[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: LDAPv3 Replication Access Control Design Team Report

To: "Richard Huber" <rvh@xxxxxxx>, <ietf-ldup@xxxxxxx>
Subject: RE: LDAPv3 Replication Access Control Design Team Report
From: "Paul Leach" <paulle@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 10 Sep 2002 17:23:44 -0700
List-archive: <http://www.imc.org/ietf-ldup/mail-archive/>
List-id: <ietf-ldup.imc.org>
List-unsubscribe: <mailto:ietf-ldup-request@imc.org?body=unsubscribe>
Sender: owner-ietf-ldup@xxxxxxxxxxxx
Thread-index: AcJZIzhGe2h6fK3XTxiEeMbn2l9nqwABFvdw
Thread-topic: LDAPv3 Replication Access Control Design Team Report


> -----Original Message-----
> From: Richard Huber [mailto:rvh@xxxxxxx] 
> Sent: Tuesday, September 10, 2002 4:35
> To: ietf-ldup@xxxxxxx
> Subject: Re: LDAPv3 Replication Access Control Design Team Report
> 
> 
> 
> I agree with Tim.
> 
> If access controls are being used in a directory, the 
> directory administrator has decided that it is important to 
> control access to all or part of the data in the tree.  So if 
> replication is used in a directory that has access controls, 
> there needs to be a way to make sure that those access 
> controls are not lost because of replication.
> 
> A standard access control mechanism for all LDAP directories 
> is one way to do this.  But it can also be done by making 
> sure that the ACM in effect for any given part of the DIT is 
> well defined, and that the definition can be carried as part 
> of the data being replicated.

Or it can be carried out of band.

> 
> So as Kurt noted, the design team did not propose a plan to 
> design the one true access control mechanism.  But we do need 
> a replicatable way to express what ACM is in effect at any 
> point in the DIT.  Otherwise, administrators will have to 
> choose between reliability (multiple copies via replication) 
> and data security (access controls).

No -- they can independently configure it at each replica. Often not
very convenient, but it does show that it is possible to divorce ACM
from replication. As long as the authorization policy and the shape of
the DIT don't change very often, then it may not be all that big a
problem.

For example -- if I just replicate all my users' email SMIME
certificates to another directory, then saying that they are world
readable at the server level may be all the access control I need.

> 
> If, as discussed by John McMeeking and Kurt, this leads to a 
> general framework for replicating policy information, so much 
> the better.  This makes it possible to replicate policy 
> information if the situation so demands.

Policy information that is stored as directory objects with no special
semantics will get replicated just like any other object. That holds for
authorization policy too. Heterogenous directories that agree on the
schema for said objects will replicate their policy transparently. Ones
that don't, won't, and their administrators will have to arrange that
the correct policy gets configured in some other way at all replicas.
The replication protocol need say nothing more than that. 

Paul

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Prev by Date: Re: LDAPv3 Replication Access Control Design Team Report
Next by Date: Re: LDAPv3 Replication Access Control Design Team Report
Previous by thread: RE: LDAPv3 Replication Access Control Design Team Report
Next by thread: RE: LDAPv3 Replication Access Control Design Team Report
Index(es):
- Date
- Thread