directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <aok...@bellsouth.net>
Subject Re: [ApacheDS] Operation scope
Date Mon, 26 Sep 2005 17:53:34 GMT
Trustin Lee wrote:

> I forgot to mention that it would be simpler to merge two operation 
> scopes (attributeType and attributeValue) into one (attribute) so we 
> have only two operation scopes (entry and attribute).  I don't see any 
> problem with this simplification for LDAP.  WDYT? 

Yes I think we can make this simplification.  I looked to see if this 
draft here has done the same though:

http://www.ietf.org/proceedings/01aug/I-D/draft-ietf-ldapext-acl-model-08.txt

I could not see any ACI which limited operations based on the value of 
an attribute.  This is perhaps an example where X.500 goes way beyond 
what is necessary.

In either case I think the best philosophy for us is to take what we 
initially is the best of X.500 and this draft to come out with a working 
implementation.  Let's start using it and having our users use it.  Get 
feedback from them and start compiling a set of use cases which users 
want/need which our implementation does not provide.  Then we can go 
back and easily add this functionality.

Over time we're going to find out what the optimal ACI descriptor really is.

Alex

Mime
View raw message