[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compromise Authentication Proposal

To: Chris.Newman@INNOSOFT.COM, eskovgaard@geotrain.com
Subject: Re: Compromise Authentication Proposal
From: Robert Allen <robert.allen@Eng.Sun.COM>
Date: Thu, 08 Oct 1998 15:28:46 -0700 (PDT)
Cc: ietf-ldapext@netscape.com
Content-md5: CVf947ePsHkUru7MNjzM+w==
Resent-date: Thu, 08 Oct 1998 15:32:55 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"oCpzZ1.0.GX1.5sJ7s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

>>LDAP does not curreently have a formal way of specifying Access Control
>>Information.  This is required for multi-vendor interoperability when we
>>implement shadowing. Yet another future work item.

I hope this isn't too far in the "future".  The current
state of affairs with LDAP server ACLs is a major problem
with designing complex suites of LDAP clients who need
to install or upgrade additional ACLs for their objectclasses.
There are other issues, such as the inability to easily
(at all?) delegate the ability to create ACLs within a
naming context.  ACLs that don't cross replication
bounderies are another horrible inadequacy of the
LDAP "servers" that exist today.

Regards,

Robert Allen
rja@sun.com

Prev by Date: Re: Compromise Authentication Proposal
Next by Date: I-D ACTION:draft-ietf-ldapext-sigops-03.txt
Index(es):
- Chronological
- Thread