[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Access Control
Sorry to be so late, but I was two weeks out of office.
Tim Howes wrote:
> Hi all. It appears to Mark and me, your LDAPEXT co-chairs,
> that the ACL discussions have broken down and are no longer
> producing anything constructive. This message is our attempt
> to put things back on track. To do this effectively, we need
> your help and participation. Please read this message
> carefully and respond to the questions posed.
>
> We are not taking a vote, we are simply trying to gauge the
> consensus in the group. There have been several vocal views
> expressed, and we need to determine which ones (if any!) have
> the support of the group. If this looks like rehashing of
> old ground, please bear with us one more time. Please note
> that the reply-to on this message points to Mark and me. If
> you would like to reply to the whole list, please feel free
> to do so.
>
> QUESTION 1: Do you believe LDAPEXT should be trying to define
> requirements, framework, and/or a model for access control in
> LDAP directories?
Yes, I think we need all 3.
>
>
> QUESTION 2: Do you basically support the access control
> requirements draft (draft-ietf-ldapext-acl-reqts-00.txt)?
No, only some parts of it, but I hope we can support it when it is
final.
>
>
> QUESTION 3: Do you basically support the access control model
> draft (draft-ietf-ldapext-acl-model-00.txt)?
No.
>
>
> QUESTION 4: Do you think we should adopt the X.500(1993)
> basic access control model as the starting point for the LDAP
> access control model?
Yes, I hope we can adopt it or a subset of it, because we have an
X.500backend and it will help me a lot if we can adopt it. I have to
read Bob's comparison in detail to discuss this.
>
>
> QUESTION 5: Do you think we should specify only a framework
> for identifying access control models, and not define a
> single standards-track model for LDAP at this time?
No, I think we first need a single AC model.Then we can make a framework
to allow different modells.
Bye Helmut
>
>
> Please let us know what you think. If nobody responds to
> these questions, we'll assume that you support the direction
> stated in the charter and worked on in the group so far,
> which is to define an LDAP access control model, and to
> support the requirements and proposed model drafts.
>
> Tim Howes and Mark Wahl
>
begin: vcard
fn: Helmut Volpers
n: Volpers;Helmut
adr: Otto-Hahn-Ring 6;;;Munich;;81730;Germany
email;internet: Helmut.Volpers@mch.sni.de
title: Directory Server Architect
tel;work: +49-89-63646713
tel;fax: +49-89-63645860
tel;home: +49-89-1576588
x-mozilla-cpt: ;0
x-mozilla-html: FALSE
version: 2.1
end: vcard