Re: [ldapext] Unfinished business: password policy and VLV

[Kurt Zeilenga <Kurt.Zeilenga@Isode.com>]

On Jan 24, 2008, at 11:18 AM, John McGarvey wrote:

>
> LDAP password policy and VLV (scrolling view browsing) are  
> implemented by a number of LDAP servers, more or less in accordance  
> with now expired drafts.  Both of these extensions are quite  
> valuable, and both now have multiple independent implementations,  
> but there are no corresponding RFCs.  Is there a plan to get these  
> drafts back on track?  It seems to me that there should be.

I am presently working in the area of password policy.  I hope to have  
a few drafts (yes, more than one) submitted soon.  One I-D will be a  
password policy proposal based on, but different than, the old behera  
I-D.  This I-D will be targeted for both the IETF standards track and  
ITU/ISO standard.  A second I-D will contain Experimental extensions  
to work with RFC 2307 passwords, e.g. {SSHA}xxxx.  A third I-D will  
contain related (but not password authentication specific) features,  
such as "account locking".  This I-D will be aimed at IETF standards  
track.

Given the history of competing VLV proposals and standards work, I  
would shooting for Informational.  In particular, I suggest  
documenting what folks have implemented in this area as opposed to  
producing a new VLV standard.  Any attempt to produce a VLV standards  
would quickly find itself revisiting all the issues LDAPext faced (but  
didn't resolve) during it last year(s).

-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
http://www.ietf.org/mailman/listinfo/ldapext