> { identificationTag \"id1\" , precedence 114, authenticationLevel
> basicLevels:{ level none, localQualifier 23, signed FALSE },
> itemOrUserFirst itemFirst:{ protectedItems{ entry, attributeType
> { 1.2.3, ou }, attributeValue { ou=people, cn=Ersin }, rangeOfValues
> (cn=ErsinEr) }, itemPermissions { { userClasses {allUsers, userGroup
> { \"1.2=y,z=t\", \"a=b,c=d\" }, subtree { { base \"ou=people\" } } },
> grantsAndDenials { denyCompare, grantModify } } } }}
>
> takes 391 bytes (and only because we only have ASCII chars !). This is
> huge ! 90% of all those bytes are identifier (the T part of TLVs).This is one that is almost the shortest to write :-) Identifiers should be there to obey GSER RFCs. This is really a big spec when you think that a Set of SubtreeSpecifications is only a small part of the grammar.. I can change the grantsAndDenials to recognize a string of certain number of 0's and 1's something like '10101010'B. However Trustin will have to write a lot of bitwise code to handle this component in his ACDF. If we choose this way we must exactly determine which fields are necessary for ldap while it's not a flexible structure. -- Ersin
