MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] Change to x500Name-equal function
I am willing to accept Anne's change. I hope we don't have to vote on
this.
Cheers,
-Polar
On Thu, 19 Sep 2002, Anne Anderson wrote:
> I learned a lot from working on x500Name-match, and would like to
> update x500Name-equal to be consistent as follows:
>
> This function takes two arguments of "xacml:x500Name" and returns
> "xs:boolean". It returns true if and only if each Relative
> Distinguished Name (RDN) in the two arguments matches. Two RDNs
> match if an only if the result of the following operations is true:
>
> First, normalize the two RDNs according to IETF RFC 2253
> "Lightweight Directory Access Protocol (v3): UTF-8
> String Representation of Distinguished Names Names".
>
> Second, if any RDN contains multiple attributeTypeAndValue
> pairs, re-order the attributeTypeAndValue pairs in that RDN in
> ascending order when compared as octet strings (described in
> ITU-T Rec. X.690 (1997 E) Section 11.6, "Set-of components").
>
> Finally, compare the RDNs using the rules in IETF RFC 3280
> "Internet X.509 Public Key Infrastructure Certificate and
> Certificate Revocation List (CRL) Profile", Section 4.2.1.4
> "Issuer".
>
> Anne
> --
> Anne H. Anderson Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311 Tel: 781/442-0928
> Burlington, MA 01803-0902 USA Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC