[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heirarchical error codes

To: ietf-calendar@xxxxxxx
Subject: Re: Heirarchical error codes
From: Doug Royer <Doug.Royer@xxxxxxx>
Date: Fri, 19 Mar 1999 15:32:55 -0800 (PST)
List-archive: <http://www.imc.org/ietf-calendar/mail-archive/>
List-unsubscribe: <mailto:ietf-calendar-request@imc.org?body=unsubscribe>
Reply-to: Doug Royer <Doug.Royer@xxxxxxx>
Sender: owner-ietf-calendar@xxxxxxx

> Date: Fri, 19 Mar 1999 10:46:39 -0500 (EST)
> From: Rob Earhart <rob@andrew.cmu.edu>
> 
> > Are you thinking of some sort of CAPABILITY list that the client sends the
> > server, and a similar set of capabilities that the server returns based on
> > what it received from the client??
> 
>   Almost; I'd rather see both simply send capability lists when the
> connection is initialized.  For instance, at session startup, one might
> see
> 
>   C: * CAPABILITY CAP XMLCAL
>   S: * CAPABILITY CAP SASL ("KERBEROS_V4" "GSSAPI" "DIGEST-MD5") TLS
> 
> (using * instead of a normal tag because these aren't commands; they're
> information which doesn't require a reply.) 

Untagged can get messy if we allow capability in multiple states as
shown in the straw-man draft (and I hope we keep that).  I am hopping
that you can only see the authentication mechanisms in the connected
state.  And the rest of the capabilities after authentication.

For example, now that I know who you (authenticated entity) are, you
also have the capability to use x, y, and z. I could also see a CS
implementation sending different results to an authenticated CUA
depending if they were inside or outside of a firewall.

So the client would need to know how to authenticate initially, then
could query the CS after authentication for more capabilities.
Requireing a tagged capability command?

>   The server probably shouldn't restrict its list based on what it gets
> from the client; it's useful to see everything the server's capable of.
> After this exchange, both sides know what the other's capable of dealing
> with, and can restrict what they speak to the subset of the capabilities
> they know about for which the other side has announced support.

Supporting a capability is one issue, how do we handle MUST for
an implementation? What if for security reasons a particular 
CS implementation requires that TLS MUST be used. How do we
say that? Do we care?

-Doug
-------------------------------------------------------------------
Doug.Royer@Sun.COM		http://playground.sun.com/~dougr
801 W. El Camino #131		Work:   (650)786-7599
Mountain View, CA 94040		Ham Radio: N6AAW, Aviation: PP-ASEL

Follow-Ups:
- Re: Heirarchical error codes
  - From: Rob Earhart

Prev by Date: Re: Intolerant iMIP receivers
Next by Date: RE: CAP Example READ-1
Previous by thread: Re: Heirarchical error codes
Next by thread: Re: Heirarchical error codes
Index(es):
- Date
- Thread