draft-ietf-kitten-gssapi-extensions-iana-02.txt   draft-ietf-kitten-gssapi-extensions-iana-03.txt 
NETWORK WORKING GROUP N. Williams NETWORK WORKING GROUP N. Williams
Internet-Draft Sun Internet-Draft Sun
Expires: August 28, 2008 February 25, 2008 Expires: September 25, 2008 March 24, 2008
Namespace Considerations and Registries for GSS-API Extensions Namespace Considerations and Registries for GSS-API Extensions
draft-ietf-kitten-gssapi-extensions-iana-02.txt draft-ietf-kitten-gssapi-extensions-iana-03.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 33 skipping to change at page 1, line 33
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 28, 2008. This Internet-Draft will expire on September 25, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This document describes the ways in which the GSS-API may be extended This document describes the ways in which the GSS-API may be extended
and directs the creation of IANA registries for various GSS-API and directs the creation of an IANA registry for various GSS-API
namespaces. namespaces.
Table of Contents Table of Contents
1. Conventions used in this document . . . . . . . . . . . . . . . 3 1. Conventions used in this document . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3
3. Extensions to the GSS-API . . . . . . . . . . . . . . . . . . . 3 3. Extensions to the GSS-API . . . . . . . . . . . . . . . . . 3
4. Generic GSS-API Namespaces . . . . . . . . . . . . . . . . . . 3 4. Generic GSS-API Namespaces . . . . . . . . . . . . . . . . 3
5. Language Binding-Specific GSS-API Namespaces . . . . . . . . . 4 5. Language Binding-Specific GSS-API Namespaces . . . . . . . 4
6. Extension-Specific GSS-API Namespaces . . . . . . . . . . . . . 4 6. Extension-Specific GSS-API Namespaces . . . . . . . . . . . 4
7. Registration Form(s) . . . . . . . . . . . . . . . . . . . . . 4 7. Registration Form(s) . . . . . . . . . . . . . . . . . . . 4
8. Initial Namespace Registrations . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 6
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 8.1. Initial Namespace Registrations . . . . . . . . . . . . . . 6
10. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 8.2. Registration Maintenance Guidelines . . . . . . . . . . . . 6
11. Normative References . . . . . . . . . . . . . . . . . . . . . 7 8.2.1. Expert Reviews of Individual Submissions . . . . . . . . . 7
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 7 9. Security Considerations . . . . . . . . . . . . . . . . . . 7
Intellectual Property and Copyright Statements . . . . . . . . 8 10. References . . . . . . . . . . . . . . . . . . . . . . . . 8
10.1. Normative References . . . . . . . . . . . . . . . . . . . 8
10.2. Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . 9
1. Conventions used in this document 1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Introduction 2. Introduction
There is a need for generic and mechanism-specific extensions to the There is a need for private-use and mechanism-specific extensions to
Generic Security Services Application Programming Interface (GSS- the Generic Security Services Application Programming Interface (GSS-
API). As such extensions are designed and standardized, both at the API). As such extensions are designed and standardized (or not),
IETF and elsewhere, there is a non-trivial risk of namespace both at the IETF and elsewhere, there is a non-trivial risk of
pollution and conflicts. To avoid this we set out guidelines for namespace pollution and conflicts. To avoid this we set out
extending the GSS-API and create IANA registries of GSS-API guidelines for extending the GSS-API and direct the creation of an
namespaces. IANA registry for GSS-API namespaces.
Registrations of individual items and sub-namespaces are allowed. Registrations of individual items and sub-namespaces are allowed.
Each sub-namespace may provide different rules for registration, Each sub-namespace may provide different rules for registration,
e.g., for mechanism-specific and private-use extensions. All e.g., for mechanism-specific and private-use extensions. All
Standards-Track uses of the GSS-API namespaces will be registered Standards-Track uses of the GSS-API namespaces will be registered as
directly with the IANA subsequent to the create of the registries or part of the RFC publication process. See Section 8.2.
when the document is published.
3. Extensions to the GSS-API 3. Extensions to the GSS-API
Extensions to the GSS-API can be categorized as follows: Extensions to the GSS-API can be categorized as follows:
o Abstract API extensions o Abstract API extensions
o Implementation-specific o Implementation-specific
o Mechanism-specific o Mechanism-specific
o Language binding-specific o Language binding-specific
Extensions to the GSS-API may be purely semantic, without effect on Extensions to the GSS-API may be purely semantic, without effect on
skipping to change at page 4, line 23 skipping to change at page 4, line 22
Language binding specific namespaces include: Language binding specific namespaces include:
o Header/interface module names o Header/interface module names
o Object classes and/or types o Object classes and/or types
o Methods and/or functions o Methods and/or functions
o Constant names o Constant names
o Constant values o Constant values
6. Extension-Specific GSS-API Namespaces 6. Extension-Specific GSS-API Namespaces
Extensions to the GSS-API may create additional namespaces. Extensions to the GSS-API may create additional namespaces. See
Instructions to the IANA should included for the handling of such Section 8.2.
namespaces.
7. Registration Form(s) 7. Registration Form(s)
Registrations for GSS-API namespaces SHALL take the following form: Registrations for GSS-API namespaces SHALL take the following form:
+----------------+----------------------------+---------------------+ +----------------+--------------------+-----------------------------+
| Registration | Possible Values | Description | | Registration | Possible Values | Description |
| Field | | | | Field | | |
+----------------+----------------------------+---------------------+ +----------------+--------------------+-----------------------------+
| Registration | 'Instance', | Indicates whether | | Registration | 'Instance', | Indicates whether this |
| type | 'Sub-Namespace' | this entry reserves | | type | 'Sub-Namespace' | entry reserves a given |
| | | a given symbol name | | | | symbol name (and possibly, |
| | | or constant value | | | | constant value), or whether |
| | | or whether it | | | | it reserves an entire |
| | | reserves an entire | | | | sub-namespace (the name is |
| | | sub-namespace (the | | | | a "prefix") or constant |
| | | name is a "prefix") | | | | value range. |
| | | or constant value | +----------------+--------------------+-----------------------------+
| | | range. | | Bindings | 'Generic', | Indicates the name of the |
+----------------+----------------------------+---------------------+ | | 'C-bindings', | programming language that |
| Bindings | 'Generic', 'C-bindings', | Indicates the | | | 'Java', 'C#', | this registration involves, |
| | 'Java', 'C#', <programming | language bindings | | | <programming | or, if 'Generic', that this |
| | language name> | that this | | | language name> | is an entry for the generic |
| | | registration is | | | | abstract GSS-API (i.e., not |
| | | for, or, if | | | | specific to any programming |
| | | 'Generic', that | | | | language). |
| | | this is an entry | +----------------+--------------------+-----------------------------+
| | | for the generic | | Object Type | 'Data-Type', | Indicates the type of the |
| | | GSS-API, not | | | 'Function', | object(s) whose symbolic |
| | | specific to any | | | 'Method', | name or constant value this |
| | | programming | | | 'Integer', | entry registers. The |
| | | language. | | | 'String', 'OID', | possible values of this |
+----------------+----------------------------+---------------------+ | | 'Context Flag', | field depend on the |
| Object Type | 'Data-Type', 'Function', | Indicates the type | | | 'Name Type', | programming language in |
| | 'Method', 'Integer', | of the object(s) | | | 'Header File | question, therefore they |
| | 'String', 'OID', 'Context | whose symbolic name | | | Name', etcetera | are not all specified here. |
| | Flag', 'Name Type' | or constant value | +----------------+--------------------+-----------------------------+
| | | this entry | | Symbol | <Symbol name or | The name(s) of symbols or |
| | | registers. | | Name/Prefix | name prefix> | values being registered. |
+----------------+----------------------------+---------------------+ +----------------+--------------------+-----------------------------+
| Symbol | <Symbol name or name | The name(s) of | | Binding of | <Name of abstract | If the registration is for |
| Name/Prefix | prefix> | symbols or values | | | API element of | a specific language binding |
| | | being registered. | | | which this object | of the GSS-API, then this |
+----------------+----------------------------+---------------------+ | | is a binding> | names the abstract API |
| Binding of | <Name of abstract API | If the registration | | | | element of which it is a |
| | element of which this | is for a specific | | | | binding (OPTIONAL). |
| | object is a binding> | language binding of | +----------------+--------------------+-----------------------------+
| | | the GSS-API, then | | Constant | <Constant value> | The value(s) of the |
| | | this names the | | Value/Range(s) | or <constant value | constant named by the |
| | | abstract API | | | range> | <Symbol Name/Prefix> |
| | | element of which it |
| | | is a binding |
| | | (OPTIONAL). |
+----------------+----------------------------+---------------------+
| Constant | <Constant value> or | The value(s) |
| Value/Range(s) | <constant value range> | registered |
| | | (OPTIONAL). | | | | (OPTIONAL). |
+----------------+----------------------------+---------------------+ +----------------+--------------------+-----------------------------+
| Description | <Text> | Description of | | Description | <Text> | Description of object(s) |
| | | object(s) being | | | | being registered. |
| | | registered. | +----------------+--------------------+-----------------------------+
+----------------+----------------------------+---------------------+ | Registration | Values from | Describes the rules for |
| Registration | 'Protocol Action', 'Expert | Describes the rules | | Rules | [RFC2434], such as | allocation of items that |
| Rules | Review', | for allocation of | | | 'IESG Approval', | fall in this sub-namespace, |
| | 'First-Come-First-Served', | items that fall in | | | 'Expert Review', | for entries with Rgistratio |
| | 'Closed-For-Registrations' | this sub-namespace, | | | 'First Come First | Type of Sub-namespace |
| | | if this entry is | | | Served', 'Private | (OPTIONAL). For private use |
| | | for a sub-namespace | | | Use', etcetera. | sub-namespaces the |
| | | submitter MUST provide the |
| | | e-mail address of a |
| | | responsible contact. |
+----------------+--------------------+-----------------------------+
| Reference | <Reference> | Reference to document that |
| | | describes the object(s) |
| | | being registered, if any |
| | | (OPTIONAL). | | | | (OPTIONAL). |
+----------------+----------------------------+---------------------+ +----------------+--------------------+-----------------------------+
| Reference | <Reference> | Reference to | | Expert | <Name of expert | (OPTIONAL, see |
| | | document that | | Reviewer(s) | reviewers, | Section 8.2.1) |
| | | describes the | | | possibly WG names> | |
| | | object(s) being | +----------------+--------------------+-----------------------------+
| | | registered. | | Status | 'Standards-Track', | Status of the registration. |
+----------------+----------------------------+---------------------+ | | 'Informational', | |
| Expert | <Name of expert reviewers, | |
| Reviewer(s) | possibly WG names> | |
+----------------+----------------------------+---------------------+
| Status | 'Standards-Track', | Status of the |
| | 'Informational', | registration. |
| | 'Experimental', | | | | 'Experimental', | |
| | 'Obsolete', 'Other' | | | | 'Obsolete', | |
+----------------+----------------------------+---------------------+ | | 'Other' | |
+----------------+--------------------+-----------------------------+
The IANA should create a single GSS-API namespace registry, or The IANA should create a single GSS-API namespace registry, or
multiple registries, one for symbolic names and one for constant multiple registries, one for symbolic names and one for constant
values, or it may create a registry per-programming language, at its values, and/or it may create a registry per-programming language, at
convenience. its convenience.
Entries in these registries should consist of all the fields from Entries in these registries should consist of all the fields from
their corresponding registration entries. their corresponding registration entries.
Entries should be sorted by object type, progamming language, symbol Entries should be sorted by: registration type, progamming language,
name. object type, and symbol name/prefix.
<Add text on guidelines for IANA consideration of registration
applications, particularly with respect to entries lacking normative
references, "magic" entries (e.g., special values of 'time' types
which indicate something other than absolute or relative time, such
as GSS_C_INDEFINITE), expert review requirements (if any) for
registrations lacking normative references, etc....>
8. Initial Namespace Registrations
<Add registration entries for namespaces (name prefixes) for RFC2743/
RFC2744/RFC2853.>
<Add registration entries for private namespaces (name prefixes) for
implementation- and/or platform-specific extensions.>
9. IANA Considerations 8. IANA Considerations
This document deals with IANA considerations throughout. This document deals with IANA considerations throughout.
Specifically it creates a single registry of various kinds of things, Specifically it creates a single registry of various kinds of things,
thought the IANA may instead create multiple registries each for one thought the IANA may instead create multiple registries each for one
of those kinds of things. Of particular interest may be that IANA of those kinds of things. Of particular interest may be that IANA
will now be the registration authority for the GSS-API name type OID will now be the registration authority for the GSS-API name type OID
space. space.
10. Security Considerations 8.1. Initial Namespace Registrations
Initial registry content corresponding to the items defined in
[RFC2743], [RFC2744], [RFC2853], [RFC1964] and [RFC4121] and others
will be supplied during the IANA review portion of the RFC publishing
process. The KITTEN WG chairs MUST indicate that such content has
been reviewed by the WG and that there is WG consensus that the
entries are in agreement with those RFCs.
8.2. Registration Maintenance Guidelines
Standards-Track RFCs can create new items with any non-conflicting
Symbol Name/Prefix value for this registry by virtue of IESG approval
to publish as a Standards-Track RFC. The status of such entries
SHALL initially be as specified by the RFC (defaulting to 'Standards-
Track').
Standards-Track RFCs can mark existing entries as obsolete or
historic, and can even create conflicting entries if explicitly
stated (the IESG, of course, should review conflicts very carefully).
IANA shall also consider submissions from individuals, and via
Informational and Experimental RFCs, subject to Expert Review. IANA
SHALL allow such registrations if a) they are not conflicting, and b)
if expert review passes. Guidelines for expert reviews are given
below. The Status of any such registrations SHALL agree with the
Status of the source RFC, or, for individual registrations, 'Other'.
8.2.1. Expert Reviews of Individual Submissions
Expert review selection SHALL be as follows. If, at the time that
the IANA receives an individual submission for registration in this
registry, there is are any IETF Working Groups chartered to produce
GSS-API-related documents, then the IANA SHALL ask the chairs of such
WGs to be expert reviewers or to name one. If there are no such WGs
at that time, then the IANA SHALL ask past chairs of the KITTEN WG
and the author/editor of this RFC to act as expert reviewers or name
an alternate.
Expert reviewers of individual registration submissions with
Registration Type == Sub-namespace should check that the registration
request has a suitable description (which need not be sufficiently
detailsed for others to implement) and that the Symbol Name/Prefix is
sufficiently descriptive of the purpose of the sub-namespace or the
name of the submitter or associated company.
Expert reviewers of individual registration submissions with
Registration Type == Instance should check that the Symbol Name falls
under a sub-namespace controlled by the submitter and that the Status
of the submission is "Informational." Registration of such entries
which do not fall under such a sub-namespace may be allowed provided
that they correspond to long existing non-standard extensions to the
GSS-API and this can be easily checked or demonstrated, otherwise
IESG Protocol Action is REQUIRED (see previous section). Also,
reviewers should check that any registration of constant values for
types which have Standard-Track status have a detailed description
that is suitable for other implementors to reproduce, and that they
don't conflict with other usages or are otherwise dangerous in the
reviewers estimation.
9. Security Considerations
This document has no security considerations. This document has no security considerations.
11. Normative References 10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998.
10.2. Informative References
[RFC1964] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
RFC 1964, June 1996.
[RFC2743] Linn, J., "Generic Security Service Application Program [RFC2743] Linn, J., "Generic Security Service Application Program
Interface Version 2, Update 1", RFC 2743, January 2000. Interface Version 2, Update 1", RFC 2743, January 2000.
[RFC2744] Wray, J., "Generic Security Service API Version 2 : [RFC2744] Wray, J., "Generic Security Service API Version 2 :
C-bindings", RFC 2744, January 2000. C-bindings", RFC 2744, January 2000.
[RFC2853] Kabat, J. and M. Upadhyay, "Generic Security Service API
Version 2 : Java Bindings", RFC 2853, June 2000.
[RFC4121] Zhu, L., Jaganathan, K., and S. Hartman, "The Kerberos
Version 5 Generic Security Service Application Program
Interface (GSS-API) Mechanism: Version 2", RFC 4121,
July 2005.
Author's Address Author's Address
Nicolas Williams Nicolas Williams
Sun Microsystems Sun Microsystems
5300 Riata Trace Ct 5300 Riata Trace Ct
Austin, TX 78727 Austin, TX 78727
US US
Email: Nicolas.Williams@sun.com Email: Nicolas.Williams@sun.com
 End of changes. 20 change blocks. 
126 lines changed or deleted 189 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/