[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CAP: UPN wild-carding (Was: Re: incomplete UPN restrictions in VCARs)
Bernard Desruisseaux wrote:
> Doug Royer wrote:
> > Bernard Desruisseaux wrote:
> > >
> > > The UPN "bernard@xxxxxxxxxxx" doesn't mean that "bernard" is
> > > connecting from the domain "steltor.com". It simply means
> > > that someone had the proper credentials to authenticate
> > > himself as "bernard@xxxxxxxxxxx".
> > YES - THAT IS EXACTLY MY POINT.
> > How do I say that 'bernard@xxxxxxxxxxx' only has
> > access if he is connecting from 'steltor.com' ?
> > Otherwise he has NO access.
> My point is that it could be left to the implementor.
> I see this as an administrative task that is outside
> the scope of the CAP protocol.
We it's not, that's why we have anonymous@domain.
So how do we deal with it?
org:INET-Consulting LLC <http://INET-Consulting.com
title:Chief Executive Manager