Issue 2703: How is a SecAttribute"s value field encoded (sec-rev) Source: (, ) Nature: Clarification Severity: Summary: Summary: How is a SecAttribute"s value field encoded? How is the defining_authority field encoded and what does it represent? The specification is unclear about this in the data module chapter, Appendix A. However, it is clear from the interoperability specification that the defining_authority if it exists, it is an OID. Resolution: Close issue 2703 "How is a SecAttribute’s value field encoded" Revised Text: Add the definition: typedef sequence<octet> OID; typedef sequence<OID> OIDList; Modify the definition of SecAttribute to: struct SecAttribute { AttributeType attribute_type; OID defining_authority; Opaque value; // The value of this attribute can be decoded // only with the knowledge of the defining_authority }; Note: This is a backwards compatible revision. Change Header of A.11.1 from "Attribute Types" to "Security Attributes" Replace the 3 bullet of paragraph 1586 with: A defining authority. The field indicates the authority responsible for defining the encoding of the value field of the attribute. The defining authority is defined as an octet sequence that is an ASN.1 encoding of an OID. The entity referenced by the OID defines the value’s encoding to/from a sequence of octets. If the defining authority field is empty (i.e. octet sequence of length 0), the defining authority is the OMG. The OMG defines all attribute values to be a UTF-8 byte encoding of a string value. Replace the 4th bullet of paragraph 1586 with: An attribute value. The attribute value is encoded as an octet sequence. The encoding is specified by the defining authority field. Add the following after paragraph 1586: Attributes used in the CORBA realm or CORBA based security mechanisms have values of UTF-8 encoded strings, which is stipulated by an empty sequence of octets for the defining authority field. A defining authority field stipulating different encodings for values is meant for the representation of security attributes from security mechanisms other than CORBA such that the values of these attributes *cannot* be represented as the standard OMG defined UTF-8 encoding of a string, or if such a mapping to and from a string is not defined. Equality for attributes is defined as structural equality based on structural equality on the attribute type, octet sequence equality on the defining authority, and octet sequence equality of the value. Actions taken: June 4, 1999: received issue June 18, 1999: closed issue Discussion: End of Annotations:===== X-Authentication-Warning: marcy.adiron.com: polar owned process doing -bs Date: Fri, 4 Jun 1999 15:24:12 -0400 (EDT) From: Polar Humenn To: issues@omg.org Subject: Issue Security Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-UIDL: 5eb0a905f7840c90e7c9b03ad2a165b8 Document: Security 1.5 Severity: Clarification How is a SecAttribute's value field encoded? How is the defining_authority field encoded and what does it represent? The specification is unclear about this in the data module chapter, Appendix A. However, it is clear from the interoperability specification that the defining_authority if it exists, it is an OID. ------------------------------------------------------------------- Polar Humenn Adiron, LLC President 2-212 Center for Science & Technology mailto:polar@adiron.com CASE Center/Syracuse University Phone: 315-443-3171 Syracuse, NY 13244-4100 Fax: 315-443-4745 http://www.adiron.com