[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL model comments

To: mcs@netscape.com (Mark C Smith)
Subject: Re: ACL model comments
From: Mark Wahl <M.Wahl@INNOSOFT.COM>
Date: Tue, 22 Feb 2000 15:03:28 -0600
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, ietf-ldapext@netscape.com
In-reply-to: "Your message of Thu, 17 Feb 2000 14:06:34 EST." <38AC46BA.71EA48A4@netscape.com>
Resent-date: Tue, 22 Feb 2000 13:03:55 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <UbjR7D.A.zzF.tmvs4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> I agree that the attribute type used to store access control information
> should be operational.  X.500's various access control attribute types
> are defined with "USAGE directoryOperation" which seems right to me.

I'd agree with that.  This usually indicates that it is used by the directory
service itself, is replicated with user attributes (not server specific), 
and may be modifiable oer protocol.

> I admit that 'aci' was not a good name for Netscape to use, but I
> suggest we use a name like 'ldapACI' for the new standard scheme to
> avoid confusion (unless someone else is already using that name too!).

I've seen aci, acl, subtreeacl, searchacl, but haven't seen ldapACL yet.

Mark Wahl, Directory Product Architect
Innosoft International, Inc.

References:
- Re: ACL model comments
  - From: mcs@netscape.com (Mark C Smith)

Prev by Date: Changes to Java LDAP drafts
Next by Date: >>> Cell Phone User Information <<< ijhyhh
Index(es):
- Chronological
- Thread