[IPP] Initial Draft of 'IPP "job-password-allowable-pattern" attribute' whitepaper posted

[IPP] Initial Draft of 'IPP "job-password-allowable-pattern" attribute' whitepaper posted

Kennedy, Smith (Wireless Architect) smith.kennedy at hp.com
Mon Mar 30 20:49:51 UTC 2015


Seems like keywords for defining patters combined with a new “job-password-minimum-length integer(0:255)” is the most expedient and backward compatible way forward.  Should the latter new attribute be in the range 1:255?

Smith



> On 2015-03-30, at 2:42 PM, Michael Sweet <msweet at apple.com> wrote:
> 
> Here is my proposal from Feb 4th:
> 
>> All,
>> 
>> Here are some quick links to the MS Active Directory and Apple Open Directory password policy support:
>> 
>> Active Directory supports a bunch of things, but for job-password the two relevant settings are "Passwords must meet complexity requirements" and "Minimum password length"- there is no notion of more complex settings to control the contents of the password string:
>> 
>>   https://technet.microsoft.com/en-us/library/hh994562(v=ws.10).aspx
>> 
>> Open Directory supports limits on the length (min and max), maximum number of repeated characters (i.e., prevent use of "aaaa" as a password) and sequential characters (e.g., "1234"), plus controls for "must contain a letter" and "must contain a number":
>> 
>>   http://support.apple.com/kb/PH9234
>> 
>> Seems like a simple keyword approach may be sufficient, e.g.:
>> 
>>   job-password-policy-configured (type2 keyword)
>>   job-password-policy-supported (1setOf type2 keyword)
>> 
>>   Informs the Client of the formatting requirements for "job-password" values, includings:
>> 
>>   'digits': The "job-password" value must consist of digits from 0 to 9.
>> 
>>   'alphanumeric': The "job-password" value must consist of US ASCII letters and numbers.
>> 
>>   'alphanumeric-complex': The "job-password" value must consist of US ASCII letters and numbers, with at least one uppercase letter, one lowercase letter, and one digit.
>> 
>>   [For discussion: do we want full ASCII and Unicode printable support, too?]
>> 
>> As for length requirements, right not "job-password-supported" is of type integer(0:255).  Ideally we'd want a rangeOfInteger(0:MAX) value to provide minimum and maximum lengths - not sure how much trouble we'd cause by extending that attribute to "integer(0:MAX) | rangeOfInteger(0:MAX)", but IMHO that would be the ideal outcome.
>> 
> 
> alternately we can add a "job-password-minimum-length integer(0:255)" attribute to specify the minimum length of a "job-password" value separately.
> 
> 
>> On Feb 4, 2015, at 1:44 PM, Kennedy, Smith (Wireless Architect) <smith.kennedy at hp.com> wrote:
>> 
>> Greetings,
>> 
>> As per yesterday’s discussion, I have posted an initial draft of a ‘IPP “job-password-allowable-pattern” attribute’ whitepaper, that contains use cases and a proposed attribute that needs definition to allow a Printer to convey size and content limits on what range of values the Printer will accept for the “job-password” attribute.
>> 
>> The initial draft is here:
>> 
>> 	http://ftp.pwg.org/pub/pwg/ipp/wd/wp-job-password-allowable-pattern-20150204.docx
>> 
>> Feedback and contributions are of course welcome!
>> 
>> Cheers,
>> Smith
>> 
>> /**
>>   Smith Kennedy
>>   Hewlett-Packard Co.
>> */
>> 
>> _______________________________________________
>> ipp mailing list
>> ipp at pwg.org
>> https://www.pwg.org/mailman/listinfo/ipp
> 
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4956 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20150330/4bd45096/attachment.p7s>


More information about the ipp mailing list