[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPDN and AuthMeth/DIGEST-MD5

To: ietf-ldapext@netscape.com
Subject: Re: LDAPDN and AuthMeth/DIGEST-MD5
From: Mark Wahl <M.Wahl@INNOSOFT.COM>
Date: Fri, 19 Nov 1999 19:21:02 -0600
Resent-date: Fri, 19 Nov 1999 17:22:18 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"fPwOBB.A._aE.AffN4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

So that I can ensure we're all consistent on what we're talking about, let me 
see if I can summarize each person's position. Note that these are in rough 
order of expression on the list so some (including mine) may have changed
since then.

Jeff Hodges: users should be permitted to use non-DNs as authorization
 identity, including 'short strings', in LDAP authentication mechanisms

Mark Wahl: Authorization identities need typing, and in situations where
 the authorization identity element syntax is a DN, it needs to be clear how 
 that is sent in a SASL Bind with DIGEST-MD5

Paul Leach: LDAP should not define a authorization identity string encoding
 that is in authmeth-04

Kurt Zeilenga: All authorization identities should be mappable to DNs or the
 authorization identity

Mark Wahl: The places which assume an authorization identity to be a DN 
 should be expanded, but this work should not be attempted by LDAPEXT for 
 LDAP alone, until we have a better handle on the formats of authorization 
 identities as used across multiple apps protocols with their acls 

Mark Wahl, Directory Product Architect
Innosoft International, Inc.

Follow-Ups:
- Re: LDAPDN and AuthMeth/DIGEST-MD5
  - From: "Kurt D. Zeilenga" <kurt@boolean.net>
- Re: LDAPDN and AuthMeth/DIGEST-MD5
  - From: Jeff Hodges <JHodges@oblix.com>

Prev by Date: RE: Policy in IETF APIs (was: Standards and APIs)
Next by Date: Re: Authz/Authc state upon start TLS
Index(es):
- Chronological
- Thread