OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Options for correction of LDAP/X.500 attrprofile


I would like to suggest a variation on 2 and 3, which is to
    a) remove the x500:Encoding attribute and document that the LDAP
encoding uses xsi:type string and base64Binary
    b) document that other encodings should define new types

-Greg


On 5/21/06 7:34 PM, "Scott Cantor" <cantor.2@osu.edu> wrote:

> I didn't see an errata number for it yet, but I think I'm supposed to offer
> up the possible profile changes to correct the validity issues with the
> current text.
> 
> For reference, the problem again: the profile makes it MANDATORY to include
> xsi:type="xs:string" or xsi:type="xs:base64Binary" as well as a
> namespace-qualified Encoding attribute in the <AttributeValue> elements.
> 
> Options to fix it:
> 
> 1. Remove the xsi:type requirement.
> 
> Forces implementations to recognize string vs base64 encoding based on
> Attribute Name.
> 
> 2. Remove the x500:Encoding attribute.
> 
> Forces implementations to trigger profile behavior based on Attribute
> Namespace and Name, encoding rules are implied.
> 
> 3. Move the x500:Encoding attribute to the Attribute element.
> 
> Suggests that future encoding rules will be uniform across all values of an
> attribute, but otherwise fully consistent with intent of profile.
> 
> 4. Define an extended schema type that extends string and base64Binary with
> the x500:Encoding attribute and change the mandated xsi:type values to the
> extended types.
> 
> Least change to existing profile behavior, but requires publishing and
> approving an additional schema document.
> 
> 5. Deprecate the existing profile and define a new one incorporating
> whatever input can be gleaned from implementers.
> 
> Doesn't fix anything now, but might give us an opportunity to correct other
> issues.
> 
> All of these options are normative changes (other than 5). Because of that,
> I favor the one closest to my opinion as to what the profile should have
> been, which is 3.
> 
> -- Scott
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]