Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls (RFC3829)

IP.com Disclosure Number: IPCOM000029560D
Original Publication Date: 2004-Jul-01
Included in the Prior Art Database: 2004-Jul-07
Document File: 7 page(s) / 12K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Weltman: AUTHOR [+3]

Abstract

This document extends the Lightweight Directory Access Protocol (LDAP) bind operation with a mechanism for requesting and returning the authorization identity it establishes. Specifically, this document defines the Authorization Identity Request and Response controls for use with the Bind operation.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 23% of the total text.

Network Working Group                                         R. Weltman

Request for Comments: 3829                                America Online

Category: Informational                                         M. Smith

                                                     Pearl Crescent, LLC

                                                                 M. Wahl

                                                               July 2004

             Lightweight Directory Access Protocol (LDAP)

         Authorization Identity Request and Response Controls

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document extends the Lightweight Directory Access Protocol

   (LDAP) bind operation with a mechanism for requesting and returning

   the authorization identity it establishes.  Specifically, this

   document defines the Authorization Identity Request and Response

   controls for use with the Bind operation.

1.  Introduction

   This document defines support for the Authorization Identity Request

   Control and the Authorization Identity Response Control for

   requesting and returning the authorization established in a bind

   operation.  The Authorization Identity Request Control may be

   submitted by a client in a bind request if authenticating with

   version 3 of the Lightweight Directory Access Protocol (LDAP)

   protocol [LDAPv3].  In the LDAP server's bind response, it may then

   include an Authorization Identity Response Control.  The response

   control contains the identity assumed by the client.  This is useful

   when there is a mapping step or other indirection during the bind, so

   that the client can be told what LDAP identity was granted.  Client

   authentication with certificates is the primary situation where this

   applies.  Also, some Simple Authentication and Security Layer [SASL]

   authentication mechanisms may not involve the client explicitly

   providing a DN, or may result in an authorization identity which is

   different from the authentication identity provided by the client

   [AUTH].

Weltman, et al.              Informational                      [Page 1]

RFC 3829          Authorization Identity Bind Control          July 2004

   The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"

   used in this document are to be interpreted as described in

   [RFCKeyWords].

2. ...