Return-Path: 
 <dev-return-34440-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: (qmail 8656 invoked from network); 4 Jul 2010 12:01:39 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 4 Jul 2010 12:01:39 -0000
Received: (qmail 7573 invoked by uid 500); 4 Jul 2010 12:01:39 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 7377 invoked by uid 500); 4 Jul 2010 12:01:36 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 7370 invoked by uid 99); 4 Jul 2010 12:01:34 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 04 Jul 2010 12:01:34 +0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of elecharny@gmail.com designates
 74.125.82.44 as permitted sender)
Received: from [74.125.82.44] (HELO mail-ww0-f44.google.com) (74.125.82.44)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 04 Jul 2010 12:01:26 +0000
Received: by wwb24 with SMTP id 24so1242315wwb.1
        for <dev@directory.apache.org>; Sun, 04 Jul 2010 05:01:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:reply-to
         :user-agent:mime-version:to:subject:content-type
         :content-transfer-encoding;
        bh=AjfhF6IjX6JFazuj9+aSq7j1afrI5WoVx7k6Lir2BQg=;
        b=l49pLYoEOjSq1/9DgG/McAYCCRjewXn7aTMy5gb0hAlWa3M7nTXk6IDgykuB/z/W5D
         YM3RcT8MnTdyJ7XdM8O4sDnFHBpWIGMiOzU/GRegYsUWAfwOPDAoP6McItG80TZIWsfg
         9v3pB72RWRnk/v3H1VyOxljSuyfSkFVuBVPK0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:reply-to:user-agent:mime-version:to:subject
         :content-type:content-transfer-encoding;
        b=cPTCtItspzsolbn24oh3jmV6Xf1u8RmrnCqC3+e1mUfmh8vFG+lxCKS7yk8Q4Z77cp
         RiRnCoxKNrxPrFem00kD0SMqZYefgFR5Y/6k5gb34jrDju0OAHevmRR9v97sKWrU+QRa
         rE9L3cfK6eL0mnsWU+rvYNQVEuMhFuzoVMLXo=
Received: by 10.227.157.84 with SMTP id a20mr1727713wbx.39.1278244865977;
        Sun, 04 Jul 2010 05:01:05 -0700 (PDT)
Received: from emmanuel-lecharnys-MacBook-Pro.local ([78.192.106.184])
        by mx.google.com with ESMTPS id a27sm22614564wbe.6.2010.07.04.05.01.04
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Sun, 04 Jul 2010 05:01:05 -0700 (PDT)
Message-ID: <4C307863.6050603@gmail.com>
Date: Sun, 04 Jul 2010 14:02:43 +0200
From: Emmanuel Lecharny <elecharny@gmail.com>
Reply-To: elecharny@apache.org
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
 rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: Apache Directory Developers List <dev@directory.apache.org>
Subject: About Authz documentation for 2.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

  Hi,

I'm trying to update the documentation about Authz for 2.0 at the same 
time I'm reviewing the code.

As it's not the most simpler part of the server, I think the 
documentation must be realy wll written for our users to be able to 
understand how the full system works.

Looking at the current documentation, we have many pages related to this 
part :

ADS 1.0 :
https://cwiki.apache.org/DIRxSRVx10/authorization.html
https://cwiki.apache.org/DIRxSRVx10/enablesearchforallusers.html
https://cwiki.apache.org/DIRxSRVx10/userclasses.html
https://cwiki.apache.org/DIRxSRVx10/subentries.html (broken)
https://cwiki.apache.org/DIRxSRVx10/userpermissions.html (broken)
https://cwiki.apache.org/DIRxSRVx10/denysubentryaccess.html (broken)
https://cwiki.apache.org/DIRxSRVx10/allowselfpasswordmodify.html
https://cwiki.apache.org/DIRxSRVx10/grantadddelmodtogroup (broken)
https://cwiki.apache.org/DIRxSRVx10/grantmodtoentry (broken)

https://cwiki.apache.org/DIRxSRVx11/25-authorization.html
http://directory.apache.org/apacheds/1.5/acareas.html
http://directory.apache.org/apacheds/1.5/enablesearchforallusers.html
http://directory.apache.org/apacheds/1.5/userclasses.html
http://directory.apache.org/apacheds/1.5/allowselfpasswordmodify.html
(many missing links too)

As everyone can see, it's far from being complete.

I would like to suggest a new structure for this part of the documentation :
1) Introduction : in a few words, describe the model
2) Definitions : define all the acronyms and terms we will use (ACI, 
UserClasses, ...)
3) Enabling Access Control : (Not sure about it) How to enable the system.
4) ACI description
   4.1) EntryACI
   4.2) PrescriptiveACI
   4.3) SubentryACI
5) ACI elements
   5.1) UserClasses
   5.2) ProtectedItems
   5.3) Permissions
   5.4) Subtree
6) The ACDF engine
   6.1) How it works
   6.2) Selections
   6.3) Constraints
   6.4) Priority
7) Using ACI (trails)
   7.1) ...
8) Protecting the ACIs (administrating them)

This is just a first shot, please feel free to provide any feedback.

Thanks !

-- 
Regards,
Cordialement,
Emmanuel L�charny
www.iktek.com