[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Display name attribute
>
> So if you instead get a thousand entries, labelled "Mark Smith 1" to "Mark
> Smith 1000" using their unique auto-generated CN values, does that help
> you to determine which Mark is the one you want? Won't you have to look
> at other attributes?
>
Well I would not do that. The CN would contain the users preferred
name, and if there are several with the same CN, use the serial
number attribute to disambiguate them. (we do that with our Entrust
certificates)
I originally thought the display name had some value, but now I dont
think it has. Common name can just as well hold the value you
suggest should go into display name.
> This has almost nothing to do with the point of displayName, which IMHO is
> to present the person's name as the person wants it presented. This seems
> to me like an entirely straightforward requirement.
Its a level of indirection that solves nothing. Common name can do it
just as well, only better, since it is visible in certificates as part of the
DN. Display name is not.
David
***************************************************
David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
*NEW* Mobile +44 790 167 0359 *NEW*
Email D.W.Chadwick@iti.salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************