[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Re: Standard for Name Constraints for X500Names. Forwardedmessage from Housley, Russ.
Clarification on how "matching" of X500Name values is done. Anne ------- start of forwarded message ------- From: "Housley, Russ" <rhousley@rsasecurity.com> To: Anne.Anderson@sun.com Subject: Re: Standard for Name Constraints for X500Names Date: Tue, 03 Sep 2002 12:34:15 -0400 Anne: I do not expect to see "*" used in this context. Russ At 02:12 PM 8/30/2002 -0400, you wrote: >In RFC3280, I do not find an algorithm or reference for how >X500Name NameConstraints are compared. I know that the empty >string is the root of the X500 name space, but.. > >If A is constrained by B, >- must A include all RDNs in B as its most general RDNs? >- is there any sub-matching within a given RDN? e.g. > CN="* Anderson" matching "CN="Anne Anderson", or some other > syntax for such partial matches? > >Is there a standard for such comparisons? An X500 ordering-rule >or something? > >Anne Anderson >-- >Anne H. Anderson Email: Anne.Anderson@Sun.COM >Sun Microsystems Laboratories >1 Network Drive,UBUR02-311 Tel: 781/442-0928 >Burlington, MA 01803-0902 USA Fax: 781/442-1692 ------- end of forwarded message ------- -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC