[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 certificate and its subject name field
In reply to your message of 27 May 97, 19:08:
One solution is to use a national ID scheme. In the UK all employed
people are given a National Insurance number which is unqiue to them
and doesn't change over their lifetime. There may
be however some privacy questions with such a scheme
Nick Pope
> Steve,
>
> Let's think what happens during a corporate reorganization, company
> mergers, or country unifications (:)). Names and directories may
> change! If UID's are embedded in names and if applications do not
> carve out the UID's for use in authorization decisions/ACL's, then we
> will have a BIG trouble! If it is suggested that applications will
> have to pick up the UID from within the subject name, then it should
> be made clear in the spec. But, then how would non-X500 names be
> dealt with when they are supported??? Why don't we suggest the use of
> the Subject UID field, then sit back and relax.
>
> On May 27, 1:46pm, Stephen Kent wrote:
> > Subject: Re: X.509 certificate and its subject name field
> > Shyh-Wei,
> >
> > I think that, for organizational persons, a second component for
> > the terminal RDN would usually be something that those managing the local
> > namespace would see as natural, i.e., it is something like an employee ID
> > number that has already been assigned and thus is not an arbitrary string
> > like the Subject UID.
>
> Why can't an employee ID number be used as ths Subject UID, if the ID
> is never reused?
>
> >
> >-- End of excerpt from Stephen Kent
>
>
>
>
-------------------------------------
Security & Standards
Suite A
191 Moulsham St.
Chelmsford
Essex
CM2 0LG
U.K.
Tel: +44 1245 495018
Fax: +44 1245 494517