Hi Howard Howard Chu wrote:
David Chadwick wrote:Other: One feature that both X.509 certificates and Kerberos tickets provide, that is missing in this and the LDAP specs, is a pwdStartDate parameter. There are expiration attributes to control when a credential stops being valid, but no corresponding parameter to control when it starts being valid. In addition to allowing credentials to be disabled due to failed authentications, and due to passing a fixed expiration date, administrators frequently request a generic "disabled" boolean flag, for miscellaneous non-time-related reasons.Looks like I forgot about this. Just to note: I've added pwdStartDate and pwdEndDate to the LDAP ppolicy draft, and suggested that setting pwdStartDate to a value greater than pwdEndDate can be used for the same effect as a generic "disabled" flag.
good idea. We will change the name of our pwdCreationTime to pwStartTime and allow it to be in the future and set by the administrator. We should then have alignment on this
As an aside, dont you think we should try to align the names (and OIDs) of all our attributes when they are semantically the same. For example, we use Time rather than Date since we use GeneralisedTime as the syntax of many of our attributes.
regards David
-- ------------------------------------------------------------- The Israeli group Breaking the Silence has just released a collection of testimonies by Israeli soldiers that took part in the Gaza attack lastDecember and January. The testimonies expose significant gaps between the official stances of the Israeli military and events on the ground.
See http://www.shovrimshtika.org/news_item_e.asp?id=30 The Israeli government defies Obama, and continues its settlement expansionIsrael plans to allocate $250 million over the next two years for settlements
http://www.palestinecampaign.org/index7b.asp?m_id=1&l1_id=4&l2_id=24&Content_ID=698 whilst simultaneously continuing to bulldoze Palestinian homes http://salsa.democracyinaction.org/o/301/t/9462/campaign.jsp?campaign_KEY=27357 ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@xxxxxxxxxx Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.