Neither John nor I are wed to the idea of keeping the ACM document in exactly its present form. What the WG has clearly achieved consensus on (several times and each time the issue has been raised) is that without some baseline ACM for LDAP, LDUP has little chance of being inteoperable (at least not in a secure way) across implementations from multiple vendors. Some of the more active WG members have explicitly requested that the LDUP co-chairs consider moving the work from LDAPEXT to LDUP as LDAPEXT is closing down and concensus has not been reached on the ACM document's content. It may be that we have to specify in LDUP the minimum required ACM for LDUP to work as expected. We're just proposing that the current document be used as a starting point for discussion within the LDUP WG. Chris Apple Program Manager - Integration Services United Messaging Inc. <http://www.unitedmessaging.com> <mailto:christopher.apple@unitedmessaging.com> (V) +1 610 425 2860 -----Original Message----- From: Rob Byrne - Sun Microsystems [mailto:robert.byrne@sun.com] Sent: Wednesday, November 14, 2001 4:31 AM To: Mark Wahl Cc: john.strassner@intelliden.com; christopher.apple@unitedmessaging.com; roland@catalogix.se; ietf-ldup@imc.org; ietf-ldapext@netscape.com Subject: Re: moving access control discussion to LDUP All, My own (vendor-centric) opinion on the progreess of the acl draft, is that, unfortunately, in LDAP life-time terms it is very (if not, too) late to successfully progress this to a standard. I would categorize the main problem as "entrenched vendors". Seems like everyone agrees in principle that standard access control would be a good idea but when it comes to the crunch vendors are reluctant to reinvest in developing a new access control system in their servers. So it seems the best we could do would be to preserve the work (some of which may still be useful to vendors polishing their implementations) by moving it to the experimental or informational category. I think there may also be scope for pulling some of the sections out and submitting them as independent ID's; for example the getEffectiveRights section could probably be expressed in sufficiently general terms that any vendor could support it. Perhaps the best opportunity for standard directory access acontrol will occur as/if directories evolve to integrate more with the XML world. The XML guys are currently recasting the wheel in XML terms and for example the XACML work stands a chance of success as they don't have the entrenched vendor problem. I would advise the LDUP chairs to poll the LDUP group and ensure that there is enough (preferably more than enough!) support for completing the acl draft in LDUP, before adopting it. Rob. Mark Wahl wrote: > It may be worthwhile to consider adding the access control standardization > discussion to LDUP, as LDUP will need the replication of access control > information for many of its scenarios. This activity was ongoing in LDAPEXT, > but LDAPEXT is shutting down and has not reached rough consensus on > access control specification. > > Mark Wahl > Sun Microsystems Inc.
BEGIN:VCARD VERSION:2.1 N:Apple;Christopher FN:Christopher Apple (E-mail) ORG:UMI TITLE:Program Manager TEL;WORK;VOICE:(610) 425-2860 TEL;HOME;VOICE:(215) 873-0850 TEL;CELL;VOICE:(610) 585-4241 TEL;WORK;FAX:(610) 425-6501 ADR;WORK:;;1161 McDermott Drive;West Chester;Pa.;19380;United States of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:1161 McDermott Drive=0D=0AWest Chester, Pa. 19380=0D=0AUnited States of Amer= ica EMAIL;PREF;INTERNET:christopher.apple@unitedmessaging.com REV:20010925T181636Z END:VCARD
Attachment:
smime.p7s
Description: S/MIME cryptographic signature