[Date Prev][Date Next] [Chronological] [Thread] [Top]

[no subject]

To: d.w.chadwick@iti.salford.ac.uk
From: djbyrne@us.ibm.com

Copies to:      	Ellen Stokes <stokes@austin.ibm.com>, "Bob Blakley" <blakley@dascom.com>
Date sent:      	Wed, 28 Apr 1999 15:19:43 -0500
Subject:        	Re: Management domains and access controls

> 
> 
> 
> David,
> 
> I believe the intent here was that each directory entry could be annotated
> with some access control information. 

Then LDAP and X.500 are consistent on this point

>The ACIMechanism  attribute
> describes the ACI mechanism which is used at that point in the tree. 

This is where the difference is. In LDAP the point in the tree (from 
my reading) is the context prefix of the naming context, and it 
applies to the whole naming context. In X.500, the point in the tree is 
an administrative point that bears NO relationship to a naming 
context.

>How
> the information got there, or where it comes from is up to the specific
> implementation.
> 

True, but this is not the point I was making. My point is, where 
conceptually in the global DIT are the points at which ACI 
Mechanisms can be placed. Should these be co-located with the 
points of distribution or not. X.500 says not, LDAP says yes. This is 
the fundamental difference as I read it

David

> Debbie
> 
> INet: djbyrne@us.ibm.com
> Lotus Notes : djbyrne@ibmus
> Phone: (512)838-1930 ( T/L 678 )
> 
> 
>
***************************************************

David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
*NEW* Mobile +44 790 167 0359 *NEW*
Email D.W.Chadwick@iti.salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************

Prev by Date: RE: Display name attribute
Index(es):
- Chronological
- Thread