[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAPDN and AuthMeth/DIGEST-MD5
So that I can ensure we're all consistent on what we're talking about, let me
see if I can summarize each person's position. Note that these are in rough
order of expression on the list so some (including mine) may have changed
since then.
Jeff Hodges: users should be permitted to use non-DNs as authorization
identity, including 'short strings', in LDAP authentication mechanisms
Mark Wahl: Authorization identities need typing, and in situations where
the authorization identity element syntax is a DN, it needs to be clear how
that is sent in a SASL Bind with DIGEST-MD5
Paul Leach: LDAP should not define a authorization identity string encoding
that is in authmeth-04
Kurt Zeilenga: All authorization identities should be mappable to DNs or the
authorization identity
Mark Wahl: The places which assume an authorization identity to be a DN
should be expanded, but this work should not be attempted by LDAPEXT for
LDAP alone, until we have a better handle on the formats of authorization
identities as used across multiple apps protocols with their acls
Mark Wahl, Directory Product Architect
Innosoft International, Inc.