Clearance Sponsor Attribute
RFC 5917
Yes
No Objection
Abstain
Note: This ballot was opened for revision 03 and is now closed.
Lars Eggert Abstain
(Tim Polk; former steering group member) Yes
(Alexey Melnikov; former steering group member) No Objection
Abstract This document defines the clearance sponsor attribute. This attribute may be included in locations or protocols that support X.500 attributes. "Protocols"? 2. Clearance Sponsor The clearance sponsor attribute indicates the sponsor of the clearance of the subject with which this attribute is associated. This attribute is only meaningful if the clearance attribute [RFC3281bis] is also present. The clearance sponsor attribute is a DirectoryString [RFC5280], which MUST use the UTF8String CHOICE, string with a minimum size of 1 characters and a maximum of 32 characters. Did you mean Unicode characters or octets? 3. Security Considerations If this attribute is used as part of an authorization process, the procedures employed by the entity that assigns each value Did you mean clearance values? must ensure that the correct value is applied.
(Cullen Jennings; former steering group member) (was Discuss) No Objection
(Dan Romascanu; former steering group member) No Objection
1. I support Pasi's part of the DISCUSS about 32 lenght strings being too short for proper identification of organizations, and Jari's COMMENT about lack of definition of the term 'sponsor'. 2. Same comment as with the other turner draft about the normative reference to superseded version of the X.680 Recommendation
(Jari Arkko; former steering group member) No Objection
Some of the same comments apply here as in the other draft-turner. In addition, the document seems to lack a definition of a "sponsor". When I followed the references I understood what was meant by "clearance". But it is still unclear what a sponsor is. Is this an entity that performed the clearance evaluation, or the entity that paid for it? Also, I support Cullen's comments on DirectoryString and its length. My main issue with DirectoryString is that I have no idea what I should be putting to the sponsor attribute. If I put in "NSA", will it help me get through access controls at some place? :-)
(Lisa Dusseault; former steering group member) No Objection
(Magnus Westerlund; former steering group member) No Objection
I agree with both Cullen's and Pasi's discusses. This document is not clear on where it can really be used or what a receiver of the attribute really can do. If it is intended for machine use and point at location where information can be verified, then it should be a locator and with specified request mechanism. If it is for human consumption then it should say that and be clear that machines are not intended to act on the attribute.
(Pasi Eronen; former steering group member) (was Discuss) No Objection
(Ralph Droms; former steering group member) No Objection
(Ron Bonica; former steering group member) No Objection
(Ross Callon; former steering group member) No Objection
(Russ Housley; former steering group member) No Objection