You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Alex Karasulu (JIRA)" <di...@incubator.apache.org> on 2005/10/19 03:47:46 UTC

[jira] Assigned: (DIRLDAP-62) [ACIITemParser] Position of terms in optional ASN.1 elements should not matter

     [ http://issues.apache.org/jira/browse/DIRLDAP-62?page=all ]

Alex Karasulu reassigned DIRLDAP-62:
------------------------------------

    Assign To: Ersin Er

Perhaps Ersin you can provide an assessment of how much an effort it would be to not have position factor into the terms of the ACI.  Or perhaps it might not be a good idea to do this so let me know WYT.  Thanks.

> [ACIITemParser] Position of terms in optional ASN.1 elements should not matter
> ------------------------------------------------------------------------------
>
>          Key: DIRLDAP-62
>          URL: http://issues.apache.org/jira/browse/DIRLDAP-62
>      Project: Directory LDAP
>         Type: Improvement
>   Components: Common
>     Reporter: Alex Karasulu
>     Assignee: Ersin Er

>
> The position of optional elements is relavent within the ACIItemParser.  For example for ProtectedItems the position of optional elements are relevant so for example the following ACI whould bomb out:
>                 "{ " +
>                 "identificationTag \"searchAci\", " +
>                 "precedence 14, " +
>                 "authenticationLevel none, " +
>                 "itemOrUserFirst userFirst: { " +
>                 "userClasses { allUsers }, " +
>                 "userPermissions { { " +
>                 "protectedItems {allUserAttributeTypesAndValues, entry }, " +
>                 "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" 
> This however would succeed:
>                 "{ " +
>                 "identificationTag \"searchAci\", " +
>                 "precedence 14, " +
>                 "authenticationLevel none, " +
>                 "itemOrUserFirst userFirst: { " +
>                 "userClasses { allUsers }, " +
>                 "userPermissions { { " +
>                 "protectedItems {entry, allUserAttributeTypesAndValues }, " +
>                 "grantsAndDenials { grantRead, grantReturnDN, grantBrowse } } } } }" 
> The same holds for other constructs where a sequence of optional elements are expected.  However this is a big problem.  The user specifying the ACI must know what comes first, what comes second and so on in the ASN.1 description.  This is just too strict of a constraint to place on users and will degrade the ease of use.  
> Really because we have names for each field order does not need to matter anymore.  
> I marked this as an improvement as opposed to a bug because the ASN.1 to ABNF translation was correct.  It just is not the best thing to do.  
>  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira