[xacml-comment] X500 Name Match unclarity - Florian Huonder - org.oasis-open.lists.xacml-comment

5 messages in org.oasis-open.lists.xacml-comment[xacml-comment] X500 Name Match uncla...

From	Sent On	Attachments
Florian Huonder	May 27, 2009 12:43 am
bill parducci	May 27, 2009 7:09 am
Florian Huonder	May 27, 2009 7:33 am
David Chadwick	May 27, 2009 7:57 am
Florian Huonder	May 27, 2009 9:19 am

Subject:	[xacml-comment] X500 Name Match unclarity
From:	Florian Huonder (fhuo...@herasaf.org)
Date:	May 27, 2009 12:43:40 am
List:	org.oasis-open.lists.xacml-comment

Hi all,

I am talking about the X500 name match function urn:oasis:names:tc:xacml:1.0:function:x500Name-match (XACML 2.0 Spec).

There in the description the term "terminal sequence" is used but this does not exist in any X500 specifications.

Therefore it is undefined and therefore it leaves room for interpretation.

Possibility 1:

True is returned in case when all elements of the X500Name in the request are contained in the X500Name in the Policy, in any order. The number of elements must not match but the number of elements in the request must be at least as much as in the Policy.

Possibility 2:

The term "terminal sequence" can be interpreted as "the last element of the X500 names must match and not all elements.

Could anybody tell me how this x500Name-match function must be implemented?

Regards,

Florian

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets