Re: [pkix] Comments on draft-santesson-auth-context-extension-04

[mrex@sap.com (Martin Rex)]

Denis,

While I have no personal interest or use in this proposal myself,
I'm somewhat confused by your message.

Denis Pinkas wrote:
> 
> Allowing to have SAML attributes in a PKC would be a very good thing. 
> However, the relying party DOES NOT care
> how these SAML attributes have been translated into a subject DN. It is 
> the responsibility of the CA.

Stefan said that he _has_ RPs who care.  Where is your problem with this?


> 
> Thus, if the scope only remains to know how the correspondence was made 
> between  the SAML attributes and
> the subject DN, I don't believe that this document will be useful for 
> the Internet community and thus I am still unconvinced
> that this document should progress as an Internet Draft.

"progress as Internet Draft"?
(I have not the slightest idea what that is.)

>From the document header, Stefan seems to be looking for an Individual
Submission with the intended document status "Informational".

Were you thinking of a Standards track document?
Or were you thinking about a WG work item (Last thing I heard was that
PKIX is scheduled to shut down (as IETF WG) and not accepting any further
work items).  Only the latter two would need any kind of "approval".


Stefan's primary interest seems to be sharing information about what he
does (or intends to do) with the IETF community.  And Stefan seems to
solicit and accept feedback and suggestions from the PKIX community
to make this work more useful to others.


> 
> If the scope is changed to allow to include SAML attributes as another 
> name form in a PKC, then this is
> an important issue which deserves an Internet Draft.

Stefan indicated that he needs this extension to convey information
that does not qualify as SAN/otherName, so this feedback seems to be
missing the point.

If you have a need for this, you might have to create your own proposal/I-D
to fit this purpose.


-Martin