[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: subjects in LDAP ACMs

To: "Cutler, James R" <james.cutler@eds.com>
Subject: RE: subjects in LDAP ACMs
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 23 Apr 2001 10:54:20 -0700
Cc: "'robert byrne'" <robert.byrne@Sun.COM>, ietf-ldapext@netscape.com
In-reply-to: <4E6A7BDC24CDD311B11400508BDF0A3836C335@usahm009.exmi01.exc h.eds.com>

At 08:32 AM 4/23/01, Cutler, James R wrote:
>Rather than "identified", it should be "authenticated", since this is, in
>fact, what is indicated.  Authorization happens outside of the simpleSubject
>definition.

The authorized identity is not necessarily the same as the authentication identity and is not authenticated, per say, but asserted and approved
by some means as part of the authentication/authorization process.

I agree "authorization" happens outside of access control.  It happens
prior.  At least in RFC 2829 terminology.

Prev by Date: Re: browse permission in the ACM
Next by Date: Last call on 'Named Subordinate References in LDAP Directories'
Index(es):
- Chronological
- Thread