[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: subentries comments

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: subentries comments
From: Rob Byrne - Sun Microsystems <robert.byrne@sun.com>
Date: Thu, 06 Dec 2001 16:58:06 +0100
Cc: ietf-ldapext@netscape.com
References: <5.1.0.14.0.20011205153733.017761d8@127.0.0.1> <5.1.0.14.0.20011206055721.0173d010@127.0.0.1>

"Kurt D. Zeilenga" wrote:

> At 05:41 AM 2001-12-06, Rob Byrne - Sun Microsystems wrote:
> >If the goal is to faithfully transfer x500 semantics as is to LDAP then I
> >think the draft needs to be clearer about that.
>
> The goal is to the LDAP mechanisms to act in accordance with X.500
> semantics, as should all LDAP mechanisms.  LDAP is, after all, a
> protocol for accessing an X.500 directory.
>
> >For example, it could be
> >renamed  from "Subentries in LDAP" to "X500 Subentries in LDAP" or ...
>
> I think it superfluous to insert X.500 here as LDAP is an access
> protocol to an X.500 directory.
>
> >And again,  the text in the
> >abstract that says "This document adapts X.500 subentries mechanisms for use
> >with LDAP." could say something like "This document transfers X.500
> >subentries mechanisms to LDAP , keeping the same fundamental semantics".
>
> We don't transfer mechanism, we adapt them while maintaining the
> consistent semantics.  That is, the LDAP access to subentries uses
> different mechanisms than DAP, but both are semantically consistent.

Kurt,

You point out below that in fact you have introduced a difference, namely in the
retrieval behaviour when no control is attached.  This difference and the
subsequent control definition means that you have failed to reproduce a
behaviour that exists with x500 subentries, namely the ability to recover both
normal and subentries in one request.  I think that will be very painful for
manageability.

How about changing the meaning of TRUE in the controlValue to mean "retrieve
both normal and subentries" ?  It's still not exactly the same as x500 but it
seems "usefully closer" to me.

Rob.

>
>
> My co-author and I will, however, consider making a clarification in
> this area as obviously the present wording caused some confusion.
>
> >A line like "LDAP subentries SHALL behave in accordance with X.501 unless
> >noted otherwise in this specification." appears superfluous if you state the
> >"transfer the semantics" goal clearly--there should by definition be no
> >behavioural differences.
>
> Mechanisms differ, semantics are consistent.  This statement is
> consistent with that which applies to all of LDAP [RFC 2251, s3.3].
>
> >If you keep this line then that leaves the door
> >open for differences,
>
> The extension door is always open.   It's the goal of this
> document to detail how a core component of the X.500 data
> model can be accessed using LDAP.  Our intent is not to
> extend this component, just to provide access to it.  This
> gives the I-D a narrow focus which allows it to be progressed
> much faster than if we opened the LDAP-specific enhancement
> door.
>
> >so I think the reader would appreciate a section that
> >listed any differences or explicitly stated that the differences were not in
> >semantics but just schema, for example.
>
> There are certainly mechanism differences, DAP and LDAP
> are quite different protocols.  However, the semantics of
> each (as they apply to this part of the data model) are
> quite consistent.  I've noted a one difference in the
> last paragraph of section 1.  It exists for consistency
> with the LDAP "core" specification due to how it handles
> subschema subentries.

>
>
> Kurt

Follow-Ups:
- RE: subentries comments
  - From: "Steven Legg" <steven.legg@adacel.com.au>

References:
- Re: subentries comments
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: subentries comments
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: FW: Increase your Muscle-Strength
Next by Date: RE: subentries comments
Index(es):
- Chronological
- Thread