A Note on Security-Error



next up previous contents
Next: Encoding Policy in Up: Scenarios Involving a Previous: Modification Policy

A Note on Security-Error

One of the error results that may be generated by the Directory is called a ``Security-Error''. This error result may be returned by any of the query or modify operations. When Security-Error is returned as a result of denial of access (because of confidentiality or modification policy), the Directory standard allows the Security-Error to contain one of two problem codes. The first option is to use a problem code which reveals that insufficient access rights caused the operation to fail. The other option is to use a problem code that gives no information about what kind of security problem caused the operation to fail. Since the standard leaves this option open, it is anticipated that implementors of the new Directory will provide a way for the security manager to specify which option is to be used in each of the situations where it arises. Confidentiality policy should address which option is to be exercised in each particular situation.



John Barkley
Fri Oct 7 16:17:21 EDT 1994