RE: [security-services] LDAP nameidentifier

["Mishra, Prateek" <pmishra@netegrity.com>]

Bob,

There is now a place-holder document called
sstc-hughes-mishra-baseline-attributes-00 in our document repository. It
references your proposal and will at some point include additional details
for both LDAP attributes (and values) and DCE GUIDs. Any other standard
identifiers that folks would like to use as attributes could also be added
to this document.

- prateek

-----Original Message-----
From: RL 'Bob' Morgan [mailto:rlmorgan@washington.edu] 
Sent: Thursday, March 18, 2004 12:50 PM
To: Rich Salz
Cc: SSTC WG
Subject: Re: [security-services] LDAP nameidentifier


On Thu, 18 Mar 2004, Rich Salz wrote:

> Is there any reason not to have a NameIdentifier for LDAP names? I don't
> care if the encoding is RFC 2253 or 2253 as modified by DSIG. Messages
> to RTFS (or RTFD) appreciated, as I could have just missed it. :)

The main FD on this is sstc-maler-w28a-attribute-draft-03.pdf.  Part of
the story is clarifying the use of what is now the "AttributeNamespace"
XML attribute; see section 3.2 of maler-w28a.  A NameFormat value would
indicate "this attribute is named by a URI".

The other part of the story is agreeing that X.500 attribute types (since
LDAP per se just uses X.500 attribute type definitions) are represented by
a particular unambiguous kind of URI.  The proposal I have put on the
table is to use the urn:oid namespace (RFC 3001), hence
urn:oid:<string-form-of-oid-for-that-attribute-type>.  Though I'm not
quite sure at this point in which document that proposal is, or is
intended to be.  I think there may be supposed to be an "attribute name
conventions" doc that either doesn't exist yet or I haven't seen yet.

 - RL "Bob"


To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave
_workgroup.php.