[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPDN and AuthMeth/DIGEST-MD5



So that I can ensure we're all consistent on what we're talking about, let me 
see if I can summarize each person's position. Note that these are in rough 
order of expression on the list so some (including mine) may have changed
since then.

Jeff Hodges: users should be permitted to use non-DNs as authorization
 identity, including 'short strings', in LDAP authentication mechanisms

Mark Wahl: Authorization identities need typing, and in situations where
 the authorization identity element syntax is a DN, it needs to be clear how 
 that is sent in a SASL Bind with DIGEST-MD5

Paul Leach: LDAP should not define a authorization identity string encoding
 that is in authmeth-04

Kurt Zeilenga: All authorization identities should be mappable to DNs or the
 authorization identity

Mark Wahl: The places which assume an authorization identity to be a DN 
 should be expanded, but this work should not be attempted by LDAPEXT for 
 LDAP alone, until we have a better handle on the formats of authorization 
 identities as used across multiple apps protocols with their acls 

Mark Wahl, Directory Product Architect
Innosoft International, Inc.