[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Examples (differing privileges, DNs) for aci-model-04

David Chadwick wrote:

>Brian
>Here are my preferred options (which I believe are also compatible 
>with the X.500 ACDF)
>
>
>> 
>> Example #2
>> dn: o=XYZ, c=US
>> aci#2.1: 1.2.3.4#subtree#grant;r;attribute2;#group#cn=G1wBJarvis
>> aci#2.2: 1.2.3.4#subtree#grant;w;attribute2;#group#cn=G2wBJarvis
>> 
>> What rights does cn=bjarvis have to attribute2 of o=XYZ, c=US?
>> One reasonable answer:
>> A2.1: r    (rights are aci#2.1 "OR" aci#2.2)
>> I strongly prefer A2.1.
>>
>
>
>I would strongly prefer r and w which is not in your list (although I 
>suspect there is an error in your email, since you only gave one 
>option)
>


I agree with you.  This was a typo.  It should have been (only added ",w"):

Example #2
dn: o=XYZ, c=US
aci#2.1: 1.2.3.4#subtree#grant;r;attribute2;#group#cn=G1wBJarvis
aci#2.2: 1.2.3.4#subtree#grant;w;attribute2;#group#cn=G2wBJarvis

What rights does cn=bjarvis have to attribute2 of o=XYZ, c=US?
One reasonable answer:
A2.1: r,w    (rights are aci#2.1 "OR" aci#2.2)
I strongly prefer A2.1.


--the walrus
a.k.a. Brian Jarvis
bjarvis@novell.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content='"MSHTML 4.72.3110.7"' name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff 
style="FONT: 10pt Arial; MARGIN-LEFT: 2px; MARGIN-TOP: 2px">
<DIV>David Chadwick wrote:</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT style="BACKGROUND-COLOR: #ffffff">&gt;</FONT>Brian<BR>&gt;Here are my 
preferred options (which I believe are also compatible <BR>&gt;with the X.500 
ACDF)<BR>&gt;<BR>&gt;<BR>&gt;&gt; <BR>&gt;&gt; Example #2<BR>&gt;&gt; dn: o=XYZ, 
c=US<BR>&gt;&gt; aci#2.1: 
1.2.3.4#subtree#grant;r;attribute2;#group#cn=G1wBJarvis<BR>&gt;&gt; aci#2.2: 
1.2.3.4#subtree#grant;w;attribute2;#group#cn=G2wBJarvis<BR>&gt;&gt; <BR>&gt;&gt; 
What rights does cn=bjarvis have to attribute2 of o=XYZ, c=US?<BR>&gt;&gt; One 
reasonable answer:<BR>&gt;&gt; A2.1: r&nbsp;&nbsp;&nbsp; (rights are aci#2.1 
&quot;OR&quot; aci#2.2)<BR>&gt;&gt; I strongly prefer A2.1.<BR>&gt;&gt;</DIV>
<DIV>&gt;<BR>&gt;<BR>&gt;I would strongly prefer r and w which is not in your 
list (although I <BR>&gt;suspect there is an error in your email, since you only 
gave one <BR>&gt;option)<BR>&gt;<BR></DIV>
<DIV>&nbsp;</DIV>
<DIV>I agree with you.&nbsp; This was a typo.&nbsp; It should have been (only 
added &quot;,w&quot;):</DIV>
<DIV>&nbsp;</DIV>
<DIV>Example #2<BR>dn: o=XYZ, c=US<BR>aci#2.1: 
1.2.3.4#subtree#grant;r;attribute2;#group#cn=G1wBJarvis<BR>aci#2.2: 
1.2.3.4#subtree#grant;w;attribute2;#group#cn=G2wBJarvis<BR><BR>What rights does 
cn=bjarvis have to attribute2 of o=XYZ, c=US?<BR>One reasonable answer:<BR>A2.1: 
r,w&nbsp;&nbsp;&nbsp; (rights are aci#2.1 &quot;OR&quot; aci#2.2)<BR>I strongly 
prefer A2.1.<BR></DIV>
<DIV>&nbsp;</DIV>
<DIV>--the walrus</DIV>
<DIV>a.k.a. Brian Jarvis</DIV>
<DIV><A href="mailto:bjarvis@novell.com";>bjarvis@novell.com</A></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Brian Jarvis
TEL;WORK:801-861-3856
ORG:;NDS Administration
TEL;PREF;FAX:801-861-2292
EMAIL;WORK;PREF;NGW:BJARVIS@novell.com
N:Jarvis;Brian
TITLE:Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;PRV-F221;122 E 1700 S;Provo;UT;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Brian Jarvis=0A=
PRV-F221=0A=
122 E 1700 S=0A=
Provo, UT  84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Brian Jarvis=0A=
PRV-F221=0A=
122 E 1700 S=0A=
Provo, UT  84606
TEL;HOME:801-226-6636
TEL;PREF:801-861-3856
X-GWUSERID:BJARVIS
END:VCARD