Skip to main content

Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation
RFC 4532

Revision differences

Document history

Date Rev. By Action
2020-01-21
10 (System) Received changes through RFC Editor sync (added Verified Errata tag)
2015-10-14
10 (System) Notify list changed from  to (None)
2006-06-13
10 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2006-06-13
10 Amy Vezza [Note]: 'RFC 4532' added by Amy Vezza
2006-06-08
10 (System) RFC published
2005-01-03
10 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2004-12-31
10 Amy Vezza IESG state changed to Approved-announcement sent
2004-12-31
10 Amy Vezza IESG has approved the document
2004-12-31
10 Amy Vezza Closed "Approve" ballot
2004-12-29
10 Ted Hardie State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Ted Hardie
2004-11-19
10 (System) New version available: draft-zeilenga-ldap-authzid-10.txt
2004-11-17
10 Amy Vezza Removed from agenda for telechat - 2004-11-18 by Amy Vezza
2004-11-11
10 Ted Hardie Placed on agenda for telechat - 2004-11-18 by Ted Hardie
2004-11-11
10 Ted Hardie [Note]: 'On Agenda to confirm that Russ''s discuss can clear' added by Ted Hardie
2004-11-11
10 Ted Hardie Discussed updates with Kurt at IETF 61; need to reconfirm that this handles Russ'es objection
2004-06-08
10 Ted Hardie Note field has been cleared by Ted Hardie
2004-06-08
10 Ted Hardie sent to russ for check
2004-06-08
09 (System) New version available: draft-zeilenga-ldap-authzid-09.txt
2004-03-19
10 Amy Vezza
[Note]: 'Proposed RFC Editor Note: RFC Editor note: In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
    established by …
[Note]: 'Proposed RFC Editor Note: RFC Editor note: In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
    established by the Bind operation which they are
    transferred as part of.
NEW:
    Bind controls are not protected by the security layers
    established by the Bind operation which includes them. In section 3, please add the following sentence to the last paragraph
(which ends with "a multi-stage Bind operation"):
NEW:
    Where a request is received in violation of this absolute
    prohibition, the server should respond with an operationsError
    result code' added by Amy Vezza
2004-03-17
10 Scott Hollenbeck
[Ballot comment]
Section 2.2: "u:kurt@OPENLDAP.ORG" is provided as an example. EXAMPLE.ORG
(or another example described in RFC 2606) should be used instead …
[Ballot comment]
Section 2.2: "u:kurt@OPENLDAP.ORG" is provided as an example. EXAMPLE.ORG
(or another example described in RFC 2606) should be used instead of
OPENLDAP.ORG.

Section 6:

s/This OID 1.3.6.1.4.1.4203.1.11.3 to identify/OID 1.3.6.1.4.1.4203.1.11.3
is used to identify/
2004-03-17
10 Amy Vezza [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Amy Vezza
2004-03-15
10 Harald Alvestrand
[Note]: 'Proposed RFC Editor Note: RFC Editor note: In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
    established by …
[Note]: 'Proposed RFC Editor Note: RFC Editor note: In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
    established by the Bind operation which they are
    transferred as part of.
NEW:
    Bind controls are not protected by the security layers
    established by the Bind operation which includes them. In section 3, please add the following sentence to the last paragraph
(which ends with "a multi-stage Bind operation"):
NEW:
    Where a request is received in violation of this absolute
    prohibition, the server should respond with an operationsError
    result code' added by Harald Alvestrand
2004-03-15
10 Harald Alvestrand
A number of editorial issues found by John Loughney, GEN-ART reviewer. I believe these do not warrant holding up approving the document, but they might …
A number of editorial issues found by John Loughney, GEN-ART reviewer. I believe these do not warrant holding up approving the document, but they might be "nice to fix if document is revved for other reasons".

Serious, requires a re-write:
=============================
1) Section 3, 2nd sentence:

  ....  If the server is treating
  the client as an anonymous entity, the response field is present but
  empty.

-> Define what empty is, all zeros - or something else?

2) Section 5, security considerations:

  Identities associated with users may be sensitive information. 

-> I woulk imagine these authorized identities are sensitive information,
  so that the next sentence:

  ..... When
  so, security layers [RFC2829][RFC2830] should be established to
  protect this information.

-> The 'should' in the above sentence needs to be 'MUST.'

Editorial:
==========
1) Title: LDAP "Who am I?" Operation - want to expand LDAP.

2) Broilerplate, etc. needs updating (obviously!).

3) Abstract contains the exact same text as the 1st paragraph of section
  1.  Either re-write the abstract, or delete the repeated paragraph in
  section 1.

4) Abstract talks about 'the authorized identity' and this terms is used
  several times before it is defined in 4th paragraph of section 1.  An
  earlier defination (perhaps in the abstract) would be nice.

5) Section 3, paragrph 3:

  If the server is unwilling or unable to provide the authorization
  identity it associates with the client, the server SHALL return a
  whoami Response with an appropriate non-success resultCode ...

-> a reference to where these resultCodes are defined is needed.

6) Needs IPR text.
2004-02-19
10 Amy Vezza Placed on agenda for telechat - 2004-03-18 by Amy Vezza
2004-02-19
10 Amy Vezza
[Note]: 'Proposed RFC Editor Note: RFC Editor note: In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
    established by …
[Note]: 'Proposed RFC Editor Note: RFC Editor note: In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
    established by the Bind operation which they are
    transferred as part of.
NEW:
    Bind controls are not protected by the security layers
    established by the Bind operation which includes them. In section 3, please add the following sentence to the last paragraph
(which ends with "a multi-stage Bind operation"):
NEW:
    Where a request is received in violation of this absolute
    prohibition, the server should respond with an operationsError
    result code' added by Amy Vezza
2004-02-16
10 Ted Hardie
[Note]: 'Proposed RFC Editor Note:

RFC Editor note:

In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
     established …
[Note]: 'Proposed RFC Editor Note:

RFC Editor note:

In section 1, please replace:
OLD:
      Bind controls are not protected by the security layers
     established by the Bind operation which they are
     transferred as part of.
NEW:
     Bind controls are not protected by the security layers
     established by the Bind operation which includes them.

In section 3, please add the following sentence to the last paragraph
(which ends with "a multi-stage Bind operation"):
NEW:
     Where a request is received in violation of this absolute
     prohibition, the server should respond with an operationsError
     result code' added by Ted Hardie
2004-02-12
10 Ted Hardie Placed on agenda for telechat - 2004-02-19 by Ted Hardie
2004-02-12
10 Ted Hardie Author will provide a revised ID or RFC editor note to handle DISCUSS comments.
2003-08-21
10 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza
2003-08-21
10 Amy Vezza Removed from agenda for telechat - 2003-08-21 by Amy Vezza
2003-08-20
10 Amy Vezza Placed on agenda for telechat - 2003-08-21 by Amy Vezza
2003-08-19
10 Ted Hardie State Changes to IESG Evaluation from Waiting for Writeup by Ted Hardie
2003-08-19
10 Ted Hardie Since the write-up has been written and the ballot sent, the previous state was wrong.
2003-08-18
10 Ted Hardie [Ballot Position Update] New position, Yes, has been recorded for Ted Hardie
2003-08-18
10 Ted Hardie Ballot has been issued by Ted Hardie
2003-08-18
10 Ted Hardie Created "Approve" ballot
2003-08-18
10 (System) Ballot writeup text was added
2003-08-18
10 (System) Last call text was added
2003-08-18
10 (System) Ballot approval text was added
2003-08-15
10 Michael Lee Removed from agenda for telechat - 2003-08-21 by Michael Lee
2003-08-15
10 Michael Lee State Changes to Waiting for Writeup from IESG Evaluation by Michael Lee
2003-08-15
10 Michael Lee Ballot writeup needed to be placed on agenda for telechat 2003-8-21
2003-08-12
10 Ted Hardie State Changes to IESG Evaluation from In Last Call by Ted Hardie
2003-08-12
10 Ted Hardie
The intent here is to put this on the same ballot as the auth response document and gauge whether the IESG believes an IESG note …
The intent here is to put this on the same ballot as the auth response document and gauge whether the IESG believes an IESG note pointing to  the authzid mechanism is needed in the auth response document or if the status difference is enough.
2003-08-12
10 Ted Hardie Placed on agenda for telechat - 2003-08-21 by Ted Hardie
2003-06-12
10 Amy Vezza Status date has been changed to 2003-07-08 from
2003-06-12
10 Amy Vezza State Changes to In Last Call from Publication Requested by Vezza, Amy
2003-06-10
10 (System) Last call sent
2003-03-24
10 Ted Hardie Shepherding AD has been changed to Hardie, Ted from Faltstrom, Patrik
2002-11-18
10 Patrik Fältström Draft Added by Faltstrom, Patrik
2002-11-04
08 (System) New version available: draft-zeilenga-ldap-authzid-08.txt
2002-08-05
07 (System) New version available: draft-zeilenga-ldap-authzid-07.txt
2002-05-17
06 (System) New version available: draft-zeilenga-ldap-authzid-06.txt
2002-05-02
05 (System) New version available: draft-zeilenga-ldap-authzid-05.txt
2002-04-30
04 (System) New version available: draft-zeilenga-ldap-authzid-04.txt
2002-04-24
03 (System) New version available: draft-zeilenga-ldap-authzid-03.txt
2002-03-06
02 (System) New version available: draft-zeilenga-ldap-authzid-02.txt
2002-01-07
01 (System) New version available: draft-zeilenga-ldap-authzid-01.txt
2001-11-14
00 (System) New version available: draft-zeilenga-ldap-authzid-00.txt