New Component Matching Rules Draft

["Steven Legg" <steven.legg@adacel.com.au>]

Folks,

A new version of the component matching rules draft is now available.

http://www.ietf.org/internet-drafts/draft-legg-ldapext-component-matching-01
.txt

The abstract reads:

   The syntaxes of attributes in an LDAP or X.500 directory range from
   simple data types, such as text string, integer, or boolean, to
   complex structured data types, such as the syntaxes of the directory
   schema operational attributes.  The matching rules defined for the
   complex syntaxes, if any, usually only provide the most immediately
   useful matching capability.  This document defines generic matching
   rules that can match any user selected component parts in an
   attribute value of any arbitrarily complex attribute syntax.  Generic
   string encodings for attribute and assertion values of arbitrary
   syntax are also defined.

The only noteworthy changes from the previous version are as follows:

	Section 4.1.7 was added to enable component matching of values embedded
	in encoded form into BIT STRINGs or OCTET STRINGs. In particular, this
	is to allow component matching of values in Certificate extensions.

	References to a companion document summarizing the ASN.1 types
	of LDAP syntaxes were removed to avoid holding up this document.

	Object identifiers for the new syntax and matching rule definitions
	have been allocated from an arc belonging to Adacel Technologies Ltd.

I intend submitting this document to the IESG in two weeks time with a
request that it be considered for proposed standard status.

Note that the next revision of the "Access Control Model for LDAPv3" is
expected to use the directoryComponentsMatch matching rule from the
component matching rules draft as the equality matching rule for the
entryACI and subentryACI attributes.

Regards,
Steven