[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: direct local change when a consumer chains a write to the producer? (Was: openldap-server-2.2.29: multimaster support)

> and if the DSA wants to chain as B:
>         chainedRequest originator=Y request={
>                 modifyRequest ... proxyAuthz=X
>         } proxyAuthz=B

Just to make sure I got you: "originator" would play a sort of "native"
proxyAuthz for the chainedRequest.  So the players on the ground are:

- the identity of the chaining DSA, A
- the identity A wants to proxyAuthz as, B
- the identity of the DUA that initiated the request, Y
- the identity Y wanted to proxyAuthz as, X

The chaining DSA binds to the chained DSA as itself, A; it tells the
chained DSA it's chaining on behalf of Y and, after that, authz'es as B. 
In the meanwhile, during the chainedOperation, the DUA that originated the
request that eventually was chained, Y, wants to perform the operation as

Pretty straightforward, isn't it?  Well, at a first glance, I don't think
we could need anything more complicated than that.

The chained portion of the "chain'n'sync" operation could be done this way:

        chainedRequest originator=Y request={
                modifyRequest ... proxyAuthz=X
        } proxyAuthz=B, postRead

If A == B, then

        chainedRequest originator=Y request={
                modifyRequest ... proxyAuthz=X
        } postRead


Pierangelo Masarati

Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it