[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL draft: specify credentials (and Weltman proxy draft)

To: Rob Byrne - Sun Microsystems <rbyrne@france.Sun.COM>
Subject: Re: ACL draft: specify credentials (and Weltman proxy draft)
From: Ellen Stokes <stokes@austin.ibm.com>
Date: Fri, 29 Oct 1999 13:28:46 -0500
Cc: djbyrne@us.ibm.com, ietf-ldapext@netscape.com
In-reply-to: <38181B4D.FD1496D9@france.sun.com>
Resent-date: Fri, 29 Oct 1999 11:29:51 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"51WB2D.A.2lG.PeeG4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

The 2 drafts are similar but different.  The Weltman draft
specifies the proxy as a LDAPDN.  The access control model draft
talks about the ability to send only the credential, e.g. privilege
certificate, not the ability to say use this other DN.  What the
server does with credential (e.g. trust it, validate it, reject it)
is server defined (there's a section in the model that addresses
this point.

The Weltman draft is currently an individual submission.  So the
question is should we combine the 2 drafts, should we remove the
specify credentials - perhaps moving it to the Weltman draft, or
something else or some conbination?

Thoughts?

Ellen

At 11:45 AM 10/28/1999 +0200, Rob Byrne - Sun Microsystems wrote:
>
>Hi Debbie,
>
>A couple of things  on the "specify credentials" control.
>
>1. There is (was ?) a draft from Rob Weltman for what he calls a "proxy
>control" (draft-weltman-ldapv3-proxy-02.txt).  There seems to be some
>overlap here.
>
>2. How will the  access control model determine whether a user has the
>right to proxy or not ie. use the "specify credentials control" ?
>
>Rob.
>--iPlanet Directory Group
>

References:
- ACL draft: specify credentials
  - From: Rob Byrne - Sun Microsystems <rbyrne@france.Sun.COM>

Prev by Date: RE: proposed standard for password syntaxes
Next by Date: RE: proposed standard for password syntaxes
Index(es):
- Chronological
- Thread