Re: attributes in AC
Stephen Farrell <stephen.farrell@baltimore.ie> Tue, 17 April 2001 13:06 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA06798 for <pkix-archive@odin.ietf.org>; Tue, 17 Apr 2001 09:06:35 -0400 (EDT)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id GAA12657; Tue, 17 Apr 2001 06:05:42 -0700 (PDT)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 17 Apr 2001 06:05:24 -0700
Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by above.proper.com (8.9.3/8.9.3) with ESMTP id GAA12621 for <ietf-pkix@imc.org>; Tue, 17 Apr 2001 06:05:17 -0700 (PDT)
Received: by balinese.baltimore.ie; id OAA21739; Tue, 17 Apr 2001 14:05:17 +0100 (GMT/IST)
Received: from emeairlsw1.ie.baltimore.com(10.153.25.53) by balinese.baltimore.ie via smap (V4.2) id xma021628; Tue, 17 Apr 01 14:04:39 +0100
Received: from bobcat.baltimore.ie (bobcat.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.1) with ESMTP id <T52f8f64ea40a99193515a@emeairlsw1.baltimore.com>; Tue, 17 Apr 2001 14:03:29 +0100
Received: from baltimore.ie (cis-flcat1.ie.baltimore.com [10.153.24.220]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id OAA27620; Tue, 17 Apr 2001 14:07:47 +0100
Message-ID: <3ADC3F64.895C47B0@baltimore.ie>
Date: Tue, 17 Apr 2001 14:04:37 +0100
From: Stephen Farrell <stephen.farrell@baltimore.ie>
Reply-To: stephen.farrell@baltimore.ie
Organization: Baltimore Technologies Ltd.
X-Mailer: Mozilla 4.72 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Hideyuki Odahara <odahara@dsa.isl.ntt.co.jp>
CC: ietf-pkix@imc.org
Subject: Re: attributes in AC
References: <20010410173741.DB73.ODAHARA@dsa.isl.ntt.co.jp>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Content-Transfer-Encoding: 7bit
Slightly late response, but here it is... Syntactically, the access identity attribute can't have the authInfo field present. This basically means that you should use the access identity field if the relying party is willing to believe a straight assertion from the AA about the holder's identity. In theory that should be enough, but it turns out that there are many applications which still require a username & password to identify/authenticate a user, so the service auth info attribute allows support for such applications. As an example of where this might apply, say you inegrate the AC relying party code into a web server, with a set of web applications being called from the web server. Now some of those applications will simply accept a user identity passed from the web server, using say the ssl client or holder field for identity, others will have their own concept of usernames (so you can use the access identity for those), but still others will have their own username/password handling (so you can use service auth info and not bother the user with entry of additional passwords). Hope this makes it clearer, Stephen. Hideyuki Odahara wrote: > > Please teach me the difference of the use of > "Service Authentication Infomation" and "Access Identity" > in Attribute Certificate, and how to use the "Access Identity" > attribute if you have any concrete example. > > It is described that "this is a different use to that intended > for the svceAuthInfo attribute discribed in 4.4.1 above." at the > page 19 in the internet-draft(draft-ietf-pkix-ac509prof). > But there is no example what situation does it suit. > > thanks > > ---------- > Hideyuki Odahara $B!'(B odahara@dsa.isl.ntt.co.jp -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
- attributes in AC Hideyuki Odahara
- Re: attributes in AC Stephen Farrell
- draft-ietf-pkix-ac509prof -> RFC? Hideyuki Odahara
- Re: draft-ietf-pkix-ac509prof -> RFC? Stephen Farrell
- Re: draft-ietf-pkix-ac509prof -> RFC? Hideyuki Odahara