[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: objectIdentifierMatch on ambiguous name

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: objectIdentifierMatch on ambiguous name
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 03 Jan 2003 16:31:09 -0800
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20030103yquk@bombur.uio.no>
References: <5.2.0.9.0.20030103120045.024457a8@127.0.0.1> <5.2.0.9.0.20030102084017.01d16830@127.0.0.1> <HBF.20030102wumy@bombur.uio.no> <5.2.0.9.0.20030103071943.031255d8@127.0.0.1> <3E15E938.E1B21014@sun.com> <5.2.0.9.0.20030103120045.024457a8@127.0.0.1>

At 02:41 PM 1/3/2003, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>> In short, I think we need to be clear as when <descr> form SHOULD
>> be used and when it SHOULD NOT be used.  I think we all agree that,
>> in LDAP, they SHOULD be used for AttributeTypes appearing in the
>> protocol, values (and assertion values) of the objectClass attribute,
>> and in <oid> productions appearing in schema descriptions.
>> 
>> How about?
>>         MatchingRuleIDs appearing in extensible filters?
>>         assertion values of attributeTypes, objectClasses, etc.?
>
>I think a general statement is better than listing instances.

While I certainly would prefer a general statement, I'm afraid
that different statements might be needed for different instances.

>Something like
>
>4.3.26 (OID):
>  Since a short name can refer to different OIDs in different
>  contexts (e.g. there might be an object class 'x-fubar' and an
>  attribute type 'x-fubar' in a subschema), a server SHOULD NOT
>  allow short names in the OID syntax in contexts where it does
>  not know which <numericoid> the short name represents.

Doesn't this contradict [Models, 1.3]?

>5.2.17 (objectIdentifierMatch):
>  If the asserted value or attribute value is a short name of an OID,
>  and the server does not know which <numericoid> the short name
>  represents but allows such values as attribute values, the match
>  evaluates to Undefiend, even if the asserted value and the attribute
>  value are equal.

I'm thinking 4.3.26 of [Syntaxes] should say something like:

        Servers SHOULD prevent values in <descr> form from be
        stored in the directory for which the server is not
        able to unambiguously determine which OID the <descr>
        represents.

and 5.1.17:
        If the assertion value is presented in <descr> form and
        the implementation is not able to determine which OID
        the <descr> represents, the server SHOULD treat the
        assertion as being Undefined.

That is, if the server cannot determine which OID the <descr>
refers to, the <descr> should be viewed as invalid.

Kurt

Follow-Ups:
- Re: objectIdentifierMatch on ambiguous name
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- RE: objectIdentifierMatch on ambiguous name
  - From: "Steven Legg" <steven.legg@adacel.com.au>
- Re: objectIdentifierMatch on ambiguous name
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Re: objectIdentifierMatch on ambiguous name
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: objectIdentifierMatch on ambiguous name
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- objectIdentifierMatch on ambiguous name
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: objectIdentifierMatch on ambiguous name
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: objectIdentifierMatch on ambiguous name
  - From: Mark Wahl <Mark.Wahl@sun.com>
- Re: objectIdentifierMatch on ambiguous name
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: objectIdentifierMatch on ambiguous name
Next by Date: strange uniqueMemberMatch
Index(es):
- Chronological
- Thread