[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comment on IPsecPolicyGroup

To: "Lee Rafalow" <rafalow@xxxxxxxxxxxxxxx>
Subject: Re: comment on IPsecPolicyGroup
From: Jon Saperia <saperia@xxxxxxxxxxx>
Date: Thu, 11 Jan 2001 07:19:16 -0500
Cc: ipsec-policy@xxxxxxxx
In-reply-to: Your message of Wed, 10 Jan 2001 15:10:03 -0500. <>
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
Sender: owner-ipsec-policy@xxxxxxxxxxxxx

> The rules for inserting a new class into inheritance trees vary; for
> example, LDAP doesn't formally permit it (i.e., X.500 doesn't permit it and
> LDAP is silent), but it's done anyway and there's been discussion in ldapext
> about fixing the formal rules.  But in the information model I think we can
> insert classes as needed as long as they don't break the subclasses (e.g.,
> introduce a property that has an inconsistent definition).  It's certainly
> permitted in the CIM schemata to insert new superclasses. If, at some point
> in the future, there's a need for some other key exchange protocol, a new
> superclass for IKERule can be inserted into the inheritance tree and the
> additional requirement can be addressed at that time when there's full
> knowledge of the requirement.
> 
Just checking, I am not asserting that this has been the case in this
discussion but. I know that LDAP is talked about a lot and I like it for
a lot of things. Please do not limit your thinking here to what LDAP can
do.

Thanks,
/jon
--

Jon Saperia		     saperia@xxxxxxxxxxx
			     Phone: 617-744-1079
			     Fax:   617-249-0874
			     http://www.jdscons.com/

References:
- Re: comment on IPsecPolicyGroup
  - From: Lee Rafalow

Prev by Date: Re: ICIM: comment on IPsecPolicyGroup
Next by Date: www.ImprovingDemocracy.com
Previous by thread: Re: comment on IPsecPolicyGroup
Next by thread: RE: ICIM: comment on IPsecPolicyGroup
Index(es):
- Date
- Thread