[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Latest in-process draft
David Madeo wrote:
> Doug Royer wrote:
> > Richard Shusterman wrote:
> > >
> > > Doug,
> > >
> > > I quickly scanned this draft and did not see any of the text that was generated
> > > at the Boston meeting and sent to this list included in this latest draft. Can
> > > you please update this draft with that text. I realize there are some discussions
> > > that still need to be made around some of this text but a number of us did spend
> > > 2 full days working on this text AND I didn't see any major objections to it's
> > > inclusion. If you need me to point you to emails with the relevant text, I can do
> > > that.
> > As steve pointed out it is in the works.
> > Also, I still do not understand some of the text as I still have unanswered
> > questions that I have posted. In summary (with respect to trying to generate
> > a VCAR for an anonymous UPN):
> > Anonymous - looked ambiguous in the text. What is an anonymous UPN?
> > Anonymous from any domain or any @specifc-domain. I could not tell which.
> A totally anonymous UPN is "@". It may be possible to authenticate
> using a SASL method, but obtain the "domain anonymous" UPN such as
> "@example.com". This means you can be identified as someone from
> example.com, but we're not sure which person.
How does a CAP CUA 'obtain' it over the wire?
> It's important to distinguish between UPN's and ACL pattern matches.
> ACL's currently require a UPN. We've also discussed putting pattern
> matches into ACL rules as well as definitive UPN's. So I may choose to
> let "@" see my freebusy time, "@example.com" see certain types of data
> and "mybestfriend@xxxxxxxxxxx" see everything. This translates to
> anyone can see my freebusy. Anyone who can authenticate at example.com
> can see certain types of data and that specific UPN can see everything.
I would be for that.
> A simple example:
> Using SASL, I can authenticate as me and get my normal UPN
> "dmadeo@xxxxxxxxxxx". Or I could authenticate as me and ask for another
How does a CAP CUR ask for 'another UPN'?
> Whichever authentication method I use can look up to see if I'm
> allowed to ask for that particular UPN and either allow or disallow it.
With UPNEXPAND I can expand one UPN into multiple.
How does a CAP CUA ask to use a particularly UPN?
How does a CS or a CAP CUA allow or disallow it (I assume you mean access to
use the selected UPN)?
> The CU trusts the SASL methods to only give it UPN's that are properly
I assume 'it' is the CU? Is this via UPNEXPAND? Or as part
of the AUTHENTICATE reply?
> I ask to see the calendar calid://example.com/a9dfhj23jf
> which has an ACL which says "dmadeo@xxxxxxxxxxx" is an owner. I can
> modify the calendar as much as I'd like. I then ask to see
> calid://example.com/89jadf77adf which has an ACL saying "@example.com"
> has full read access. Because my UPN is "dmadeo@xxxxxxxxxxx", and the
> ACL says "@example.com", I should then have full read access.
Okay so that's how you could do wild card matches.
How do you use/select another UPN?
tel;pager:650-274-8960 or pager@xxxxxxxxx
adr;quoted-printable:;;801 Woodside Rd. #14=0D=0ASuite 244;Redwood City;CA;94061;USA