[
https://issues.apache.org/jira/browse/DIR-320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14980964#comment-14980964
]
Emmanuel Lecharny commented on DIR-320:
---------------------------------------
'not ever' is a bit harsh :-) This is already a 800 000 SLOCs piece of code
(all included), so trust me on that, we are far away from being irrelevant. But
if you mean 'ready tomorrow', then yes, you are right. This is evolving at
quite a decent pace though. I have added around 1500 lines of code this
week-end, improving some code that is critical for the server, and others are
working on various other parts of the server (the API, the backend, etc). ACL
is not expected to be reworked and improved in a near future, though, and for
many reasons :
- first of all, we have based the first version on X.500 ACIs (to some extent,
we considered that the documentation is already present on the X 500
specifications, simply because we are fully compliant with them : see
http://sec.cs.kent.ac.uk/x500book/Chapter.8/Chapter8c.htm.)
- we are questionning this choice. X.500 ACI is quite complex, and now that
Fortress is part of the Directory Project, we might want to switch to use it
internally to manage authorization. Still to be discussed...
In any case, as you can imagine, documentation is a concern. But as I said, you
get paid to evaluate alternatives, and your company is spending money on you
expecting to save on the product you'll select. Up to a point, that's fair, and
we don't complain about this simple fact. The thing is that there is no free
lunch : you pick an OSS project because you expect that it's 'better' than a
commercial implementation (here 'better' means many different things I won't
talk about, it would take too much time...), but it's only better because we
get feedback from our users, and eventually some of our users decide that
participating would get them further than what they initially get, for still a
limited cost compared to any Big Co product...
All in all, it's up to you, your call, your decision. I just hope you
understand the way we work ;-)
> ACL/ACI documentation section missing, filled with TODOs.
> ---------------------------------------------------------
>
> Key: DIR-320
> URL: https://issues.apache.org/jira/browse/DIR-320
> Project: Directory
> Issue Type: Improvement
> Components: sitedocs
> Reporter: Julia Smith
> Assignee: Emmanuel Lecharny
>
> I had to scrounge around on the web to find content for the authorization
> sections. Your current release's documentation's chapters are simply filled
> with "TODO" when it comes to defining grants/denials, which is a problem for
> people evaluating studio for use and might limit its adaptation.
> Here is the version of documentation that actually still presents content. It
> actually works with the current version of studio.
> https://directory.apache.org/apacheds/basic-ug/3.2-basic-authorization.html1
> You might consider incorporating it into the current release's documentation.
> Also there is little or no apparent online discussion of ACI with the
> exception of a PDF of what looks like a PPT presentation.
> http://people.apache.org/~ersiner/apachecon-us06/ac-us-06-FR20-ErsinEr-ApacheDS_Access_Control_Administration_The_X.500_Way.pdf
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
