Chaining vs Referrals ?? -Reply
Ed Reed <Ed_Reed@novell.com> Sat, 24 February 1996 22:50 UTC
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa28778; 24 Feb 96 17:50 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa28774; 24 Feb 96 17:50 EST
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa03637; 24 Feb 96 17:49 EST
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.11999-0@haig.cs.ucl.ac.uk>; Sat, 24 Feb 1996 20:46:23 +0000
Received: from sjf-ums.sjf.novell.com by bells.cs.ucl.ac.uk with Internet SMTP id <g.10995-0@bells.cs.ucl.ac.uk>; Sat, 24 Feb 1996 20:46:12 +0000
Received: from INET-SJF-Message_Server by fromGW with Novell_GroupWise; Sat, 24 Feb 1996 12:43:54 -0800
Content-Length: 1507
Content-Type: text/plain
Message-ID: <s12f080a.007@fromGW>
X-Mailer: Novell GroupWise 4.1
Date: Sat, 24 Feb 1996 12:20:14 -0800
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Ed Reed <Ed_Reed@novell.com>
To: osi-ds@cs.ucl.ac.uk, LIVINGSTON-C@smtpgw.nctsw.navy.mil
Subject: Chaining vs Referrals ?? -Reply
Technically, the chaining approach is required when full DUA-DSA connectivity is not possible, either because there are multiple protocols and the DUAs don't support them all, or because of intentional discontinuities, such as Firewalls. From a performance standpoint, the chaining model can, but may not, afford superior cache support at the DSA, particularly if many DUAs regularly access the same portions of the tree and can share cached results of their queries. A DUA can also do caching, of course, but the cache will only retain what the DUA itself has requested, and cannot leverage the results of other DUA queries. Of course, any multi-user cache will need to enforce all the access controls of the original source data, and so prevent unauthorized DUAs from using authorized DUA query results. Could get tricky unless you really trust your DSAs. NetWare Directory Services was implemented with a referrals only policy at the DUA client libraries. It chains resolve name operations, but that's it for now. To properly handle multiprotocol deployments we may need to add chaining DSP. Chaining authentication operations and delegating access priviledges are the things which give us the most pause as we consider how to procede. Note, too, that chained operations are necessary when part of the namespace is accessed via some other application protocol than canonical DAP - say, via LDAP, NetWare NCPs, or such. It's not strictly a matter of transport protocols. Ed Reed, Novell, Inc.
- Chaining vs Referrals ?? -Reply Ed Reed
- Re: Chaining vs Referrals ?? -Reply Colin Robbins
- Re: Chaining vs Referrals ?? -Reply KM
- Re: Chaining vs Referrals ?? -Reply D.W.Chadwick