OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [no subject]


    "The syntax of URL is defined by 'RFC 2396: Uniform Resource
    Identifiers (URI): Generic Syntax', amended by 'RFC 2732:
    Format for Literal IPv6 Addresses in URLs'."

A hierarchical URI is, according to this syntax, described by the
following:

    [scheme:][//authority][path][?query][#fragment]

Of specific interest here is the [//authority] portion, which, if
"server-based" (the norm), is further broken down to be:

    [user-info@]host[:port]

Notice that the "port" is part of the "authority", and not part
of the "path".

So, my two points here are:  (a) authority can potentially hold
"user-info", and I suppose we should at least comment on that;
and (b) the "port" should be considered part of the "authority",
not part of the "path".

>  The bit about distinguishing between IP address and DNS name
>  is uncertain. If anyone has a better idea, please let me know.

I'm not certain that I fully understand the rules you have
specified for matching the "host", but wanted to just ensure
that the following issues are being considered:

    1. Should a DNS hostname "match" the associated IP address?
    2. What about hosts that have multiple IP addresses?
       Shouldn't these all be considered "equivalent", and
       furthermore, equivalent to the DNS name(s) of this host?
    3. What about hostname aliases?  That is, two hostnames that
       map to the same IP address?  Seems like these should be
       considered equivalent, too?  Maybe?  I'm not sure.
    4. What about the special 127.0.0.1 IP address?  Ditto, the
       special "localhost" DNS name?

My naive approach would be to attempt to "normalize" before
applying the "match" by converting DNS hostnames into IP
addresses, and then special casing 127.0.0.1 into a "real" IP
address for the host in question.  Then the match can be simply
done based on the IP numbers.

Anyway, like I said earlier, this is probably pretty naive.
Still, anyone care to comment on this?


- Gene Thurston -
AmberPoint, Inc.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]