[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: delete permission
Date sent: Tue, 18 Jul 2000 16:55:52 -0500
To: d.w.chadwick@salford.ac.uk, ietf-ldapext@netscape.com,
bgreenblatt@directory-applications.com
From: Ellen Stokes <stokes@austin.ibm.com>
Subject: Re: delete permission
> David / Bruce,
>
> I think the ldap model should use delete in the X.500 sense - the
> object must be a leaf entry.
agreed
>
> However, subtree delete becomes interesting if/when we decide to
> surface the scope of ACI (entry/subtree) via your entryACI /
> subtreeACI proposal. At that point in time, then the expired subtree
> drafts become interesting because you have a way actually invoke the
> subtree operation and apply access control to the operation.
>
Unless I have misunderstood the current model, or you have
misunderstood my proposal, I think the separation out of subtree
ACI into a separate attribute type is irrelevant to the subtree delete
operation.
David
***************************************************
David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************