Re: [ldapext] DBIS - new IETF drafts

Mark R Bannister <dbis@proseconsulting.co.uk> Fri, 10 January 2014 14:18 UTC

Return-Path: <dbis@proseconsulting.co.uk>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AD021AE064 for <ldapext@ietfa.amsl.com>; Fri, 10 Jan 2014 06:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-naE4ufWY2A for <ldapext@ietfa.amsl.com>; Fri, 10 Jan 2014 06:18:08 -0800 (PST)
Received: from mailex.mailcore.me (mailex.mailcore.me [94.136.40.62]) by ietfa.amsl.com (Postfix) with ESMTP id B745E1ADF8A for <ldapext@ietf.org>; Fri, 10 Jan 2014 06:18:08 -0800 (PST)
Received: from host109-155-253-4.range109-155.btcentralplus.com ([109.155.253.4] helo=[192.168.1.68]) by mail5.atlas.pipex.net with esmtpa (Exim 4.71) (envelope-from <dbis@proseconsulting.co.uk>) id 1W1cuM-00009f-F7; Fri, 10 Jan 2014 14:17:58 +0000
Message-ID: <52D000FE.6050909@proseconsulting.co.uk>
Date: Fri, 10 Jan 2014 14:17:34 +0000
From: Mark R Bannister <dbis@proseconsulting.co.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Charlie <medievalist@gmail.com>, ldapext <ldapext@ietf.org>
References: <1389133522.4574.30.camel@sorbet.thuis.net> <52CD9F94.2090707@stroeder.com> <52CDC249.8050407@proseconsulting.co.uk> <CAJb3uA6mXTXvBtFc1W=_eCYbfEgGJibdwu1zxU4BtiZvCw6-zg@mail.gmail.com>
In-Reply-To: <CAJb3uA6mXTXvBtFc1W=_eCYbfEgGJibdwu1zxU4BtiZvCw6-zg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailcore-Auth: 12040446
X-Mailcore-Domain: 1286164
Subject: Re: [ldapext] DBIS - new IETF drafts
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2014 14:18:10 -0000

On 10/01/2014 00:32, Charlie wrote:
> What I have learned from about a decade of quietly following LDAP
> across multiple forums and lists is the following:
>
> 1) Whenever people say "nobody is using this/that" they are invariably wrong.

Thanks Charlie, good point.  It's like when you watch the TV news and a 
journalist says "the public think this" or "the public think that".  
Once something is in the public domain, I don't think anyone can claim 
to know who is using what, how everyone is using it, nor on what 
antiquated features anyone may or may not rely, except perhaps the NSA, 
but let's not go there ;-)

> 2) POSIX group semantics are the bane of open-source LDAP.  The
> functional paradigm that a member is an attribute of a group is
> fundamentally broken; group membership is an attribute of the member.
> The security concerns frequently raised concerning this are all either
> trivially solvable or pragmatically completely bogus.

DBIS allows you to represent it from both angles.

Best regards,
Mark.