[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAPv3 Replication Access Control Design Team Report

To: Richard Huber <rvh@xxxxxxx>
Subject: Re: LDAPv3 Replication Access Control Design Team Report
From: "Kurt D. Zeilenga" <Kurt@xxxxxxxxxxxx>
Date: Wed, 11 Sep 2002 07:28:39 -0700
Cc: ietf-ldup@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-ldup/mail-archive/>
List-id: <ietf-ldup.imc.org>
List-unsubscribe: <mailto:ietf-ldup-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-ldup@xxxxxxxxxxxx

At 04:34 PM 2002-09-10, Richard Huber wrote:
>If access controls are being used in a directory, the directory administrator has decided that it is important to
>control access to all or part of the data in the tree.  So if replication is used in a directory that has access
>controls, there needs to be a way to make sure that those access controls are not lost because of replication.

It not sufficient to just ensure access controls are not lost because
of replication.  http://www.imc.org/ietf-ldup/mail-archive/msg01261.html

>A standard access control mechanism for all LDAP directories is one way to do this.

A standard access control mechanism, by itself, is not sufficient.
See above article.

>But it can also be done by
>making sure that the ACM in effect for any given part of the DIT is well defined, and that the definition can be
>carried as part of the data being replicated.

Likewise, a standard framework for non-standard ACMs, by itself,
is not sufficient.

Kurt

References:
- RE: LDAPv3 Replication Access Control Design Team Report
  - From: Timothy Hahn
- Re: LDAPv3 Replication Access Control Design Team Report
  - From: Richard Huber

Prev by Date: RE: LDAPv3 Replication Access Control Design Team Report
Next by Date: LCUP: convergence?
Previous by thread: Re: LDAPv3 Replication Access Control Design Team Report
Next by thread: RE: LDAPv3 Replication Access Control Design Team Report
Index(es):
- Date
- Thread