OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Options for correction of LDAP/X.500 attr profile

I didn't see an errata number for it yet, but I think I'm supposed to offer
up the possible profile changes to correct the validity issues with the
current text.

For reference, the problem again: the profile makes it MANDATORY to include
xsi:type="xs:string" or xsi:type="xs:base64Binary" as well as a
namespace-qualified Encoding attribute in the <AttributeValue> elements.

Options to fix it:

1. Remove the xsi:type requirement.

Forces implementations to recognize string vs base64 encoding based on
Attribute Name.

2. Remove the x500:Encoding attribute.

Forces implementations to trigger profile behavior based on Attribute
Namespace and Name, encoding rules are implied.

3. Move the x500:Encoding attribute to the Attribute element.

Suggests that future encoding rules will be uniform across all values of an
attribute, but otherwise fully consistent with intent of profile.

4. Define an extended schema type that extends string and base64Binary with
the x500:Encoding attribute and change the mandated xsi:type values to the
extended types.

Least change to existing profile behavior, but requires publishing and
approving an additional schema document.

5. Deprecate the existing profile and define a new one incorporating
whatever input can be gleaned from implementers.

Doesn't fix anything now, but might give us an opportunity to correct other

All of these options are normative changes (other than 5). Because of that,
I favor the one closest to my opinion as to what the profile should have
been, which is 3.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]