common LDAP schemas to draw attribute definitions from

Nate Klingenstein ndk at
Tue Jul 2 11:14:28 EDT 2019

> But they made the names up and they have no precise technical definition anywhere that I am aware of. They mean whatever a particular person looking at them thinks they mean.

Doesn't all this argue more strongly for not making the names up and having precise technical definitions?  X.520 is fine, but it's decades old and frozen in time.  We can't modify it or add new attributes as technology progresses.

It would seem to me like attribute metadata specifying a controlled vocubulary, defining which characters are illegal in certain attributes, knowing beyond a single word what you're receiving -- it's all valuable.  The potential has always been too great for me to neglect.

I understand and sympathize with the challenge of identifying where the URL's would or should live for existing attributes, though OASIS doesn't seem like a terrible choice in the first place and we're mostly talking about new attributes now.  People just throw them in the "unspecified" bucket with a "FriendlyName" that matches the "Name".  If there were distinct advantages to naming attributes with URL's, like being able to determine in detail what is permissible and what is meant, I think we would see more vendors using them.

Anyway, sorry for going so far off topic.

More information about the users mailing list