwise you have to have tools for mapping between different models, and these are sure to be UNABLE to completely map policies. Furthermore if you have several access control models, you might as well have none. Many standards are as good as none.
David
***************************************************
David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 370 957 287
Email D.W.Chadwick@iti.salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
***************************************************