[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Returning single values from multivalued attributes

To: 'Bruce Greenblatt' <bgreenblatt@dtasi.com>, mcs@netscape.com, d.w.chadwick@salford.ac.uk
Subject: RE: Returning single values from multivalued attributes
From: "Miklos, Sue A." <samiklo@missi.ncsc.mil>
Date: Tue, 10 Aug 1999 12:41:56 -0400
Cc: ietf-ldapext@netscape.com
Resent-date: Tue, 10 Aug 1999 09:42:22 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"0v3QmC.A.CvD.mZFs3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Title: RE: Returning single values from multivalued attributes

In the early days of a program called "MISSI", we defined a different attribute type (with a single value) for every permutation of algorithm used, and subsequently named it (for example) FortezzaKMandSigCertificate; SNDSSuiteACertificate, ad nauseum with a different oid for each type. We found it to be a minimally functional design, that did not allow for extensibility, unless we had a mechanism to disseminate changes to all of the client and crypto service provider software already deployed. I believe you've already run into that issue with schema discovery.

It is not out of the realm of possibility again, in the certificate mindset)to have products allowing us to 1) store many (where I believe an order of 10-25 per entry is possible) values for any given attribute type and 2) allow either the user interface or the CSP software interface to provide selected pieces of information (CA issuer's name? algorithm identifier?) to speed up the information retrieval process, without being required to know, in advance, what is actually stored in the repository.

I'm not sure that I am helping your discussion, but I do have to integrate a variety of user skills (some can surf a DIT, others can barely create powerpoint briefings) and a variety of crypto service providers (some have hard-coded, others are implementing modular capabilities). Having a mechanism to selectively retrieve information on a reasonable set of criteria would be extremely beneficial. That set of criteria can be (as in X.500) on an attribute by attribute basis. The exact match criteria may be problematic if it's a human who makes errors in the entry of the criteria...

Sandi Miklos
-----Original Message-----
From: Bruce Greenblatt [mailto:bgreenblatt@dtasi.com]
Sent: Tuesday, August 10, 1999 11:20 AM
To: mcs@netscape.com; d.w.chadwick@salford.ac.uk
Cc: ietf-ldapext@netscape.com
Subject: Re: Returning single values from multivalued attributes

I'm a little confused by this. My perspective is that the requirements for
this new functionality arise almost entirely from poor Schema/DIT design.
I certainly agree that if you put 1000s of certificates in a single
attribute, you will have difficulty retrieving a single certificate
instance from the entry inquestion. The obvious solution to this problem
is NOT to enhance LDAP (or DAP for that matter). The obvious solution IS
"don't put 1000s of certificates in a single attribute".

Bruce
==============================================
Bruce Greenblatt
Directory Tools and Application Services, Inc.
http://www.directory-applications.com

Prev by Date: Re: Returning single values from multivalued attributes
Next by Date: objectclass of a subschemasubentry
Index(es):
- Chronological
- Thread