directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Boreham <>
Subject Re: ACLs questions
Date Wed, 18 May 2005 14:56:57 GMT

> Yah I agree with this completely.  Actually there is an RFC out there 
> that makes several recommendations regarding ACLs.  It does not tell 
> you exactly how to implement access controls or where to stick them 
> but it might be worth looking at.  Let me see ....
> I could not find anything in it specficially about replication and 
> ACLs but it does talk specifically about ACLs and subtrees.   It's 
> clearly meant to be a very loose RFC.

Be careful with that RFC. Ellen was I think trying deliberately to be 
in order to allow vendors to create their own implementations. I personally
do not like 'abstract' standards : I want to see bits and bytes, but 
that's just me.

The working group effort that the draft represents fizzled out. That might
tell you something.

> I think better clues about how to best manage and store ACLs can be 
> found in the LDUP/LCUP specifications for replication.  This RFC does 
> not really talk about AC mechanisms that best support replication.  As 
> an algorithm/process for replication it gives us clues about why we 
> should include the ACI/ACL with the replicated subtree.  Just for the 
> record here's that RFC ...
LDUP/LCUP was a more 'concrete' standards effort (although it also 

View raw message