Defect report 073 on simple credentials (fwd)
"John H. Dale" <jdale@tango.cos.com> Wed, 06 January 1993 17:55 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa06501; 6 Jan 93 12:55 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa06497; 6 Jan 93 12:55 EST
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa16521; 6 Jan 93 12:56 EST
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.03751-0@haig.cs.ucl.ac.uk>; Wed, 6 Jan 1993 17:32:35 +0000
Received: from cos.com by bells.cs.ucl.ac.uk with Internet SMTP id <g.04377-0@bells.cs.ucl.ac.uk>; Wed, 6 Jan 1993 17:32:26 +0000
Received: from tango.cos.com by coincd4000.cos.com id SMTP-0012b4b17ee014948; Wed, 6 Jan 93 12:33:35 -0500
Received: from twiddle.cos.com by tango.cos.com (4.1/SMI-4.1) id AA10977; Wed, 6 Jan 93 12:30:44 EST
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "John H. Dale" <jdale@tango.cos.com>
Message-Id: <9301061730.AA10977@tango.cos.com>
Subject: Defect report 073 on simple credentials (fwd)
To: osids <osi-ds@cs.ucl.ac.uk>
Date: Wed, 06 Jan 1993 12:29:54 -0500
X-Mailer: ELM [version 2.3 PL6]
Forwarded message: From jdale Wed Jan 6 12:22:50 1993 From: jdale (John H. Dale) Message-Id: <9301061722.AA10966@tango.cos.com> Subject: Defect report 073 on simple credentials To: dssig@ics.uci.edu (OIW DS SIG) Date: Wed, 6 Jan 93 12:21:58 EST X-Mailer: ELM [version 2.3 PL6] This defect report has a bearing on the ISP parts ADI11, ADI12, ADI21, and ADI22, which we are trying to stabilize before the EWOS EG-DIR meeting on January 18 for the ratification process can begin. (ADI11 will probably be delayed.) First, I provide excepts from the defect report, then some comments, including proposed modifications to ADI12. As I understand it, no action has yet been taken on this defect report. Hope I don't make type errors. Feel free to ask for a fax of the original. Defect Report 9594/073 Source: UK (BSI) Concerning X.511 and 9594-3 Qualifier: Clarification References in Document: 7.9.2.2 [probably should be 8.1.3.1 -jd] Nature of Defect: The last sentence can be interpreted as saying that if a user supplies no credentials (e.g., omits the element), then the DSA must also return no credentials. This is in conflict with the first sentence, which (sensibily) "allow[s] the user to establish the identity of the DSA", and also conflicts with the view that returning no credentials is logically a form of simple credentials. It is certianly acceptable that the DSA should be denied the possibility of identifying itself to a user (even an unidentified one). Solution proposed by the source: Replace the last sentence of 8.1.3.1 with a clearer statement: The form of the credentials element shall correspond to that supplied by the user according to the following rules: -If the user supplies no credentials element or uses the simple choice for Credentials in DirectoryBindArgument, the DSA shall either supply no credentials or use the simple choice in the credentials element of DirectoryBindResult. -If the user users the strong choice for Credentials in DirectoryBindArguement, the DSA shall use the strong choice for Credentials in DirectoryBindResult. -If the use used the externalProcedure choice for Credentials in DirectoryBindArguments, the DSA shall use the externalProcedure choice for Credentials in DirectoryBindArgument. Comments with respect to ISP: The suggested text lines up with my interpretation of the base standard, and I think it will be needed for the directory. There was some objection to putting this in the ISP, for reasons I never understood. Right now, I don't know whether to put it back in or not. But I thought it important that we understand that it may be come the 'official' interpretation of the standard. Should it go into the ISP? ISPs are supposed to provide the interpretations necessary to assure interworking, and in my opinion, such a clarification is needed for that purpose. So ideally, we would put the text in, or cite the defect report if approved. However, there is little time to deal with the earlier, unexplained (as I recall) objections that caused us (or at least me) to back off earlier. Suggestions? -- John H. Dale fax +1-703-846-8590 COS, 8260 Willow Oaks Corporate Dr., jdale@cos.com tel +1-703-205-2742 Suite 700, Fairfax, VA 22031 -- John H. Dale fax +1-703-846-8590 COS, 8260 Willow Oaks Corporate Dr., jdale@cos.com tel +1-703-205-2742 Suite 700, Fairfax, VA 22031
- Defect report 073 on simple credentials (fwd) John H. Dale