IPP> SEC: DIR: Re. Security attribute(s) required in Directory

IPP> SEC: DIR: Re. Security attribute(s) required in Directory

Carl-Uno Manros cmanros at cp10.es.xerox.com
Tue May 20 13:56:17 EDT 1997


At 08:57 AM 5/20/97 PDT, Keith Carter wrote:
>Security group,
>
>What attribute(s) are required for security in the Directory Schema?
>Currently, I have a request to add an attribute that indicates if a Printer
>has/does not have security.  Is that sufficient?
>
>Please advise,
>
>Keith
>


Keith,


we have not yet worked out all the details, but a binary value will
certainly not cut it.  


I foresee the need for a multi-valued attribute that lists the supported
security protocols (if any) for a particular Printer and we will probably
need to allocate some of these values, unless some other group in the IETF
has already done that work for us.


Secondly, certain security protocols, such as TLS, actually requires that
the session between the client and the server is initiated over the
security protocol, rather than over IPP/HTTP, which means that you need a
separate URL for that Printer which starts off:  https://www......


For such cases, we need to decide whether we need to make two separate
directory entries considering that the Printer may now have a "secure URL"
and a "normal URL" if it supports both types, or if the "secure URL" is
just an extra directory attribute in the entry for the "normal URL"
version.  However, some printers may only accept secure communication, in
which case there is no valid "normal URL".


Confused enough?  We will need to do some more work on this in the SEC
subgroup.
Suggestions from the DIR subgroup or anybody else are obviously welcome.


Regards,


Carl-Uno




Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com



More information about the Ipp mailing list