[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CAP comment, section 4.5.1, lookup

To: ietf-calendar@xxxxxxx
Subject: Re: CAP comment, section 4.5.1, lookup
From: Doug Royer <Doug.Royer@xxxxxxx>
Date: Sat, 12 Dec 1998 18:29:33 -0800 (PST)
Reply-to: Doug Royer <Doug.Royer@xxxxxxx>
Sender: owner-ietf-calendar@xxxxxxx

> From: "Paul B. Hill" <pbh@mit.edu>
> Subject: CAP comment, section 4.5.1, lookup
> 
> Hi,
> 
> 4.5.1   Lookup
> 
>    CAP MUST specify, subject to access control:
> 
>      - How the CUA can list calendars in a single CS, by fetching all
>      the top level CSIDs of the CS.
> 
> I know of several higher-ed sites that do not require authentication or
> authorization to query their directory services, however they do not permit
> fetching all of their identifieres. This is sometimes done by limiting the
> number of queries from a single host, or by limiting the number of
> responses generated by a wildcard search.
> 
> This is because they wish to allow external users to locate and contact
> people within their domain, but they try to prevent people from creating
> additional directories, databases, or mass mailing lists.
> 
> I think that a similar requirement exists for the CSIDs on a single CS.
> Does the group feel that "subject to access control" covers a throttling
> mechanism or does the requirement need further elaboration?

I think the conversations assumed the user had already authenticated.

Prev by Date: Re: comment on CAP, section 4.4.3, deferred requirements
Next by Date: Re: Access Control deferred?
Previous by thread: Re: CAP comment, section 4.5.1, lookup
Next by thread: CAP comment, section 4.6, Security
Index(es):
- Date
- Thread