It could interop assuming that all data was public read-write, or public read on all but one of the servers, with that one controlling who could update (i.e., master-slave). Taking this approach would let you factor the problems -- you could focus on the replication issues, and when some future WG came up with a common access control syntax and semantics, then it would just plug in. > -----Original Message----- > From: John Strassner [mailto:john.strassner@xxxxxxxxxxxxxx] > Sent: Wednesday, November 14, 2001 2:06 PM > To: Kurt D. Zeilenga; Christopher Apple > Cc: 'Rob Byrne - Sun Microsystems'; Mark Wahl; > roland@xxxxxxxxxxxx; ietf-ldup@xxxxxxx > Subject: RE: moving access control discussion to LDUP > > > So how will the protocol be able to interoperate without a common ACM? > > thanks, > John > > -----Original Message----- > From: Kurt D. Zeilenga [mailto:Kurt@xxxxxxxxxxxx] > Sent: Wednesday, November 14, 2001 2:53 PM > To: Christopher Apple > Cc: 'Rob Byrne - Sun Microsystems'; Mark Wahl; > john.strassner@xxxxxxxxxxxxxx; roland@xxxxxxxxxxxx; ietf-ldup@xxxxxxx > Subject: RE: moving access control discussion to LDUP > > > Please note that I feel the LDUP WG should not undertake > the LDAP ACM work or any other new work. The LDUP WG > needs to narrow its focus and trim its workload if it > is ever to successfully conclude. > > And also I ask that the charter be clarified as to the > extent of work this WG is undertaking (or intends to > undertake). In particular, the charter should state whether > or not the group intends to: > 1) Update LDAPv3 "core" specification (including > its normative references), > 2) Define an ACM for LDAPv3, and/or > 3) Define an authentication identity to > authorization identity mapping scheme. > > (Note that the mapping scheme is needed for an ACM > to provide any reasonable level of consistent access > to client entities in a replicated environment.) > > Kurt > >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature