[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Password Policy OIDs

To: ldapext@ietf.org
Subject: Re: [ldapext] Password Policy OIDs
From: John McMeeking <jmcmeek@us.ibm.com>
Date: Tue, 26 Oct 2004 07:57:05 -0500
In-reply-to: <1098781358.5584.6.camel@dunbar-n-1.hpl.hp.com>

I haven't looked to see how close the draft is to either the (then)
Netscape or the Novell implementations, but here what I think:

If the existing OIDs and descriptive names are based on password policy
implementations that existed prior to this draft, I think the names and
OIDs should be changed when the draft departs "far enough" from those
existing implementations.  At a minimum, I think the control OIDs ought to
be different; that would make it possible for a client to determine which
password policy implementation was supported by a server and act
accordingly.

If the OIDs and descriptive names in question are defined by the draft, I
think it is reasonable for the draft to continue use those OIDs and names
when it changes the semantics defined in a previous version.  I think
anyone implementing an Internet Draft is doing so at their own risk.  Isn't
that part of the rationale behind this statement?

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

John  McMeeking

neil.dunbar@hp.com wrote on 10/26/2004 04:02:38 AM:

> On Mon, 2004-10-25 at 23:16 -0600, Jim Sermersheim wrote:
> > Yeah, I suppose we could do that as well. I'm looking at the
> > differences between the 00 version and the 09 version:
>
> > Andrew Sciberras wrote:
> > I think that this is a good idea, however your email suggests that
> > changing the OID's will disambiguate the semantics by which a
> > password
> > policy is being enforced. Do you plan to change the short name
> > descriptors of the attributes as well?
>
> > > Jim Sermersheim wrote:
> >
> > > This does bring up another point I wanted to discuss though...
> > > This draft was written way back when it was popular to assign OIDs
> > in
> > > I-D's. A practice that has lost favor partly due to implementations
> > > using those OIDs and experiencing problems as semantics changed but
> > OIDs
> > > didn't.
>
> Are we talking about replacing all OIDs, or just the schema OIDs? It
> seems that if we change the ones for the LDAP Request/Response controls
> then I can see a lot of implementations falling over (or at least
> failing to pass proper response information).
>
> Schema re-OIDing isn't that much of a hassle, for us at least.
>
> Cheers,
>
> Neil
>
>
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org
> https://www1.ietf.org/mailman/listinfo/ldapext

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- Re: [ldapext] Password Policy OIDs
  - From: Neil Dunbar <neil.dunbar@hp.com>

Prev by Date: Re: [ldapext] Fwd: I-D ACTION:draft-behera-ldap-password-policy-08.txt
Next by Date: Re: [ldapext] Fwd: I-D ACTION:draft-behera-ldap-password-policy-08.txt
Index(es):
- Chronological
- Thread