[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Considering Attribute Subtypes during ACL evaluation

To: <steven.legg@adacel.com.au>
Subject: RE: Considering Attribute Subtypes during ACL evaluation
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 08 Oct 2000 21:40:51 -0700
Cc: <ietf-ldapext@netscape.com>
In-reply-to: <001701c031a2$f463fb70$b05508cb@osmium.adacel.com.au>
References: <5.0.0.25.0.20001008175145.00a4deb0@router.boolean.net>

At 02:42 PM 10/9/00 +1100, Steven Legg wrote:
>The concern with this sort of inheritance is that the access controls
>may later apply to things that the access control creator was not
>aware of at the time of creation.

AND could not be aware of... (e.g. arbitrary language tags)

>If there is no inheritance there
>can be no surprises.

And no way for clients to specify language tags which are not
explicitly allowed by access controls. 

>By the way, I'm not strongly for or against
>such inheritance.

I guess I'm strong in favor of allowing an attribute type
description to be controlled by an ACI granting access to
the attribute type.  Without out such, managing access to
language tags is a real pain.

Beyond that, my feelings are less strong...

Kurt

References:
- RE: Considering Attribute Subtypes during ACL evaluation
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- RE: Considering Attribute Subtypes during ACL evaluation
  - From: "Steven Legg" <steven.legg@adacel.com.au>

Prev by Date: Java LDAP API issues summary - round 2
Next by Date: RE: Considering Attribute Subtypes during ACL evaluation
Index(es):
- Chronological
- Thread