CAP: Definition of UPN

[Bruce_Kahn@xxxxxxxx]

According to the draft-00.txt, a UPN is defined as:

User Principal Name (UPN)
     An identifier that denotes a unique CU. A UPN strongly resembles an
     RFC 822 style email address and in some cases it may be identical
     to the email address for the CU. It consists of a realm in the form
     of a DNS domain name and a username.

I have an aversion to the explicit inclusion of term "DNS domain name".  There are some systems (like Lotus Notes and Novell Netware) that have a separate naming space that do not map directly onto a contiguous DNS domain name space.  From my notes on the Montreal mtg I note that we were going to adjust this description to be more like "It consists of a realm in the form of an authentication realm name and a username." and then have an implementors note that suggests the use of DNS domain names for the authentication realm name.

This would allow systems like Windows 2000, Kerberos, and others to use DNS if they want but mandate other systems w/other authentication schemas adopt this schema or change their architecture to be DNS-only based.  Besides, if we tie the realm description explicitly to DNS we may be precluding non-TCP transports implementations.

Bruce
===========================================================================
Bruce Kahn                                INet: Bruce_Kahn@iris.com
Iris Associates                          Phone: 978.392.5335
Westford, MA, USA 01886                    FAX: and nothing but the FAX...
Standard disclaimers apply, even where prohibited by law...