glue-wg-bounces@ogf.org
[mailto:glue-wg-bounces@ogf.org] On Behalf Of Timo Baur said: in the public comment version of GLUE 2.0, two kinds of DNs (Distinguished Names) with different delimiters are specified.
There are indeed two forms and we have both in use, e.g. ldap uses comma-separated DNs whereas X509 applications generally use the slash-delimited form. They are both derived from the underlying OID representation. I don't know offhand where they are formally defined but no doubt google can find it. In terms of GLUE usage, I would be inclined to say that all DN attributes should be the slash-delimited form, but the LDAP representation will use the comma for the object DNs themselves. Incidentally, there are additional ambiguities, the best-known of which is that there are three different text representations for the "email address" OID (E=, Email= and emailAddress= I think) in common use. I'm not sure if GLUE should take a view on such things. Stephen