[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AC509 Login Name

To: "Nick Pope" <pope@xxxxxxxxxxx>, <stephen.farrell@xxxxxxxxxxxx>
Subject: Re: AC509 Login Name
From: "Andy Dowling" <andy.dowling@xxxxxx>
Date: Tue, 21 Dec 1999 09:16:07 -0000
Cc: <ietf-pkix@xxxxxxx>
References: <>

Nick,

I don't see the need to define any new name form.
Why not simply use the "otherName" (OCTET STRING) choice of GeneralName,
and encode the DER-encoded UTF8String (or whatever) inside that?
(i.e. just like AC/PKC extensions do it). The profile specifies that
otherName must not
be used as a GeneralName choice unless otherwise specified, but I'm sure an
exception
can be made in this case - eh Stephen? :-)

Regards,

Andy

> I am working on the use of attribute certificates for secure access to a
> database, where the user's global identity authenticated using SSL/TLS
needs
> to be securely mapped to a local login name.
>
> I presume that the Access Identity, as defined in 4.5.2 of
> <draft-ietf-pkix-ac509prof-01>, can be used for this function.
>
> However, I cannot find an existing name form defined in X.509 for
> GeneralNames which could be used for a local login name.
>
> Could one be defined as part of the IETF attribute certificate profile?
>
> What syntax should this take?  A choice between UTF-8 and General Name
would
> be the simplest.
>
> Nick Pope
>
>
>

References:
- AC509 Login Name
  - From: Nick Pope

Prev by Date: AC509 Login Name
Next by Date: Re: AC509 Login Name
Previous by thread: AC509 Login Name
Next by thread: Re: AC509 Login Name
Index(es):
- Date
- Thread