On Thu, 2009-09-03 at 00:46 -0700, Muntz, Daniel wrote: > > ACLs could possibly be made completely opaque to NFS with a module-based > approach. > > -Dan Something to be aware of here is that once you turn a field opaque you introduce a bunch of other issues. The MAC attribute that I've been proposing in the IETF is mostly opaque and it has caused some problems with interoperability. Some questions to be answered are 1) what is the initial set of modules defined? They aren't going to let you take an opaque field and run away with it to do as you please. I've been working on ways to define an initial set of label formats to make the working group happier. 2) How are you going to specify these modules? It needs to be in a way that implementors can easily use it. Are these specifications maintained through the IETF or are they maintained by an outside organization? 3) How do modules translate between themselves. Are you going to only allow like ACL modules to communicate? Will you have a mechanism for those with ACL type A to still use a system with ACL type B? Will a server be able to support both ACL type A and B? What happens if you want both a Windows NFSv4 client and a Linux NFSv4 client to use the same shares? These are just some ideas to think about when you decide to make this opaque. Dave -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html