Clearance Sponsor Attribute
RFC 5917

Note: This ballot was opened for revision 03 and is now closed.

Lars Eggert Abstain

(Tim Polk; former steering group member) Yes

Yes ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Alexey Melnikov; former steering group member) No Objection

No Objection (2009-11-18 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Abstract 

   This document defines the clearance sponsor attribute.  This 
   attribute may be included in locations or protocols that support 
   X.500 attributes.

"Protocols"?

2. Clearance Sponsor 

   The clearance sponsor attribute indicates the sponsor of the 
   clearance of the subject with which this attribute is associated.  
   This attribute is only meaningful if the clearance attribute 
   [RFC3281bis] is also present.  The clearance sponsor attribute is a 
   DirectoryString [RFC5280], which MUST use the UTF8String CHOICE, 
   string with a minimum size of 1 characters and a maximum of 32 
   characters. 

Did you mean Unicode characters or octets?

3. Security Considerations 

   If this attribute is used as part of an authorization process, the 
   procedures employed by the entity that assigns each value

Did you mean clearance values?

   must ensure 
   that the correct value is applied.

(Cullen Jennings; former steering group member) (was Discuss) No Objection

No Objection ()
No email
send info

(Dan Romascanu; former steering group member) No Objection

No Objection (2009-11-19 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
1. I support Pasi's part of the DISCUSS about 32 lenght strings being too short for proper identification of organizations, and Jari's COMMENT about lack of definition of the term 'sponsor'. 

2. Same comment as with the other turner draft about the normative reference to superseded version of the X.680 Recommendation

(Jari Arkko; former steering group member) No Objection

No Objection (2009-11-18 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Some of the same comments apply here as in the other draft-turner.

In addition, the document seems to lack a definition of a "sponsor".
When I followed the references I understood what was meant by
"clearance". But it is still unclear what a sponsor is. Is this an
entity that performed the clearance evaluation, or the entity that
paid for it?

Also, I support Cullen's comments on DirectoryString and its length.
My main issue with DirectoryString is that I have no idea what I should
be putting to the sponsor attribute. If I put in "NSA", will it help
me get through access controls at some place? :-)

(Lisa Dusseault; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Magnus Westerlund; former steering group member) No Objection

No Objection (2009-11-19 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
I agree with both Cullen's and Pasi's discusses. This document is not clear on where it can really be used or what a receiver of the attribute really can do. If it is intended for machine use and point at location where information can be verified, then it should be a locator and with specified request mechanism. If it is for human consumption then it should say that and be clear that machines are not intended to act on the attribute.

(Pasi Eronen; former steering group member) (was Discuss) No Objection

No Objection ()
No email
send info

(Ralph Droms; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Ron Bonica; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Ross Callon; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Russ Housley; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info