[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services-comment] XASP: Permitting use of Subject Alt Names?
On Tue, May 20, 2008 at 3:47 PM, Kemp, David P. <DPKemp@missi.ncsc.mil> wrote: > > If other > parties are interested in defining URIs for, for example, IP Address, > this would be the place to do so. If you think it's appropriate for the spec you're writing, I'd be interested in contributing a profile that extends BaseID to carry a complete X.509 certificate. > Speaking of which, can you provide some insight on why there are two > X.509 profiles with the same date (27 March 2008), very similar content, > and overlapping sets of contributors? That's a very long story, and I admit I'm mostly to blame. The Attribute Sharing Profile didn't quite meet my needs, so at some point the TC decided to fork a new profile so that the Attribute Sharing Profile could remain mostly in tact (since, as Ari has pointed out, it had early and entrenched buy-in). > They are described as > alternatives to each other, but I couldn't find an executive summary > description of how the protocol used by an Extended Mode X.509 Attribute > Query Requestor differs from a Basic Mode X.509 Attribute Query > Requestor, and I haven't done a detailed crosswalk of the MUSTs in the > two specs. I don't believe there is such an executive summary. The two profiles address exactly the same use case (although the X.509 Deployment Profiles address an additional use case). The main difference is that the Attribute Sharing Profile mandates a set of security constraints that is significantly more stringent than the X.509 Deployment Profiles. By the way, the latter form the basis of an Attribute Exchange Profile specified by the OGF AuthZ-WG. Hope this helps, Tom Scavo NCSA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]