[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: grant / deny precedence indraft-ietf-ldapext-acl-model-04.txt
> Brian,
> I agree with your precedence examples and have no problem using them in
> the draft. Precedence order, however, could be a sticky problem. I could
> see a precedence of (lowest--least specific) group, role, access-id
> (highest--most specific).
I also support this precedence ordering (except that I thought your
group and role were equivalent in terms of specificity)
>But if we allow other types of subjects, such as
> IP address (and heaven knows what else people would want to use), it's not
> clear where to include those in the precedence. So, the question to the
> mailing list is: Do we want to include subjects other than the classic
> ones of acccess-id, role, and group?
You will have to say precisely what you mean by classic ones
before people can give common answers, I believe
David
***************************************************
David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************