[Standards] X.509 attributes

Dave Cridland dave at cridland.net
Thu May 22 22:02:11 UTC 2008


On Thu May 22 21:56:48 2008, Peter Saint-Andre wrote:
> >> Of course, a potential application neutral option for this exists
> >> as well: the uniformResourceIdentifier SAN fields populated with
> >> jids in the xmpp URI scheme, eg. xmpp:stpeter at jabber.org.
> >>
> >>
> > xmpp://stpeter@jabber.org maybe. For this instance, I'm not sure.  
> Would
> > xmpp:stpeter at jabber.org provide authentication to talk to PSA? :-)
> >
> > I'm not convinced, because I don't know what it's intended to  
> mean.
> 
> it = the URI?
> 
> Back in the dark ages of discussion about XMPP URIs, our illustrious
> area director at the IETF suggested that we could specify an entity  
> to
> authorize *as* by including that identity as the authority  
> component.
> 
> So if you want people to be able to log in as guest at example.com,  
> the URI
> would be:
> 
>   xmpp://guest@example.com
> 
> If you want people to be able to log in as guest at example.com and  
> send a
> message to support at example.com, the URI would be
> 
>   xmpp://guest@example.com/support@example.com?message
> 
> Yes this looks confusing. That's because it is. Basically just  
> ignore
> the authority component, i.e., don't include it in XMPP URIs. :)
> 
> 
Right, but in *this* case, if the URI General Name is intended to  
grant access *to* the contained URI, then a certificate containing  
xmpp://stpeter@jabber.org/ would grant access to authorize as  
stpeter at jabber.org.

Maybe.

> > I've actually no idea what the URI General Name is for, but it  
> wouldn't
> > surprise me if it has a very specific purpose that XMPP  
> authentication
> > wouldn't fit. In lieu of wild guesses, though, I'll ask the guy  
> who sits
> > next to me here, who's pretty knowledgeable on X.509, and no  
> doubt spawn
> > an exciting office debate on the finer details of the X.500  
> series.
> 
> And the result was...? :)

An exciting office debate on the finer details of the X.500 series,  
of course. I was only lucky it didn't spill over onto discussions of  
X.400, which has the unique ability to make X.509 suddenly seem quite  
interesting.

I shall ask quietly over email. :-)

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list