security-services message

Subject: RE: [security-services] LDAP Attribute Profile (saml-profiles-saml2.0)

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Reid, Irving'" <irving.reid@hp.com>, "'Whitehead, Greg'" <greg.whitehead@hp.com>, <security-services@lists.oasis-open.org>
Date: Fri, 13 Jan 2006 10:30:21 -0500

> The way I read it, you *do* include the ASN.1 wrapper. 
> Strictly compliant LDAP servers don't store arbitrary binary 
> data in attributes (though some servers let you get away with 
> it). My reading of the text is that you're supposed to take 
> the attribute blob you got from LDAP, which is the JPEG 
> *with* an ASN.1 wrapper, and base64 the whole thing.
> 
> If that's not what the profile author intended (or even if it 
> is) we probably need an erratum to clarify.

My perspective is LDAP-ignorant, so assuming that at least some other
implementers share that ignorance, we definitely need to clarify it.

The actual text was worked over by a colleague that Bob Morgan contacted
that does have the necessary expertise, so I would tend to trust the
interpretation of anybody that shares it.

-- Scott

Follow-Ups:
- Re: [security-services] LDAP Attribute Profile (saml-profiles-saml2.0)
  - From: Greg Whitehead <greg.whitehead@hp.com>

References:
- RE: [security-services] LDAP Attribute Profile (saml-profiles-saml2.0)
  - From: "Reid, Irving" <irving.reid@hp.com>