MHS use of the Directory

Alan Shepherd <a.shepherd@nexor.co.uk> Thu, 17 March 1994 15:12 UTC

To: mhs-ds@mercury.udev.cdc.com
Subject: MHS use of the Directory
Date: Thu, 17 Mar 1994 14:39:26 +0000
Message-ID: <2590.763915166@nexor.co.uk>
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Alan Shepherd <a.shepherd@nexor.co.uk>

Sorry, but I forgot a comment in my last mail message !

7) Changing submit permissions to incorporate some dynamic
functionality a la dynamic members is potentially dangerous.  Dynamic
members works by evaluating an X.500 search filter such as
"objectclass=foobar" or "userclass=chief".  It is not inconceivable
that users could look at the permissions and edit their entry to
conform.  

It could be argued that this argument could also be levelled at
dynamic membership, but the difference in requirements makes dynamic
membership less open to abuse and more useful.  For example, a typical
dynamic membership list might involve searching an organization for
people.  An equivalent submit permission could be expressed by using
O/R name patterns without resorting to a similar dynamic filter
mechanism.  It is my opinion that dynamic submit permissions are
either unncessary or too insecure to be used (open to discussion
though !)

Alan


---------
Alan Shepherd, NEXOR, P.O. Box 132, Nottingham NG7 2UU.
Email: a.shepherd@nexor.co.uk, Phone: +44 (0) 602 520582 (Fax:520519)
X.400: C=GB;ADMD=CWMAIL;PRMD=NEXOR;O=NEXOR;S=Shepherd;G=Alan
X.500: C=GB@o=NEXOR Ltd@cn=Alan Shepherd

MHS use of the Directory Alan Shepherd