Re: unsolicited controls (Was: I-DACTION:draft-weltman-ldapv3-auth-response-01.txt)

[Jim Sermersheim <JIMSE@novell.com>]

Given this definition, what constitutes extraordinary? Is an expired password an extraordinary condition? Unless we can define the meaning of extraordinary, I'd rather just decide to allow unsolicited response controls or not.

>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 2/9/00 4:15:26 PM >>>
RFC 2251, 4.4 (unsolicited notifications) says:
   It [an unsolicited notification] is used to signal an
   extraordinary condition in the server or in the connection
   between the client and the server

I believe the same should apply to unsolicited controls:
  An unsolicited response control is used to signal an
  extraordinary condition with the operation.

That is, the fact that an identity is authorized is by a
operation bind is quite ordinary and hence a client shouldn't
be notified of the identity unless explicitly requested.

Kurt


At 10:53 AM 2/9/00 -0800, Kurt D. Zeilenga wrote:
>At 10:11 AM 2/9/00 -0800, David Boreham wrote:
>>
>>Examples ?
>
>draft-weltman-ldapv3-auth-response-01.txt
>draft-behera-ldap-password-policy-00.txt
>
>I feel the client should be required to take some explicit
>action before the returns any response not described by
>the core specifications.  This act may be an explicit
>request control, a control upon bind enabling the behavior
>for the "session", an extended operation enabling the behavior,
>or some other form of solicitation.
>
>I feel a server should not respond with controls and/or
>extended responses not detailed by the core specifications
>without such solicitation.
>
>That is, the client should
>	1) discover what protocol extensions are supported by the server
>	2) enable desired extensions
>
>A server should:
>	1) published supported extensions
>	2) disable all extensions until enabled by the client
>
>
>