10.3 of X.518, item n) says: n) authenticationLevel component is optionally supplied when it is required to indicate the manner in which authentication has been carried out. The AuthenticationLevel data type is described in ITU-T Rec. X.501 | ISO/IEC 9594-2. There are several question that could be asked: 1) Under what more specific condition is this component required? 2) How does the DSA adding this component know what the performing DSA requires, e.g. for access control? 3) How do the different authentication methods rank with respect to each other? Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ <http://dk.linkedin.com/in/andersenerik> http://dk.linkedin.com/in/andersenerik