[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
New Component Matching Rules Draft
Folks,
A new version of the component matching rules draft is now available.
http://www.ietf.org/internet-drafts/draft-legg-ldapext-component-matching-01
.txt
The abstract reads:
The syntaxes of attributes in an LDAP or X.500 directory range from
simple data types, such as text string, integer, or boolean, to
complex structured data types, such as the syntaxes of the directory
schema operational attributes. The matching rules defined for the
complex syntaxes, if any, usually only provide the most immediately
useful matching capability. This document defines generic matching
rules that can match any user selected component parts in an
attribute value of any arbitrarily complex attribute syntax. Generic
string encodings for attribute and assertion values of arbitrary
syntax are also defined.
The only noteworthy changes from the previous version are as follows:
Section 4.1.7 was added to enable component matching of values embedded
in encoded form into BIT STRINGs or OCTET STRINGs. In particular, this
is to allow component matching of values in Certificate extensions.
References to a companion document summarizing the ASN.1 types
of LDAP syntaxes were removed to avoid holding up this document.
Object identifiers for the new syntax and matching rule definitions
have been allocated from an arc belonging to Adacel Technologies Ltd.
I intend submitting this document to the IESG in two weeks time with a
request that it be considered for proposed standard status.
Note that the next revision of the "Access Control Model for LDAPv3" is
expected to use the directoryComponentsMatch matching rule from the
component matching rules draft as the equality matching rule for the
entryACI and subentryACI attributes.
Regards,
Steven