headers
Jered Floyd | 17 Oct 2002 00:06
Favicon

Clarification on RFC 3080, 4.1.3


At the end of section 4.1.3 of RFC 3080 (bottom of page 43), SASL's
EXTERNAL mechanism is described.  It ends with:

   if present, the authentication identity must be consistent with the
   credentials provided by the external authentication service (if the
   authentication identity is empty, then an authorization identity is
   automatically derived from the credentials provided by the external
   authentication service).

In the parenthetical comment, is the word "authorization" meant to
be "authentication"?  I believe this sentence is trying to state that
if an authentication identity is provided via SASL EXTERNAL, it must
match the external authentication identity, however if it is not
present the authentication identity is taken from the external
credentials.

--Jered
Permalink | Reply | 1 comment |
headers
RL 'Bob' Morgan | 18 Oct 2002 22:58
Favicon

Re: Clarification on RFC 3080, 4.1.3


On 16 Oct 2002, Jered Floyd wrote:

> At the end of section 4.1.3 of RFC 3080 (bottom of page 43), SASL's
> EXTERNAL mechanism is described.  It ends with:
>
>    if present, the authentication identity must be consistent with the
>    credentials provided by the external authentication service (if the
>    authentication identity is empty, then an authorization identity is
>    automatically derived from the credentials provided by the external
>    authentication service).
>
> In the parenthetical comment, is the word "authorization" meant to
> be "authentication"?  I believe this sentence is trying to state that
> if an authentication identity is provided via SASL EXTERNAL, it must
> match the external authentication identity, however if it is not
> present the authentication identity is taken from the external
> credentials.

Actually, I believe the paragraph in RFC 3080 should be written as:

   o  if present, the authorization identity must be consistent with
      the credentials provided by the external authentication service
      (if the authorization identity is empty, then an authorization
      identity is automatically derived from the credentials provided by
      the external authentication service).

(Sorry if I messed this up when I supplied that text, Marshall.)

RFC 2222 specifies that a SASL profile of a security mechanism should
(Continue reading)

Permalink | Reply | 0 comments |
headers
Gabe Wachob | 24 Oct 2002 04:44

beepbuilders activity

For those who aren't on the beepbuilders list, I've created a sourceforge
project for managing and publishing interoperability tests and test code
for beep library interoperability testing.

http://beepbuilders.sf.net

Please see
http://xml.resource.org/pipermail/beepbuilders/2002-October/000012.html
for more info.

Still looking for input on the best way to move forward in
interoperability testing.

        -Gabe

--

-- 
Gabe Wachob                       gwachob <at> wachob.com
Personal                       http://www.wachob.com
Founder, WiredObjects    http://www.wiredobjects.com
Permalink | Reply | 0 comments |

Gmane