[Date Prev][Date Next]
RE: strange uniqueMemberMatch
At 08:36 PM 1/5/2003, Steven Legg wrote:
>The uniqueMemberMatch rule is an equality matching rule that is not
>commutative, which causes problems in deciding whether attribute values
>are equal or not when adding or deleting values. I've raised this with
>the X.500 working group and I'm waiting to see how they resolve it.
We likely should nudge them on this. The current
definition is, I think, problematic because uniqueMember
is not single-valued.
To resolve this, I think the ITU should change the
uniqueMemberMatch semantics to:
The rule returns TRUE if and only if the dn components
of the attribute value and the presented value match
according to the distinguishedNameMatch rule and, if the
uid component is present in both values, the uid of the
attribute value matches the uid from the presented value
according to the bitStringMatch rule.
Assertion Value Attribute Value Result
cn=foo#'0'B cn=foo#'0'B True
cn=foo#'1'B cn=foo#'0'B False (uid mismatch)
cn=bar#'0'B cn=foo#'0'B False (dn mismatch)
cn=foo cn=foo#'0'B True
cn=bar cn=foo#'0'B False (dn mismatch)
cn=foo#'0'B cn=foo True
cn=foo cn=foo True
cn=bar cn=foo False (dn mismatch)
Also, I think X.501 should be state that only single-valued
attribute types can have non-commutative equality rules.