RE: LDAPv3 Replication Access Control Design Team Report

["Kurt D. Zeilenga" <Kurt@xxxxxxxxxxxx>]

At 06:04 AM 2002-09-10, Timothy Hahn (TJH) commented to my post:
>Let's cut to the key question:
>
>  Does LDAP replication REQUIRE a standard LDAP ACM?
>
>(REQUIRE here in the RFC 2119 sense).
>TJH> I believe that LDAP replication MUST ensure that the security
>TJH> (i.e. authorization to access - add/modify/search/delete)
>TJH> is NOT compromised by the LDAP replication mechanism defined.
>TJH>
>TJH> Thus, I believe that LDAP replication REQUIRES that access
>TJH> control issues be "attended to" (in the RFC 2119 sense).

They can be "attended to" by detailing appropriate security
considerations in the LDAP replication technical specifications.

That is, the security consideration in the LDAP Replication
requirement document can be addressed by security considerations
in the LDAP Replication technical specification.

>TJH> But I DO NOT feel that LDAP replication needs define a specific
>TJH> Access Control Model (ACM).  LDAP replication need only ensure
>TJH> that SOME ACM can be applied across the servers involved in the
>TJH> data replicated amongst them and that LDAP replication doesn't
>TJH> "mess that up".

First, I disagree that SOME ACM has to be applied across all
servers.  I frequently work in deployments where per-ACMs
are not only in use, but DESIRED.  (Not to day that they
wouldn't prefer to have one ACM which does everything they
want, but there is a realization by many deployers that
they need different ACMs for different purposes and also
need to be sure information across purposes.)

An access control policy has to be applied.  LDUP can rely
on the authorities establishing the replication agreements
to establish controls within each replica implementing the
access control policy.

Kurt