[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Options for correction of LDAP/X.500 attrprofile
I would like to suggest a variation on 2 and 3, which is to a) remove the x500:Encoding attribute and document that the LDAP encoding uses xsi:type string and base64Binary b) document that other encodings should define new types -Greg On 5/21/06 7:34 PM, "Scott Cantor" <cantor.2@osu.edu> wrote: > I didn't see an errata number for it yet, but I think I'm supposed to offer > up the possible profile changes to correct the validity issues with the > current text. > > For reference, the problem again: the profile makes it MANDATORY to include > xsi:type="xs:string" or xsi:type="xs:base64Binary" as well as a > namespace-qualified Encoding attribute in the <AttributeValue> elements. > > Options to fix it: > > 1. Remove the xsi:type requirement. > > Forces implementations to recognize string vs base64 encoding based on > Attribute Name. > > 2. Remove the x500:Encoding attribute. > > Forces implementations to trigger profile behavior based on Attribute > Namespace and Name, encoding rules are implied. > > 3. Move the x500:Encoding attribute to the Attribute element. > > Suggests that future encoding rules will be uniform across all values of an > attribute, but otherwise fully consistent with intent of profile. > > 4. Define an extended schema type that extends string and base64Binary with > the x500:Encoding attribute and change the mandated xsi:type values to the > extended types. > > Least change to existing profile behavior, but requires publishing and > approving an additional schema document. > > 5. Deprecate the existing profile and define a new one incorporating > whatever input can be gleaned from implementers. > > Doesn't fix anything now, but might give us an opportunity to correct other > issues. > > All of these options are normative changes (other than 5). Because of that, > I favor the one closest to my opinion as to what the profile should have > been, which is 3. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]