Re: [precis] usernames in PRECIS and http-auth
John C Klensin <john-ietf@jck.com> Sat, 08 March 2014 22:18 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C63C1A02DB for <precis@ietfa.amsl.com>; Sat, 8 Mar 2014 14:18:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Level:
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kld7ztU1TtOi for <precis@ietfa.amsl.com>; Sat, 8 Mar 2014 14:17:58 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id DDFD11A02BE for <precis@ietf.org>; Sat, 8 Mar 2014 14:17:57 -0800 (PST)
Received: from localhost ([::1]) by bsa2.jck.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1WMPYz-000Ee7-PZ; Sat, 08 Mar 2014 17:17:50 -0500
Date: Sat, 08 Mar 2014 17:17:48 -0500
From: John C Klensin <john-ietf@jck.com>
To: Peter Saint-Andre <stpeter@stpeter.im>, precis@ietf.org
Message-ID: <5335180FF472DFD6C0D0F6D7@JCK-EEE10>
In-Reply-To: <531A09C7.7070904@stpeter.im>
References: <531A09C7.7070904@stpeter.im>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Archived-At: http://mailarchive.ietf.org/arch/msg/precis/RYOVdTZXOq7owLIRjhjQMb9fBQE
Subject: Re: [precis] usernames in PRECIS and http-auth
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Mar 2014 22:18:00 -0000
FWIW, this seems about right to me. john --On Friday, 07 March, 2014 11:02 -0700 Peter Saint-Andre <stpeter@stpeter.im> wrote: > As promised at IETF 89, I have compared the username > definitions from draft-oiwa-precis-httpauthprep-00 and > draft-ietf-precis-saslprepbis-06, with the purpose of perhaps > harmonizing the two approaches so that we can avoid > multiplying PRECIS profiles beyond necessity. > > (I am writing this email on the flight home, and I neglected > to load up the meeting minutes before leaving, so I might not > address all of the relevant points in this message.) > > First, let's look at the syntax definitions. > > draft-ietf-precis-saslprepbis-06 states that a username can > (a) consist of one of more userparts, or (b) can be of the > form userpart@domainpart. The ABNF definition is: > > username = userpart [1*(1*SP userpart)] > / userpart '@' domainpart > > userpart = 1*(idpoint) > > domainpart = IP-literal / IPv4address / ifqdn > > ifqdn = 1*1023(domainpoint) > > Where: > > * an "idpoint" is a UTF-8 encoded Unicode code point that > conforms to the PRECIS "IdentifierClass" > * an "IPv4address" is as defined in RFC 3986 > * an "IP-literal" is as defined in RFC 3986 > * a "domainpoint" is a UTF-8 encoded Unicode code point that > conforms to RFC 5890 > > By contrast, draft-oiwa-precis-httpauthprep states that a > username consists of one or more UTF-8 encoded Unicode code > points that conform to the PRECIS "IdentifierClass". The ABNF > definition is: > > userpart = 1*(idpoint) > > We quickly see that an http-auth username is a legal PRECIS > username, since 1*(idpoint) is simply a userpart as defined in > draft-ietf-precis-saslprepbis-06, and a PRECIS username can > consist of only one userpart. Therefore, in this respect, I > think the httpauthprep text (whether it appears in a > standalone document or elsewhere) can simply state that for > purposes of HTTP authentication a username is a userpart as > defined in draft-ietf-precis-saslprepbis. > > Second, let's look at the string preparation method. > > Here, too, draft-oiwa-precis-httpauthprep-00 is a subset of > draft-ietf-precis-saslprepbis-06. The preparation method in > draft-ietf-precis-saslprepbis-06 is: > > 1. The base string class is the "IdentifierClass" > specified in > [I-D.ietf-precis-framework]. > 2. Fullwidth and halfwidth characters MUST be mapped to > their > decomposition equivalents. > 3. So-called additional mappings MAY be applied, such as > those > defined in [I-D.ietf-precis-mappings]. > 4. Uppercase and titlecase characters might be mapped to > their > lowercase equivalents (see Section 4.2.1 below). > 5. Unicode Normalization Form C (NFC) MUST be applied to > all > characters. > > By contrast, the preparation method in > draft-oiwa-precis-httpauthprep-00 is: > > 1. Fullwidth and halfwidth characters MUST be mapped to > their > decomposition equivalents. > 2. Additional mappings SHOULD NOT be applied, such as > those defined > in [I-D.ietf-precis-mappings], unless there are > implementation- > dependent reasons to do so, or these are exceptionally > required > by specific authentication schemes. > 3. Case mapping is not applied. > 4. Unicode Normalization Form C (NFC) MUST be applied to > all > characters.o > > These two defnitions agree on the width mapping and > normalization rules described in the PRECIS framework. They > appear to differ slightly with regard to the additional > mapping and case mapping rules. However, > draft-oiwa-precis-httpauthprep-00 is merely a bit more > restrictive with regard to matters that are purely optional > according to draft-ietf-precis-saslprepbis-06. For example, > the option of saying that "case mapping is not applied" is > allowed by the text "uppercase and titlecase characters might > be mapped to their lowercase equivalents". > > To make this clearer, I suggest that we modify the advice in > draft-oiwa-precis-httpauthprep-00 so that it no longer defines > its own PRECIS profile. Instead, I suggest that we phrase the > httpauthprep text in terms of the username profile in > draft-ietf-precis-saslprepbis-06. To my mind, something like > this would work: > >### > > For the purposes of HTTP authentication, a username conforms > to the syntax definition and preparation methods specified in > [I.D-draft-ietf-precis-saslprepbis], with the following > limitations: > > * a username conforms to the "userpart" construction from > [I-D.draft-ietf-precis-saslprepbis] > * case mapping is not applied > * delimiter mappings, special mappings, and other so-called > additional mappings [I-D.draft-ietf-precis-mappings] are not > applied > >### > > As far as I can see, this simplifies the httpautheprep text > quite a bit. > > (By the way, draft-oiwa-precis-httpauthprep-00 also seems to > copy the password profile verbatim from > draft-ietf-precis-saslprepbis. I think this text can be > removed entirely, so that the httpauthprep text can simply > reference draft-ietf-precis-saslprepbis.) > > Yutaka and Alexey (and others), let me know what you think > about what I have written here. > > Thanks, > > Peter > > _______________________________________________ > precis mailing list > precis@ietf.org > https://www.ietf.org/mailman/listinfo/precis
- [precis] usernames in PRECIS and http-auth Peter Saint-Andre
- Re: [precis] usernames in PRECIS and http-auth John C Klensin
- Re: [precis] usernames in PRECIS and http-auth Alexey Melnikov
- Re: [precis] usernames in PRECIS and http-auth Yutaka OIWA
- Re: [precis] usernames in PRECIS and http-auth Peter Saint-Andre
- Re: [precis] usernames in PRECIS and http-auth Yutaka OIWA
- Re: [precis] usernames in PRECIS and http-auth Peter Saint-Andre
- Re: [precis] usernames in PRECIS and http-auth Yutaka OIWA
- Re: [precis] usernames in PRECIS and http-auth Peter Saint-Andre - &yet
- Re: [precis] usernames in PRECIS and http-auth Martin J. Dürst
- Re: [precis] usernames in PRECIS and http-auth Yutaka OIWA
- Re: [precis] usernames in PRECIS and http-auth Black, David
- Re: [precis] usernames in PRECIS and http-auth Peter Saint-Andre - &yet