[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[Fwd: LDAPEXT minutes]
LDAPEXT Working Group
Meeting minutes recorded by Roger Harrison <rharrison@novell.com>
WG Status (Mark Wahl)
* Completed items: sorting, lang tags, dynamic entries, signed info
* acl-model-08: new version needed
* vlv-04: went to IESG but has been pulled back to authors for result code
issue
* named referrals: last called on -03; -04 will be IESG last call
* taxonomy -05: waiting on locate
* locate-05: needs a new LC
* C API has not been updated since Nov 00; Mark Smith
* java-api-15: will need to be rev'ed and do another last call
* ldapudp-00: needs rev and LC
* dupent-07: LC'ed at -06, dependent on vlv
Remaining Drafts In Detail
Patrik Faltstrom: IESG wants to close the working group. Outstanding documents
(a) is a WG needed for the documents
(b) if multiple vendors will implement
ACL Model
* Recommend that it be taken off of the charter and perhaps be moved to
experimental
* will ask on the list before final decision
Java API
* iPlanet & Novell have both implemented
* probably doesn't need to be a WG item; probably should be progressed to
proposed standard
* will ask on the list
Locate Draft
* Roland Hedberg feels that this draft should be WG LC'ed as it is with an eye
toward taking it toward proposed standard.
* The following IESG last call will give security area folks a change to
raise issues if they exist.
* RL Bob Morgan feels that we should just go to IETF-wide last call.
Taxonomy Draft
* Will follow path of Locate draft.
Named Ref Draft
* Issues raised in previous LC have been addressed. Some significant changes
occurred as a result.
LDAPUDP Draft
* We will take this to experimental status as an individual submission.
* No comments on the list recently.
Question: is IRTF doing any directory research? Answer: none that anyone
present is aware of.
Conclusion
* IETF ldapext WG will likely conclude. This will be the final meeting of the
WG.
ACL -08 (Rob Byrne)
* authentication levels added; opinions vary, but Rob feels this is more
manageable
* decision algorithm is more formal
* fixed getEffectiveRights
* IP addresses can be used to deny access when other ACI is also available
Planned changes for -09
* clarification of rename behavior
* correction to ABNF for ipAddress
Comments:
* groups/role expansion will be clarified
* no change in authnlevls versus mechanisms
* ip address subjects - no change
* ACM too complex; will remove 't' and 'p' permissions
* removal of subentries
* will remove the ldapACISubentry for an attribute in rootDSE
* equality matching of ACI
* no change: continue using comp matching
* support for controls
* will propose a way to express required permissions for controls and
extended ops