[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Inputs to rfc822Name-match
On 12 May, Tim Moses writes: [xacml] Inputs to rfc822Name-match > Colleagues - How do people feel about making both inputs to the > rfc822Name-match function of type rfc822Name (just as both inputs to the > x500Name-match function are of type x500Name)? > > I am not certain whether all valid values for the first parameter to the > function are strictly names, as defined by RFC 822. Nevertheless, I see > advantages in considering them legal values according to the > urn:oasis:names:tc:xacml:2.0:data-type:rfc822Name definition. That is the problem: values that you want in the first parameter are not all valid RFC 822 names if you allow "*" or names with only a domain component. This was an issue in PKIX NameConstraints, as I recall. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]