directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <>
Subject RE: ACLs questions
Date Mon, 16 May 2005 20:37:14 GMT

I am off-line as I write this, so I cannot look at the Wiki or code, but I
am wondering why we might not implement ACL schemes with interceptors of
some sort, and make that whole functional area programmatically
configurable.  With declarative security, such as OpenLDAP, something has to
implement the ACL anyway, so why not make that capability pluggable, and
expose a programming model?

It also seems to me that the way the system is coded, if there were no
security on some aspect(s), there wouldn't be security interceptors on that
path, and thus no overhead.  Overhead would occur only when the
functionality would be required.

	--- Noel

View raw message