[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attribute Certificate Policies Extension

To: "Denis Pinkas" <Denis.Pinkas@xxxxxxxx>, "pkix" <ietf-pkix@xxxxxxx>
Subject: Re: Attribute Certificate Policies Extension
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Sat, 26 Oct 2002 08:58:48 +0200
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Denis, 
I have a long time questioned the value of X.509 ACs. 
What systems and SW do you know that today supports such? 

If explicit authorizations is ever going to be a major inter-organization 
issue, it seems that authorizations will rather be transferred in various 
types of XML-formatted messages (like SAML), and that for a number 
of good reasons such as: 

- XML Schemas allow exact and easy-to-differentiate authorization
  profiles to be developed

- XML is an almost human-readable format

- XML is supported by free (or built-in) software and an abundance
   of people who knows how to use it

- Practically all vendors of the required authorization management
  SW are working with XML-based systems

This limits X.509 ACs to a few local systems of little general interest,
which makes me believe that the draft is redundant.  As policies for
internal use is implicit, and typically only can be interpreted by
humans, it does not fill a need for local enterprise systems either.

As a more constructive input, I advice you to join some of the AC-
related OASIS-groups, who at least have a chance (albeit slim), to
get their work accepted by the industry.

As indicated by others, it is maybe a good idea, to from time to time,
perform polls concerning new and existing PKIX-drafts' commercial
potential, instead of wasting energy on resurrecting a dead horse.

Just my 0.002 EUR

Anders

----- Original Message ----- 
From: "Denis Pinkas" <Denis.Pinkas@xxxxxxxx>
To: "pkix" <ietf-pkix@xxxxxxx>
Sent: Friday, October 25, 2002 15:23
Subject: Attribute Certificate Policies Extension



A new version of the draft on Attribute Certificate Policies Extension has 
been posted. It is available at :

http://www.ietf.org/internet-drafts/draft-ietf-pkix-acpolicies-extn-01.txt

Whereas the previous draft was defining different extensions, the new draft 
only covers a single extension allowing to designate the policy under which 
an Atribute Certificate has been issued.

This extension is not applicable to Public Key Certificates.

Denis

Follow-Ups:
- RE: Attribute Certificate Policies Extension
  - From: Christopher S. Francis

References:
- Attribute Certificate Policies Extension
  - From: Denis Pinkas

Prev by Date: Re: Fwd: PKI Forum
Next by Date: Re: draft-ietf-pkix-logotypes-06.txt
Previous by thread: Attribute Certificate Policies Extension
Next by thread: RE: Attribute Certificate Policies Extension
Index(es):
- Date
- Thread