[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACM & Replication (Was: LDAPEXT Minutes)

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, rvh@qsun.mt.att.com (Richard V Huber)
Subject: Re: ACM & Replication (Was: LDAPEXT Minutes)
From: Ellen Stokes <stokes@austin.ibm.com>
Date: Tue, 17 Apr 2001 20:53:59 -0500
Cc: ietf-ldapext@netscape.com, ietf-ldup@imc.org
In-reply-to: <5.1.0.14.0.20010417142830.00a7d970@127.0.0.1>
References: <200104172100.RAA17101@qsun.mt.att.com>

From discussion with Rick Huber in Minneapolis, the following paragraphs
of the model draft have been modified and now read as follows (excerpted
from their sections with section headers):

2.  The LDAPv3 Access Control Model
   - What flows on the wire for interoperability

     The existing LDAP protocol flows for ldap operations
     are used to manipulate access control information.
     These same flows on the wire apply when ACI is
     transmitted during replication.  A set of permissions
     and their semantics with respect to ldap operations is
     defined.  The permissions parallel the defined set of
     ldap operations.  What is transmitted is exactly what
     is read back.  Encoding of access control information
     on the wire is per the LDAPv3 specifications.

4.  The Access Control Information Attributes and Syntax
The attributes are defined so access control information
(ACI) can be addressed in a server independent of server
implementation.  These attributes are used in typical LDAP
APIs, in LDIF output of ACI and in transfer of ACI during
replication. These attributes may be queried or set on all
directory objects.  The BNF and definitions are given below.

Ellen

At 03:48 PM 4/17/2001 -0700, Kurt D. Zeilenga wrote:

At 02:00 PM 4/17/01, Richard V Huber wrote:
>The main replication-related change to the ACM draft is to make it
>clear that the ACM applies to wire-line flows of data being
>replicated.

Are you saying here that LDAP ACM would be used to control what
was replicated between servers?  That seems presumptive.

>Ellen Stokes agreed to add that to the ACM draft.  I'll propose
>specific wording if needed.

Please do. That would allow some WG discussion of the specifics.
I certainly not sure what type of clarification you trying to
make.

I note I belief that the section paragraph of the Introduction and
the second paragraph of the Security Considerations were pretty
clear as how LDAP replication issues related to the LDAP ACM
are to be addressed.  That is, such issues are "out of scope".
I would certainly question any attempt to bring them into scope.

Kurt

Follow-Ups:
- Re: ACM & Replication (Was: LDAPEXT Minutes)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: ACM & Replication (Was: LDAPEXT Minutes)
  - From: rvh@qsun.mt.att.com (Richard V Huber)
- Re: ACM & Replication (Was: LDAPEXT Minutes)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: ACM & Replication (Was: LDAPEXT Minutes)
Next by Date: Re: ACM & Replication (Was: LDAPEXT Minutes)
Index(es):
- Chronological
- Thread