[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Considering Attribute Subtypes during ACL evaluation

To: <steven.legg@adacel.com.au>
Subject: RE: Considering Attribute Subtypes during ACL evaluation
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 08 Oct 2000 18:00:24 -0700
Cc: "'Jim Sermersheim'" <JIMSE@novell.com>, <ietf-ldapext@netscape.com>
In-reply-to: <001001c0317d$b3073180$b05508cb@osmium.adacel.com.au>
References: <s9d8ba7a.021@prv-mail20.provo.novell.com>

At 10:15 AM 10/9/00 +1100, Steven Legg wrote:
>I can't find anything in X.500 that clarifies whether attribute subtyping
>applies when evaluating access controls. Our implementation ignores
>subtyping when making access control decisions.

What does it do for language tags and ;binary?  These are forms
of subtyping as well.

>It seems the safer choice.

X.500 doesn't have attribute type options, so direct comparisons
are invalid.  With the advent of LDAP attribute type options, in
particular, language tags and ;binary, I believe it very important
for that an ACI for "cn" apply not only to "cn" but "cn;lang-en"
and "cn;binary".   I would argue it best that if atribute type
option subtyping is supported, then traditional X.500 subtyping
should be supported as well (or at least allowed).

Kurt

Follow-Ups:
- RE: Considering Attribute Subtypes during ACL evaluation
  - From: "Steven Legg" <steven.legg@adacel.com.au>

References:
- Re: Considering Attribute Subtypes during ACL evaluation
  - From: "Jim Sermersheim" <JIMSE@novell.com>
- RE: Considering Attribute Subtypes during ACL evaluation
  - From: "Steven Legg" <steven.legg@adacel.com.au>

Prev by Date: WOW!!! Highest Payouts Around!!!!!!!!
Next by Date: Attention: Homeowners & Soon To Be Homeowners
Index(es):
- Chronological
- Thread