[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS closure alert and auth/authz ID
Hallvard,
I'm not sure I like this. Basically I think you're trying to simplify
the wording by saying that the server should perform an implicit
anonymous bind (this also solves the "what to do with outstanding
operations" issue you had). But this feels too much like we're dictating
how a server is to be written in order to instruct how it is to behave.
I think it's OK to tell a server how to behave, and let implementors
solve the implementation details however they want.
Jim
>>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 11/22/02 3:51:35 AM
>>>
[authmeth] says:
> 5.2.2. TLS Connection Closure Effects
>
> Closure of the TLS connection MUST cause the LDAP association to
> move to an anonymous authentication and authorization state
> regardless of the state established over TLS and regardless of the
> authentication and authorization state prior to TLS connection
> establishment.
I think this information belongs in [Protocol], except the part about
authz ID. If I have understood it correctly, this should cover it:
[Protocol] 4.13.3.1:
Closure of the TLS connection causes the server to perform an
implicit
bind operation with version preserved, an empty name, and simple
authentication with empty password.
[Authmeth]:
A simple bind with a null name cause the LDAP association to
move to an anonymous authentication and authorization state.
I can't find the latter stated explicitly in [Authmeth] - not the part
of about authz id, anyway.
Does the part about simple authentication break anything if more
complex
authentication had been in effect?
--
Hallvard