[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "Authz IDs as only DNs" (in acl-reqts and acl-model) issue

To: JHodges@oblix.com
Subject: Re: "Authz IDs as only DNs" (in acl-reqts and acl-model) issue
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Sat, 13 Nov 1999 12:20:52 -0800
Cc: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>, Jeff Hodges <jhodges@oblix.com>, RL Bob Morgan <rlmorgan@cac.washington.edu>
In-reply-to: <382902F9.8B7DD9BE@oblix.com>
Resent-date: Sat, 13 Nov 1999 12:22:21 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"xm-TqD.A.Y2F.xhcL4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Question:  when the authorization identity is not a DN, what
should server implementations store (as directed by RFC2251) in
creatorsname/modifiersname?

It appears to me that the authzIDs-are-not-necessarily-DNs notion
implies we also have authzIDs-must-be-representable-as-DNs notion.

	Kurt

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- "Authz IDs as only DNs" (in acl-reqts and acl-model) issue
  - From: Jeff Hodges <JHodges@oblix.com>

Prev by Date: Last call comments with LDAP C API #4
Next by Date: Re: C LDAP API: security considerations
Index(es):
- Chronological
- Thread