[BEEPwg] Clarification on RFC 3080, 4.1.3

Jered Floyd jered@permabit.com
16 Oct 2002 18:06:54 -0400


At the end of section 4.1.3 of RFC 3080 (bottom of page 43), SASL's
EXTERNAL mechanism is described.  It ends with:

   if present, the authentication identity must be consistent with the
   credentials provided by the external authentication service (if the
   authentication identity is empty, then an authorization identity is
   automatically derived from the credentials provided by the external
   authentication service).

In the parenthetical comment, is the word "authorization" meant to
be "authentication"?  I believe this sentence is trying to state that
if an authentication identity is provided via SASL EXTERNAL, it must
match the external authentication identity, however if it is not
present the authentication identity is taken from the external
credentials.

--Jered