On 4 June 2010 17:44, Mark H. Wood <[email protected]> wrote: > > I imagine that some of the resistance to this idea rests on > assumptions. Of *course* your directory is exposed to the entire > universe: it's a *directory*. The idea of a hidden directory service > seems strange to me, while the idea of a private DBMS instance > doesn't. I would no more put my banking information in a directory > server than I would spray it on the walls of my house, in part simply > because of the way I think about directory services. But you can > probably make it secure, if that's what you want to do. > A hidden directory makes no sense, but a directory with hidden fields does.
A company might have an LDAP directory of all employees - everybody in the company should be able to access name, extension and, maybe, department, but only HR should be able to access address and next of kin (for some reason only HR are deemed responsible enough not to become stalkers when they have access to people's addresses, but that's a different point). Different levels of access to a directory make a lot of sense. Similarly with banking details, you need other people to know your bank, branch and account number so they can pay money to you, but only you should have access to the statement details.
