RE: Authentication Methods for LDAP - last call

[Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>]

----------
From: Tim Howes
To: ietf-ldapext@netscape.com
Sent: 8/7/98 1:57:04 PM
Subject: Re: Authentication Methods for LDAP - last call

snip

The arguments about distributed versus centralized,
multiple versus single servers don't make a lot of
sense to me. Of course people will use LDAP in all of
these environments and more. The point is not that.
The point is that there is no SINGLE authentication
mechanism that we could choose that would be appropriate
for all situations. That is not what we are doing.
Refer to asumptions c) and d).

Alan:
Again - there are strong industry views that demand that when a
"standard" is written that it is realistically scaleable. I have no
problem with adding words like "local context" security for "small LDAP
configurations" to any text where it is appropriate. But I will always
question a mechanism which has fundamental scaling problems - and in the
case of security features, trust problems, replication problems,
operational overheads, and no defined approach to its key management.

OSI was condemed for its size and its optionality . LDAP has blown the
size issues - now its blowing the options frontiers.

If LDAP and LDAP servers are not designed to deal with a scaleable -
distributed trust models - then lets have a new IETF draft which cites
that the X.500 approach does.



Let's get back on track!         -- Tim

Yes the debate was about "which track" - simple and small and OK for the
back yard OR scaleable and distributed, as demanded by commercial and
government orgainsations that use the Internet for their livelyhood.

regards alan