Re: general comment on <draft-ietf-ldapext-authmeth-02.txt>

[Jeff.Hodges@stanford.edu]

> What is the relationship between the openGroup profiles (read-only
> ldap server, read-write  ldap server ....) and draft-ietf-ldapext-authm
> eth.  In the latter I would expect to find an INFORMATIONAL
> description of authentication and authorization concepts and certainly
> a detailed specification of the protocol to be sent for the different
> Authentication Methods. 

> However, the right place for a list of features to be supported by
> ldap servers deployed in  different scenarios seems to be the
> profiles, rather than an ldapext rfc.  In fact the authentication
> methods, SASL mechanisms and algorithms to be supported are listed  in
> the OpenGroup ldap server profiles.  

The OpenGroup is separate from the IETF. The IETF does, if fact, have lots of 
hands in the operation of the Internet, so it's appropriate for us to specify 
operational profiles for our protocols.

The AuthMeth doc ~is~ a profile for the use of LDAP (from a security 
perspective) on the Internet.

This is not to say that the IETF and the OpenGroup don't or shouldn't leverage 
off of each other's work -- this is in fact done lots of times. It is to say, 
though, that it may be reasonable for there to be IETF-oriented profiles for a 
given protocol and different OpenGroup-oriented profiles for the same protocol.

Jeff