Re: ACL Model and application defined permission

[Bruce Greenblatt <bgreenblatt@directory-applications.com>]

At 12:00 PM 2/15/2001 -0500, Larry S. Bartz wrote:

> The ACL Model should be limited to support of
> Directory operations. This is not to say that the Directory shouldn't
> be involved in supporting access, authorization, and usage decisions for
> entities which are external to the Directory.

Larry,

I couldn't disagree more.  What you fail to mention, is that ALL entities 
are external to the directory.  The information that is stored in the 
directory is a partial representation of an external entity.  For example, 
there are many more attributes of a user than are stored in the 
directory.  Why are users, organizations, file servers, etc. internal to a 
directory, and a book or a hat external to the directory?  There is no 
obvious reason, because the directory is just keeping track certain 
properties of these entities.  The more information that is kept in the 
directory,the more valuable it is.

Bruce

>

==============================================
Bruce Greenblatt, Ph. D.
Directory Tools and Application Services, Inc.
http://www.directory-applications.com
See my new Book on Internet Directories: 
http://www.phptr.com/ptrbooks/ptr_0139744525.html