[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: by users in <WHO> field

--On Friday, April 02, 2010 9:30 PM +0200 Michael Ströder <michael@stroeder.com> wrote:

Kurt, it's not that simple: Off course there was an successful
authentication in case of SASL/EXTERNAL. Taking the term "authenticated
clients" literally you're done for processing "by users".

But the user is not really *identified* in terms of an entity represented
by a directory entry and therefore the behaviour looks strange to me
because no-one wants to deal with SASL authc-DNs when designing ACLs. I'd
prefer changing semantics of "by users" to "identified clients" or having
another key-word "by identifiedusers" with that semantics.

The authorization step happens *after* identification based on the
(optionally mapped) principal name.

We do this elsewhere. Perhaps usersz and usersc? (Similar to authc and authz?)



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration