IETF Logo Mail Archive

Re: LDAP outcome entry

Dave CROCKER <dhc@dcrocker.net> Mon, 22 February 2010 17:53 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 007A028C335 for <apps-discuss@core3.amsl.com>; Mon, 22 Feb 2010 09:53:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8KtkaGfeeMO for <apps-discuss@core3.amsl.com>; Mon, 22 Feb 2010 09:53:35 -0800 (PST)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by core3.amsl.com (Postfix) with ESMTP id DE6F528C1C9 for <discuss@apps.ietf.org>; Mon, 22 Feb 2010 09:53:35 -0800 (PST)
Received: from [192.168.1.11] (ppp-67-124-90-197.dsl.pltn13.pacbell.net [67.124.90.197]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id o1MHtTQc012825 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Feb 2010 09:55:34 -0800
Message-ID: <4B82C513.9080705@dcrocker.net>
Date: Mon, 22 Feb 2010 09:55:31 -0800
From: Dave CROCKER <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: Steve Kille <steve.kille@isode.com>
Subject: Re: LDAP outcome entry
References: <4B82AF43.1090304@dcrocker.net> <4B82B4D6.8000508@cisco.com> <01dd01cab3e3$acba9ea0$062fdbe0$@kille@isode.com>
In-Reply-To: <01dd01cab3e3$acba9ea0$062fdbe0$@kille@isode.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.92/10432/Mon Feb 22 06:59:38 2010 on sbh17.songbird.com
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Mon, 22 Feb 2010 09:55:35 -0800 (PST)
Cc: discuss@apps.ietf.org, 'Erik Andersen' <era@x500.eu>, 'Kurt Zeilenga' <Kurt.Zeilenga@isode.com>, 'Eliot Lear' <lear@cisco.com>
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2010 17:53:37 -0000

Steve,

Thanks!

I'd class your response as meaning that there need to be some changes to the 
Outcomes wiki and given your knowledge of the topic, doubt anyone is likely to 
assert different facts.  The changes should be done by you or someone with an 
LDAP background.  (I don't have nearly enough, plus I generlly want to encourage 
others to make changes.)


some inline comments:

On 2/22/2010 9:22 AM, Steve Kille wrote:
> Dave, Eliot,
>
> This got passed to me twice, so let me share a few thoughts.  I'm cc'ing
> Kurt Zeilenga, who edited the last round of LDAP core specs, and Erik
> Anderson who leads ongoing X.500 standardization
>
> 1.  LDAP was originally designed as a lightweight protocol to access X.500
> servers.  (Tim Howes and Wengyik Yeong deserve a mention here).
>
> 2.  In LDAPv3, it was decoupled from X.500 to the extent that a server
> implementing LDAP has no requirement to implement any of the X.500
> protocols.

This suggests that LDAPv3 should get its own entry, to mark the differences from 
earlier version?


> 3.  Technically, LDAP is very much based on X.500, and references X.500.  It
> is not an independent specification.   I consider it as alternate to the
> X.500 DAP (which can now be used directly over TCP without an OSI stack).
> X.500 defines the service and information model.
>
> 4.  LDAP is a client access protocol only.   In a distributed directory, it
> can be used with proprietary distribution (e.g., Microsoft AD) or with X.500
> (which defines server to server protocols and access control).   (IETF
> attempts to standardize access control and server/server protocols were
> abandoned).
>
> 5.  Ongoing LDAP and X.500 standardization is tightly coordinated.
> Changes were made in X.500(2009) to align it to LDAP!

This prompted me to send a suggestion to the IAB that we should have a public 
listing of accomplishments that result of our liaison relationships. 
(Fax-over-Email was the first, but there have been others.)


> 6.  I view that LDAP is very successful (although I am biased).   The most
> widely deployed servers are LDAP only.   All X.500 servers that I know of
> support LDAP, and use it as a primary client access mechanism.   X.500 is
> offered by large vendors (CA and Siemens) as well as smaller companies, and
> is important in deployments that need open server/sever interworking.

The intent behind + vs. ++ on the wiki is to distinguish between achieving some 
real adoption, versus achieving massive adoption (within the Target Segment.)

While LDAP is widely deployed -- for example in clients -- I don't have a feel 
for just how much actual /usage/ there is in enterprises.  Is it really massive?

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

v2.23.0 | Report a Bug | By Email