[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: generalized permission for controls

To: Ellen Stokes <stokes@austin.ibm.com>
Subject: Re: generalized permission for controls
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 24 Jul 2001 23:14:31 -0700
Cc: ietf-ldapext@netscape.com
In-reply-to: <5.0.2.1.0.20010724145148.00a6b508@popmail2.austin.ibm.com>

I would suggest this be left out of the specification
and instead addressed by generalizing permissions
to grant access based upon a categorization of the
type of the access (read,write,...) being made as
opposed to the operation/sub-operation used to access
the directory.

Kurt

At 01:08 PM 7/24/2001, Ellen Stokes wrote:
>Folks,
>
>Mark Davidson proposed a generalized permission for
>controls in his note dated July 6 on ACM permissions.
>------------------------------------------------------------------------------
>ACI = rights "#" target "#" generalSubject
>
>permission = "x" ; execute control
>; permission u can only be used on controls
>
>target = "[all]" / "[entry]" / (attribute *("," attribute)) /
>"[controls]" / (controlType *("," controlType))
>
>controlType is defined in RFC2251
>
>Control use - can use control where aci is active (this
>replaces the g permission in a more general way)
>-------------------------------------------------------------------------------
>
>The authors like this idea and are working on text to
>incorporated this into the draft and move the
>getEffectiveRights control (and permission) in line with
>this proposal.
>
>We'll be putting a synopsis of this out shortly to the list.
>
>In the interim, any comments?
>
>Ellen

Follow-Ups:
- Re: generalized permission for controls
  - From: robert byrne <robert.byrne@Sun.COM>

References:
- generalized permission for controls
  - From: Ellen Stokes <stokes@austin.ibm.com>

Prev by Date: 蜜月與渡假的天堂 -- 普吉島
Next by Date: Hardcore Fuck Fest right Here!
Index(es):
- Chronological
- Thread