Re: Comments on aci-model-04

[David Chadwick <d.w.chadwick@salford.ac.uk>]

> 
> In implementation, group and role tend to both be implemented as a group
> of names. However, a group is just a collection of names where the group
> name can be used to shorthand access to some object or attribute.

Ellen,

This is the bit I am objecting to, i.e. the attaching of two different 
semantics to group - one where the name of the group is a 
shorthand for the group e.g. o=ibm,c=us, - the other where the 
name of the group points to a group of names object where the 
enclosed names bear no relationship to the name of the group 
e.g.cn=ldapext, dc=netscape, dc=com.

I therefore am proposing that you have two separate values for 
dntype, to reflect the differences. Lets call them subtree and group.

David

***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************