[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call Comment: LDAP & X.500 Component Matching Rules toProposed Standard

To: "'Harald Tveit Alvestrand'" <harald@alvestrand.no>, <iesg@ietf.org>
Subject: RE: Last Call Comment: LDAP & X.500 Component Matching Rules toProposed Standard
From: "Steven Legg" <steven.legg@adacel.com.au>
Date: Mon, 12 May 2003 17:29:44 +1000
In-reply-to: <38040000.1052463992@askvoll.hjemme.alvestrand.no>

Hi Harald,

Harald Tveit Alvestrand wrote:
> Last Call comment on this document:
> 
> The document fails to describe how a client can determine 
> whether or not an 
> LDAP server implements the componentFilterMatch matching rule.

Which is normal practice for matching rule definitions, and various
other things in LDAP. LDAP and X.500 don't have a standardized
mechanism for determining what a server can or can't support,
and LDAP specifications rarely address this question.
draft-zeilenga-ldap-features-xx.txt is attempting to rectify this
situation, though it is not clear to me what the current status
of this draft is.

One way to deal with the varying capabilities of LDAP servers
is for directory-using application specifications to include an
application profile that lists all the features, matching rules included,
that an LDAP server must support in order to claim conformance with the
application. This is the approach PKIX has taken.

> 
> Since the extension is complex, and presently unsupported,

There is one implementation.

> it 
> will likely 
> be critical for interoperability (and proper error messages) 
> that a client 
> know how to check whether this extension is present or not in 
> a server.
> (It's possible, albeit expensive, for a client to have 
> fallback in some 
> situations by pulling large sets of objects to the client and 
> doing the 
> required matching client-side. Unless he knows whether or not it is 
> supported, this becomes more complex.)
> 
> It is not clear to this reader whether this should be indicated via 
> "supportedControl", "supportedExtension", 
> "supportedLDAPVersion"

None of the above apply. The best fit is "supportedFeatures" from
draft-zeilenga-ldap-features-xx.txt, though it is debatable whether
a simple yes/no indication is adequate for expressing support for
something as expansive as component matching. I expect at least some
implementors will support component matching incrementally, thus
application profiles would appear to be more appropriate. I leave it to
the IESG to decide.

Regards,
Steven Legg, speaking as the author

> 
>              Harald Alvestrand, speaking as IETF participant
> 
> 
> --On onsdag, mai 07, 2003 15:09:29 -0400 The IESG 
> <iesg-secretary@ietf.org> 
> wrote:
> 
> >
> > The IESG has received a request to consider LDAP & X.500 Component
> > Matching Rules <draft-legg-ldapext-component-matching-10.txt> as a
> > Proposed Standard.  This has been reviewed in the IETF but 
> is not the
> > product of an IETF Working Group.
> >
> > The IESG plans to make a decision in the next few weeks, 
> and solicits
> > final comments on this action.  Please send any comments to the
> > iesg@ietf.org or ietf@ietf.org mailing lists by 2003-6-7.
> >
> > Files can be obtained via
> > 
> http://www.ietf.org/internet-drafts/draft-legg-ldapext-component-matching
> -10.txt
>
>
>
>
>

Follow-Ups:
- RE: Last Call Comment: LDAP & X.500 Component Matching RulestoProposed Standard
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

References:
- Last Call Comment: LDAP & X.500 Component Matching Rules toProposed Standard
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: Quick question on isakmp-registry.
Next by Date: RE: Last Call Comment: LDAP & X.500 Component Matching RulestoProposed Standard
Previous by thread: Last Call Comment: LDAP & X.500 Component Matching Rules toProposed Standard
Next by thread: RE: Last Call Comment: LDAP & X.500 Component Matching RulestoProposed Standard
Index(es):
- Date
- Thread