[Date Prev][Date Next]
> At 11:20 AM 12/13/2003, Howard Chu wrote:
>>I think adding a mech specifier is a really bad idea.
> Quite likely.
Hold on, what we're talking about is NOT specifying the mech
in the "u:" of, say, a proxyauthz control. I agree this has
to be related to the mech that was actully used to get to that
What I'm talking about is how to put the mech into the
sasluthz(To|From) attribute of an entry. This can be
useful when deciding to authorize identities that are
specified thru the "u:" syntax based on the mech as well.
What I came out, and currently implemented, is:
if this is acceptable, I'll commit it in a moment.
> Maybe we should just have
then we could do
I guess you mean "literal" square brackets around the realm.
I still favour my solution, but I've nothing against this latter.
> and just imply a mech of "authz" when authzid comes from policy
> information. Otherwise, the mech associated with the authentication is
If no mech is associated to the operation, then use
the "AUTHZ" mech.
I'll commit this in a moment, so you'll have a chance
to see if it is reasonable.