Hi all,

I was looking at X.501 specification, section 14.5 about "System schema supporting access control". It says:

If a subentry contains prescriptive access control information, then its objectClass attribute shall contain the value
accessControlSubentry:

    accessControlSubentry OBJECT-CLASS ::= {
        KIND auxiliary
        ID id-sc-accessControlSubentry }


A subentry of this object class shall contain precisely one prescriptive ACI attribute of a type consistent with the value of
the id-sc-accessControlScheme attribute of the corresponding access control specific point.

My question is: what's the point of not having an attribute specifier in the objectClass definition like this:

    accessControlSubentry OBJECT-CLASS ::= {
        KIND auxiliary
        ID id-sc-accessControlSubentry
        MUST CONTAIN {prescriptiveACI} }

?

Thanks.

--
Ersin