rfc2120.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   D W Chadwick
   IT Institute
   University of Salford
   Salford
   M5 4WT
   England
   Phone: +44 161 745 5351
   Fax: +44 161 745 8169
   E-mail: D.W.Chadwick@iti.salford.ac.uk


























Chadwick                      Experimental                     [Page 10]

RFC 2120         Managing the X.500 Root Naming Context       March 1997


Annex 1 Solution Text of Defect Reports submitted to ISO/ITU-T by
   the UK

Defect Report 140

   Nature of Defect

   In section 24.1.4.2 it is defined that the SubordinateToSuperior
   parameter of a HOB can pass an entryInfo parameter. This should
   contain entryACI which may be used in the resolution of the List
   operation.

   This is not correct as the prescriptive ACI from the relevant
   subentries is also required in the superior DSA.

   Solution Proposed by Source

   It is proposed that the following is added to the
   SubordinateToSuperior SEQUENCE of section 24.1.4.2 of X.518:

        subentries     [2] SET OF SubentryInfo OPTIONAL

   This is used to pass the relevant subentries from the subordinate to
   the superior. This is similar to the way subentry information is
   passed in the SuperiorToSubordinate parameter defined in 24.1.4.1.

Defect Report 142

   Nature of Defect

   The text which describes AreaSpecification in clause 9.2 of X.525 is
   completely general. However, for the special case of replicating
   first level knowledge references between first level DSAs, a
   clarifying sentence should be added.

   Solution Proposed by Source

   In Section 9.2, under the ASN.1, after the description of area, and
   before the description of SubtreeSpecification, add the sentence:

      "For the case where a DSA is shadowing first level knowledge from
      a first level DSA, the contextPrefix component is empty."









Chadwick                      Experimental                     [Page 11]

RFC 2120         Managing the X.500 Root Naming Context       March 1997


Annex 2 Defect Report on 1993 X.500 Standard for Adding full ACIs to
      DISP for Subordinate References, so that Secure List Operation can
      be performed in Shadow DSAs

   Nature of Defect:

   The List operation may be carried out in a superior DSA using
   subordinate reference information, providing that the fromEntry flag
   is set to false in the response. However, in order to do this
   securely, complete access control information is needed for the RDN
   of the subordinate entry. The existing text assumes that this is held
   in entry ACI (e.g. see 9.2.4.1 c) or in prescriptive ACI held in
   subentries above the DSE (e.g. see 9.2.4.1 b). In the case of a
   subordinate reference, the prescriptive ACI may be held below the
   DSE, if the subordinate reference points to a new administrative
   point. The shadowing document needs to make it clear that this can be
   the case, and needs to allow for this additional access control
   information to be shadowed.

   A related defect report (140) has already suggested that this same
   omission should be added to operational bindings.

   Solution Proposed by the Source:

   All the following changes are to X.525|ISO 9594-9.

   I) Insert the following text into 7.2.2.3, at the end of both the
   second paragraph and the first sentence of the third paragraph (after
   "appropriate knowledge"): "and access control information."

   II) Insert a new third paragraph into 7.2.2.3: "If  subordinate
   knowledge is supplied, and the supplying DSE (of type subr) is also
   of type admPoint, then the SDSE shall additionally be of type
   admPoint and the administrativeRole attribute shall be supplied.  If
   such a DSE has any immediately subordinate subentries containing
   PrescriptiveACI relating to the administrative point, then they shall
   also be supplied as SDSEs in the shadowed information.

   Note. A DSE can be of type subr and admPoint in a superior DSA, when
   the naming context in the subordinate DSA is the start of a new
   administrative area."

   III) Update figure 3 to show a subentry immediately below a
   subordinate reference. The subentry contains prescriptiveACI and is
   part of the shadowed information.






Chadwick                      Experimental                     [Page 12]

RFC 2120         Managing the X.500 Root Naming Context       March 1997


                            .
    Etc.                   / \
                          /   \
                         /  o  \
                        /  / \  \
   Replicated          /  /   \  \
   Area --------------/--/->   \  \
                     /  /       \  \
                    /  /         \  \
                   /  /           \  \
   Subordinate    /__/_____________\__\
   knowledge--------/-> o   o    o  \
                   /   /          \  \
   Prescriptive---/-> o            o  \
   ACI Subentries/                     \
                   Unit of Replication


                Etc.
                 o
                / \
               /   \
              /     \
             /       \
            /         \
           /           \
          /_____________\
           o    o     o
          /            \
         o              o
       Shadowed Information

                 ADDITIONS TO FIGURE 3, SECTION 7.2, X.525

   IV) Add supporting text to section 7.2 in the paragraph after Figure
   3. Insert after the sentence "Subordinate knowledge may also be
   replicated" the following sentences "Implicit in the Add supporting
   text to section 7.2 in the paragraph after Figure 3.  Insert after
   the sentence subordinate knowledge is the access control information
   which governs access to the RDN of the subordinate knowledge. When
   the subordinate entry is an administrative point in another DSA, then
   part of this access control information may be held in
   prescriptiveACI subentries beneath the subordinate knowledge."

   v) Add a new point d) to 9.2.4.1: "if subordinate knowledge (not
   extended knowledge) is shadowed then any prescriptiveACI in
   subordinate subentries shall also be copied."




Chadwick                      Experimental                     [Page 13]

RFC 2120         Managing the X.500 Root Naming Context       March 1997


Annex 3 Defect Report on 1997 X.500 Standard Proposing an Enhancement to
the Shadowing Agreement in order to support 1 Level Searches in Shadow
DSAs.

   Nature of Defect:

   The 1997 edition of the X.500 Standard has allowed, for reasons of
   operational efficiency, one level Searches to be carried out in the
   superior DSA, when the actual entries are context prefixes in
   subordinate DSAs. The HOBs have been extended to allow this entry
   information to be carried up to the superior DSA. Unfortunately, we
   forgot to add the corresponding text to Part 9, so that shadow DSAs
   are able to copy this additional information from the supplier DSA.
   This defect report proposes the additional text for Part 9.

   Solution Proposed by the Source:

   All the following changes are to X.525|ISO 9594-9.

   I) Section 9.2, add a new subordinates parameter to
   UnitOfReplication, viz:

   UnitOfReplication   ::= SEQUENCE{
   area                AreaSpecification,
   attributes          AttributeSelection,
   knowledge           Knowledge OPTIONAL,
   subordinates        BOOLEAN DEFAULT FALSE }

   subordinates is used to indicate that subordinate entries, rather
   than simply subordinate references, are to be copied to the
   consumer DSA. subordinates may only be TRUE if knowledge is
   requested and extendedKnowledge is FALSE.

   II) Insert a new fourth paragraph (assuming previous defect for
   List was accepted) into 7.2.2.3:

   "If subordinates is specified, then the supplier shall send
   subordinate entries rather than subordinate references, and the
   SDSEs will be of type subr, entry and cp. The subordinate entries
   will contain attributes according to the attribute selection.

   In addition, if the supplying DSE is of type admPoint, then the
   SDSE shall additionally be of type admPoint and the
   administrativeRole attribute shall be supplied. All appropriate
   subentries below the admPoint DSE shall also be supplied as SDSEs
   in the shadowed information."





Chadwick                      Experimental                     [Page 14]