RE: DSML futures

["Paulus, Sachar" <sachar.paulus@sap.com>]

Hi!

> -----Original Message-----
> From: Chris Ridd [mailto:Chris.Ridd@messagingdirect.com]
> Sent: Dienstag, 16. Mai 2000 19:11
> To: rweltman@netscape.com
> Cc: James Tauber; 'dsml@lists.oasis-open.org'
> Subject: Re: DSML futures 
> 
> 
> On Tue, 16 May 2000 08:15:21 PDT, Rob Weltman wrote:
> > James Tauber wrote:
> > 
> > > The following were identified by the DSML 1.0 WG as work 
> items that were of
> > > potential interest but outside the scope of 1.0
> > >
> > > Perhaps these could form the basis for discussing the 
> scope for the
> > > subsequent revisions to DSML to be produced by the 
> proposed OASIS TC:
> > >
> > > - specification of queries against a directory
> > > - indication of source of directory entries
> > > - organization of directory entries hierarchically
> > > - normalization of distinguished names
> > > - directory access method, communication of error messages, etc
> > > - directory content manipulation
> > > - access control information
> > >
> > 
> >   Yes. I'd prioritize them in the following order:
> > 
> > 1, 4, 6, 5, 7, 2, 3
> 
> I agree with the ordering, except that I don't think access controls 
> will need solving once directory content manipulation is 
> solved. Since 
> all access controls are held in attributes, fixing the value 
> representation problems will automatically let us store ACI stuff.

Agreed. Nevertheless only the access control information for different
applications can be held in the directory; the authentication as well as
passing the access "state" to an application (user authenticated, etc.)
cannot be serviced by directory related protocols and thus (still) has to be
done by additional software.

 (Why I mention this is that many people apparently not exactly aware of the
real advantages of directories try and want to do their single sign on with
a directory only...)

> 
> So 3 might be a kind of short item :-)
> 
> Chris
>