Ira,
On Jun 16, 2014, at 11:02 AM, Ira McDonald <blueroofmusic at gmail.com> wrote:
> Hi Mike,
>> The reason for some sparse syntax was to support Pete's use case (over the phone)
> of wanting two or more credentials for the *same* destination (i.e., multi-factor auth is
> in use). This is a critically important real-world use case.
Then we need to define it and its requirements.
> With the straight parallel 1setOf approach, there has to be a nested collection to hold
> the auth-type, auth-data, etc. for each credential for one destination - ugly and fragile.
If the auth type defines multiple credentials then those can be provided via separate data values in the 1setOf, or using type-specific member attributes. In short, we need to define what the attributes contain, not provide a BLOB holder that will become an interoperability nightmare.
> Pete and I particularly liked the use of the simple (1setOf octetString(MAX)) with auto
> concatenation to support large credentials (X.509 certificates, etc.).
That is indeed a simple solution, but let's not make it an opaque blob.
_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20140616/e207f0b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4881 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20140616/e207f0b3/attachment.p7s>