Re: [Ldap-dir] DLAP Directorate review request for draft-dawkins-ldapext-subnot

Hi Spencer,

Kurt Zeilenga wrote:
> The immediate question I have is "but why?"  That is, I'd like to 
> understand better what the application requirements are so that I can 
> analysis whether or not this mechanism mets those requirements.  I'd 
> also like to understand better why none of the existing extensions in 
> this area were (presumedly) found to do not address the application 
> requirements.

Ditto from me on the "but why". One thing the draft doesn't make clear
is whether a subscription persists beyond the LDAP session that
establishes it. That is, can an LDAP client create a subscription,
end the session, and come back later with a new session and pick up
the notifications for events that occurred in the meantime and occur
subsequently ? If not, then this appears to be just another (though
perhaps cleaner) way to do persistent search, for which there are
already implementations.

Have any LDAP server vendors expressed an interest in implementing this
subscription mechanism ?

Regards,
Steven

> 
> I am curious as to why firewalls and NATs are mentioned in the 
> applicability of the specification.  Does this extension not have the 
> same basic issues with firewalls and NATs that simple LDAP has?  That 
> is, LDAP generally works just fine (*) through firewalls and NATs so 
> long as they are configured to allow traversal, as most TCP-based 
> client/server protocols do.  (* expecting issues with reverse NAT and 
> knowledge references, and the like).
> 
> I didn't dig into the particulars of the extension protocol yet.  I 
> defer comments here until I better understand the "why?".  But on first 
> glance, I suspect it suffers from many of the problems folks have found 
> in triggered searches and like extensions.
> 
> On security considerations, I suspect there are many considerations that 
> this extension, by itself, raises.  Just referencing general LDAP 
> security considerations seems quite inadequate to me.
> 
> -- Kurt
> 
> On Oct 14, 2009, at 1:07 PM, Alexey Melnikov wrote:
> 
>> Spencer Dawkins wrote:
>>
>>> Hi, LDAP Directorate,
>>
>> Hi Spencer,
>>
>>> Some of you may be aware of a 3GPP CT4 proposal to add a 
>>> subscribe/notify capability to LDAP.
>>>
>>> I've been helping Xun Peng with a draft describing this extension, 
>>> which I've just posted as 
>>> http://www.ietf.org/id/draft-dawkins-ldapext-subnot-00.txt.
>>>
>>> Alexey told me that the next step was to request a review from the 
>>> LDAP Directorate, asking for your opinion on AD-sponsoring this work, 
>>> so I'm requesting your review.
>>>
>>> I will be present in Hiroshima for any face-to-face discussions that 
>>> would be helpful.
>>
>> Do you want some time at the Apps Area meeting in Hiroshima (Monday 
>> 9:00am)?
>>
>>> A note on timing - 3GPP CT4 is meeting the same week as IETF 76, and 
>>> will be making a decision during that meeting on whether to use the 
>>> approach described in this draft (and processed in the IETF) or to 
>>> use an XML/SOAP alternative (not processed in the IETF). It would be 
>>> extremely helpful to have your feedback before November 13 (when both 
>>> IETF 76 and the CT4 meeting end).
>>>
>>> Thanks,
>>>
>>> Spencer
>>
>>
>> _______________________________________________
>> Ldap-dir mailing list
>> Ldap-dir@ietf.org
>> https://www.ietf.org/mailman/listinfo/ldap-dir
> 
> _______________________________________________
> Ldap-dir mailing list
> Ldap-dir@ietf.org
> https://www.ietf.org/mailman/listinfo/ldap-dir