[Date Prev][Date Next] [Chronological] [Thread] [Top]

re: the LDAP client caching proxy model ...

To: "'ietf-ldapext@netscape.com'" <ietf-ldapext@netscape.com>
Subject: re: the LDAP client caching proxy model ...
From: Brian Jarvis <bjarvis@internap.com>
Date: Mon, 18 Sep 2000 17:49:52 -0600
Cc: "'KNVIJAY@novell.com'" <KNVIJAY@novell.com>

A general comment about the approach:

The method described using special purpose controls and responses means that
every ldap enabled program will need to be "cache enabled".  IOW, they will
not be to able to make use of the cache unless programmed to do so.  Would
it not be better to use some sort of flow through model where an ldap
enabled program that is *not* "cache enabled" would attempt to bind to the
local cache which would either use its cache or flow through to the "real"
server?  Then mobile users would only need one "cache enabled" program to
easily add/remove things from the cache.


3.1 proxyServierBind Controls:
  disconnectedMode

    Why ignore the serverPort field when in disconnected mode?  This makes
it impossible to differentiate between the LDAP servers when there are
multiple servers running on the same serverName.

4.1 Caching logic...
  base search
    "Results returned to the client, however, will be based on the search
filter specified."

        The filter only is used to determine which objects qualify.  The
attributes and typesOnly fields determine the results sent to the client.

    "The entire object shall be fetched and cached."

        What is the reason behind caching the whole object?  The search
request shows that the only the attributes named in the filter and
attributes fields are of interest...  If this is intended, then put * in the
attributes field.  If the object is large over a slow (dialup?) link this
could be painful.

5.  Authentication and access control...

  Access control and authentication in a discretionary access control system
such as LDAP (in the current ID) only control how the information is
released or modified in the system.  It does not control what can be done
with it.  IOW, once you have read information, LDAP does not control or
dictate how you will use it or where you will store it.  If the
administrator does not trust you to treat the information appropriately (as
he defines it), he should not give you access.

  Having said that, I agree that the cached objects should be protected (if
possible).  I am very concerned that you seem to be storing the identity and
keys to access the directories in the proxy server (so that the user can be
authenticated in disconnected operations).  If the mobile system falls into
the wrong hands, all objects accessible by those identities/keys are
vulnerable.  If you don't store the identities and keys, then only the
objects in the cache are exposed.  I would rather deal with the later and
restrict what I cache, than deal with the former.

--the walrus

Prev by Date: Re: RFC 2596 questions
Next by Date: Your Chance #4B6E
Index(es):
- Chronological
- Thread