RE: strange uniqueMemberMatch

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 08:36 PM 1/5/2003, Steven Legg wrote:
>The uniqueMemberMatch rule is an equality matching rule that is not
>commutative, which causes problems in deciding whether attribute values
>are equal or not when adding or deleting values. I've raised this with
>the X.500 working group and I'm waiting to see how they resolve it.

We likely should nudge them on this.  The current
definition is, I think, problematic because uniqueMember
is not single-valued.

To resolve this, I think the ITU should change the
uniqueMemberMatch semantics to:
   The rule returns TRUE if and only if the dn components
   of the attribute value and the presented value match
   according to the distinguishedNameMatch rule and, if the
   uid component is present in both values, the uid of the
   attribute value matches the uid from the presented value
   according to the bitStringMatch rule.

That is, 
  Assertion Value       Attribute Value Result
  cn=foo#'0'B           cn=foo#'0'B     True
  cn=foo#'1'B           cn=foo#'0'B     False (uid mismatch)
  cn=bar#'0'B           cn=foo#'0'B     False (dn mismatch)
  cn=foo                cn=foo#'0'B     True
  cn=bar                cn=foo#'0'B     False (dn mismatch)
  cn=foo#'0'B           cn=foo          True
  cn=foo                cn=foo          True
  cn=bar                cn=foo          False (dn mismatch)

Also, I think X.501 should be state that only single-valued
attribute types can have non-commutative equality rules.

Kurt