[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt

To: David Ward <dsward@novell.com>
Subject: Re: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt
From: Ellen Stokes <stokes@austin.ibm.com>
Date: Thu, 14 Oct 1999 19:38:05 -0500
Cc: ietf-ldapext@netscape.com
In-reply-to: <s805a83d.070@prv-mail20.provo.novell.com>
Resent-date: Thu, 14 Oct 1999 17:39:29 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"d2rDv.A.kPF.2enB4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

David,
The intent of vendorACI is to provide a way in which to allow non-LDAP
defined ACI to appear in LDIF, so if you dump the directory into LDIF
and then reload into another vendor's server and back again into your
server, you don't lose any data.  Vendors will continue to use their
own access control mechanisms in cases, so it is expected that in some
parts of the tree that may not be ldap accessible that you'll see the
use of aCIMechanism, and hence vendorACI for preservation of that
information at dump/restore time.
The vendorACI attribute will remain in the model.
Ellen

At 09:53 AM 10/14/1999 -0600, David Ward wrote:
>What value does the vendorACI attribute add?  It appears to be a
placeholder vendors can use for proprietary aci information. However, the
model already allows vendors to define their own access control mechanisms
( section 5.1 ).  In my opionion, having vendors define specific access
control mechanisms, is better than stuffing everything into a vendorACI
printable string attribute.  I think the attribute should be dropped.
>
>David
>

Follow-Ups:
- Re: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt
  - From: Mark Smith <mcs@netscape.com>

References:
- vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt
  - From: David Ward <dsward@novell.com>

Prev by Date: I-D update -- draft-ietf-ldapext-ldap-c-api-04.txt
Next by Date: Go Anywhere
Index(es):
- Chronological
- Thread