directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject Re: [ApacheDS] Operation scope
Date Mon, 26 Sep 2005 17:59:48 GMT
Actually it does, but not in a "direct" way. I've seen the draft model used
with dynamic groups which would allow the same functionality.

Marc


On 9/26/05, Alex Karasulu <aok123@bellsouth.net> wrote:
>
> Trustin Lee wrote:
>
> > I forgot to mention that it would be simpler to merge two operation
> > scopes (attributeType and attributeValue) into one (attribute) so we
> > have only two operation scopes (entry and attribute). I don't see any
> > problem with this simplification for LDAP. WDYT?
>
> Yes I think we can make this simplification. I looked to see if this
> draft here has done the same though:
>
>
> http://www.ietf.org/proceedings/01aug/I-D/draft-ietf-ldapext-acl-model-08.txt
>
> I could not see any ACI which limited operations based on the value of
> an attribute. This is perhaps an example where X.500 goes way beyond
> what is necessary.
>
> In either case I think the best philosophy for us is to take what we
> initially is the best of X.500 and this draft to come out with a working
> implementation. Let's start using it and having our users use it. Get
> feedback from them and start compiling a set of use cases which users
> want/need which our implementation does not provide. Then we can go
> back and easily add this functionality.
>
> Over time we're going to find out what the optimal ACI descriptor really
> is.
>
> Alex
>

Mime
View raw message