[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 27 Jun 2003 09:52:12 -0700
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20030626p49u@bombur.uio.no>
References: <5.2.0.9.0.20030625150537.01ccccb0@127.0.0.1> <5.2.0.9.0.20030625131618.01c6bae8@127.0.0.1> <5.2.0.9.0.20030625073051.01bc7ab8@127.0.0.1> <HBF.20030625azto@bombur.uio.no> <Pine.LNX.4.44.0306230925270.16015-100000@localhost.localdomain> <Pine.LNX.4.44.0306110126150.1913-100000@localhost.localdomain> <HBF.20030624o4jh@bombur.uio.no> <5.2.0.9.0.20030624130612.01bdd0a8@127.0.0.1> <HBF.20030625yg0g@bombur.uio.no> <HBF.20030625psol@bombur.uio.no> <HBF.20030625yqhb@bombur.uio.no> <5.2.0.9.0.20030625150537.01ccccb0@127.0.0.1>

At 11:54 PM 6/25/2003, Hallvard B Furuseth wrote:
>>> If I understand you correctly, the part of [Models] 2.3 which I
>>> quoted should be changed to something like
>>>
>>>  If the attribute type has an equality matching rule, any two values
>>>  of the attribute must compare as false according to that matching
>>>  rule.
>>
>> Yes.
>
>In view of this, I'm beginning to dislike that Prohibit step.
>If I have a purely local LDAP directory, why shouldn't I be allowed to
>give an attribute two values where one uses a Private Use code point?

These rules are designed for interoperability between independently
developed implementations which you are likely to have even in
local environments.  If all directory agents do not agree on matching
rule semantics, interoperability problems will occur.  Some of these
will have impact upon security.  These matching rules are not just used
by DSAs to locate information, but used in DUAs to correlate information
provided by the DSAs.  To be appropriate for naming of objects and
values of security related attributes, I think the appearance of a
Private Use code points in strings to be matched with these rules
need to cause the evaluation to be Undefined.

Note that one is always free to define other schema elements to meet
local needs.

Kurt

Follow-Ups:
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
- ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Specifying non-tcp transports referrals
Next by Date: Re: ldapbis WG Last Call on ldapbis-syntaxes, ldapbis-strprep
Index(es):
- Chronological
- Thread