[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: new internet draft - LDAP Extensions Style Guide

To: "Miklos, Sue A." <samiklo@missi.ncsc.mil>
Subject: RE: new internet draft - LDAP Extensions Style Guide
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 16 Aug 2000 11:15:07 -0700
Cc: "'Bruce Greenblatt'" <bgreenblatt@directory-applications.com>, ietf-ldapext@netscape.com
In-reply-to: <200008161239.IAA27708@roadblock.missi.ncsc.mil>

At 08:52 AM 8/16/00 -0400, Miklos, Sue A. wrote:
>clarification request, please - I interpret the first statement below (Bind
>discussion) to indicate that any authentication/authorization information is
>ONLY conveyed during the Bind argument/response exchange.  Is this correct?

No.  The restriction is that controls upon requests only impact
the operation associated with the request.  This does not
imply that Bind is the only operation which may convey
authentication/authorization information.

>Can subsequent operations also convey information useful to an access
>control decision function?

Yes.  Request control can convey such in the context of the
operation they are attached to.  And one can define extended
operations which convey such information.  And, of course,
the access control may use other factors in the decision
function (such as IP host/port, sky is green, msgid is prime).

Kurt

References:
- RE: new internet draft - LDAP Extensions Style Guide
  - From: "Miklos, Sue A." <samiklo@missi.ncsc.mil>

Prev by Date: Re: Duplicate entries filter
Next by Date: Re: new internet draft - LDAP Extensions Style Guide
Index(es):
- Chronological
- Thread