[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt

To: Ellen Stokes <stokes@austin.ibm.com>
Subject: Re: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt
From: Mark Smith <mcs@netscape.com>
Date: Fri, 15 Oct 1999 09:09:57 -0400
Cc: David Ward <dsward@novell.com>, ietf-ldapext@netscape.com
Organization: Netscape Communications
References: <9910150039.AA67030@dceperf.austin.ibm.com>
Resent-date: Fri, 15 Oct 1999 06:12:27 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"k5D5pB.A.B0D.peyB4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Ellen Stokes wrote:
> 
> David,
> The intent of vendorACI is to provide a way in which to allow non-LDAP
> defined ACI to appear in LDIF, so if you dump the directory into LDIF
> and then reload into another vendor's server and back again into your
> server, you don't lose any data.  Vendors will continue to use their
> own access control mechanisms in cases, so it is expected that in some
> parts of the tree that may not be ldap accessible that you'll see the
> use of aCIMechanism, and hence vendorACI for preservation of that
> information at dump/restore time.
> The vendorACI attribute will remain in the model.

I don't quite follow you on this Ellen.  Shouldn't a specific,
alternative aCIMechanism indicate what attribute is used to store the
alternative ACI mechanism (even if only for export and import)?

-- 
Mark Smith
iPlanet Directory Architect / Sun-Netscape Alliance
My words are my own, not my employer's.   Got LDAP?

References:
- Re: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt
  - From: Ellen Stokes <stokes@austin.ibm.com>

Prev by Date: Re: grant / deny precedence in draft-ietf-ldapext-acl-model-04.txt
Next by Date: Re: grant / deny precedence indraft-ietf-ldapext-acl-model-04.txt
Index(es):
- Chronological
- Thread