Re: Submission: draft-weltman-ldapv3-proxy-06.txt

[Rob Weltman <robw@worldspot.com>]

Brian Jarvis wrote:
> 
> Several times in the draft you refer to "proxy access rights".  I have
> not seen these defined.  I think that there are at least two choices.
> 
> 1.  Define what proxy access rights are in terms of other, already
>     existing, permissions as defined in the draft for "Access Control
>     Model for LDAPv3" (draft-ietf-ldapext-acl-model-06.txt).
> 2.  Add new permissions to the aforementioned acl model draft that are
>     specific to proxy rights.
> 
> --the walrus

  The implementation is not defined in the draft, only the behavior. A server will typically implement the behavior in terms of its own access control system, which is orthogonal to the contents of the control and to the behavior specified for the control.

  At some point in the future, proxy access terms may be added to the documents of the ldapext working group on access control, but there is no point to making the proxy auth control document dependent on that. The control can and has been implemented in advance of an RFC on access control, and the control draft will be valid also after completion of the ldapext acl work.

Rob


> 
> -----Original Message-----
> From: Rob Weltman [mailto:robw@worldspot.com]
> Sent: Monday, November 06, 2000 13:08
> To: ietf-ldapext@netscape.com
> Subject: Submission: draft-weltman-ldapv3-proxy-06.txt
> 
>   The attached update of the proxied authorization control draft was
> submitted for publication last night.
> 
> Rob