[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL all entry attribute keyword

To: ietf-ldapext@netscape.com
Subject: ACL all entry attribute keyword
From: Sanjay Panwar <sanjay.panwar@openwave.com>
Date: Fri, 09 Mar 2001 12:50:56 -0800
Organization: Openwave

Question on draft-ietf-ldapext-acl-model-07.txt
-----------------------------------------------------

WRT attr options
               attr = "[all]" / "[entry]" / (attribute *("," attribute))

Is it necessary to have two different keywords to target Entry and All
attributes, since we already have separate set of permissions for entry
and attributes.

Is it not sufficient to have only one  keyword, lets call it ?[all
entry]?,  to target both entry and its attributes. Permission determines
whether it can be applied to an entry or attribute as illustrate below.

  subtreeACI: grant:o # [all entry] # role:cn=SysAdmin,o=Company
                  ; Applies to all attributes as o is attribute specific
permission
  subtreeACI: grant:d # [all entry] # role:cn=SysAdmin,o=Company
                 ; Applies to the entry as d is entry specific
permission

 With the existing scheme it is possible to define following ACIs, which
do not have any meaning.

  subtreeACI:grant:o#[entry]#role:cn=SysAdmin,o=Company
  subtreeACI:grant:d#[all]#role:cn=SysAdmin,o=Company

- Panwar

Follow-Ups:
- Re: ACL all entry attribute keyword
  - From: Ellen Stokes <stokes@austin.ibm.com>

Prev by Date: Re: I-D ACTION:draft-ietf-ldapext-locate-05.txt
Next by Date: Re: application defined permission
Index(es):
- Chronological
- Thread