Skip to main content

Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation
draft-zeilenga-ldap-authzid-10

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'LDAP 'Who am I?' Operation' to 
         Proposed Standard 

The IESG has approved the following document:

- 'LDAP 'Who am I?' Operation '
   <draft-zeilenga-ldap-authzid-11.txt> as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Ted Hardie.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-authzid-11.txt

Ballot Text

Technical Summary

This document describes a mechanism for Lightweight Directory
Access Protocol (LDAP) clients to obtain the authorization identity
the server uses for them.  This mechanism, called "Who am I"
which the server has associated with the user or application entity.
This replaces the AUTHCTL mechanism, which uses Bind request and 
response controls to request and return the authorization identity.  
Bind controls are not protected by the security layers established by the 
Bind operation which they are transferred as part of.   An extended operation sent after a Bind operation is protected by the security layers established by the Bind operation.

This mechanism will also be used in cases where  the
authorization identity is requested seperately  from the Bind operation.  
For example, the "Who am I?" operation can be augmented with a Proxied 
Authorization Control [PROXYCTL] to determine the authorization identity 
which the server associates with the identity asserted in the Proxied Authorization
Control.  The "Who am I?" operation can also be used prior to the Bind
operation.

Working Group Summary
  
This was not a WG document, but has been discussed on various
mailing lists (LDAPEXT, LDAPBIS, etc.)  The only issue raised during
last call was whether this was suffciently distinguished from
draft-weltman-ldapv3-auth-response-09.txt, and this issue has been
resolved.

  
Protocol Quality
  
This document has been reviewed for the IESG by Ted Hardie.

RFC Editor Note