Thank you Peter for the explanation. Yes, I am looking for a way that
allows clients to tell in advance precisely what rules the server will
apply with regard to case mapping.
Precis operations for the same kind of string can take place in various
places in different tiers and their behavior should be consistent. The
usernames "fussball" and "fußball" should be treated as equal for case
insensitive matching, or as distinct for case sensitive matching. In a
worst case, distinct but confusable accounts might be confused. Such
problems would never happen if the components designated the complete
spec of the username string matching. If the profile doesn't fully
specify the spec but it's up to the deployment/service policies, I would
like the components to be able to identify the policies precisely. The
components that perform precis processing are distributed and they have
to be coordinated with respect to the deployment/service policies. With
a standard naming scheme for them it would be much easier to coordinate
them. Implementers would have to make that up anyway, and it would be
hard for application developers to tell the difference between different
UsenameIdentifierClass implementations.
I am aware the ICU project has implemented SASLprep. It appears the SASL
implementation has no ambiguity regarding case mappings; cases are
preserved in the example:
2 user user no transformation
3 USER USER case preserved, will not match #2
I expect the same clarity in PRECIS. I do believe case insensitive
matching should be enabled. I think a small number of popular recipes
for usernames should be identified and standardized as a profile or a
deployment/service policy, however it is called.
Regards,
-Dan
On 8/29/2014 3:15 PM, Peter Saint-Andre wrote:
On 8/25/14, 7:52 PM, Dan Chiba wrote:
Hi Peter,
This is essentially generic but I think the degree of impact would vary,
depending on the profile. UsenameIdentifierClass would be one of those
severely affected because it is important to evaluate usernames
correctly and there are various common practices of handing them.
Sometimes case insensitive, sometimes sensitive, among others.
Correct. Which is why it's difficult to formulate one rule for all
treatments of usernames, and why it took quite a bit of discussion to
come to consensus on the text in Section 4.2.1 of the SASLprepbis
specification:
http://tools.ietf.org/html/draft-ietf-precis-saslprepbis-07#section-4.2.1
If I understand your original message correctly, you are looking for a
way that, say, client software can know in advance how a server will
treat usernames with regard to case mapping, based on the SASL
mechanism or application protocol in use. I was looking for that, too.
Unfortunately, our friends in the KITTEN WG (which works on SASL) were
insistent - and correct - that there is no deterministic formula here
because case mapping can even be a matter of deployment or service
policy and thus not determined by the SASL mechanism or application
protocol in use. Thus our carefully-crafted text in Section 4.2.1.
I wish I could report happier news.
Peter
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
