[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Access Control

To: Ed Reed <ED_REED@novell.com>
Subject: Re: LDAP Access Control
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 19 Jun 1998 19:46:48 +0200 (MET DST)
Cc: d.w.chadwick@iti.salford.ac.uk, howes@netscape.com, ietf-ldapext@netscape.com
Delivered-to: ldapext-archive@critical-angle.com
In-reply-to: <s58a3c95.001@novell.com>
References: <s58a3c95.001@novell.com>
Resent-date: Fri, 19 Jun 1998 10:47:23 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"xqK4f2.0.oE6.fGgYr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Ed Reed writes:
> David - a note on disallowing traversal of namespaces....
> 
> We see this fairly often in customer requirements for enterprise directories.

Another case example:

When the University of Oslo started an X.500 server with data about our
employees in 1989/90, the Data Inspectorate (the Norwegian privacy
protection watchdog) required that it should not be possible to dump
parts of the Directory.  They waived this requirement when we explained
that it would be hard to prevent repeated search/read operations.  They
recommended instead that we logged who used the directory, in order to
check for abuse.  Later on, things like WWW->X.500/LDAP gateways, WWW
address lists, search robots & so on made that too rather pointless.
Still, runaway technology is hardly an argument against battling runaway
technology.

-- 
Hallvard

References:
- Re: LDAP Access Control
  - From: "Ed Reed" <ED_REED@novell.com>

Prev by Date: RE: LDAP Access Control
Next by Date: RE: LDAP Access Control
Index(es):
- Chronological
- Thread