[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Returning single values from multivalued attributes

To: 'Bruce Greenblatt' <bgreenblatt@dtasi.com>, mcs@netscape.com, d.w.chadwick@salford.ac.uk
Subject: RE: Returning single values from multivalued attributes
From: "Miklos, Sue A." <samiklo@missi.ncsc.mil>
Date: Wed, 11 Aug 1999 10:42:48 -0400
Cc: ietf-ldapext@netscape.com
Resent-date: Wed, 11 Aug 1999 07:43:18 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Ue1uwB.A.uYB._vYs3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Title: RE: Returning single values from multivalued attributes

Bruce, with enough time and money, we could solve any problem...

however, I am constrained by crypto service providers that may take up to 1+ second to go through each variant of a certificate recieved, in addition to any other non-security-related processing that has to occur. This leads to unacceptably slow performance. Any streamlining at any point in the process is a good thing.

Sandi Miklos

-----Original Message-----
From: Bruce Greenblatt [mailto:bgreenblatt@dtasi.com]
Sent: Wednesday, August 11, 1999 1:03 AM
To: Miklos, Sue A.; mcs@netscape.com; d.w.chadwick@salford.ac.uk
Cc: ietf-ldapext@netscape.com
Subject: RE: Returning single values from multivalued attributes

At 12:41 PM 8/10/99 -0400, Miklos, Sue A. wrote:
>In the early days of a program called "MISSI", we defined a different
attribute type (with
>a single value) for every permutation of algorithm used, and subsequently
named it (for
>example) FortezzaKMandSigCertificate; SNDSSuiteACertificate, ad nauseum
with a different
>oid for each type. We found it to be a minimally functional design, that
did not allow for
>extensibility, unless we had a mechanism to disseminate changes to all of
the client and
>crypto service provider software already deployed. I believe you've
already run into that
>issue with schema discovery.
>
>It is not out of the realm of possibility again, in the certificate
mindset)to have
>products allowing us to 1) store many (where I believe an order of 10-25
per entry is
>possible) values for any given attribute type and 2) allow either the user
interface or
>the CSP software interface to provide selected pieces of information (CA
issuer's name?
[snip ...]

Sandi,

I still don't think that this is really a requirement. If you only have
around 10 attribute values, you're better off getting them all from the
server, and tossing the ones that you don't want. This is easily done
using a client API... You'll be doing the exact same thing on the client
side that the server would be doing. On the other hand, if you have in
the range of 1000 attribute values, I would definitely urge you to abandon
whatever scheme has let you here, and redesign the application. I know of
at least one firm that will help you do this (for a small fee :))...

Bruce

==============================================
Bruce Greenblatt
Directory Tools and Application Services, Inc.
http://www.directory-applications.com

Follow-Ups:
- Re: Returning single values from multivalued attributes
  - From: dboreham@netscape.com (David Boreham)

Prev by Date: Re: objectclass of a subschemasubentry
Next by Date: RE: Returning single values from multivalued attributes
Index(es):
- Chronological
- Thread