From mailnull@www1.ietf.org Wed Apr 16 22:19:20 2003 Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA24276 for ; Wed, 16 Apr 2003 22:19:20 -0400 (EDT) Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h3H2SD512282 for ldap-dir-archive@odin.ietf.org; Wed, 16 Apr 2003 22:28:13 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3H2SD812278 for ; Wed, 16 Apr 2003 22:28:13 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA24266 for ; Wed, 16 Apr 2003 22:18:49 -0400 (EDT) Received: from localhost ([127.0.0.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.12) id 195z1b-0004lV-00 for ldap-dir-web-archive@ietf.org; Wed, 16 Apr 2003 22:21:19 -0400 Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 195z1b-0004lR-00 for ldap-dir-web-archive@ietf.org; Wed, 16 Apr 2003 22:21:19 -0400 Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3H2S3812266; Wed, 16 Apr 2003 22:28:03 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3H2Re812209 for ; Wed, 16 Apr 2003 22:27:40 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA24250 for ; Wed, 16 Apr 2003 22:18:15 -0400 (EDT) Received: from localhost ([127.0.0.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.12) id 195z14-0004l5-00 for ldap-dir@ietf.org; Wed, 16 Apr 2003 22:20:46 -0400 Received: from router.boolean.net ([198.144.206.49] helo=pretender.boolean.net ident=root) by ietf-mx with esmtp (Exim 4.12) id 195z11-0004l0-00 for ldap-dir@ietf.org; Wed, 16 Apr 2003 22:20:44 -0400 Received: from nomad.OpenLDAP.org (kurt@localhost [127.0.0.1]) by pretender.boolean.net (8.12.8/8.12.8) with ESMTP id h3H2Ki5o029694; Thu, 17 Apr 2003 02:20:44 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.2.0.9.0.20030416190504.02b6ba78@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Wed, 16 Apr 2003 19:18:29 -0700 To: Ted Hardie From: "Kurt D. Zeilenga" Cc: rweltman@netscape.com, ldap-dir@ietf.org In-Reply-To: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=====================_100682423==_" Subject: [Ldap-dir] Re: Please review draft-weltman-ldapv3-proxy-11.txt Sender: ldap-dir-admin@ietf.org Errors-To: ldap-dir-admin@ietf.org X-BeenThere: ldap-dir@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: LDAP Directorate List-Post: List-Help: List-Subscribe: , --=====================_100682423==_ Content-Type: text/plain; charset="us-ascii" Finally found a few cycles to detail the nits and other editorial issues. See attachement. Kurt PS: I'll try to detail auth-response issues this weekend. --=====================_100682423==_ Content-Type: text/plain; name="comments-weltman-ldapv3-proxy-11.txt"; x-mac-type="42494E41"; x-mac-creator="74747874" Content-Disposition: attachment; filename="comments-weltman-ldapv3-proxy-11.txt" Content-Transfer-Encoding: base64 Pgo+Cj5JTlRFUk5FVC1EUkFGVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgUm9iIFdlbHRtYW4gCj5JbnRlbmRlZCBDYXRlZ29yeTogU3RhbmRhcmRzIFRyYWNr ICAgICAgICAgTmV0c2NhcGUgQ29tbXVuaWNhdGlvbnMgQ29ycC4gCj4gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1heSAyMDAyIAo+ ICAgIAo+ICAgICAgICAgICAgICAgICAgIExEQVAgUHJveGllZCBBdXRob3JpemF0aW9uIENvbnRy b2wgCj4gICAgICAgICAgICAgICAgICAgZHJhZnQtd2VsdG1hbi1sZGFwdjMtcHJveHktMTEudHh0 IAoKVG8gbXkgZWFyLCB0aGUgd29yZCAicHJveGllZCIgc291bmRzIGZ1bm55LiAgQXMgaXRzIHVz ZWQgaGVyZSBhcwphbiBhZGplY3RpdmUsIEkgd291bGQgdGhpbmsgInByb3h5IiB3b3VsZCBiZSBt b3JlIHN1aXRhYmxlIChpbnN0ZWFkCm9mIHRoZSBwYXN0IHRlbnNlIGZvcm0gb2YgdGhlIHZlcmIg InByb3h5IikuICBJIHN1Z2dlc3Qgcy9wcm94aWVkL3Byb3h5LwpoZXJlIGFuZCBiZWxvdy4KIAo+ U3RhdHVzIG9mIHRoaXMgTWVtbyAKPiAKPiAgIFRoaXMgZG9jdW1lbnQgaXMgYW4gSW50ZXJuZXQt RHJhZnQgYW5kIGlzIGluIGZ1bGwgY29uZm9ybWFuY2Ugd2l0aCAKPiAgIGFsbCBwcm92aXNpb25z IG9mIFNlY3Rpb24gMTAgb2YgUkZDMjAyNi4gCj4gICAgCj4gICBJbnRlcm5ldC1EcmFmdHMgYXJl IHdvcmtpbmcgZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBUYXNrIEZvcmNlIAo+ICAgKElFVEYp LCBpdHMgYXJlYXMsIGFuZCBpdHMgd29ya2luZyBncm91cHMuICBOb3RlIHRoYXQgb3RoZXIgZ3Jv dXBzIAo+ICAgbWF5IGFsc28gZGlzdHJpYnV0ZSB3b3JraW5nIGRvY3VtZW50cyBhcyBJbnRlcm5l dC1EcmFmdHMuIAo+ICAgIAo+ICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBkcmFmdCBkb2N1bWVudHMg dmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggbW9udGhzIAo+ICAgYW5kIG1heSBiZSB1cGRhdGVk LCByZXBsYWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnkgCj4gICB0 aW1lLiAgSXQgaXMgaW5hcHByb3ByaWF0ZSB0byB1c2UgSW50ZXJuZXQgRHJhZnRzIGFzIHJlZmVy ZW5jZSAKPiAgIG1hdGVyaWFsIG9yIHRvIGNpdGUgdGhlbSBvdGhlciB0aGFuIGFzICJ3b3JrIGlu IHByb2dyZXNzLiIgCj4gICAgCj4gICBUaGUgbGlzdCBvZiBjdXJyZW50IEludGVybmV0LURyYWZ0 cyBjYW4gYmUgYWNjZXNzZWQgYXQgCj4gICBodHRwOi8vd3d3LmlldGYub3JnL2lldGYvMWlkLWFi c3RyYWN0cy50eHQgCj4gICAgCj4gICBUaGUgbGlzdCBvZiBJbnRlcm5ldC1EcmFmdCBTaGFkb3cg RGlyZWN0b3JpZXMgY2FuIGJlIGFjY2Vzc2VkIGF0IAo+ICAgaHR0cDovL3d3dy5pZXRmLm9yZy9z aGFkb3cuaHRtbC4gCj4gICAgCj4gICAgCj5BYnN0cmFjdCAKPiAgICAKPiAgIFRoaXMgZG9jdW1l bnQgZGVmaW5lcyB0aGUgTGlnaHR3ZWlnaHQgRGlyZWN0b3J5IEFjY2VzcyBQcm90b2NvbCAKPiAg IChMREFQKSBQcm94aWVkIEF1dGhvcml6YXRpb24gQ29udHJvbC4gVGhlIFByb3hpZWQgQXV0aG9y aXphdGlvbiAKPiAgIENvbnRyb2wgYWxsb3dzIGEgY2xpZW50IHRvIHJlcXVlc3QgdGhhdCBhbiBv cGVyYXRpb24gYmUgcHJvY2Vzc2VkIAo+ICAgdW5kZXIgYSBwcm92aWRlZCBhdXRob3JpemF0aW9u IGlkZW50aXR5IFtBVVRIXSBpbnN0ZWFkIG9mIGFzIHRoZSAKPiAgIGN1cnJlbnQgYXV0aG9yaXph dGlvbiBpZGVudGl0eSBhc3NvY2lhdGVkIHdpdGggdGhlIGNvbm5lY3Rpb24uIAoKQ2l0YXRpb24g c2hvdWxkIGJlIHJlbW92ZWQuIAoKPjEuIEludHJvZHVjdGlvbiAKCkkgc3VnZ2VzdCB0aGUgYXV0 aG9yIGNvbnNpZGVyIHJld3JpdGluZyB0aGUgSW50cm9kdWN0aW9uIHRvIGJldHRlcgpzdGFuZCBi eSBpdHNlbGYuICBTZWVtcyBkZXBlbmRlbnQgb24gdGhlIEFic3RyYWN0LgoKPiAgIFRoaXMgZG9j dW1lbnQgZGVmaW5lcyBzdXBwb3J0IGZvciBwcm94aWVkIGF1dGhvcml6YXRpb24gdXNpbmcgdGhl IAo+ICAgQ29udHJvbCBtZWNoYW5pc20uIExEQVAgW0xEQVBWM10gc3VwcG9ydHMgdGhlIHVzZSBv ZiBTQVNMIFtTQVNMXSBmb3IgCj4gICBhdXRoZW50aWNhdGlvbiBhbmQgZm9yIHN1cHBseWluZyBh biBhdXRob3JpemF0aW9uIGlkZW50aXR5IGRpc3RpbmN0IAo+ICAgZnJvbSB0aGUgYXV0aGVudGlj YXRpb24gaWRlbnRpdHksIHdoZXJlIHRoZSBhdXRob3JpemF0aW9uIGlkZW50aXR5IAo+ICAgYXBw bGllcyB0byB0aGUgd2hvbGUgTERBUCBzZXNzaW9uLiBUaGUgcHJvcG9zZWQgUHJveGllZCBBdXRo b3JpemF0aW9uIAo+ICAgQ29udHJvbCBwcm92aWRlcyBhIG1lY2hhbmlzbSBmb3Igc3BlY2lmeWlu ZyBhbiBhdXRob3JpemF0aW9uIGlkZW50aXR5IAo+ICAgb24gYSBwZXIgb3BlcmF0aW9uIGJhc2lz LCBiZW5lZml0aW5nIGNsaWVudHMgdGhhdCBuZWVkIHRvIGVmZmljaWVudGx5IAo+ICAgcGVyZm9y bSBvcGVyYXRpb25zIG9uIGJlaGFsZiBvZiBtdWx0aXBsZSB1c2Vycy4gCgpMREFQIGFuZCBTQVNM IHNob3VsZCBiZSBzcGVsbGVkIG91dCBvbiBmaXJzdCB1c2UgaW4gYm9keS4gIExEQVAKc2hvdWxk IHJlZmVyIHRvIFJGQyAzMzgzLiAgQSByZWZlcmVuY2UgdG8gUkZDIDIyNTEgc2hvdWxkIGJlIGFk ZGVkCmZvciAidGhlIENvbnRyb2wgbWVjaGFuaXNtIi4KCkFsc28sIHRoZSB3b3JkICJwcm9wb3Nl ZCIgc2hvdWxkIGJlIGRlbGV0ZWQuCgo+ICAgVGhlIGtleSB3b3JkcyAiTVVTVCIsICJNVVNUIE5P VCIsICJTSE9VTEQiLCAiU0hPVUxEIE5PVCIsICJNQVkiLCBhbmQgCj4gICAiTUFZIE5PVCIgdXNl ZCBpbiB0aGlzIGRvY3VtZW50ICBhcmUgIHRvIGJlIGludGVycHJldGVkIGFzIGRlc2NyaWJlZCAK PiAgIGluIFtLRVlXT1JEU10uIAogICAgCiJNQVkgTk9UIiBpcyBub3QgYSBSRkMgMjExOSBrZXl3 b3JkLiAgQXMgaXQgaXMgbm90IHVzZWQgaW4gdGhpcwpkb2N1bWVudCwgSSBzdWdnZXN0IGl0IGJl IGRlbGV0ZWQgZnJvbSB0aGlzIGxpc3QuCgo+RXhwaXJlcyBOb3ZlbWJlciAyMDAyICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBbUGFnZSAxXSAKPgwKPlBST1hJRUQgQVVU SE9SSVpBVElPTiBDT05UUk9MICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTWF5IDIw MDIgCj4gCj4gCj4yLiBQdWJsaXNoaW5nIHN1cHBvcnQgZm9yIHRoZSBQcm94aWVkIEF1dGhvcml6 YXRpb24gQ29udHJvbCAKPiAgICAKPiAgIFN1cHBvcnQgZm9yIHRoZSBQcm94aWVkIEF1dGhvcml6 YXRpb24gQ29udHJvbCBpcyBpbmRpY2F0ZWQgYnkgdGhlIAo+ICAgcHJlc2VuY2Ugb2YgdGhlIE9J RCAiMi4xNi44NDAuMS4xMTM3MzAuMy40LjE4IiBpbiB0aGUgCj4gICBzdXBwb3J0ZWRDb250cm9s IGF0dHJpYnV0ZSBvZiBhIHNlcnZlcidzIHJvb3QgRFNFLiAKClRoZSBhbGxvY2F0aW9uIG9mIHRo aXMgT0lEIHNob3VsZCBiZSBkZXRhaWxlZCBpbiBhbiBJQU5BCkNvbnNpZGVyYXRpb25zIHNlY3Rp b24uICBBbHNvLCB0aGlzIE9JRCBtdXN0IGFsc28gYmUgcmVnaXN0ZXJlZAphcyBhbiBMREFQIFBy b3RvY29sIE1lY2hhbmlzbSBbQkNQIDY0XS4KICAgIAo+ICAgIAo+My4gUHJveGllZCBBdXRob3Jp emF0aW9uIENvbnRyb2wgCj4gICAgCj4gICBBIHNpbmdsZSBQcm94aWVkIEF1dGhvcml6YXRpb24g Q29udHJvbCBtYXkgYmUgaW5jbHVkZWQgaW4gYW55IHNlYXJjaCwgCj4gICBjb21wYXJlLCBtb2Rp ZnksIGFkZCwgZGVsZXRlLCBtb2RETiBvciBleHRlbmRlZCBvcGVyYXRpb24gcmVxdWVzdCAKPiAg IG1lc3NhZ2UgKHdpdGggdGhlIGV4Y2VwdGlvbiBvZiBhbnkgZXh0ZW5zaW9uIHRoYXQgY2F1c2Vz IGEgY2hhbmdlIGluIAo+ICAgYXV0aGVudGljYXRpb24sIGF1dGhvcml6YXRpb24sIG9yIGRhdGEg Y29uZmlkZW50aWFsaXR5IFtSRkMgMjgyOF0sIAo+ICAgc3VjaCBhcyBzdGFydFRMUykgYXMgcGFy dCBvZiB0aGUgY29udHJvbHMgZmllbGQgb2YgdGhlIExEQVBNZXNzYWdlLCAKPiAgIGFzIGRlZmlu ZWQgaW4gW0xEQVBWM10uIAoKcy9tb2RETi9tb2RpZnkgRE4vCnMvc3RhcnRUTFMvU3RhcnQgVExT LwphZGQgcmVmZXJlbmNlIHRvIFJGQyAyODMwIGZvciBzdGFydFRMUy4gIApJdCdzIGxpa2VseSBt b3JlIGFwcHJvcnBpYXRlIHRvIHJlZmVyZW5jZSBSRkMgMjgyOSAoTERBUCBBdXRoZW50aWNhdGlv bgptZXRob2RzKSB0aGFuIFJGQyAyODI4IChJbnRlcm5ldCBTZWN1cml0eSBHbG9zc2FyeSkgaGVy ZS4KCkFsc28sIHRoZSBwYXJlbnN0aGVzaXMgYXJvdW5kICJ3aXRoIC4uLiBzdGFydFRMUyIgc2hv dWxkIGJlIHJlbW92ZWQKYXMgdGhlIHRleHQgc2hvdWxkIG5vdCBiZSBhIG5vdGUuCgo+ICAgVGhl IGNvbnRyb2xUeXBlIG9mIHRoZSBwcm94aWVkIGF1dGhvcml6YXRpb24gY29udHJvbCBpcyAKPiAg ICIyLjE2Ljg0MC4xLjExMzczMC4zLjQuMTgiLiAKPiAgICAKPiAgIFRoZSBjcml0aWNhbGl0eSBN VVNUIGJlIHByZXNlbnQgYW5kIE1VU1QgYmUgVFJVRS4gVGhpcyByZXF1aXJlbWVudCAKPiAgIHBy b3RlY3RzIGNsaWVudHMgZnJvbSBzdWJtaXR0aW5nIGEgcmVxdWVzdCB0aGF0IGlzIGV4ZWN1dGVk IHdpdGggYW4gCj4gICB1bmludGVuZGVkIGF1dGhvcml6YXRpb24gaWRlbnRpdHkuIAo+ICAgIAo+ ICAgVGhlIGNvbnRyb2xWYWx1ZSBpcyBlaXRoZXIgYW4gTERBUFN0cmluZyBbTERBUHYzXSBjb250 YWluaW5nIGFuIAo+ICAgYXV0aHpJZCBhcyBkZWZpbmVkIGluIHNlY3Rpb24gOSBvZiBbQVVUSF0g dG8gdXNlIGFzIHRoZSBhdXRob3JpemF0aW9uIAo+ICAgaWRlbnRpdHkgZm9yIHRoZSByZXF1ZXN0 LCBvciBhbiBlbXB0eSB2YWx1ZSBpZiB0aGUgYW5vbnltb3VzIGlkZW50aXR5IAo+ICAgaXMgdG8g YmUgdXNlZC4gCgpJIHN1Z2dlc3Q6CiAgICBUaGUgY29udHJvbFZhbHVlIFNIQUxMIGJlIHByZXNl bnQgYW5kIGNvbnRhaW4gZWl0aGVyIGFuCglhdXRoeklkIFtBVVRIXSByZXByZXNlbnRpbmcgdGhl IGF1dGhvcml6YXRpb24gaWRlbnRpdHkgZm9yIHRoZQoJcmVxdWVzdCBvciBlbXB0eSBpZiBhbiBh bm9ueW1vdXMgYXNzb2NpYXRpb24gaXMgdG8gYmUgdXNlZC4KCkluIHBhcnRpY3VsYXIsIG5vdGUg dGhhdCB0aGlzIGF2b2lkcyB0aGUgb3h5bW9yb24gImFub255bW91cyBpZGVudGl0eSIKYW5kIG1h a2VzIGl0IGNsZWFyIHRoYXQgdGhlIGNvbnRyb2xWYWx1ZSBtdXN0IGJlIHByZXNlbnQuCgo+ICAg VGhlIG1lY2hhbmlzbSBmb3IgZGV0ZXJtaW5pbmcgcHJveHkgYWNjZXNzIHJpZ2h0cyBpcyBzcGVj aWZpYyB0byB0aGUgCj4gICBzZXJ2ZXIncyBhY2Nlc3MgY29udHJvbCBwb2xpY3kuIAoKSSBzdWdn ZXN0IHMvYWNjZXNzIGNvbnRyb2wvcHJveHkgYXV0aG9yaXphdGlvbi8gaGVyZSBhbmQgYmVsb3cu Cgo+ICAgSWYgdGhlIHJlcXVlc3RlZCBhdXRob3JpemF0aW9uIGlkZW50aXR5IGlzIHJlY29nbml6 ZWQgYnkgdGhlIHNlcnZlciwgCj4gICBhbmQgdGhlIGNsaWVudCBpcyBhdXRob3JpemVkIHRvIGFk b3B0IHRoZSByZXF1ZXN0ZWQgYXV0aG9yaXphdGlvbiAKPiAgIGlkZW50aXR5LCB0aGUgcmVxdWVz dCB3aWxsIGJlIGV4ZWN1dGVkIGFzIGlmIHN1Ym1pdHRlZCBieSB0aGUgcHJveGllZCAKPiAgIGF1 dGhvcml6YXRpb24gaWRlbnRpdHksIG90aGVyd2lzZSB0aGUgcmVzdWx0IGNvZGUgVEJEIGlzIHJl dHVybmVkLiAKPiAgIFtOb3RlIHRvIHRoZSBJRVNHL0lBTkEvUkZDIEVkaXRvcjogdGhlIHZhbHVl IFRCRCBpcyB0byBiZSByZXBsYWNlZCAKPiAgIHdpdGggYW4gSUFOQSBhc3NpZ25lZCBMREFQIFJl c3VsdCBDb2RlIChzZWUgZHJhZnQtaWV0Zi1sZGFwYmlzLWlhbmEtCj4gICB4eC50eHQsIFNlY3Rp b24gMy41KV0gCgpBIHJlcXVlc3QgZm9yIHRoaXMgcmVzdWx0IGNvZGUgc2hvdWxkIGJlIHByb3Zp ZGVkIGluIGFuIElBTkEKQ29uc2lkZXJhdGlvbnMgc2VjdGlvbi4KICAgIAo+NC4gSW1wbGVtZW50 YXRpb24gQ29uc2lkZXJhdGlvbnMgCgpJIHN1Z2dlc3Qgcy9pbnRlcmFjdGlvbi9vbmUgcG9zc2li bGUgaW50ZXJhY3Rpb24vIGJlbG93LiAgQXMgdGhlcmUKYXJlIG5vIHRlY2huaWNhbCBzcGVjaWZp Y2F0aW9ucyBmb3IgcHJveHkgYXV0aG9yaXphdGlvbiBhbmQgYWNjZXNzCmNvbnRyb2wgcG9saWNp ZXMsIHRoZSB3b3JkaW5nIGhlcmUgc2hvdWxkIGNsZWFybHkgaW5kaWNhdGUgdGhhdAp0aGlzIGls bHVzdHJhdGlvbiBpcyBpbmZvcm1hdGl2ZS4KCj4gICBUaGUgaW50ZXJhY3Rpb24gb2YgcHJveGll ZCBhdXRob3JpemF0aW9uIGFjY2VzcyBjb250cm9sIGFuZCBub3JtYWwgCj4gICBhY2Nlc3MgY29u dHJvbCBpcyBpbGx1c3RyYXRlZCBoZXJlIGZvciB0aGUgY2FzZSBvZiBzZWFyY2ggcmVxdWVzdHMu IAo+ICAgRHVyaW5nIGV2YWx1YXRpb24gb2YgYSBzZWFyY2ggcmVxdWVzdCwgYW4gZW50cnkgd2hp Y2ggd291bGQgaGF2ZSBiZWVuIAo+ICAgcmV0dXJuZWQgZm9yIHRoZSBzZWFyY2ggaWYgc3VibWl0 dGVkIGJ5IHRoZSBwcm94aWVkIGF1dGhvcml6YXRpb24gCj4gICBpZGVudGl0eSBkaXJlY3RseSBt YXkgbm90IGJlIHJldHVybmVkIGlmIHRoZSBzZXJ2ZXIgZmluZHMgdGhhdCB0aGUgCj4gICByZXF1 ZXN0ZXIgZG9lcyBub3QgaGF2ZSB0aGUgcmlnaHQgdG8gYXNzdW1lIHRoZSByZXF1ZXN0ZWQgaWRl bnRpdHkgCj4gICBmb3Igc2VhcmNoaW5nIHRoZSBlbnRyeSwgZXZlbiBpZiB0aGUgZW50cnkgaXMg d2l0aGluIHRoZSBzY29wZSBvZiBhIAo+ICAgc2VhcmNoIHJlcXVlc3QgdW5kZXIgYSBiYXNlIERO IHdoaWNoIGRvZXMgaW1wbHkgc3VjaCByaWdodHMuIFRoaXMgCj4gICBtZWFucyB0aGF0IGZld2Vy IHJlc3VsdHMsIG9yIG5vIHJlc3VsdHMsIG1heSBiZSByZXR1cm5lZCBjb21wYXJlZCB0byAKPiAg IHRoZSBjYXNlIHdoZXJlIHRoZSBwcm94aWVkIGF1dGhvcml6YXRpb24gaWRlbnRpdHkgaXNzdWVk IHRoZSByZXF1ZXN0IAo+ICAgZGlyZWN0bHkuIEFuIGV4YW1wbGUgb2Ygc3VjaCBhIGNhc2UgbWF5 IGJlIGEgc3lzdGVtIHdpdGggZmluZS1ncmFpbmVkIAo+ICAKPkV4cGlyZXMgTm92ZW1iZXIgMjAw MiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgW1BhZ2UgMl0gCj4MCj5Q Uk9YSUVEIEFVVEhPUklaQVRJT04gQ09OVFJPTCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIE1heSAyMDAyIAo+IAo+IAo+ICAgYWNjZXNzIGNvbnRyb2wsIHdoZXJlIHRoZSBwcm94eSBy aWdodCByZXF1ZXN0ZXIgaGFzIHByb3h5IHJpZ2h0cyBhdCAKPiAgIHRoZSB0b3Agb2YgYSBzZWFy Y2ggdHJlZSwgYnV0IG5vdCBhdCBvciBiZWxvdyBhIHBvaW50IG9yIHBvaW50cyAKPiAgIHdpdGhp biB0aGUgdHJlZS4gCj4gICAgCj4gICAgCj41LiBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyAKPiAg ICAKPiAgIFRoZSBQcm94aWVkIEF1dGhvcml6YXRpb24gQ29udHJvbCBtZXRob2QgaXMgc3ViamVj dCB0byBnZW5lcmFsIExEQVAgCj4gICBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBbTERBUFYzXSBb QVVUSF0gW0xEQVBUTFNdLiBUaGUgY29udHJvbCBtYXkgYmUgCj4gICBwYXNzZWQgb3ZlciBhIHNl Y3VyZSBhcyB3ZWxsIGFzIG92ZXIgYW4gaW5zZWN1cmUgY2hhbm5lbC4gCj4gICAgCj4gICBUaGUg Y29udHJvbCBhbGxvd3MgZm9yIGFuIGFkZGl0aW9uYWwgYXV0aG9yaXphdGlvbiBpZGVudGl0eSB0 byBiZSAKPiAgIHBhc3NlZC4gSW4gc29tZSBkZXBsb3ltZW50cywgdGhlc2UgaWRlbnRpdGllcyBt YXkgY29udGFpbiAKPiAgIGNvbmZpZGVudGlhbCBpbmZvcm1hdGlvbiB3aGljaCByZXF1aXJlIHBy aXZhY3kgcHJvdGVjdGlvbi4gCj4gICAgCj4gICBOb3RlIHRoYXQgdGhlIHNlcnZlciBpcyByZXNw b25zaWJsZSBmb3IgZGV0ZXJtaW5pbmcgaWYgYSBwcm94aWVkIAo+ICAgYXV0aG9yaXphdGlvbiBy ZXF1ZXN0IGlzIHRvIGJlIGhvbm9yZWQuICJBbm9ueW1vdXMiIHVzZXJzIFNIT1VMRCBOT1QgCj4g ICBiZSBhbGxvd2VkIHRvIGFzc3VtZSB0aGUgaWRlbnRpdHkgb2Ygb3RoZXJzLiAKPiAgICAKPiAg ICAKPjYuIENvcHlyaWdodCAKPiAgICAKPiAgIENvcHlyaWdodCAoQykgVGhlIEludGVybmV0IFNv Y2lldHkgKGRhdGUpLiBBbGwgUmlnaHRzIFJlc2VydmVkLiAKPiAgICAKPiAgIFRoaXMgZG9jdW1l bnQgYW5kIHRyYW5zbGF0aW9ucyBvZiBpdCBtYXkgYmUgY29waWVkIGFuZCBmdXJuaXNoZWQgdG8g Cj4gICBvdGhlcnMsIGFuZCBkZXJpdmF0aXZlIHdvcmtzIHRoYXQgY29tbWVudCBvbiBvciBvdGhl cndpc2UgZXhwbGFpbiBpdCAKPiAgIG9yIGFzc2lzdCBpbiBpdHMgaW1wbGVtZW50YXRpb24gbWF5 IGJlIHByZXBhcmVkLCBjb3BpZWQsIHB1Ymxpc2hlZCAKPiAgIGFuZCBkaXN0cmlidXRlZCwgaW4g d2hvbGUgb3IgaW4gcGFydCwgd2l0aG91dCByZXN0cmljdGlvbiBvZiBhbnkgCj4gICBraW5kLCBw cm92aWRlZCB0aGF0IHRoZSBhYm92ZSBjb3B5cmlnaHQgbm90aWNlIGFuZCB0aGlzIHBhcmFncmFw aCBhcmUgCj4gICBpbmNsdWRlZCBvbiBhbGwgc3VjaCBjb3BpZXMgYW5kIGRlcml2YXRpdmUgd29y a3MuICBIb3dldmVyLCB0aGlzIAo+ICAgZG9jdW1lbnQgaXRzZWxmIG1heSBub3QgYmUgbW9kaWZp ZWQgaW4gYW55IHdheSwgc3VjaCBhcyBieSByZW1vdmluZyAKPiAgIHRoZSBjb3B5cmlnaHQgbm90 aWNlIG9yIHJlZmVyZW5jZXMgdG8gdGhlIEludGVybmV0IFNvY2lldHkgb3Igb3RoZXIgCj4gICBJ bnRlcm5ldCBvcmdhbml6YXRpb25zLCBleGNlcHQgYXMgbmVlZGVkIGZvciB0aGUgIHB1cnBvc2Ug b2YgCj4gICBkZXZlbG9waW5nIEludGVybmV0IHN0YW5kYXJkcyBpbiB3aGljaCBjYXNlIHRoZSBw cm9jZWR1cmVzIGZvciAKPiAgIGNvcHlyaWdodHMgZGVmaW5lZCBpbiB0aGUgSW50ZXJuZXQgU3Rh bmRhcmRzIHByb2Nlc3MgbXVzdCBiZSAKPiAgIGZvbGxvd2VkLCBvciBhcyByZXF1aXJlZCB0byB0 cmFuc2xhdGUgaXQgaW50byBsYW5ndWFnZXMgb3RoZXIgdGhhbiAKPiAgIEVuZ2xpc2guIAo+ICAg IAo+ICAgVGhlIGxpbWl0ZWQgcGVybWlzc2lvbnMgZ3JhbnRlZCBhYm92ZSBhcmUgcGVycGV0dWFs IGFuZCB3aWxsIG5vdCBiZSAKPiAgIHJldm9rZWQgYnkgdGhlIEludGVybmV0IFNvY2lldHkgb3Ig aXRzIHN1Y2Nlc3NvcnMgb3IgYXNzaWducy4gCj4gICAgCj4gICBUaGlzIGRvY3VtZW50IGFuZCB0 aGUgaW5mb3JtYXRpb24gY29udGFpbmVkIGhlcmVpbiBpcyBwcm92aWRlZCBvbiBhbiAKPiAgICJB UyBJUyIgYmFzaXMgYW5kIFRIRSBJTlRFUk5FVCBTT0NJRVRZIEFORCBUSEUgSU5URVJORVQgRU5H SU5FRVJJTkcgCj4gICBUQVNLIEZPUkNFIERJU0NMQUlNUyBBTEwgV0FSUkFOVElFUywgRVhQUkVT UyBPUiBJTVBMSUVELCBJTkNMVURJTkcgCj4gICBCVVQgTk9UIExJTUlURUQgVE8gQU5ZIFdBUlJB TlRZIFRIQVQgVEhFIFVTRSBPRiBUSEUgSU5GT1JNQVRJT04gCj4gICBIRVJFSU4gV0lMTCBOT1Qg SU5GUklOR0UgQU5ZIFJJR0hUUyBPUiBBTlkgSU1QTElFRCBXQVJSQU5USUVTIE9GIAo+ICAgTUVS Q0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQT1NFLiAKPiAgICAK PiAgICAKPjcuIFJlZmVyZW5jZXMgCiAgICAKU3BsaXQgcmVmZXJlbmNlcyAobm9ybWF0aXZlIHYu IGluZm9ybWF0aXZlKQoKPiAgIFtMREFQVjNdIE0uIFdhaGwsIFQuIEhvd2VzLCBTLiBLaWxsZSwg IkxpZ2h0d2VpZ2h0IERpcmVjdG9yeSBBY2Nlc3MgCj4gICAgICAgIFByb3RvY29sICh2MykiLCBS RkMgMjI1MSwgRGVjZW1iZXIgMTk5Ny4gCj4gIAo+RXhwaXJlcyBOb3ZlbWJlciAyMDAyICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBbUGFnZSAzXSAKPgwKPlBST1hJRUQg QVVUSE9SSVpBVElPTiBDT05UUk9MICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTWF5 IDIwMDIgCj4gCj4gCj4gICAgCj4gICBbS0VZV09SRFNdIEJyYWRuZXIsIFNjb3R0LCAiS2V5IFdv cmRzIGZvciB1c2UgaW4gUkZDcyB0byBJbmRpY2F0ZSAKPiAgICAgICAgUmVxdWlyZW1lbnQgTGV2 ZWxzIiwgZHJhZnQtYnJhZG5lci1rZXktd29yZHMtMDMudHh0LCBKYW51YXJ5LCAKPiAgICAgICAg MTk5Ny4gCj4gICAgCj4gICAgW1NBU0xdIEouIE15ZXJzLCAiU2ltcGxlIEF1dGhlbnRpY2F0aW9u IGFuZCBTZWN1cml0eSBMYXllciAoU0FTTCkiLCAKPiAgICAgICAgUkZDIDIyMjIsIE9jdG9iZXIg MTk5NyAKPiAgICAKPiAgIFtBVVRIXSBNLiBXYWhsLCBILiBBbHZlc3RyYW5kLCBKLiBIb2RnZXMs IFIuIE1vcmdhbiwgIkF1dGhlbnRpY2F0aW9uIAo+ICAgICAgICBNZXRob2RzIGZvciBMREFQIiwg UkZDIDI4MjksIE1heSAyMDAwICAKPiAgICAKPiAgIFtMREFQVExTXSBKLiBIb2RnZXMsIFIuIE1v cmdhbiwgTS4gV2FobCwgIkxpZ2h0d2VpZ2h0IERpcmVjdG9yeSAKPiAgICAgICAgQWNjZXNzIFBy b3RvY29sICh2Myk6IEV4dGVuc2lvbiBmb3IgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IiwgCj4g ICAgICAgIFJGQyAyODMwLCBNYXkgMjAwMCAKPiAgICAKPiAgIFtSRkMgMjgyOF0gUi4gU2hpcmV5 LCAiSW50ZXJuZXQgU2VjdXJpdHkgR2xvc3NhcnkiLCBSRkMgMjgyOCwgTWF5IAo+ICAgICAgICAy MDAwIAo+ICAgIAo+OC4gQXV0aG9yJ3MgQWRkcmVzcyAKPiAgICAKPiAgIFJvYiBXZWx0bWFuIAo+ ICAgTmV0c2NhcGUgQ29tbXVuaWNhdGlvbnMgQ29ycC4gCj4gICA0NjYgRWxsaXMgU3RyZWV0IAo+ ICAgTW91bnRhaW4gVmlldywgQ0EgOTQwNDMgCj4gICBVU0EgCj4gICArMSA2NTAgOTM3LTMxOTQg Cj4gICByd2VsdG1hbkBuZXRzY2FwZS5jb20gCj4gICAgCj4gICAgCj45LiBBY2tub3dsZWRnZW1l bnRzIAo+ICAgIAo+ICAgTWFyayBTbWl0aCBvZiBOZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBDb3Jw LiwgTWFyayBXYWhsIG9mIFN1biAKPiAgIE1pY3Jvc3lzdGVtcywgSW5jLCBLdXJ0IFplaWxlbmdh IG9mIE9wZW5MREFQIEZvdW5kYXRpb24sIEppbSAKPiAgIFNlcm1lcnNoZWltIG9mIE5vdmVsbCwg YW5kIFN0ZXZlbiBMZWdnIG9mIEFkYWNlbCBoYXZlIGNvbnRyaWJ1dGVkIAo+ICAgd2l0aCByZXZp ZXdzIG9mIHRoaXMgZHJhZnQuIAo+ICAgIAo+MTAuIFJldmlzaW9uIEhpc3RvcnkgCgpBZGQgYSBu b3RlIGhlcmUgc2F5aW5nIHRoaXMgc2VjdGlvbiBpcyB0byBiZSByZW1vdmVkIGJ5IHRoZQpSRkMt RWRpdG9yLgoKPjEwLjEgQ2hhbmdlcyBmcm9tIGRyYWZ0LXdlbHRtYW4tbGRhcHYzLXByb3h5LTEw LnR4dCAKPiAKPiAgIENsYXJpZmllZCB0aGUgaW50ZXJhY3Rpb24gb2YgcHJveHkgYWNjZXNzIHJp Z2h0cyBhbmQgbm9ybWFsIGFjY2VzcyAKPiAgIGNvbnRyb2wgZXZhbHVhdGlvbi4gCj4gICAgCj4K PjEwLjIgQ2hhbmdlcyBmcm9tIGRyYWZ0LXdlbHRtYW4tbGRhcHYzLXByb3h5LTA5LnR4dCAKPiAK PiAgIFJlbW92ZWQgZGVzY3JpcHRpb24gb2YgQ29udHJvbCBtZWNoYW5pc20gZnJvbSBBYnN0cmFj dC4gCj4gICAgCj4gICBBZGRlZCBkZXNjcmlwdGlvbiBvZiBob3cgdGhpcyBpcyBkaWZmZXJlbnQg ZnJvbSBTQVNMIGF1dGh6IHRvIHRoZSAKPiAgIEludHJvZHVjdGlvbi4gCj4KPiAgCj5FeHBpcmVz IE5vdmVtYmVyIDIwMDIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFtQ YWdlIDRdIAo+DAo+UFJPWElFRCBBVVRIT1JJWkFUSU9OIENPTlRST0wgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBNYXkgMjAwMiAKPiAKPiAKPiAgIFJld29yZGVkIGRlc2NyaXB0aW9u IG9mIHRoZSB2YWx1ZSBvZiB0aGUgY29udHJvbCAobm8gc2VtYW50aWMgCj4gICBjaGFuZ2VzKS4g Cj4gICBBZGRlZCBuZXcgcmVzdWx0IGNvZGUgVEJEIGZvciBmYWlsdXJlIHRvIGFjcXVpcmUgcHJv eHkgcmlnaHRzLiAKPiAgICAKPiAgIEFkZGVkIHJlZmVyZW5jZXMgdG8gUkZDcyAyODI5IGFuZCAy ODMwIGluIFNlY3VyaXR5IHNlY3Rpb24uIAo+ICAgIAo+Cj4xMC4zIENoYW5nZXMgZnJvbSBkcmFm dC13ZWx0bWFuLWxkYXB2My1wcm94eS0wOC50eHQgCj4gCj4gICBQcm94aWVkIEF1dGhvcml6YXRp b24gQ29udHJvbCAKPiAgICAKPiAgIENsYXJpZmljYXRpb25zOiAgdGhlIGNvbnRyb2wgbWF5IG5v dCBiZSBzdWJtaXR0ZWQgd2l0aCBhIHN0YXJ0VExTIAo+ICAgcmVxdWVzdDsgYW4gZW1wdHkgY29u dHJvbFZhbHVlIGltcGxpZXMgdGhlIGFub255bW91cyBpZGVudGl0eTsgb25seSAKPiAgIG9uZSBj b250cm9sIG1heSBiZSBpbmNsdWRlZCB3aXRoIGEgcmVxdWVzdC4gCj4gICAgCj4gICBQZXJtaXNz aW9uIHRvIGV4ZWN1dGUgYXMgcHJveHkgCj4gICAgCj4gICBSZXBsYWNlZCAicHJveHkgaWRlbnRp dHkiIHdpdGggInByb3hpZWQgYXV0aG9yaXphdGlvbiBpZGVudGl0eSIuIAo+ICAgIAo+ICAgIAo+ ICAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgCj4gICAgCj4gICBBZGRlZCBzdGF0ZW1lbnQgdGhh dCBhbm9ueW1vdXMgdXNlcnMgc2hvdWxkIG5vdCBiZSBhbGxvd2VkIHRvIGFzc3VtZSAKPiAgIHRo ZSBpZGVudGl0eSBvZiBvdGhlcnMuIAo+ICAgIAo+Cj4xMC40IENoYW5nZXMgZnJvbSBkcmFmdC13 ZWx0bWFuLWxkYXB2My1wcm94eS0wNy50eHQgCj4gCj4gICBQcm94aWVkIEF1dGhvcml6YXRpb24g Q29udHJvbCAKPiAgICAKPiAgIENsYXJpZmljYXRpb246ICB0aGUgY29udGVudCBvZiB0aGUgY29u dHJvbCBpcyBhbiBMREFQU3RyaW5nLiAKPiAgICAKPgo+MTAuNSBDaGFuZ2VzIGZyb20gZHJhZnQt d2VsdG1hbi1sZGFwdjMtcHJveHktMDYudHh0IAo+IAo+ICAgTm9uZSAKPiAgICAKPgo+Cj4KPgo+ Cj4KPgo+Cj4KPgo+Cj4KPgo+Cj4KPiAgCj5FeHBpcmVzIE5vdmVtYmVyIDIwMDIgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFtQYWdlIDVdIAo+DAo+UFJPWElFRCBBVVRI T1JJWkFUSU9OIENPTlRST0wgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNYXkgMjAw MiAKPiAKPiAKPjEwLjYgQ2hhbmdlcyBmcm9tIGRyYWZ0LXdlbHRtYW4tbGRhcHYzLXByb3h5LTA1 LnR4dCAKPiAgICAKPiAgIFRoZSBjb250cm9sIGFsc28gYXBwbGllcyB0byBhZGQgYW5kIGV4dGVu ZGVkIG9wZXJhdGlvbnMuIAo+ICAgIAo+ICAgVGhlIGNvbnRyb2wgdmFsdWUgaXMgYW4gYXV0aG9y aXphdGlvbiBJRCwgbm90IG5lY2Vzc2FyaWx5IGEgRE4uIAo+ICAgIAo+ICAgQ29uZmlkZW50aWFs aXR5IGNvbmNlcm5zIGFyZSBtZW50aW9uZWQuIAo+ICAgIAo+Cj4xMC43IENoYW5nZXMgZnJvbSBk cmFmdC13ZWx0bWFuLWxkYXB2My1wcm94eS0wNC50eHQgCj4gICAgCj4gICBUaGUgY29udHJvbCBk b2VzIG5vdCBhcHBseSB0byBiaW5kLCB1bmJpbmQsIG9yIGFiYW5kb24gb3BlcmF0aW9ucy4gCj4g ICAgCj4gICBUaGUgcHJveHkgRE4gaXMgcmVwcmVzZW50ZWQgYXMgYSBzdHJpbmcgaW4gdGhlIGNv bnRyb2wsIHJhdGhlciB0aGFuIAo+ICAgZW1iZWRkZWQgaW4gYSBzZXF1ZW5jZS4gCj4gICAgCj4g ICBTdXBwb3J0IGZvciB0aGUgY29udHJvbCBpcyBwdWJsaXNoZWQgaW4gdGhlIHN1cHBvcnRlZENv bnRyb2wgCj4gICBhdHRyaWJ1dGUgb2YgdGhlIHJvb3QgRFNFLCBub3QgaW4gc3VwcG9ydGVkRXh0 ZW5zaW9ucy4gCj4gICAgCj4gICBUaGUgc2VjdXJpdHkgc2VjdGlvbiBtZW50aW9ucyBjb25maWRl bnRpYWxpdHkgaXNzdWVzIHdpdGggZXhwb3NpbmcgYW4gCj4gICBhZGRpdGlvbmFsIGlkZW50aXR5 LiAKPiAgICAKPgo+MTAuOCBDaGFuZ2VzIGZyb20gZHJhZnQtd2VsdG1hbi1sZGFwdjMtcHJveHkt MDMudHh0IAo+ICAgIAo+ICAgTm9uZSAKPiAgICAKPiAgICAKPgo+MTAuOSBDaGFuZ2VzIGZyb20g ZHJhZnQtd2VsdG1hbi1sZGFwdjMtcHJveHktMDIudHh0IAo+ICAgIAo+ICAgVGhlIENvbnRyb2wg aXMgbm93IGNhbGxlZCBQcm94aWVkIEF1dGhvcml6YXRpb24gQ29udHJvbCwgcmF0aGVyIHRoYW4g Cj4gICBQcm94aWVkIEF1dGhlbnRpY2F0aW9uIENvbnRyb2wsIHRvIHJlZmxlY3QgdGhhdCBubyBh dXRoZW50aWNhdGlvbiAKPiAgIG9jY3VycyBhcyBhIGNvbnNlcXVlbmNlIG9mIHByb2Nlc3Npbmcg dGhlIENvbnRyb2wuIAo+ICAgIAo+ICAgUmF0aGVyIHRoYW4gY29udGFpbmluZyBhbiBMREFQRE4g YXMgdGhlIENvbnRyb2wgdmFsdWUsIHRoZSBDb250cm9sIAo+ICAgY29udGFpbnMgYSBTZXF1ZW5j ZSAod2hpY2ggY29udGFpbnMgYW4gTERBUEROKS4gVGhpcyBpcyB0byBwcm92aWRlIAo+ICAgZm9y IGZ1dHVyZSBleHRlbnNpb25zLiAKPgo+Cj4KPgo+Cj4KPgo+Cj4KPgo+Cj4KPgo+Cj4gIAo+RXhw aXJlcyBOb3ZlbWJlciAyMDAyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBbUGFnZSA2XSAKPgwK --=====================_100682423==_-- _______________________________________________ Ldap-dir mailing list Ldap-dir@ietf.org https://www1.ietf.org/mailman/listinfo/ldap-dir From mailnull@www1.ietf.org Mon Apr 21 18:47:06 2003 Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06738 for ; Mon, 21 Apr 2003 18:47:06 -0400 (EDT) Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h3LMwL103173 for ldap-dir-archive@odin.ietf.org; Mon, 21 Apr 2003 18:58:21 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LMwL803170 for ; Mon, 21 Apr 2003 18:58:21 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06676 for ; Mon, 21 Apr 2003 18:46:35 -0400 (EDT) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 197k5p-0004AI-00 for ldap-dir-web-archive@ietf.org; Mon, 21 Apr 2003 18:48:57 -0400 Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 197k5p-0004AD-00 for ldap-dir-web-archive@ietf.org; Mon, 21 Apr 2003 18:48:57 -0400 Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LMw3803106; Mon, 21 Apr 2003 18:58:06 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LMsX802971 for ; Mon, 21 Apr 2003 18:54:33 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06576 for ; Mon, 21 Apr 2003 18:42:47 -0400 (EDT) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 197k29-00049M-00 for ldap-dir@ietf.org; Mon, 21 Apr 2003 18:45:09 -0400 Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx with esmtp (Exim 4.12) id 197k28-00049I-00 for ldap-dir@ietf.org; Mon, 21 Apr 2003 18:45:08 -0400 Received: from neophyte.qualcomm.com (neophyte.qualcomm.com [129.46.61.149]) by numenor.qualcomm.com (8.12.9/8.12.5/1.0) with ESMTP id h3LMjR7t008138 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 21 Apr 2003 15:45:28 -0700 (PDT) Received: from qualcomm.com (carbuncle.qualcomm.com [129.46.227.161]) by neophyte.qualcomm.com (8.12.9/8.12.5/1.0) with ESMTP id h3LMjPjp010257; Mon, 21 Apr 2003 15:45:26 -0700 (PDT) Date: Mon, 21 Apr 2003 15:45:24 -0700 Content-Type: text/plain; delsp=yes; charset=ISO-8859-1; format=flowed Mime-Version: 1.0 (Apple Message framework v552) Cc: Roger Harrison , Kurt Zeilenga To: ldap-dir@ietf.org From: Ted Hardie Message-Id: X-Mailer: Apple Mail (2.552) X-MIME-Autoconverted: from quoted-printable to 8bit by www1.ietf.org id h3LMsX802972 Subject: [Ldap-dir] Please review draft-rharrison-ldap-intermediate-resp Sender: ldap-dir-admin@ietf.org Errors-To: ldap-dir-admin@ietf.org X-BeenThere: ldap-dir@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: LDAP Directorate List-Post: List-Help: List-Subscribe: , X-MIME-Autoconverted: from 8bit to quoted-printable by www1.ietf.org id h3LMw3803106 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by www1.ietf.org id h3LMwL803170 Content-Transfer-Encoding: 8bit Hi folks, The authors of draft-rharrison-ldap-intermediate-resp sent in a new version, available at: http://www.ietf.org/internet-drafts/draft-rharrison-ldap-intermediate- resp-01.txt. With the closing of the LDAPEXT working group, this is now an individual submission candidate for Proposed Standard. Please review it; the authors are cc'ed on this message so that they also see your responses. If there are no comments by 4/30/2003, I will ask for a 4 week last call on the draft. thanks, Ted Hardie Begin forwarded message: > From: "Roger Harrison" > Date: Mon Apr 21, 2003 10:02:35 AM US/Pacific > To: > Subject: status of draft-rharrison-ldap-intermediate-resp > > Ted, >   > draft-rharrison-ldap-intermediate-resp has been listed in the ID > Tracker as needing a revision (state = AD Evaluation :: Revised ID > Needed) for some time now. Last month I submitted a revision of the > draft that should address all issues that caused it to be in this > state. At this point, I believe the draft is suitable for publication. > What other steps do I need to take to change the draft's status? >   > Thanks, >   > Roger _______________________________________________ Ldap-dir mailing list Ldap-dir@ietf.org https://www1.ietf.org/mailman/listinfo/ldap-dir From mailnull@www1.ietf.org Mon Apr 21 19:11:49 2003 Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA07966 for ; Mon, 21 Apr 2003 19:11:49 -0400 (EDT) Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h3LNN5i04896 for ldap-dir-archive@odin.ietf.org; Mon, 21 Apr 2003 19:23:05 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LNN5804893 for ; Mon, 21 Apr 2003 19:23:05 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA07955 for ; Mon, 21 Apr 2003 19:11:19 -0400 (EDT) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 197kTk-0004Yi-00 for ldap-dir-web-archive@ietf.org; Mon, 21 Apr 2003 19:13:40 -0400 Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 197kTk-0004Yf-00 for ldap-dir-web-archive@ietf.org; Mon, 21 Apr 2003 19:13:40 -0400 Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LNN0804889; Mon, 21 Apr 2003 19:23:00 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LNMU804869 for ; Mon, 21 Apr 2003 19:22:30 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA07946 for ; Mon, 21 Apr 2003 19:10:43 -0400 (EDT) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 197kTB-0004Yc-00 for ldap-dir@ietf.org; Mon, 21 Apr 2003 19:13:05 -0400 Received: from router.boolean.net ([198.144.206.49] helo=pretender.boolean.net ident=root) by ietf-mx with esmtp (Exim 4.12) id 197kTA-0004YZ-00 for ldap-dir@ietf.org; Mon, 21 Apr 2003 19:13:05 -0400 Received: from nomad.OpenLDAP.org (kurt@localhost [127.0.0.1]) by pretender.boolean.net (8.12.8/8.12.8) with ESMTP id h3LNDLDV027656; Mon, 21 Apr 2003 23:13:21 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.2.0.9.0.20030421160103.0266e330@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Mon, 21 Apr 2003 16:11:05 -0700 To: Ted Hardie From: "Kurt D. Zeilenga" Cc: rweltman@netscape.com, ldap-dir@ietf.org In-Reply-To: <7998E4DF-6A0C-11D7-A412-000393CB0816@qualcomm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: [Ldap-dir] Re: Please review draft-weltman-ldapv3-auth-response-08.txt Sender: ldap-dir-admin@ietf.org Errors-To: ldap-dir-admin@ietf.org X-BeenThere: ldap-dir@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: LDAP Directorate List-Post: List-Help: List-Subscribe: , My review comments are attached. Mostly general and LDAP-specific nits and a few other editorial suggestions. My greatest concern is how this document details its relationship to draft-zeilenga-ldap-authzid. One technical concern I do have is how this document appears to attach additional semantics onto the request control criticality field in Section 4. Operational experience has shown (IMO) that such overloading is bad. I suggest that the control value be used to impart the control-specifics semantics. Kurt At 02:53 PM 4/8/2003, Ted Hardie wrote: >Hi folks, > This draft is intended as an Informational RFC; please send comments >to me and the authors (cc'ed above) if you have objections to it going >forward >as Informational. A URL for it is >http://www.ietf.org/internet-drafts/draft-weltman-ldapv3-auth-response- 08.txt. > regards, > Ted Hardie _______________________________________________ Ldap-dir mailing list Ldap-dir@ietf.org https://www1.ietf.org/mailman/listinfo/ldap-dir From mailnull@www1.ietf.org Mon Apr 21 19:13:50 2003 Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA08031 for ; Mon, 21 Apr 2003 19:13:50 -0400 (EDT) Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h3LNP6D04973 for ldap-dir-archive@odin.ietf.org; Mon, 21 Apr 2003 19:25:06 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LNP6804970 for ; Mon, 21 Apr 2003 19:25:06 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA08016 for ; Mon, 21 Apr 2003 19:13:20 -0400 (EDT) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 197kVi-0004ZQ-00 for ldap-dir-web-archive@ietf.org; Mon, 21 Apr 2003 19:15:42 -0400 Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 197kVh-0004ZM-00 for ldap-dir-web-archive@ietf.org; Mon, 21 Apr 2003 19:15:41 -0400 Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LNP1804965; Mon, 21 Apr 2003 19:25:01 -0400 Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3LNOf804938 for ; Mon, 21 Apr 2003 19:24:41 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA08007 for ; Mon, 21 Apr 2003 19:12:55 -0400 (EDT) Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 197kVJ-0004ZE-00 for ldap-dir@ietf.org; Mon, 21 Apr 2003 19:15:17 -0400 Received: from router.boolean.net ([198.144.206.49] helo=pretender.boolean.net ident=root) by ietf-mx with esmtp (Exim 4.12) id 197kVH-0004ZB-00 for ldap-dir@ietf.org; Mon, 21 Apr 2003 19:15:15 -0400 Received: from nomad.OpenLDAP.org (kurt@localhost [127.0.0.1]) by pretender.boolean.net (8.12.8/8.12.8) with ESMTP id h3LNFaDV027678; Mon, 21 Apr 2003 23:15:36 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <5.2.0.9.0.20030421161235.01a4a278@127.0.0.1> X-Sender: kurt@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Mon, 21 Apr 2003 16:13:20 -0700 To: Ted Hardie From: "Kurt D. Zeilenga" Cc: rweltman@netscape.com, ldap-dir@ietf.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=====================_264486351==_" Subject: [Ldap-dir] Re: Please review draft-weltman-ldapv3-auth-response-08.txt Sender: ldap-dir-admin@ietf.org Errors-To: ldap-dir-admin@ietf.org X-BeenThere: ldap-dir@ietf.org X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: , List-Id: LDAP Directorate List-Post: List-Help: List-Subscribe: , --=====================_264486351==_ Content-Type: text/plain; charset="us-ascii" [now with attachment] My review comments are attached. Mostly general and LDAP-specific nits and a few other editorial suggestions. My greatest concern is how this document details its relationship to draft-zeilenga-ldap-authzid. One technical concern I do have is how this document appears to attach additional semantics onto the request control criticality field in Section 4. Operational experience has shown (IMO) that such overloading is bad. I suggest that the control value be used to impart the control-specifics semantics. Kurt At 02:53 PM 4/8/2003, Ted Hardie wrote: >Hi folks, > This draft is intended as an Informational RFC; please send comments >to me and the authors (cc'ed above) if you have objections to it going >forward >as Informational. A URL for it is >http://www.ietf.org/internet-drafts/draft-weltman-ldapv3-auth-response- 08.txt. > regards, > Ted Hardie --=====================_264486351==_ Content-Type: text/plain; charset="us-ascii" Content-Disposition: attachment; filename="comments-weltman-ldapv3-auth-response-08.txt" > >INTERNET-DRAFT Rob Weltman >Intended Category: Informational Mark Smith > Netscape Communications Corp. > Mark Wahl > Sun Microsystems, Inc. > April 2002 > > > LDAP Authorization Identity Bind Control > draft-weltman-ldapv3-auth-response-08.txt > > >Status of this Memo > > This document is an Internet-Draft and is in full conformance with > all provisions of Section 10 of RFC2026. > > Internet-Drafts are working documents of the Internet Task Force > (IETF), its areas, and its working groups. Note that other groups > may also distribute working documents as Internet-Drafts. > > Internet-Drafts are draft documents valid for a maximum of six months > and may be updated, replaced, or obsoleted by other documents at any > time. It is inappropriate to use Internet Drafts as reference > material or to cite them other than as "work in progress." > > The list of current Internet-Drafts can be accessed at > http://www.ietf.org/ietf/1id-abstracts.txt. > > The list of Internet-Draft Shadow Directories can be accessed at > http://www.ietf.org/shadow.html. As I commented to Ted, I believe it would be approrpriate for the IESG to insert a note here regarding how this I-D relates to the standard track approach offerred in draft-zeilenga-ldap-authzid. >Abstract > > This document defines a way for an LDAP [LDAPv3] server to return the > identity assumed by a client on binding using the LDAP Control > mechanism . > LDAP should be spelled out on first use. > >1. Introduction I note that Abstract/Introduction seem not to stand well by themselves. In particular, I find it odd that LDAP is not meanted in the first sentence below. Also, a normative reference to RFC 3377 is needed when referring to LDAP, followed by references to portions of the technical specification (RFC 2251,2829) as needed. > This document defines support for the Authentication Request Control > and the Authorization Identity Bind Control. The "Authentication Request Control" is a poor name for this control as the control doesn't request authentication. I suggest the request control be called "Authorization Identity Request Control" and the response control called "Authorization Identity Response Control". then to clarify that they may only be used with the Bind operation. One possible rewording: This document extends the Lightweight Directory Access Protocol (LDAP) [RFC3377] Bind [RFC2251] operation with a mechanism for requesting and returning the authorization identity it establishes. Specifically, this document defines the Authorization Identity Request and Response controls for use with the Bind operation. > The Authentication > Request Control may be submitted by a client in a bind request if > authenticating with version 3 of the LDAP protocol [LDAPv3]. In the > LDAP server's bind response, it may then include an Authorization > Identity Bind Control. The response control contains the identity > assumed by the client. This is useful when there is a mapping step or > other indirection during the bind, so that the client can be told > what LDAP identity was granted. Client authentication with > certificates is the primary situation where this applies. Also, some > SASL authentication mechanisms may not involve the client explicitly > providing a DN, or may result in an authorization identity which is > >Expires October 2002 [Page 1] > >AUTHORIZATION IDENTITY BIND CONTROL April 2002 > > > different from the authentication identity provided by the client > [AUTH]. SASL should be spelled out on first use and a reference provided. > The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", "MAY", and > "MAY NOT" used in this document are to be interpreted as described > in [RFCKeyWords]. "MAY NOT" is not a RFC 2119 keyword. Also, I find the use of these keywords a bit odd. I suggest the author consider whether what is being stated is actually an implementation requirement or not. I find the easiest way I've found to do this is to consider whether or not the statement would make sense written as "(Client/Server) Implementations of this technical specification MUST/SHOULD/MAY X". In particular, I am concerned that that "MAY"s used in the technical specification. Many likely should be "may"s. >2. Publishing support for the Authentication Request Control and the > Authorization Identity Bind Control > > Support for the Authentication Request Control and the Authorization > Identity Bind Control is indicated by the presence of the OIDs > 2.16.840.1.113730.3.4.16 and 2.16.840.1.113730.3.4.15, respectively, > in the supportedControl attribute of a server's root DSE. The assignment of these OIDs need to be detailed in an IANA considerations section. Also, the request control OID needs to be registered as an LDAP Protocol Mechnanism. See BCP 64 for details. OID should be spelled out on first use. A reference to RFC 2252, which defines the supportedControl attribute, should be added. >3. Authorization Identity Bind Control > > This control MAY be included in any bind request which specifies > protocol version 3, as part of the controls field of the LDAPMessage > as defined in [LDAPv3]. In a multi-step bind operation, the client > MUST provide the control with each bind request. > > The controlType is "2.16.840.1.113730.3.4.16" and the controlValue is > absent. > > >4. Authorization Identity Response Control > > This control MAY be included in any final bind response where the > first bind request of the bind operation included an Authentication > Request Control as part of the controls field of the LDAPMessage as > defined in [LDAPv3]. > > The controlType is "2.16.840.1.113730.3.4.15". If the bind request > succeeded and resulted in an identity (not anonymous), the > controlValue contains the authorization identity (authzId), as > defined in [AUTH] section 9, granted to the requestor. If the bind > request resulted in anonymous authentication, the controlValue field > is a string of zero length. If the bind request resulted in more than > one authzId, the primary authzId is returned in the controlValue > field. > > The control is only included in a bind response if the resultCode for > the bind operation is success. > > If the request control is marked critical and the client is not > authorized for it, the server MUST return a resultCode of > insufficientAccessRights. If the request control is not marked > critical and the client is not authorized for it, the server MUST NOT > include a response control with the bind response. I am concerned that this control attaches semantics upon the criticality field beyond those stated in RFC 2251. This is generally considered inappropriate overloading of the criticality field. An additional flag should be used to enable/disable the return of the insufficientAccessRights result code. >Expires October 2002 [Page 2 > >AUTHORIZATION IDENTITY BIND CONTROL April 2002 > > > Identities presented by a client as part of the authentication > process may be mapped by the server to one or more authorization > identities. The bind response control can be used to retrieve the > primary authzId. > > For example, during client authentication with certificates [AUTH], a > client may possess more than one certificate and not be able to > determine which one was ultimately selected for authentication to the > server. The subject DN field in the selected certificate may not > correspond exactly to a DN in the directory, but rather have gone > through a mapping process controlled by the server. On completing the > certificate-based authentication, the client may issue a SASL [SASL] > bind request, specifying the EXTERNAL mechanism and including an > Authorization Identity Bind Control. The bind response MAY include an > Authorization Identity Response Control indicating the DN in the > server's DIT which the certificate was mapped to. > > >5. Alternative Approach with Extended Operation > > The LDAP "Who am I?" [AUTHZID] extended operation provides a > mechanism to query the authorization identity associated with a bound > connection. Using an extended operation as opposed to a bind response > control allows a client to learn the authorization identity after the > bind has has established integrity and data confidentiality > protections. The disadvantages of the extended operation approach are > coordination issues between "Who am I?" requests, bind requests, and > other requests, and that an extra operation is required to learn the > authorization identity. For multithreaded or high bandwidth server > application environments, the bind response approach may be > preferable. > >6. Security Considerations Both controls are subject to ... > The Authorization Identity Response Control is subject to standard > LDAP security considerations. The control may be passed over a secure > as well as over an insecure channel. It is not protected by security > layers negotiated by the bind operation. > > The control allows for an additional authorization identity to be > passed. In some deployments, these identities may contain > confidential information which require privacy protection. In such > deployments, a security layer should be established prior to issuing > a bind request with an Authorization Identity Bind Control. > > >7. Copyright > > Copyright (C) The Internet Society (2000). All Rights Reserved. > > This document and translations of it may be copied and furnished to > others, and derivative works that comment on or otherwise explain it > >Expires October 2002 [Page 3 > >AUTHORIZATION IDENTITY BIND CONTROL April 2002 > > > or assist in its implementation may be prepared, copied, published > and distributed, in whole or in part, without restriction of any > kind, provided that the above copyright notice and this paragraph are > included on all such copies and derivative works. However, this > document itself may not be modified in any way, such as by removing > the copyright notice or references to the Internet Society or other > Internet organizations, except as needed for the purpose of > developing Internet standards in which case the procedures for > copyrights defined in the Internet Standards process must be > followed, or as required to translate it into languages other than > English. > > The limited permissions granted above are perpetual and will not be > revoked by the Internet Society or its successors or assigns. > > This document and the information contained herein is provided on an > "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING > TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING > BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION > HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF > MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. > > >8. Bibliography > > [LDAPv3] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access > Protocol (v3)", RFC 2251, December 1997. > > [RFCKeyWords] Bradner, Scott, "Key Words for use in RFCs to Indicate > Requirement Levels", draft-bradner-key-words-03.txt, January > 1997. > > [AUTH] M. Wahl, H. Alvestrand, J. Hodges, RL "Bob" Morgan, > "Authentication Methods for LDAP", RFC 2829, May 2000. > > [SASL] J. Myers, "Simple Authentication and Security Layer (SASL", > RFC 2222, October 1997. > > [ASN.1] X.680 : ITU-T Recommendation X.680 (1997) | ISO/IEC 8824- > 1:1998, Information Technology - Abstract Syntax Notation One > (ASN.1): Specification of Basic Notation > > [AUTHZID] K. Zeilenga, "LDAP 'Who am I?' Operation", draft-zeilenga- > ldap-authzid-02.txt, March 2002 > > > >9. Author's Addresses > > Rob Weltman > Netscape Communications Corp. > 466 Ellis Street > Mountain View, CA 94043 > >Expires October 2002 [Page 4 > >AUTHORIZATION IDENTITY BIND CONTROL April 2002 > > > USA > +1 650 937-3194 > rweltman@netscape.com > > Mark Smith > Netscape Communications Corp. > 466 Ellis Street > Mountain View, CA 94043 > USA > +1 650 937-3477 > mcs@netscape.com > > Mark Wahl > Sun Microsystems, Inc. > 911 Capital of Texas Hwy, Suite 4140 > Austin, TX 78759 > USA > +1 512 231 7224 > Mark.Wahl@sun.com > > > >10. Revision history > > >10.1 Changes from draft-weltman-ldapv3-auth-response-06.txt > > General > > Changed Intended Category from Standards Track to Informational. > > Swapped the Abstract and Introduction sections > > Added section "Alternative Approach with Extended Operation" > > > >10.2 Changes from draft-weltman-ldapv3-auth-response-05.txt > > General > > Change name of control from "Authentication Response Control" to > "Authorization Identity Bind Control". > > > Authorization Identity Bind Control > > Control must be provided with each bind request in a multi-step bind. > Replaced "failure" with "resultCode other than success". > > > Authorization Identity Response Control > >Expires October 2002 [Page 5 > >AUTHORIZATION IDENTITY BIND CONTROL April 2002 > > > > There may be more than one authzId. > > > >10.3 Changes from draft-weltman-ldapv3-auth-response-04.txt > > Authentication Request Control > > Removed clause saying that the control may not be marked critical. > Added sentence stating that the server should ignore authentication > request controls other than on the first bind request in a multi-step > bind operation. > > > Authorization Identity Bind Control > > Added "(authzId)" to "authorization identity". > > > Security Considerations > > Added a sentence recommending that a security layer be negotiated > before issuing a bind request with the authentication request control > in deployments where the authorization identity requires privacy > protection. > > > >10.4 No Changes from draft-weltman-ldapv3-auth-response-03.txt > > No changes > > >10.5 Changes from draft-weltman-ldapv3-auth-response-02.txt > > Publishing support > > The controls are published in supportedControl, not > supportedExtension. > > > Authorization Identity Bind Control > > The value of an Authorization Identity Bind Control is an > authorization identity, not necessarily a DN. > > > Security Considerations > > Added a short discussion of the fact that an identity is exposed in > the response control. > >Expires October 2002 [Page 6 > >AUTHORIZATION IDENTITY BIND CONTROL April 2002 > > > > > Miscellaneous > > Eliminated BNF for control contents. > > > >10.6 Changes from draft-weltman-ldapv3-auth-response-01.txt > > Authentication Request Control > > An Authorization Identity Bind Control is now only returned if the > client requested one by submitting an Authentication Request Control. > > > Contents of Authorization Identity Bind Control > > Rather than returning both the authentication DN and the > authentication mechanism, the control only returns the authentication > DN. > > > >10.7 Changes from draft-weltman-ldapv3-auth-response-00.txt > > Capitalization of ASN.1 macros > > AuthResponseControl and AuthResponseValue are capitalized. > > > Clarifications > > Added sentence on behavior for anonymous binds. > > > > > > > > > > > > > > > > > > > >Expires October 2002 [Page 7 > --=====================_264486351==_-- _______________________________________________ Ldap-dir mailing list Ldap-dir@ietf.org https://www1.ietf.org/mailman/listinfo/ldap-dir