Re: [ldapext] DBIS - new IETF drafts

Charlie <medievalist@gmail.com> Fri, 10 January 2014 00:32 UTC

Return-Path: <medievalist@gmail.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32A441ACC7E for <ldapext@ietfa.amsl.com>; Thu, 9 Jan 2014 16:32:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id viZq4W6Yo2xf for <ldapext@ietfa.amsl.com>; Thu, 9 Jan 2014 16:32:38 -0800 (PST)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7DA1AC829 for <ldapext@ietf.org>; Thu, 9 Jan 2014 16:32:38 -0800 (PST)
Received: by mail-lb0-f173.google.com with SMTP id y6so993204lbh.18 for <ldapext@ietf.org>; Thu, 09 Jan 2014 16:32:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=1RC/7HKbbW3WtzbbU9o0agu06WYoLNtNJx0LhY1ivvE=; b=oEo8qaXDVDdDb3Gn1dGSO610GSKH3TcjIhtSHHA5G4/WZuhhJ6c7taBO6Kx7+lWKo7 imARoTX6dRI28AfMWBR8oKg/rRITYJLNQcS7D418To19EI/xHUBY+jmpAQH+VUnpdeVO 8KADRzfTV9l3CQrKS94yWOOYsn35E1RWT4ev/5KZDAERCjbya1wFCzU4vWK3+R7eLoQD ToUHrKGVSdKiZhUmgFFt6ktuu90vLKqWjVbLuIpzC1oTD8dW2D9BuaiVLCPf5ni7cvOx JC/uy7RYGpYiesQHm+3znrWIRrKTW8vcDMASW5SqZsPRR9GMGXAnWexhGmccWvP+p0nV FTHA==
MIME-Version: 1.0
X-Received: by 10.112.151.42 with SMTP id un10mr2415646lbb.7.1389313948088; Thu, 09 Jan 2014 16:32:28 -0800 (PST)
Received: by 10.112.141.65 with HTTP; Thu, 9 Jan 2014 16:32:28 -0800 (PST)
In-Reply-To: <52CDC249.8050407@proseconsulting.co.uk>
References: <1389133522.4574.30.camel@sorbet.thuis.net> <52CD9F94.2090707@stroeder.com> <52CDC249.8050407@proseconsulting.co.uk>
Date: Thu, 9 Jan 2014 19:32:28 -0500
Message-ID: <CAJb3uA6mXTXvBtFc1W=_eCYbfEgGJibdwu1zxU4BtiZvCw6-zg@mail.gmail.com>
From: Charlie <medievalist@gmail.com>
To: Mark R Bannister <dbis@proseconsulting.co.uk>, ldapext <ldapext@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [ldapext] DBIS - new IETF drafts
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2014 00:32:40 -0000

What I have learned from about a decade of quietly following LDAP
across multiple forums and lists is the following:

1) Whenever people say "nobody is using this/that" they are invariably wrong.

2) POSIX group semantics are the bane of open-source LDAP.  The
functional paradigm that a member is an attribute of a group is
fundamentally broken; group membership is an attribute of the member.
The security concerns frequently raised concerning this are all either
trivially solvable or pragmatically completely bogus.

3) Howard knows what he's talking about.  But Kurt also knows what
he's talking about, and Kurt wrote "multi-master considered harmful"
(draft-zeilenga-ldup-harmful-00).  Sometimes real world pragmatism
obviates perfectly valid academic arguments.

--Charlie