[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ASN.1 vs BNF

To: d.w.chadwick@salford.ac.uk, ietf-ldapext-acm@OpenLDAP.org, ietf-ldapext@netscape.com
Subject: Re: ASN.1 vs BNF
From: Ellen Stokes <stokes@austin.ibm.com>
Date: Tue, 18 Jul 2000 01:25:32 -0500
In-reply-to: <39738FDB.10016.3146452@localhost>

David,

When the BNF / ASN.1 was rewritten, an important point was lost, that
is, in the ACI value you specify grant and deny at most once, not multiple
times.

Here's the BNF from version 05 which is correct:
          < rights > ::= "grant" + ';' + <permissions> + ';'+<attr>
             | "deny" + ';' + <permissions> + ';'+<attr> |
             "grant"+';'+<permissions>+';'+"deny"+';'+<permissions>+';'+<attr>

          < permissions > ::= [ ] | [ <permission>
                              + [ ',' + <permission> ] ]*

This area of the BNF / ASN.1 needs to be fixed in version 06.

Ellen

At 10:59 PM 7/17/00 +0100, David Chadwick wrote:

Ellen

I dont believe that the ASN.1 and BNF are compatible.

The rights in ASN.1 is a SEQUENCE OF CHOICE meaning that
grants and denies can appear as many times as one wants, in any
order. However in the BNF there is no chance of repetition. (An * is
missing I believe immediately after the =

Also the ASN.1 has two "subject" references. Suggest call the
second one "subjectName"

David

***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************

Prev by Date: Re: Typos, bugs, clarifications for ACI draft (i, iii, v, vi)
Next by Date: delete permission
Index(es):
- Chronological
- Thread