[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml-comment] A question about x500Name-equal
On Monday, February 3, 2003, at 04:11 AM, Anne Anderson - Sun Microsystems wrote: > The order of RDNs IS significant: > > "CN=Satoshi,O=IBM" is NOT equal to "O=IBM,CN=Satoshi" > > The order of attribute-value pairs within a single RDN, > however, is not significant, since the rules for comparing > X.500 names require that all AV pairs within a single RDN > be re-ordered according to a specific rule (lexicographic?) It doesn't matter how they are ordered, as long as they are ordered in some deterministic way before the comparison is performed. > prior to comparison. Such AV pairs are separated with "+" > I believe. > Correct. Multiple AVAs within an RDN are separated with a '+'. [An interesting note is that when comparing AVAs you should use the correct syntax type... So for a directory client to compare two DNs it should refer to the directory schema to find the syntax type of the attribute type of the AVA and then find some code for comparing values of that syntax... Fun huh?] John
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC