Re: [ldapext] password policy: generic features

[Kurt Zeilenga <Kurt.Zeilenga@Isode.com>]

On Jun 30, 2010, at 2:02 PM, Howard Chu wrote:

> Kurt Zeilenga wrote:
>> The latest I-D contains an account idling feature.  This is yet another
>> feature which is useful regardless of the mechanism being used for
>> authentication.
>> 
>> At present, I favor separating such features into a separate "account
>> policy" specification.  However in absence of an I-D actually detailing an
>> "account policy" this note can be viewed as simply placing my view on the
>> public record.   Or maybe just rework this specification to be an "account
>> policy" specification with "password extensions".   :-)
> 
> I was just going to ask if that's where you were headed.

Haven't thought too much about direction.  Just making comments as I re-implement this stuff, and thinking a bit about dealing with some long standing 'account policy' related feature requests.

> Is this "account" policy, or perhaps "authentication policy"?

Well, some of the facilities I'm thinking might be part of such a specification are about authorization not authentication, such as general account locking.

> It seems that broadening the title may be a good idea; splitting the spec may be harder because the two are interdependent.

Some things might do better with less interdependence... but that doesn't necessarily require splitting the specification.

-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext