[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Considering Attribute Subtypes during ACL evaluation
At 10:15 AM 10/9/00 +1100, Steven Legg wrote:
>I can't find anything in X.500 that clarifies whether attribute subtyping
>applies when evaluating access controls. Our implementation ignores
>subtyping when making access control decisions.
What does it do for language tags and ;binary? These are forms
of subtyping as well.
>It seems the safer choice.
X.500 doesn't have attribute type options, so direct comparisons
are invalid. With the advent of LDAP attribute type options, in
particular, language tags and ;binary, I believe it very important
for that an ACI for "cn" apply not only to "cn" but "cn;lang-en"
and "cn;binary". I would argue it best that if atribute type
option subtyping is supported, then traditional X.500 subtyping
should be supported as well (or at least allowed).
Kurt