[Date Prev][Date Next] [Chronological] [Thread] [Top]

brief authmeth notes

To: ietf-ldapbis@OpenLDAP.org
Subject: brief authmeth notes
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 8 Nov 2004 23:49:13 +0100

After a brief look at authmeth-13, the changes that have been done so
far mostly look good.  A few exceptions:

> 10. SASL EXTERNAL Authentication Mechanism
>   The authorization identity used to determine the state of the
>   association is derived from the security credentials in an
>   implementation-specific manner.

This is wrong, the authorization identity may be sent with the EXTERNAL
request.  'Authentication identity' is derived... in authmeth-12 was
right, as far as I can tell.

I notice the suggestion to remove authentication 'state' in thread
"authmeth: association -= authentication ID" was taken, but Appendix A
retains one "authentication state" which should probably be
"authorization state" or "association state".

-- 
Hallvard

Prev by Date: Re: Empty IA5String
Next by Date: Re: Cross-purpose SEQUENCE/CHOICE protocol extension fields
Index(es):
- Chronological
- Thread