[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-zeilenga-ldap-authzid - LDAP 'Who am I?' Operation
Russ Housley [ ] [ ] [ X ] [ ]
Technical comments:
Section 3 prohibits clients from invoking the "Who Am I?" operation
while any Bind operation is in progress. What should a server do if
a client does so? Right now, there is no guidance to the server
developer.
Section 4.1 contains a TBD. I understand that IANA has not assigned a
value yet, but error codes in LDAP have mnemonic names such as
operationsError, protocolError, confidentialityRequired, and so on.
Can the mnemonic name be provided now?
Section 5 says that servers may place access control or other restrictions
upon the use of the Who Am I?" operation. When is this desirable?
Editorial comment:
In section 1, 2nd paragraph, 2nd sentence. Proposed rewording:
Bind controls are not protected by the security layers established
by the Bind operation which includes them.