[Date Prev][Date Next] [Chronological] [Thread] [Top]

DN types and IP addresses in draft-ietf-ldapext-acl-model-04.txt

To: ietf-ldapext@netscape.com
Subject: DN types and IP addresses in draft-ietf-ldapext-acl-model-04.txt
From: David Ward <dsward@novell.com>
Date: Thu, 14 Oct 1999 09:48:58 -0600
Content-disposition: inline
Resent-date: Thu, 14 Oct 1999 08:50:20 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"s19iTD.A.r7D.fufB4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Section 6.2.2 defines the DN types access-id, group, and role.  It states, "an acess-id is a non-collection (non-group and non-role objects) DN that can be authenticated."  If I am understanding this correctly, this means the <subjectDN> must be a DN if the <dnType> is access-id.  

However, in section 8, the subjectDN parameter for the controls & extensions is opened up to include "a DN or another string such as IPAddress".  How is the subjectDN parameter different than the subjectDN in the ACI attribute?  The controls & extensions calculate effective rights for a subject.  What would it mean to calculate the effective rights of an IP address?  

According to the definition in 6.2.2, you can not use an IPAddress as the subject in the ACI attribute.  If someone wants to support IP addresses as the subject in an ACI, section 6.2.2 indicates this can be done by defining an additional DN type.

David

Prev by Date: search right in draft-ietf-ldapext-acl-model-04.txt
Next by Date: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt
Index(es):
- Chronological
- Thread