Here are some quick links to the MS Active Directory and Apple Open Directory password policy support:
Active Directory supports a bunch of things, but for job-password the two relevant settings are "Passwords must meet complexity requirements" and "Minimum password length"- there is no notion of more complex settings to control the contents of the password string:
Open Directory supports limits on the length (min and max), maximum number of repeated characters (i.e., prevent use of "aaaa" as a password) and sequential characters (e.g., "1234"), plus controls for "must contain a letter" and "must contain a number":
Seems like a simple keyword approach may be sufficient, e.g.:
job-password-policy-configured (type2 keyword)
job-password-policy-supported (1setOf type2 keyword)
Informs the Client of the formatting requirements for "job-password" values, includings:
'digits': The "job-password" value must consist of digits from 0 to 9.
'alphanumeric': The "job-password" value must consist of US ASCII letters and numbers.
'alphanumberc-complex': The "job-password" value must consist of US ASCII letters and numbers, with at least one uppercase letter, one lowercase letter, and one digit.
[For discussion: do we want full ASCII and Unicode printable support, too?]
As for length requirements, right not "job-password-supported" is of type integer(0:255). Ideally we'd want a rangeOfInteger(0:MAX) value to provide minimum and maximum lengths - not sure how much trouble we'd cause by extending that attribute to "integer(0:MAX) | rangeOfInteger(0:MAX)", but IMHO that would be the ideal outcome.
Michael Sweet, Senior Printing System Engineer, PWG Chair