The PKIX UserGroupName GeneralName Type
draft-ietf-pkix-usergroup-01
Document | Type |
Expired Internet-Draft
(pkix WG)
Expired & archived
|
|
---|---|---|---|
Author | Michael StJohns | ||
Last updated | 2002-09-25 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A number of systems which understand X.509 client certificates have developed various ad hoc mechanisms to map a certificate to a 'userid'/'group(s)' value which can then be used for access control. The mechanisms include idiosyncratic name forms for the SubjectName field such as encoding the userid as a CommonName and the group as an OrganizationalUnit, or mapping the certificate against an entry in a directory system. This document describes an otherName extension of the GeneralName type which can be used in the SubjectAltName extension or IssuerAltName extension to directly encode userid and group information.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)