Protocol Action: 'LDAP 'Who am I?' Operation' to Proposed Standard

The IESG has approved the following document:

- 'LDAP 'Who am I?' Operation '
   <draft-zeilenga-ldap-authzid-10.txt> as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Ted Hardie.

Technical Summary

This document describes a mechanism for Lightweight Directory
Access Protocol (LDAP) clients to obtain the authorization identity
the server uses for them.  This mechanism, called "Who am I"
which the server has associated with the user or application entity.
This replaces the AUTHCTL mechanism, which uses Bind request and 
response controls to request and return the authorization identity.  
Bind controls are not protected by the security layers established by the 
Bind operation which they are transferred as part of.   An extended operation sent after a Bind operation is protected by the security layers established by the Bind operation.

This mechanism will also be used in cases where  the
authorization identity is requested seperately  from the Bind operation.  
For example, the "Who am I?" operation can be augmented with a Proxied 
Authorization Control [PROXYCTL] to determine the authorization identity 
which the server associates with the identity asserted in the Proxied Authorization
Control.  The "Who am I?" operation can also be used prior to the Bind
operation.

Working Group Summary

This was not a WG document, but has been discussed on various
mailing lists (LDAPEXT, LDAPBIS, etc.)  The only issue raised during
last call was whether this was suffciently distinguished from
draft-weltman-ldapv3-auth-response-09.txt, and this issue has been
resolved.

Protocol Quality

This document has been reviewed for the IESG by Ted Hardie.

_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce