directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: ACLs questions
Date Wed, 18 May 2005 21:41:08 GMT
David Boreham wrote:

>> Yah I agree with this completely.  Actually there is an RFC out there 
>> that makes several recommendations regarding ACLs.  It does not tell 
>> you exactly how to implement access controls or where to stick them 
>> but it might be worth looking at.  Let me see ....
>> I could not find anything in it specficially about replication and 
>> ACLs but it does talk specifically about ACLs and subtrees.   It's 
>> clearly meant to be a very loose RFC.
> Be careful with that RFC. Ellen was I think trying deliberately to be 
> abstract
> in order to allow vendors to create their own implementations. I 
> personally
> do not like 'abstract' standards : I want to see bits and bytes, but 
> that's just me.

Oh no I'm right there with ya..  I like concrete specs too :).

> The working group effort that the draft represents fizzled out. That 
> might
> tell you something.

;) yah

>> I think better clues about how to best manage and store ACLs can be 
>> found in the LDUP/LCUP specifications for replication.  This RFC does 
>> not really talk about AC mechanisms that best support replication.  
>> As an algorithm/process for replication it gives us clues about why 
>> we should include the ACI/ACL with the replicated subtree.  Just for 
>> the record here's that RFC ...
> LDUP/LCUP was a more 'concrete' standards effort (although it also 
> ultimately
> failed).

Really I thought the group just brought the draft to an RFC.  What's the 


View raw message