[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] Unfinished business: password policy and VLV
- To: John McGarvey <mcgarvey@us.ibm.com>
- Subject: Re: [ldapext] Unfinished business: password policy and VLV
- From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
- Date: Mon, 11 Feb 2008 10:08:17 -0800
- Cc: ldapext@ietf.org
- Delivered-to: ldapext@core3.amsl.com
- In-reply-to: <OFE08F8712.709C93A4-ON852573DA.0069ABF1-852573DA.006A25D9@us.ibm.com>
- References: <OFE08F8712.709C93A4-ON852573DA.0069ABF1-852573DA.006A25D9@us.ibm.com>
On Jan 24, 2008, at 11:18 AM, John McGarvey wrote:
>
> LDAP password policy and VLV (scrolling view browsing) are
> implemented by a number of LDAP servers, more or less in accordance
> with now expired drafts. Both of these extensions are quite
> valuable, and both now have multiple independent implementations,
> but there are no corresponding RFCs. Is there a plan to get these
> drafts back on track? It seems to me that there should be.
I am presently working in the area of password policy. I hope to have
a few drafts (yes, more than one) submitted soon. One I-D will be a
password policy proposal based on, but different than, the old behera
I-D. This I-D will be targeted for both the IETF standards track and
ITU/ISO standard. A second I-D will contain Experimental extensions
to work with RFC 2307 passwords, e.g. {SSHA}xxxx. A third I-D will
contain related (but not password authentication specific) features,
such as "account locking". This I-D will be aimed at IETF standards
track.
Given the history of competing VLV proposals and standards work, I
would shooting for Informational. In particular, I suggest
documenting what folks have implemented in this area as opposed to
producing a new VLV standard. Any attempt to produce a VLV standards
would quickly find itself revisiting all the issues LDAPext faced (but
didn't resolve) during it last year(s).
-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
http://www.ietf.org/mailman/listinfo/ldapext