Re: IP Address in the ACM (Was: Comments on AccessControlModel- BNF)

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 03:22 PM 4/6/01 +0200, robert byrne wrote:
>Mmmm...will the next version of your product not allow the ability to
>grant public access, becuase that's "insecure" ?

With "public", we're going to disable it by default and require
the administrator take action to enable it when desired.

>I suspect not--because
>in some situations that's a useful policy, explicitly set by the
>administrator.

If explicitly set by the administrator, yes.

>It seems to me that the same is probably true of an
>ip-address subject and simple authentication.

If you are not on the Internet, maybe.  But on the
Internet, use of simple or IP-addressed authentication
is not appropriate and we should require implementations
to such and, in fact, we should recommend against (i.e. with
a SHOULD NOT) support such in our security considerations.

Kurt