[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] URN namespace for ldap/X.509 schema elements?
RL 'Bob' Morgan wrote:
Choosing to base URNs on anything other than OIDs seems to me to
inevitable lead to having to maintain a registry of such names, in
parallel with OID registries. I can't see anyone wanting to do that.
Is there some problem with using urn:oid: ?
I guess readability suffers a bit ;-) But seriously I don't understand
the need for a separate registry if only schema elements published in
RFC:s are handled...
The existence of the descriptor registry only proves my point, that
using a namespace other than urn:oid requires a registry. But this
registry, rather than being completely delegated and distributed, is
centralized, and requires "expert review" for new entries to be
created. These are among the reasons why the flat descriptor space is
just a bad idea, as has been discussed very often on ldap lists. The
fact that we are stuck with descriptors in LDAP doesn't mean we should
adopt them for URN-based attribute names, in fact it means we should
learn from the experience and stay far away from them.
I both agree and disagree. I agree that LDAP would have benefited from
using OIDs on the wire. Had that been the case I would not have
initiated this thread. However that is not the world we live in.
Short-names on the wire are a fact of life.
Also, how could it possibly be useful to put into practice a URN space
for X.500/LDAP attribute types that excludes large numbers of
already-defined types (ie, those whose descriptors aren't registered
That is a valid point but imo only representing a subset of the schema
elements in a given urn "arc" does not invalidate the idea itself. Those
groups who define schema not registered with IANA can just as easily
define and use private URN (or god forbid URI) namespaces for those
schema. Put another way: local use of schema implies local use of urn:s.
with IANA)? If I wanted to use my organizationally-assigned attribute
types, I couldn't until I registered them with IANA? In fact what
people would do (and we've seen this already with a one-off Internet2
URN space we made up for this purpose) is use URNs of
urn:ietf:param:ldap-parameters:foo without registering the descriptor,
resulting in collisions etc.
Another serious problem, the inverse of the one brought up by Michael
Liben, is (from RFC 3383):
Multiple names may be assigned to a given OID.
eg CN and commonName. If I'm sending this attribute, which
descriptor-based URN would I use? Do you really think it would be a
"best common practice" to promote the use of a URN space that defines
multiple names for the same thing?
Another valid point but equaliy valid for LDAP itself and we are able
to use LDAP anyway. In practice one of the aliases will be used, the
other less so.
Using urn:oid forces clients to be schema-aware which has good and bad
side-effects.
Choosing URNs based on the assumption that it's useful for clients
simply to splat those URNs in front of users (which I assume is what you
Absolutely not! My application does not involve users directly in any
way. Introducing oids is quite possible but requires a separate mapping
(i.e the schema) to be maintained.
would mean by "not schema-aware") also seems like less than best
practice. If clients are simply using them as opaque identifiers and
comparing against values in tables etc, then it doesn't matter what they
look like.
Perhaps I have made my position clear ...
You have some very good arguments. I would agree with you fully if it
weren't for the existence of the ldap-parameters IANA registry. Imo that
makes it useful (and 'cost efficient') to have these urn:s around.
- RL "Bob"
MVH leifj
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext