[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: I-D ACTION:draft-ietf-pkix-acmc-01.txt
I promised Stephen Farrell that I would include a means to provide
functionality similar to LAAP in ACMC (issuing ACs according to
a pre-agreed policy). The text for that change didn't make it into
the version I sent to the I-D reposter just before the deadline, so I'm
sending it to the list. The following text replaces the last paragraph
in Section 4.3 (Attribute Modification Handling Control Attribute):
When attributes are to be issued according to a given profile or
policy, the requester MAY send requested attributes and their
values or omit them. If values are supplied, the AA may modify
these values within the bounds of the policy. If the attributes
are omitted in the request, the AA supplies a permissible set of
attributes and values as dictated by the policy. If the policy
identifier (attrModPolicy) is not explicitly noted, then the
policy is taken to be a pre-agreed default policy.
I also made the policy identifier OPTIONAL in order to support this mode.
As always, comments are welcome.
-Peter Yee
pyee@xxxxxxxxxxxxxxx
>-----Original Message-----
>From: Internet-Drafts@xxxxxxxx [mailto:Internet-Drafts@xxxxxxxx]
>Sent: Thursday, March 07, 2002 3:58 AM
>Cc: ietf-pkix@xxxxxxx
>Subject: I-D ACTION:draft-ietf-pkix-acmc-01.txt
>
>
>A New Internet-Draft is available from the on-line
>Internet-Drafts directories.
>This draft is a work item of the Public-Key Infrastructure
>(X.509) Working Group of the IETF.
>
> Title : Attribute Certificate Management
>Messages over CMS
> Author(s) : P. Yee
> Filename : draft-ietf-pkix-acmc-01.txt
> Pages : 10
> Date : 06-Mar-02
>
>This document specifies modifications to the Certificate Management
>Messages over CMS specification ([CMCbis]) to permit the management
>of attribute certificates. This document does not stand alone, but
>must be used in conjunction with [CMCbis]. It is expected that the
>modifications proposed here will also be used in conjunction with the
>Attribute Certificate Request Message Format specification ([ACRMF]).
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-ietf-pkix-acmc-01.txt
>
>To remove yourself from the IETF Announcement list, send a message to
>ietf-announce-request with the word unsubscribe in the body of
>the message.
>
>Internet-Drafts are also available by anonymous FTP. Login
>with the username
>"anonymous" and a password of your e-mail address. After logging in,
>type "cd internet-drafts" and then
> "get draft-ietf-pkix-acmc-01.txt".
>
>A list of Internet-Drafts directories can be found in
>http://www.ietf.org/shadow.html
>or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
>Internet-Drafts can also be obtained by e-mail.
>
>Send a message to:
> mailserv@xxxxxxxxx
>In the body type:
> "FILE /internet-drafts/draft-ietf-pkix-acmc-01.txt".
>
>NOTE: The mail server at ietf.org can return the document in
> MIME-encoded form by using the "mpack" utility. To use this
> feature, insert the command "ENCODING mime" before the "FILE"
> command. To decode the response(s), you will need "munpack" or
> a MIME-compliant mail reader. Different MIME-compliant
>mail readers
> exhibit different behavior, especially when dealing with
> "multipart" MIME messages (i.e. documents which have been split
> up into multiple messages), so check your local documentation on
> how to manipulate these messages.
>
>
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.
>