[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Access Control

To: howes@netscape.com, Mark Wahl <m.wahl@critical-angle.com>
Subject: Re: LDAP Access Control
From: Helmut.Volpers@mch.sni.de (Helmut Volpers)
Date: Mon, 22 Jun 1998 15:31:00 +0200
Cc: ietf-ldapext@netscape.com
Delivered-to: ldapext-archive@critical-angle.com
References: <357DEAB7.696B6654@netscape.com>
Resent-date: Mon, 22 Jun 1998 06:20:16 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"pNWut.0.KC1.FebZr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Sorry to be so late, but I was two weeks out of office.

Tim Howes wrote:

>  Hi all. It appears to Mark and me, your LDAPEXT co-chairs,
> that the ACL discussions have broken down and are no longer
> producing anything constructive. This message is our attempt
> to put things back on track. To do this effectively, we need
> your help and participation.  Please read this message
> carefully and respond to the questions posed.
>
> We are not taking a vote, we are simply trying to gauge the
> consensus in the group. There have been several vocal views
> expressed, and we need to determine which ones (if any!) have
> the support of the group.  If this looks like rehashing of
> old ground, please bear with us one more time.  Please note
> that the reply-to on this message points to Mark and me. If
> you would like to reply to the whole list, please feel free
> to do so.
>
> QUESTION 1: Do you believe LDAPEXT should be trying to define
> requirements, framework, and/or a model for access control in
> LDAP directories?

Yes, I think we need all 3.

>
>
> QUESTION 2: Do you basically support the access control
> requirements draft (draft-ietf-ldapext-acl-reqts-00.txt)?

No, only some parts of it, but I hope we can support it when it is
final.

>
>
> QUESTION 3: Do you basically support the access control model
> draft (draft-ietf-ldapext-acl-model-00.txt)?

No.

>
>
> QUESTION 4: Do you think we should adopt the X.500(1993)
> basic access control model as the starting point for the LDAP
> access control model?

Yes, I hope we can adopt it or a subset of it, because we have an
X.500backend and it will help me a lot if we can adopt it. I have to
read Bob's comparison in detail to discuss this.

>
>
> QUESTION 5: Do you think we should specify only a framework
> for identifying access control models, and not define a
> single standards-track model for LDAP at this time?

No, I think we first need a single AC model.Then we can make a framework
to allow different modells.

Bye Helmut

>
>
> Please let us know what you think.  If nobody responds to
> these questions, we'll assume that you support the direction
> stated in the charter and worked on in the group so far,
> which is to define an LDAP access control model, and to
> support the requirements and proposed model drafts.
>
> Tim Howes and Mark Wahl
>

begin:          vcard
fn:             Helmut  Volpers
n:              Volpers;Helmut 
adr:            Otto-Hahn-Ring 6;;;Munich;;81730;Germany
email;internet: Helmut.Volpers@mch.sni.de
title:          Directory Server Architect
tel;work:       +49-89-63646713
tel;fax:        +49-89-63645860
tel;home:       +49-89-1576588
x-mozilla-cpt:  ;0
x-mozilla-html: FALSE
version:        2.1
end:            vcard

References:
- LDAP Access Control
  - From: Tim Howes <howes@netscape.com>

Prev by Date: RE: LDAP Access Control
Next by Date: RE: ldap PICS
Index(es):
- Chronological
- Thread