[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: generalized permission for controls

I would like to see this kept out of the main draft, and moved forward as a separate item. I think that the rationale that is applied here should be similar to what was applied in my "application defined permissions" draft. In actuality, I think that this is really pretty much the same as the mechanism that I defined in the draft: http://search.ietf.org/internet-drafts/draft-greenblatt-ldap-perms-00.txt

Bruce

At 03:08 PM 7/24/01 -0500, Ellen Stokes wrote: 
Folks,

Mark Davidson proposed a generalized permission for
controls in his note dated July 6 on ACM permissions.
------------------------------------------------------------------------------
ACI = rights "#" target "#" generalSubject

permission = "x" ; execute control
; permission u can only be used on controls

target = "[all]" / "[entry]" / (attribute *("," attribute)) /
"[controls]" / (controlType *("," controlType))

controlType is defined in RFC2251

Control use - can use control where aci is active (this
replaces the g permission in a more general way)
-------------------------------------------------------------------------------

The authors like this idea and are working on text to
incorporated this into the draft and move the
getEffectiveRights control (and permission) in line with
this proposal.

We'll be putting a synopsis of this out shortly to the list.

In the interim, any comments?

Ellen 

==============================================
Bruce Greenblatt, Ph. D.
Directory Tools and Application Services, Inc.
http://www.directory-applications.com