[glue-wg] DN definitions
Burke, S (Stephen)
S.Burke at rl.ac.uk
Thu Jun 5 07:25:18 CDT 2008
glue-wg-bounces at ogf.org
> [mailto:glue-wg-bounces at ogf.org] On Behalf Of Timo Baur said:
> in the public comment version of GLUE 2.0, two kinds of DNs
> (Distinguished Names) with different delimiters are specified.
There are indeed two forms and we have both in use, e.g. ldap uses
comma-separated DNs whereas X509 applications generally use the
slash-delimited form. They are both derived from the underlying OID
representation. I don't know offhand where they are formally defined but
no doubt google can find it.
In terms of GLUE usage, I would be inclined to say that all DN
attributes should be the slash-delimited form, but the LDAP
representation will use the comma for the object DNs themselves.
Incidentally, there are additional ambiguities, the best-known of
which is that there are three different text representations for the
"email address" OID (E=, Email= and emailAddress= I think) in common
use. I'm not sure if GLUE should take a view on such things.
Stephen
More information about the glue-wg
mailing list