Re: draft-ietf-boreham-numsubordinates-00.txt

[dboreham@netscape.com (David Boreham)]

Alan Lloyd wrote:
 
> One might also assume that the subordinates value in a top level server
> /DSA represents all the entries in a subordinate  servers servers in the
> namespace below that.

Immediately below that, yes.

> ie if I read this attribute at the root level server of all countries -
> what would that server do - and respond with?

If such a server existed, it would respond with the
number of immediate subordinate entries in the DIT
local to that server. Presumably this would be
roughly equal to the number of countries.

> Does the text need to say anything about the integrity of this
> attribute, ie is the action on a operational attribute at the top of a
> namespace - atomic with the updates (adds/deletes)  on other objects
> below that namespace.

I say this:

> Servers MUST ensure that the value returned in the numSubordinates atti-
> bute  to  clients  is  consistent with the view that client has of other
> server contents.  For example, is it NOT permissible to  delay  updating
> the numSubordinates count for some container entry until some time after
> subordinates have been added or deleted. This would lead to  the  poten-
> tial  for  a  client to see an inconsistency between the numSubordinates
> value reported for an entry and the number of entries that  same  client
> had added as subordinates.

Is this not sufficient ?

> This sounds like an interesting concept but its server specific - and
> wont work across a distributed/replicated directory system with
> integrity - but please do advise.

It's strictly intended to be a mechanism to discover 
how many immediate subordinate entries a particular
entry has, according to the server the client is 
requesting the information from.

I can't think of a case where distribution or
replication makes this "not work", so I'd be
pleased to hear one from you.

I'm also wondering if you have similar
concerns in relation to "hasSubordinates".