[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AC profile - Policy Authority on the Role attribute

To: <ietf-pkix@xxxxxxx>
Subject: AC profile - Policy Authority on the Role attribute
From: "Andy Dowling" <andy.dowling@xxxxxx>
Date: Tue, 9 May 2000 16:17:11 +0100
References: <>

section 4.4.5 of the ac profile document states the following:

   The roleAuthority field MUST NOT be used. The roleName field MUST be
   present, and roleName MUST use the uniformResourceIdentifier CHOICE
   of the GeneralName.

This means that we cannot define a policy authority for the role attribute!
:-(
Previously, where we used IETFAttrSyntax, we were able to qualify the
attribute
in this way.

Could we change the profile to allow the use of roleAuthority, i.e.:

   The roleAuthority field MAY be used to specify the issuing authority of
the role attribute.
   The roleName field MUST be
   present, and roleName MUST use the uniformResourceIdentifier CHOICE
   of the GeneralName.

Any comments?

Andy

Follow-Ups:
- Re: AC profile - Policy Authority on the Role attribute
  - From: Stephen Farrell

References:
- I-D ACTION:draft-ietf-pkix-ac509prof-03.txt
  - From: Internet-Drafts

Prev by Date: I-D ACTION:draft-ietf-pkix-ac509prof-03.txt
Next by Date: SubjectAltName verification
Previous by thread: I-D ACTION:draft-ietf-pkix-ac509prof-03.txt
Next by thread: Re: AC profile - Policy Authority on the Role attribute
Index(es):
- Date
- Thread