0010016: Clarification - ClientUserId for X509IdentityToken

ID	Project	Category	View Status	Date Submitted	Last Update

0010016	10000-005: Information Model	Spec	public	2024-11-15 16:01	2024-11-15 16:15

Reporter	Matthias Isele	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open
Product Version	1.05.03

Summary	0010016: Clarification - ClientUserId for X509IdentityToken
Description	Specification states for AuditEventType: "If the UserIdentityToken is an X509IdentityToken then the ClientUserId is the X509 Subject Name of the Certificate." However the string format to represent the X509 Subject Name is not defined. The ClientUserId is also used to find out if the user on two sessions are identical (e.g. TransferSubscription). Part 18 (IdentityMappingRuleType) defines a string format to use the X509 Subject Name for assigning roles to a session using a X509IdentityToken. It would make sense to use the same format in all places. My proposal: After "If the UserIdentityToken is an X509IdentityToken then the ClientUserId is the X509 Subject Name of the Certificate" add the additional sentence. "The string representation of the X509 Subject Name shall follow the rules in Part 18 (X509 Subject Name) defined to create a criteria of type X509Subject."
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-11-15 16:01	Matthias Isele	New Issue
2024-11-15 16:15	Matthias Isele	Note Added: 0022072

Matthias Isele 2024-11-15 16:15 reporter ~0022072	Additional note: The ClientUserId is also used in Part 9 - ConditionType and Part 12 (StartNewKeyPairRequest) defines a string format for subject name. If a client wants to use the ClientUserId for filtering events the string needs to have a defined format that is common in all servers / implementations.