[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Lifetime of associations
The term "association" seems to be used in two ways:
(a) Bind destroys one association and replaces it with a new one.
(b) A connection has one enduring association which Bind modifies.
I always thought it meant (b), until I begun to notice how it is used in
[Authmeth] and realized that the definitions in [Protocol] and
[Authmeth] can be read both ways.
[Protocol] uses it in the (b) sense, e.g. "terminating the association",
and some definitions depend on this. E.g.:
> 4.1.1.1. Message ID
> The message ID of a request MUST have a non-zero value different from
> the values of any other uncompleted requests in the LDAP association
> of which this message is a part.
OTOH, the language in [Authmeth] is inconsistent:
(a) is used in:
Maybe 3.1.2 (StartTLS Response): "current association"
(rather than "current state of the association").
4 (LDAP Associations): "establish a new LDAP association".
Maybe 4.1 (Anonymous LDAP Association on Unbound Connections):
"session has an anonymous LDAP association"
(rather than "the association is anonymous").
Section 5 (Bind), 6 (Anonymous), 7 (Unauthenticated), 8 (Simple Auth):
"establish a(n) <new/anonymous/authenticated> LDAP association".
12.3 (Unauthenticated Mechanism Security Considerations):
"anonymous LDAP association has been established".
(b) is used in:
Maybe 3.2.2 (Client Assertion of Authorization Identity):
"determine the authorization identity of the LDAP association".
4.2 (Anonymous LDAP Association After Failed Bind):
"LDAP association is moved to an <anonymous/authenticated> state".
4.3 (Invalidated Associations):
"The association remains invalidated until the next bind request".
10 (SASL EXTERNAL Mechanism):
"leaving the LDAP association in an anonymous state".
Appendix A with subsections:
A: "states through which an LDAP association may pass".
A.2: "affect the authentication and authorization state of an LDAP
association".
A.3: title "LDAP Association State Changes", "changes in the
authentication and authorization state of an LDAP association".
A.4: "affect authentication and authorization state of an LDAP
association".
--
Hallvard