RE: Adding to the LDAP ACM to a WG charter

["Roddy A. Sue" <saroddy@xxxxxxxxxxxxxx>]

Is there any effort in a security-focused working group to look at
cross-protocol security attribute definitions?  One would like to think that
a common solution could be found (separate from the bio-diversity argument
of security through obscurity).


Sandi Roddy
National Security Agency
V5 Technical Director - Security
410-854-7070


-----Original Message-----
From: Paul Leach [mailto:paulle@xxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, November 20, 2001 1:08 PM
To: Roddy A. Sue; Ryan Moats; Steven Legg
Cc: ietf-ldup@xxxxxxx
Subject: RE: Adding to the LDAP ACM to a WG charter


I want to be clear. I am not suggesting that, in order to allow
multi-vendor replicas, a standard ACM isn't required.

The only question is whether they need to be developed by the same WG,
other whether _this_ WG should focus on what has proven to be a very
difficult problem, and finish it; or whether it should undertake another
very difficult problem that may very well defocus it and delay finishing
the primary one it was set up to solve.

This is not a question of requirements -- it is a question of creating
an efficient engineering process to get things done. I believe that
history has shown conclusively that trying to solve too many hard
problems simultaneously leads to none of them getting done.

Paul