Re: [apps-discuss] Apps Review Team review of draft-zeilenga-ldap-dontusecopy-08

Kurt Zeilenga <Kurt.Zeilenga@isode.com> Thu, 06 January 2011 22:41 UTC

Return-Path: <Kurt.Zeilenga@isode.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CDA413A6F67; Thu, 6 Jan 2011 14:41:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.425
X-Spam-Level:
X-Spam-Status: No, score=-102.425 tagged_above=-999 required=5 tests=[AWL=0.174, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhEGIoTQcU23; Thu, 6 Jan 2011 14:41:39 -0800 (PST)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id 2ECE13A6D23; Thu, 6 Jan 2011 14:41:39 -0800 (PST)
Received: from [192.168.42.5] (75-141-240-242.dhcp.reno.nv.charter.com [75.141.240.242]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <TSZFnwB0K6md@rufus.isode.com>; Thu, 6 Jan 2011 22:43:44 +0000
From: Kurt Zeilenga <Kurt.Zeilenga@isode.com>
In-Reply-To: <AANLkTikk1kHpPndjfDBvRZkKrZKbEqdf6uW65KLAVH1z@mail.gmail.com>
Date: Thu, 06 Jan 2011 14:43:41 -0800
Message-Id: <FC47CECF-E205-46AE-87AF-F61C452067FC@isode.com>
References: <AANLkTikk1kHpPndjfDBvRZkKrZKbEqdf6uW65KLAVH1z@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
X-Mailer: Apple Mail (2.1082)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: Apps Discuss <discuss@ietf.org>, iesg@ietf.org
Subject: Re: [apps-discuss] Apps Review Team review of draft-zeilenga-ldap-dontusecopy-08
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2011 22:41:40 -0000

On Oct 14, 2010, at 10:06 AM, Ted Hardie wrote:

> I have been selected as the Applications Area Review Team reviewer for
> this draft
> (for background on apps-review, please see
> http://www.apps.ietf.org/content/applications-area-review-team)
> 
> Please resolve these comments along with any other Last Call comments
> you may receive.
> Please wait for direction from your document shepherd or AD before
> posting a new version of the draft.
> 
> Document: draft-zeilenga-ldap-dontusecopy-08
> Title: The LDAP Don't Use Copy Control
> Reviewer: Ted Hardie
> Review Date: October 14, 2010
> 
> Summary: This document is basically ready for publication on the
> standards track, with one
> clarification needed and some editorial issues.
> 
> Major Issues:
> 
> In section 3, the document currently says:
> 
>   If original (master) information for the target or base object of the
>  operation is not available (either locally or through chaining), the
>  server MUST either return a referral directing the client to a server
>  believed to be better able to service the request or return an
>  appropriate result code (e.g., unwillingToPerform).
> 
> The LDAP referral syntax permits the use of URIs other than LDAP,
> provided they are believed capable of performing the operations
> (see RFC 2251 section 4.1.11).  But it is not clear
> how a referral using a different URI scheme would handle
> a request for authoritative data only.  I believe the author should

> consider whether restricting referrals to LDAP URIs
> would be useful in this case or whether real-world deployments
> make non-LDAP URIs sufficiently rare to make this superfluous.
> Text describing the case would be useful for either approach.

I was trying to avoid discussing chasing of referrals (even with only LDAP
URIs are used) as chasing of referrals is otherwise fraught with problems.

I will add text which says:

1) if the client chooses to chase an LDAP URL, it ought to use this control in the request it send to the referred to server.

2) use of non-LDAP URIs is left to future documents.

3) in absence of assurance that only authoritative information is used, the client ought to assume non-authorative information will be used.

> 
> Since the control is based on an X.511/DAP control, it is possible
> to get this same functionality there, but the IANA does not appear to list
> any URI scheme for this, making its use in a referral also apparently
> unlikely.

DAP relies heavily on chaining not referrals.

LDAP is increasingly slowly shifting to chaining instead of referrals.   (Given that LDAP doesn't have a chain operation, what LDAP servers do today might better be called proxying as there is no distinction in the proxied request of what infomration was provided by the originating client and what was provided by the proxying server).


> 
> Minor Issues: None seen.
> 
> Nits: The background section has a number of cases where multiple
> parenthetical expressions are used.  Some re-writing to remove them
> may increase the readability. For example:
> 
>  If the server has access to
>  the original (master) information (directly or through chaining), it
>  performs the operation against the original (master) information and
>  return compareTrue or compareFalse (or an error).
> 
> 
>  If the server has access to the original (master) information
> directly or through chaining,
>  it performs the operation against the original (master) information and
>  returns compareTrue,  compareFalse,  or an error.
> 
> These can be resolved in cooperation with the RFC Editor's application
> of the style guide.