Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org> Subject: Protocol Action: 'LDAP 'Who am I?' Operation' to Proposed Standard The IESG has approved the following document: - 'LDAP 'Who am I?' Operation ' <draft-zeilenga-ldap-authzid-11.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Ted Hardie. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-authzid-11.txt
Technical Summary This document describes a mechanism for Lightweight Directory Access Protocol (LDAP) clients to obtain the authorization identity the server uses for them. This mechanism, called "Who am I" which the server has associated with the user or application entity. This replaces the AUTHCTL mechanism, which uses Bind request and response controls to request and return the authorization identity. Bind controls are not protected by the security layers established by the Bind operation which they are transferred as part of. An extended operation sent after a Bind operation is protected by the security layers established by the Bind operation. This mechanism will also be used in cases where the authorization identity is requested seperately from the Bind operation. For example, the "Who am I?" operation can be augmented with a Proxied Authorization Control [PROXYCTL] to determine the authorization identity which the server associates with the identity asserted in the Proxied Authorization Control. The "Who am I?" operation can also be used prior to the Bind operation. Working Group Summary This was not a WG document, but has been discussed on various mailing lists (LDAPEXT, LDAPBIS, etc.) The only issue raised during last call was whether this was suffciently distinguished from draft-weltman-ldapv3-auth-response-09.txt, and this issue has been resolved. Protocol Quality This document has been reviewed for the IESG by Ted Hardie.