Re: draft minutes from Chicago meeting

[Erik Skovgaard <eskovgaard@geotrain.com>]

Phil,

So you propose only supporting the small directory environments?

Cheers,               ....Erik.

----------------------------------
Erik Skovgaard
GeoTrain Corp.
LDAP/X.500 Consulting and Training
http://www.geotrain.com

At 11:29 01/10/98 +0100, Phil Pinkerton wrote:
>My final comment on this ...
>
>I thought the idea was to mandate a SASL mechanism that allowed any
>directory client to be able, as a minimum capability, to authenticate to any
>directory server using a mechanism that is guaranteed to be supported.  This
>doesn't exclude further capability being supported by individual servers to
>provide product differentiation.
>
>To this end, what is required is a simple mechanism that is easy to
>implement (by both client and server) provides confidentiality of sensitive
>information, e.g. passwords, and has little or no impact on normal directory
>access performance.  Anything beyond this is to heavy to mandate.
>
>Therefore, simple authentication using protected passwords (e.g. CRAM-MD5,
>HTTP-DIGEST, or whatever) must be the right choice to mandate.  I have no
>axe to grind either way.
>
>How servers protect data in distributed or replicated environments is surely
>beyond this debate.  Let's all agree on something simple so that we can get
>on and implement it.
>
>Regards,
>
>Phil Pinkerton, ICL
>
>
>
>