Re: UPN + GROUP + UPNEXPAND question.

[David Madeo <David.Madeo@xxxxxxxx>]

"Paul B. Hill" wrote:

> At 06:59 PM 3/9/2000 -0800, Doug Royer wrote:
> >The reason that I think that, is that
> >may MTA's do not allow VRFY or EXPN, they return unimplemented.
> >I would suspect the same for UPNEXPAND. Many will NOT want
> >to give out membership lists to spammers. And I do not see
> >any benifit for UPNEXPAND - other than debugging. And
> >it would not be used from a CUA, or at least it would not
> >be reliable from a CUA as it can be turned off at the CS.
>
> SMTP is unauthenticated, CAP is not. A CS could have authorizations that
> determine which users are allowed to use UPNEXPAND.
>
> It becomes more important when we consider the CS to CS usage of CAP. In
> this case the CSs might not share a common group definition. The UPNs that
> represent groups must be expanded prior to moving the data across a
> security context boundary so that a consistent evaluation can take place.

Even the CUA to CS model might have the CUA and CS having different user/group
directories.  The CUA needs to be able to ask the CS to expand the UPN for
it.  Especially on thin clients.

dmadeo

begin:vcard 
n:Madeo;David
tel;fax:212-762-1009
tel;work:212-762-2348
x-mozilla-html:FALSE
url:www.ms.com
org:Morgan Stanley Dean Witter and Discover;Information Technology
version:2.1
email;internet:dmadeo@xxxxxx
adr;quoted-printable:;;750 Seventh Ave=0D=0A;NY;NY;10019;USA
x-mozilla-cpt:;0
fn:David Madeo
end:vcard