[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Active Directory and modifying top
Comments in line.
> -----Original Message-----
> From: David Chadwick
> Sent: Friday, June 18, 1999 4:44 AM
> To: Kim Fenley; ietf-ldapext@netscape.com
> Subject: RE: modifying top
>
> Date forwarded: Wed, 16 Jun 1999 20:20:04 -0700 (PDT)
> Send reply to: <kfenley@ozemail.com.au>
> From: "Kim Fenley" <kfenley@ozemail.com.au>
> To: <ietf-ldapext@netscape.com>
> Subject: RE: modifying top
> Date sent: Thu, 17 Jun 1999 13:21:07 -0000
> Forwarded by: ietf-ldapext@netscape.com
>
> > A view from the silent majority
> >
> > I find this whole area of TOP being buggered by the IETF (which is
> an
> > abstract point under the ITU/ISO X.500 standard) abhorrent.
>
> Kim
> Whilst I agree with a lot of what you said below, I dont agree with
> the above. I dont think anyone in the IETF has proposed altering
> standard object classes.
>
I think what Kim was trying to say - and it is what I raised re
the issue here. Is that the IETF work on LDAP keeps on adding bits -
regardless. So that the directory interoperation issues get more and
more difficult to the point where scaling and operational effort to
deploy LDAP only solutions is now of serious concern to many
organisations. LDAP access to X.500 in my mind and many corporates is
THE ONLY solution to large scale directory services - just because of
LDAP's instability in its information management, replicate everything
to everywhere requirement and its system deployment issues.
If I may get on my soap box here - the point is - one cannot
design a coherent system from the basis of an access protocol - LDAP.
that is common sense.
LDAP has no common distribution model, etc, etc.. This is like
trying to define the global telephone service from the standard that
deals with the wire from the telephone into the exchange. Its
impossible.
Nevertheless, the lack of a system model for LDAP and despite
its basis is from X.500 and DAP, very little attention is given to X.500
and what it provides. Even though, those who know X.500 very well - and
know what it achieves are called biggots, etc - when we make statements
like - Redefining TOP AND using the OID that formally belongs to the
International standards body that deals with the Telecommunications
infrastructure , Transport, Electrical, Quality, Chemical and Safety,
etc, etc standards of this planet - and creating an information and
operational mess for everyone - what does the list do...
We talk of reading the schema entry and writing code in a client
to try to understand the mess created by redefing TOP
We talk of its ok for Access Control attributes - even thow they
are different from machine to machine -- !
To me this situation is not a standards process or quality
enginering process that the IT industry can work to.
What LDAP has done is litterally take X.500 - a coherent object
oriented distributed directory system with common authentication and
access control regimes, common schema etc and all the mechanisms that
deal with distribution and replication - and turned it into an absolute
client - server - "replicate every thing to everywhere - if you know
what the schema is, megalithic client software, high operational costs -
mess.
And for organisations - believe me - they want to improve their
information management issues - not compound them because the belief is
one can build a system from the standard that relates to a wire.
I really do suggest that this issue of redefining TOP using the
ISO-ITU OID is taken up with ISO-ITU and by the IETF and where this
redefinition of TOP affects product development and deployment
investments and costs, your senior management should be made aware of
it. As they may want to raise this at a commercial level.
I for one would like this list to fix problems - not
institutionalise them into technology so that directories become a
bigger mess.
> > Just becauce
> > Microsoft gets it wrong everyone is now trying to work around a
> problem
> > that isn't.
>
> Microsoft did one of two things, they either
> a) screwed up with TOP because they did not really understand
> what they were doing, or
> b) they did it on purpose to make interworking more difficult
>
I think saying "more difficult" is an understatement. :-)
And looking at the schema for TOP as proposed - that has to be a
challenge for anyone and everyone.
I just cannot imagine a company (A) putting in a directory
service - being told by its competitor (B) - to put in 50 or 60
attributes in every entry that could represents the millions of
customers of (A) - with proprietary information defined by (B) that
qualifies, classifies and provides privileges etc to those customers..
And I just cannot imagine all the international directory
systems of this planet with their country entries, etc carrying
NTsecurity info and all that other stuff.
In redefining TOP with the ISO-ITU OID there is no option but
to comply with it..:-((((
regards alan
> YOu can choose whichever of the above you want to believe :-)
>
> David
>
>
> ***************************************************
>
> David Chadwick
> IT Institute, University of Salford, Salford M5 4WT
> Tel +44 161 295 5351 Fax +44 161 745 8169
> *NEW* Mobile +44 790 167 0359 *NEW*
> Email D.W.Chadwick@iti.salford.ac.uk
> Home Page http://www.salford.ac.uk/its024/chadwick.htm
> Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
> X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
> Entrust key validation string MLJ9-DU5T-HV8J
>
> ***************************************************