[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: grant / deny precedence indraft-ietf-ldapext-acl-model-04.txt

To: Mark Smith <mcs@netscape.com>
Subject: Re: grant / deny precedence indraft-ietf-ldapext-acl-model-04.txt
From: Anil SRIVASTAVA <anil.srivastava@Eng.Sun.COM>
Date: Fri, 15 Oct 1999 08:51:21 -0700 (PDT)
Cc: "Miklos Sue A." <samiklo@missi.ncsc.mil>, "Subbu K. K." <KKSUBRAMANIAM@novell.com>, ietf-ldapext@netscape.com
In-reply-to: Your message with ID <38073E98.684690B@netscape.com>
Resent-date: Fri, 15 Oct 1999 08:51:58 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"ZAUAVD.A.qKG.W20B4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

| To clarify, I think there are two different items for discussion:
| 
| a) Default access: in the absence of any access control rules, what
| access is granted?  I think the answer should be "none" since this is
| the safest default.
| 
| b) Precedence of grant and deny: when a "grant" and a "deny" clause both
| apply, is access granted or denied?  I think access should be denied,
| which is to say that "denies" win out over "grants."

I concur with Mark on both of them.  Access should not be granted unless
explicitly permitted...

___
Anil Srivastava
iPlanet Messaging Server
Sun | Netscape Alliance

References:
- Re: grant / deny precedence indraft-ietf-ldapext-acl-model-04.txt
  - From: Mark Smith <mcs@netscape.com>

Prev by Date: Submission of draft-rharrison-ldapExtPartResp-00.txt
Next by Date: Re: grant / deny precedenceindraft-ietf-ldapext-acl-model-04.txt
Index(es):
- Chronological
- Thread