security-services-comment message

Subject: RE: [security-services-comment] comment on SAML V2.0 X.500/LDAP Attribute Profile: non-string encoding

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Mark Wahl'" <Mark.Wahl@informed-control.com>, <security-services-comment@lists.oasis-open.org>
Date: Wed, 14 Feb 2007 21:34:48 -0500

> Could this be changed to remove the phrase "encompassing ASN.1 OCTET
> STRING-encoded"?  DSMLv2 doesn't have this phrase, and I don't think
> it's needed here.

I believe this was one of the edits that I neglected to copy from the errata
version of the original profile in response to the same complaint. The text
after (re)applying that errata would be:

"For all other LDAP syntaxes, the attribute value is encoded, as the content
of the <AttributeValue> element, by base64-encoding [RFC2045] the contents
of the ASN.1 OCTET STRING-encoded LDAP attribute value (not including the
ASN.1 OCTET STRING wrapper)."

It sounds like you're suggesting this would be better still?

"For all other LDAP syntaxes, the attribute value is encoded, as the content
of the <AttributeValue> element, by base64-encoding [RFC2045] the contents
of the LDAP attribute value."

Thanks,
Scott

Follow-Ups:
- Re: [security-services-comment] comment on SAML V2.0 X.500/LDAP AttributeProfile: non-string encoding
  - From: Mark Wahl <Mark.Wahl@informed-control.com>

References:
- comment on SAML V2.0 X.500/LDAP Attribute Profile: non-string encoding
  - From: Mark Wahl <Mark.Wahl@informed-control.com>