[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: Re: result code for a deleted identity on a connection

To: <ietf-ldapbis@OpenLDAP.org>
Subject: Fwd: Re: result code for a deleted identity on a connection
From: "Vithalprasad Gaitonde" <gvithalprasad@novell.com>
Date: Mon, 28 Jul 2003 06:48:23 -0600
Content-disposition: inline

Jim,
Two items:
1. Does the case need a representation in the state transition diagram
that Roger has been working on in his authmethd draft. (This question
should probably go to Roger).
2. You mention "e) not even be aware that a change has happened and
proceed as if the
identity still exists."  Leaving this behaviour as option to the
server, could have some serious security implications.  When I read this
and see the IESG note regrading security implications in 2251 especially
with respect to update operations, I wonder if progressing the draft
would have problems because of these security implications.

Prasad

>>> "Jim Sermersheim" <jimse@novell.com> 7/23/2003 10:02:02 PM >>>
Prasad,
 
Currently Protocol says:
(in Notice of Disconnection)
- strongAuthRequired: The server has detected that an establish
security association between the client and server has unexpectedly
failed or been compromised, or that the server now requires the client
to authenticate using a strong(er) mechanism.
 
(in A.2)
strongAuthRequired (8)
Except when returned in a Notice of Disconnect (see section 4.4.1),
this indicates that the server requires the client to authentication
using a strong(er) mechanism.
 
Do you think more needs to be added/changed (aside from the two
typos)?
There is nothing that restricts which operation responses
strongAuthRequired is returned in.
 
I prefer not to mention specific scenarios (like the one mentioned
below), because I don't want to restrict other errors from being
returned. 
If the scenario below happens, a server should be free to:
a) revert the authN/authZ state to anonymous and allow operations to
succeed or fail (with insufficientAccessRights) as they normally
would.
b) revert the auth state to unknown and fail all non-authN requests
c) send a notice of disconnect
d) do a or b and also send some unsolicited notification which
notifies
that the connection state has changed
e) not even be aware that a change has happened and proceed as if the
identity still exists.
f) others that I haven't thought of.
 
Jim

>>> "Vithalprasad Gaitonde" <gvithalprasad@novell.com> 7/23/03 2:27:47
AM >>>
Roger/Jim,
Sometime back we discussed this on the list.
Probably we should make the necessary edits for this in AuthMeth
(clarification of server behaviour when the bind identity of an
established connection is deleted) and Protocol ( edit of when
strongAuthRequired can be sent).

-Prasad

Prev by Date: Fwd: Re: result code for a deleted identity on a connection
Next by Date: Fwd: Re: result code for a deleted identity on a connection
Index(es):
- Chronological
- Thread