[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Change to x500Name-equal function
I am willing to accept Anne's change. I hope we don't have to vote on this. Cheers, -Polar On Thu, 19 Sep 2002, Anne Anderson wrote: > I learned a lot from working on x500Name-match, and would like to > update x500Name-equal to be consistent as follows: > > This function takes two arguments of "xacml:x500Name" and returns > "xs:boolean". It returns true if and only if each Relative > Distinguished Name (RDN) in the two arguments matches. Two RDNs > match if an only if the result of the following operations is true: > > First, normalize the two RDNs according to IETF RFC 2253 > "Lightweight Directory Access Protocol (v3): UTF-8 > String Representation of Distinguished Names Names". > > Second, if any RDN contains multiple attributeTypeAndValue > pairs, re-order the attributeTypeAndValue pairs in that RDN in > ascending order when compared as octet strings (described in > ITU-T Rec. X.690 (1997 E) Section 11.6, "Set-of components"). > > Finally, compare the RDNs using the rules in IETF RFC 3280 > "Internet X.509 Public Key Infrastructure Certificate and > Certificate Revocation List (CRL) Profile", Section 4.2.1.4 > "Issuer". > > Anne > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC