[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth: SASL protocol profile

To: ietf-ldapbis@OpenLDAP.org
Subject: authmeth: SASL protocol profile
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 6 Nov 2003 00:28:40 +0100

About Authmeth Section 3.3 (SASL Authentication Profile):

According to [SASL], the LDAP protocol profile must explicitly mention
- that LDAP supports "multiple authentications",
- the form of the authorization identity,
and SHOULD specify use of SASLPrep.

Sections 3.3.5 (Rules for using SASL security layers) and 3.3.6 (Use of
EXTERNAL SASL Mechanism) should be removed or moved away from the
protocol profile.  Unless I've gone blind, the [SASL] protocol profile
requirements do not mention them.

I think section 3.3 should be renamed 'SASL Protocol Profile', so
readers of [SASL] can _find_ the 'protocol profile' by searching the
authmeth document for that phrase.

A suggestion in my 'authmeth-07 issues' message was bogus:  To move
section 3.3.3 (Octet where negotiated security mechanisms take effect)
away from the protocol profile section.  I hadn't realized what a
protocol profile was when I said that.

-- 
Hallvard

Follow-Ups:
- Re: authmeth: SASL protocol profile
  - From: Alexey Melnikov <Alexey.Melnikov@isode.com>

Prev by Date: authmeth transition table
Next by Date: Re: Implementation of SASL security layer in LDAP clients/servers
Index(es):
- Chronological
- Thread