On 8/25/14, 7:52 PM, Dan Chiba wrote:
Hi Peter,
This is essentially generic but I think the degree of impact would vary,
depending on the profile. UsenameIdentifierClass would be one of those
severely affected because it is important to evaluate usernames
correctly and there are various common practices of handing them.
Sometimes case insensitive, sometimes sensitive, among others.
Correct. Which is why it's difficult to formulate one rule for all
treatments of usernames, and why it took quite a bit of discussion to
come to consensus on the text in Section 4.2.1 of the SASLprepbis
specification:
http://tools.ietf.org/html/draft-ietf-precis-saslprepbis-07#section-4.2.1
If I understand your original message correctly, you are looking for a
way that, say, client software can know in advance how a server will
treat usernames with regard to case mapping, based on the SASL mechanism
or application protocol in use. I was looking for that, too.
Unfortunately, our friends in the KITTEN WG (which works on SASL) were
insistent - and correct - that there is no deterministic formula here
because case mapping can even be a matter of deployment or service
policy and thus not determined by the SASL mechanism or application
protocol in use. Thus our carefully-crafted text in Section 4.2.1.
I wish I could report happier news.
Peter
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
