[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposed RFC Editor note for draft-legg-ldapext-component-matching

To: iesg@ietf.org
Subject: Proposed RFC Editor note for draft-legg-ldapext-component-matching
From: hardie@qualcomm.com
Date: Wed, 9 Jul 2003 16:50:43 -0700

In the last telechat, Russ raised a discuss related to the Security
Considerations section's reference-free mention of access control
as a way of handling the exposure of new data.  At the time, we
agreed in principle that an RFC editor note that this was in itself
was a problem would be needed.  Here's draft text:


Dear RFC-editor,

	When processing draft-legg-ldapext-component matching,
please adjust section 9 as follows:

Old concluding sentence:
   Such attribute types ought to be
   properly protected with appropriate access controls.

New text:


   Such attribute types ought to be be protected with access controls.
   Since standards for access control for LDAP are still emerging, however,
   this may not provide a complete solution.  Users and administrators
   are cautioned to be aware that component matching may allow
   searching of attributes that were not previously searchable.


			regards,
				Ted Hardie

Prev by Date: <draft-ietf-webdav-ordering-protocol-09.txt>
Next by Date: Re: Reaction to T-shirts
Previous by thread: <draft-ietf-webdav-ordering-protocol-09.txt>
Next by thread: draft-siemborski-mupdate-04.txt
Index(es):
- Date
- Thread