[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: X500 Name Match unclarity
|
Hi all, I am talking about the X500 name match function
urn:oasis:names:tc:xacml:1.0:function:x500Name-match
(XACML 2.0 Spec). There in
the description the term “terminal sequence” is used but this does
not exist in any X500 specifications. Therefore
it is undefined and therefore it leaves room for interpretation. Possibility
1: True is
returned in case when all elements of the X500Name in the request are contained
in the X500Name in the Policy, in any order. The number of elements must not
match but the number of elements in the request must be at least as much as in
the Policy. Possibility
2: The term “terminal
sequence” can be interpreted as “the last element of the X500 names
must match and not all elements. Could
anybody tell me how this x500Name-match function must be implemented? Regards, Florian |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]