[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] General impact of ldap server side current time matching
- To: IETF LDAPext <ldapext@ietf.org>
- Subject: [ldapext] General impact of ldap server side current time matching
- From: Daniel Pluta <pluta@tum.de>
- Date: Tue, 20 Jul 2010 13:01:58 +0200
- Delivered-to: ldapext@core3.amsl.com
- User-agent: Thunderbird 2.0.0.24 (Windows/20100228)
Dear ldapex[t|perts],
thanks to the received feedback our draft related to "ldap server side
current time matching" has been recently updated to version 1:
http://www.ietf.org/id/draft-pluta-ldap-srv-side-current-time-match-01.txt
As a result of the previous technical discussions the document is
currently focused on LDAP protocol specific implementation details like
for example the syntaxes (current time and duration) and the various
extensible matching rules.
As the feedback in regard to the general idea (ldap server side current
time matching) has been quite small we would like to take the
opportunity to restart the discussion into a more general direction.
We are interested in your (also non-technical) opinions and visions
regarding this kind of LDAP protocol feature. Advanced usage scenarios
based on current time matching operations are therefore also of
interest. Where else and how do these matching rules could have an
impact, e.g. on your environment, development or related future
concepts? In the following you find a short (and surely incomplete) list
of topics that are in our opinion (at least partly) related to current
time matching:
- ldap password policy's password expiration[Time|Duration],
draft-behera-ldap-password-policy
- Component Matching (Certificate timestamps?)
- DSA-internal KDC data store; draft-chu-ldap-kdc-schema (eg.
principalNotUsed[Before|After]?)
- DSA-internal CA (mentioned at kerberos 2009 by H. Chu)
- ...
Your feedback is highly appreciated - thanks a lot!
Best regards,
Daniel
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext