[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Proposed RFC Editor note for draft-legg-ldapext-component-matching
In the last telechat, Russ raised a discuss related to the Security
Considerations section's reference-free mention of access control
as a way of handling the exposure of new data. At the time, we
agreed in principle that an RFC editor note that this was in itself
was a problem would be needed. Here's draft text:
Dear RFC-editor,
When processing draft-legg-ldapext-component matching,
please adjust section 9 as follows:
Old concluding sentence:
Such attribute types ought to be
properly protected with appropriate access controls.
New text:
Such attribute types ought to be be protected with access controls.
Since standards for access control for LDAP are still emerging, however,
this may not provide a complete solution. Users and administrators
are cautioned to be aware that component matching may allow
searching of attributes that were not previously searchable.
regards,
Ted Hardie