Re: Authentication Methods for LDAP - last call (mixing 3 things)

[Jeff.Hodges@stanford.edu]

> I think that this document mixes three things:
>   1) General tutorial (very useful to have in this complex 
>      area, which was what Harald's original document did).
>   2) Specifications of what to do (e.g., the Authorization  
>      identity specification).  These documents belong 
>      in a protocol specification.
>   3) Setting profile requirements and recommendations for 
>      LDAP implementation of security features.
> 
> I think a lot of work needs to be done before this is ready 
> to go to the IESG.   THe main thing is structural, to break 
> into several documents, with a functional split something 
> like I set out above.  I think that this split will improve 
> the clarity of thinking, as in some areas the 
> policy/implementation gets blurred in the current document.

Although I nominally agree with this sentiment, I think we should keep the 
AuthMeth doc largely as-is and get it to the IESG sooner rather than later. We 
need to get this and the StartTLS doc to proposed along with the rest of 
LDAPv3.

I suggest that we take into account feedback on the overall structure of these 
docs when revising them for Draft Standard consideration, and be willing to 
reshape them then.

Jeff