RE: Policy in IETF APIs (was: Standards and APIs)

["Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>]

At 05:10 PM 11/18/99 -0800, Paul Leach (Exchange) wrote:
>First, the IESG long ago said that it isn't permissible to ignore security
>any more.

I do not believe anyone participating in this discussion is
ignoring security.

I believe that the protocol and its APIs should be policy neutral,
at least at the lowest levels, to allow applications AND higher
level APIs to implement security policy enforcement.

The lower level LDAP API should be designed to have a causal
relationship with the protocol.  The low level API should
provide calls which map directly upon protocol elements.
Higher level API calls can then use these calls to implement
"synchronous" routines, multiple-step protocol exchanges,
and cross protocol session interactions (such as chasing
referrals).

I believe that current API specification is not well layered.
In particular, I believe that a LDAP session handle should only
represent a single protocol session (with a particular server)
and that a higher level construct be used to group multiple
protocol sessions.  API calls would then be defined to support
operations which interact between sessions within the constuct.
Low level calls with this construct should provide direct
application control of cross protocol session interactions.

However, I do not believe there is wide support for redesigning
the LDAP C API.

To improve API security within the existing draft it wise to
state that implementations should not perform operations (such
as chasing referrals) without application interaction.

"MUST be configurable" is, in my opinion, better left
to much higher level APIs.