Clearance Sponsor Attribute
draft-turner-clearancesponsor-attribute-03
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Cullen Jennings |
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Pasi Eronen |
2010-02-17
|
03 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2010-02-16
|
03 | (System) | IANA Action state changed to No IC from In Progress |
2010-02-16
|
03 | (System) | IANA Action state changed to In Progress |
2010-02-16
|
03 | Amy Vezza | IESG state changed to Approved-announcement sent |
2010-02-16
|
03 | Amy Vezza | IESG has approved the document |
2010-02-16
|
03 | Amy Vezza | Closed "Approve" ballot |
2010-02-16
|
03 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza |
2010-02-16
|
03 | Pasi Eronen | [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Discuss by Pasi Eronen |
2010-02-01
|
03 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2010-02-01
|
03 | (System) | New version available: draft-turner-clearancesponsor-attribute-03.txt |
2009-11-20
|
03 | (System) | Removed from agenda for telechat - 2009-11-19 |
2009-11-19
|
03 | Cindy Morgan | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan |
2009-11-19
|
03 | Cullen Jennings | [Ballot Position Update] Position for Cullen Jennings has been changed to No Objection from Discuss by Cullen Jennings |
2009-11-19
|
03 | Cullen Jennings | [Ballot discuss] If this is supposed to be a definitive name of a person or organization, don't we have ways for expressing that in certificates? … [Ballot discuss] If this is supposed to be a definitive name of a person or organization, don't we have ways for expressing that in certificates? I am not in favor of using a string that has only local significance given machine (not humans) will be making authorization decisions based on this. The complexity of agreeing on local identifiers is not fun and they tend to leak out of the domain where they were defined. |
2009-11-19
|
03 | Magnus Westerlund | [Ballot comment] I agree with both Cullen's and Pasi's discusses. This document is not clear on where it can really be used or what a … [Ballot comment] I agree with both Cullen's and Pasi's discusses. This document is not clear on where it can really be used or what a receiver of the attribute really can do. If it is intended for machine use and point at location where information can be verified, then it should be a locator and with specified request mechanism. If it is for human consumption then it should say that and be clear that machines are not intended to act on the attribute. |
2009-11-19
|
03 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
2009-11-19
|
03 | Dan Romascanu | [Ballot comment] 1. I support Pasi's part of the DISCUSS about 32 lenght strings being too short for proper identification of organizations, and Jari's COMMENT … [Ballot comment] 1. I support Pasi's part of the DISCUSS about 32 lenght strings being too short for proper identification of organizations, and Jari's COMMENT about lack of definition of the term 'sponsor'. 2. Same comment as with the other turner draft about the normative reference to superseded version of the X.680 Recommendation |
2009-11-19
|
03 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2009-11-18
|
03 | Jari Arkko | [Ballot comment] Some of the same comments apply here as in the other draft-turner. In addition, the document seems to lack a definition of a … [Ballot comment] Some of the same comments apply here as in the other draft-turner. In addition, the document seems to lack a definition of a "sponsor". When I followed the references I understood what was meant by "clearance". But it is still unclear what a sponsor is. Is this an entity that performed the clearance evaluation, or the entity that paid for it? Also, I support Cullen's comments on DirectoryString and its length. My main issue with DirectoryString is that I have no idea what I should be putting to the sponsor attribute. If I put in "NSA", will it help me get through access controls at some place? :-) |
2009-11-18
|
03 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
2009-11-18
|
03 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
2009-11-18
|
03 | Amy Vezza | State Changes to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup by Amy Vezza |
2009-11-18
|
03 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
2009-11-18
|
03 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2009-11-18
|
03 | Alexey Melnikov | [Ballot comment] Abstract This document defines the clearance sponsor attribute. This attribute may be included in locations or protocols that support X.500 … [Ballot comment] Abstract This document defines the clearance sponsor attribute. This attribute may be included in locations or protocols that support X.500 attributes. "Protocols"? 2. Clearance Sponsor The clearance sponsor attribute indicates the sponsor of the clearance of the subject with which this attribute is associated. This attribute is only meaningful if the clearance attribute [RFC3281bis] is also present. The clearance sponsor attribute is a DirectoryString [RFC5280], which MUST use the UTF8String CHOICE, string with a minimum size of 1 characters and a maximum of 32 characters. Did you mean Unicode characters or octets? 3. Security Considerations If this attribute is used as part of an authorization process, the procedures employed by the entity that assigns each value Did you mean clearance values? must ensure that the correct value is applied. |
2009-11-18
|
03 | Cullen Jennings | [Ballot discuss] I don't understand what goes in the directory string or how a machine is going to do anything with it. Why is it … [Ballot discuss] I don't understand what goes in the directory string or how a machine is going to do anything with it. Why is it so short? I'm not asking for a change to the drat - I'm just confused. If you can clear this up with an email to me, I can easily imagine clearing this discuss with no change to draft. |
2009-11-18
|
03 | Cullen Jennings | [Ballot Position Update] New position, Discuss, has been recorded by Cullen Jennings |
2009-11-18
|
03 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
2009-11-18
|
03 | Lars Eggert | [Ballot Position Update] New position, Abstain, has been recorded by Lars Eggert |
2009-11-17
|
03 | Pasi Eronen | [Ballot discuss] I have reviewed draft-turner-clearancesponsor-attribute-02, and have a couple of questions/concerns that I'd like to discuss before recommending approval of the document: - … [Ballot discuss] I have reviewed draft-turner-clearancesponsor-attribute-02, and have a couple of questions/concerns that I'd like to discuss before recommending approval of the document: - 32 characters seems an awfully short limit for the maximum length. For example, "National Institute of Standards and Technology" is 46 characters, and presumably, that's not the only agency with a long name... - Is the intent that the clearance sponsor name is scoped by the certificate issuer? Or in other words, could one certificate issuer use e.g. "DSAC" to mean "Defence Scientific Advisory Council" (UK), and another "Domestic Security Alliance Council" (in US)? (If this is the intent, it probably needs some explanation about how to process these...) - Same as deviceowner-attribute: the ASN.1 module should probably import everything on page 6. |
2009-11-17
|
03 | Pasi Eronen | [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen |
2009-11-16
|
03 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded by Alexey Melnikov |
2009-11-16
|
03 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2009-10-28
|
03 | Tim Polk | [Ballot Position Update] New position, Yes, has been recorded for Tim Polk |
2009-10-28
|
03 | Tim Polk | Ballot has been issued by Tim Polk |
2009-10-28
|
03 | Tim Polk | Created "Approve" ballot |
2009-10-28
|
03 | Tim Polk | Placed on agenda for telechat - 2009-11-19 by Tim Polk |
2009-10-20
|
03 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2009-10-20
|
02 | (System) | New version available: draft-turner-clearancesponsor-attribute-02.txt |
2009-09-02
|
03 | Tim Polk | State Changes to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead by Tim Polk |
2009-08-28
|
03 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2009-08-18
|
03 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Dave Cridland. |
2009-08-14
|
03 | Amanda Baber | IANA comments: As described in the IANA Considerations section, we understand this document to have NO IANA Actions. |
2009-08-03
|
03 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Dave Cridland |
2009-08-03
|
03 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Dave Cridland |
2009-07-31
|
03 | Cindy Morgan | Last call sent |
2009-07-31
|
03 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
2009-07-31
|
03 | Tim Polk | State Changes to Last Call Requested from AD Evaluation by Tim Polk |
2009-07-31
|
03 | Tim Polk | Last Call was requested by Tim Polk |
2009-07-31
|
03 | (System) | Ballot writeup text was added |
2009-07-31
|
03 | (System) | Last call text was added |
2009-07-31
|
03 | (System) | Ballot approval text was added |
2009-07-27
|
03 | Tim Polk | State Changes to AD Evaluation from Publication Requested by Tim Polk |
2009-03-26
|
03 | Tim Polk | Area acronymn has been changed to sec from gen |
2009-03-26
|
03 | Tim Polk | Intended Status has been changed to Informational from None |
2009-03-26
|
03 | Tim Polk | 1.a - Carl Wallace is the Shepherd. I have personally reviewed the document and assert that it is ready for IESG publication. 1.b - The … 1.a - Carl Wallace is the Shepherd. I have personally reviewed the document and assert that it is ready for IESG publication. 1.b - The document has been reviewed by Russ Housley, Jim Schaad, and Kurt Zelienga, who were considered to be experts with ASN.1 and/or directories. There are no concerns about depth or breadth of the reviews. 1.c - I see no need for wider review. 1.d - There are no specific concerns of which the AD and/or IESG should be aware. 1.e - This is not a product of a WG. 1.f - This is not a product of a WG. 1.g - I have personally verified that the document satisfies all ID nits (although it does generate several spurious warnings). 1.h - The document splits it references into normative and informative as required. 1.i - The document has an IANA consideration section and it is consistent with the main body (there are no IANA considerations). 1.j - Sean Turner verified the ASN.1. 1.k - Write-up is as follows: Technical Summary This document defines the clearance sponsor attribute. This attribute may be carried in a public key certificate in the Subject Directory Attributes extension, in an attribute certificate in the attribute field, in a directory as an attribute, or in protocols that support attributes. Discussion Summary The -00 version was reviewed by Kurt Zeilenga. He suggested instead of using UTF8String that the attribute be a DirectoryString and use the caseIgnoreMatch matching rule. These changes were adopted, as they were more than reasonable. Document Quality This document is a short document that defines an attribute and uses an already defined matching rule. Personnel Carl Wallace is the shepherd. Tim Polk is the sponsoring AD. |
2009-03-26
|
03 | Tim Polk | Draft Added by Tim Polk in state Publication Requested |
2009-03-05
|
01 | (System) | New version available: draft-turner-clearancesponsor-attribute-01.txt |
2008-10-06
|
00 | (System) | New version available: draft-turner-clearancesponsor-attribute-00.txt |