[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[no subject]
Copies to: Ellen Stokes <stokes@austin.ibm.com>, "Bob Blakley" <blakley@dascom.com>
Date sent: Wed, 28 Apr 1999 15:19:43 -0500
Subject: Re: Management domains and access controls
>
>
>
> David,
>
> I believe the intent here was that each directory entry could be annotated
> with some access control information.
Then LDAP and X.500 are consistent on this point
>The ACIMechanism attribute
> describes the ACI mechanism which is used at that point in the tree.
This is where the difference is. In LDAP the point in the tree (from
my reading) is the context prefix of the naming context, and it
applies to the whole naming context. In X.500, the point in the tree is
an administrative point that bears NO relationship to a naming
context.
>How
> the information got there, or where it comes from is up to the specific
> implementation.
>
True, but this is not the point I was making. My point is, where
conceptually in the global DIT are the points at which ACI
Mechanisms can be placed. Should these be co-located with the
points of distribution or not. X.500 says not, LDAP says yes. This is
the fundamental difference as I read it
David
> Debbie
>
> INet: djbyrne@us.ibm.com
> Lotus Notes : djbyrne@ibmus
> Phone: (512)838-1930 ( T/L 678 )
>
>
>
***************************************************
David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
*NEW* Mobile +44 790 167 0359 *NEW*
Email D.W.Chadwick@iti.salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************