Jim>>> Phil Hunt <
phil.hunt@xxxxxxxxxx> 01/30/08 3:32 PM >>>
Having proxied just about every LDAP server on the planet, support is
very inconsistent indeed. Even if an LDAP server supports ProxyDN,
it's application to access control may vary as well. Part of the
problem with LDAP is that access control itself was never standardized.
Somehow there needs to be a do-over on this one. Maybe privacy is
enough of an impetus to revise or replace ProxyDN and rejuvenate
interest in it. My thought is we need a control to take on broader
transaction metadata - only part of which could be application and
subject credentials.
The second requirement is to propose XACML (or a profile of XACML
like AAPML) be optionally supported in LDAP. This is the policy
engine that would consume the metadata mentioned above and brings
some level of consistency of expectation for what happens from the
perspective of policy.
Phil Hunt
Oracle
On 30-Jan-08, at 1:05 PM, Tom Doman wrote:
> All,
>
> Which LDAP Servers have you used behind the JNDI Context Provider?
> Does it support RFC 4370, the proxy authorization control?
>
> Me:
>
> Novell eDirectory, no.
> Test LDAP Utility, no.
>
> Thanks,
> Tom
>
>
> _______________________________________________
> higgins-dev mailing list
>
higgins-dev@xxxxxxxxxxx>
https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/higgins-dev