draft-ietf-kitten-gssapi-extensions-iana-06.txt   draft-ietf-kitten-gssapi-extensions-iana-07.txt 
NETWORK WORKING GROUP N. Williams NETWORK WORKING GROUP N. Williams
Internet-Draft Sun Internet-Draft Cryptonector LLC
Intended status: Standards Track April 1, 2009 Intended status: Standards Track A. Melnikov
Expires: October 3, 2009 Expires: December 1, 2012 Isode Ltd
May 30, 2012
Namespace Considerations and Registries for GSS-API Extensions Namespace Considerations and Registries for GSS-API Extensions
draft-ietf-kitten-gssapi-extensions-iana-06.txt draft-ietf-kitten-gssapi-extensions-iana-07.txt
Abstract
This document describes the ways in which the GSS-API may be extended
and directs the creation of an IANA registry for various GSS-API
namespaces.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on December 1, 2012.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 3, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents
publication of this document (http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Abstract include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
This document describes the ways in which the GSS-API may be extended described in the Simplified BSD License.
and directs the creation of an IANA registry for various GSS-API
namespaces.
Table of Contents Table of Contents
1. Conventions used in this document . . . . . . . . . . . . 3 1. Conventions used in this document . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3
3. Extensions to the GSS-API . . . . . . . . . . . . . . . . 3 3. Extensions to the GSS-API . . . . . . . . . . . . . . . . 3
4. Generic GSS-API Namespaces . . . . . . . . . . . . . . . . 3 4. Generic GSS-API Namespaces . . . . . . . . . . . . . . . . 3
5. Language Binding-Specific GSS-API Namespaces . . . . . . . 4 5. Language Binding-Specific GSS-API Namespaces . . . . . . . 4
6. Extension-Specific GSS-API Namespaces . . . . . . . . . . 4 6. Extension-Specific GSS-API Namespaces . . . . . . . . . . 4
7. Registration Form . . . . . . . . . . . . . . . . . . . . 4 7. Registration Form . . . . . . . . . . . . . . . . . . . . 4
8. IANA Considerations . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . 7
8.1. Initial Namespace Registrations . . . . . . . . . . . . . 7 8.1. Initial Namespace Registrations . . . . . . . . . . . . . 7
8.2. Registration Maintenance Guidelines . . . . . . . . . . . 7 8.2. Registration Maintenance Guidelines . . . . . . . . . . . 7
8.2.1. Sub-Namespace Symbol Pattern Matching . . . . . . . . . . 7 8.2.1. Sub-Namespace Symbol Pattern Matching . . . . . . . . . . 7
8.2.2. Expert Reviews of Individual Submissions . . . . . . . . . 7 8.2.2. Expert Reviews of Individual Submissions . . . . . . . . . 8
8.2.3. Change Control . . . . . . . . . . . . . . . . . . . . . . 8 8.2.3. Change Control . . . . . . . . . . . . . . . . . . . . . . 9
9. Security Considerations . . . . . . . . . . . . . . . . . 9 9. Security Considerations . . . . . . . . . . . . . . . . . 9
10. References . . . . . . . . . . . . . . . . . . . . . . . . 9 10. References . . . . . . . . . . . . . . . . . . . . . . . . 9
10.1. Normative References . . . . . . . . . . . . . . . . . . . 9 10.1. Normative References . . . . . . . . . . . . . . . . . . . 9
10.2. Informative References . . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . 10
1. Conventions used in this document 1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Introduction 2. Introduction
There is a need for private-use and mechanism-specific extensions to There is a need for private-use and mechanism-specific extensions to
skipping to change at page 4, line 31 skipping to change at page 4, line 31
Section 8.2. Section 8.2.
7. Registration Form 7. Registration Form
Registrations for GSS-API namespaces SHALL take the following form: Registrations for GSS-API namespaces SHALL take the following form:
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Registration | Possible Values | Description | | Registration | Possible Values | Description |
| Field | | | | Field | | |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Registration | 'Instance', | Indicates whether this entry |
| type | 'Sub-Namespace' | reserves a given symbol name |
| | | (and possibly, constant |
| | | value), or whether it |
| | | reserves an entire |
| | | sub-namespace (the name is a |
| | | pattern) or constant value |
| | | range. |
+--------------+---------------------+------------------------------+
| Bindings | 'Generic', | Indicates the name of the | | Bindings | 'Generic', | Indicates the name of the |
| | 'C-bindings', | programming language that | | | 'C-bindings', | programming language that |
| | 'Java', 'C#', | this registration involves, | | | 'Java', 'C#', | this registration involves, |
| | <programming | or, if 'Generic', that this | | | <programming | or, if 'Generic', that this |
| | language name> | is an entry for the generic | | | language name> | is an entry for the generic |
| | | abstract GSS-API (i.e., not | | | | abstract GSS-API (i.e., not |
| | | specific to any programming | | | | specific to any programming |
| | | language). | | | | language). |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Registration | 'Instance', | Indicates whether this entry |
| type | 'Sub-Namespace' | reserves a given symbol name |
| | | (and possibly, constant |
| | | value), or whether it |
| | | reserves an entire |
| | | sub-namespace (the name is a |
| | | pattern) or constant value |
| | | range. |
+--------------+---------------------+------------------------------+
| Object Type | 'Data-Type', | Indicates the type of the | | Object Type | 'Data-Type', | Indicates the type of the |
| | 'Function', | object whose symbolic name | | | 'Function', | object whose symbolic name |
| | 'Method', | or constant value this entry | | | 'Method', | or constant value this entry |
| | 'Integer', | registers. The possible | | | 'Integer', | registers. The possible |
| | 'String', 'OID', | values of this field depend | | | 'String', 'OID', | values of this field depend |
| | 'Context-Flag', | on the programming language | | | 'Context-Flag', | on the programming language |
| | 'Name-Type', | in question, therefore they | | | 'Name-Type', | in question, therefore they |
| | 'Macro', | are not all specified here. | | | 'Macro', | are not all specified here. |
| | 'Header-File-Name', | | | | 'Header-File-Name', | |
| | 'Module-Name', | | | | 'Module-Name', | |
| | 'Class', etcetera | | | | 'Class', etcetera | |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Symbol | <Symbol name or | The name of a symbol or | | Symbol | <Symbol name or | The name of a symbol or |
| Name/Prefix | name pattern> | symbol sub-namespace being | | Name/Prefix | name pattern> | symbol sub-namespace being |
| | | registered. See | | | | registered. See |
| | | Section 8.2.1 | | | | Section 8.2.1 |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Binding of | <Name of abstract | If the registration is for a | | Binding of | <Name of abstract | If the registration is for a |
| | API element of | specific language binding of | | | API element of | specific language binding of |
| | which this object | the GSS-API, then this names | | | which this object | the GSS-API, then this names |
| | is a binding> | the abstract API element of | | | is a binding> | the abstract API element of |
| | | which it is a binding | | | | which it is a binding |
| | | (OPTIONAL). | | | | (OPTIONAL). |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Constant | <Constant value> or | The value of the constant | | Constant | <Constant value> or | The value of the constant |
| Value/Range | <constant value | named by the <Symbol | | Value/Range | <constant value | named by the <Symbol |
| | range> | Name/Prefix>. This field is | | | range> | Name/Prefix>. This field is |
| | | present only for Instance | | | | present only for Instance |
| | | and Sub-namespace | | | | and Sub-namespace |
| | | registrations of Constant | | | | registrations of Constant |
| | | object types. | | | | object types. |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Description | <Text> | Description of the | | Description | <Text> | Description of the |
| | | registration. Multiple | | | | registration. Multiple |
| | | instances of this field may | | | | instances of this field may |
| | | result (see Section 8.2.3). | | | | result (see Section 8.2.3). |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Registration | Values from | Describes the rules for | | Registration | Values from | Describes the rules for |
| Rules | [RFC5226], such as | allocation of items that | | Rules | [RFC5226], such as | allocation of items that |
| | 'IESG Approval', | fall in this sub-namespace, | | | 'IESG Approval', | fall in this sub-namespace, |
| | 'Expert Review', | for entries with | | | 'Expert Review', | for entries with |
| | 'First Come First | Registration Type of | | | 'First Come First | Registration Type of |
| | Served', 'Private | Sub-namespace (OPTIONAL). | | | Served', 'Private | Sub-namespace (OPTIONAL). |
| | Use', etcetera. | For private use | | | Use', etcetera. | For private use |
| | | sub-namespaces the submitter | | | | sub-namespaces the submitter |
| | | MUST provide the e-mail | | | | MUST provide the e-mail |
| | | address of a responsible | | | | address of a responsible |
| | | contact. | | | | contact. If this field is |
| | | not specified for a |
| | | sub-namespace, the default |
| | | registration rules specified |
| | | in Section 8.2 apply. |
+--------------+---------------------+------------------------------+
| Reference | <Reference> | Reference to document that | | Reference | <Reference> | Reference to document that |
| | | describes the registration, | | | | describes the registration, |
| | | if any (OPTIONAL). Multiple | | | | if any (OPTIONAL). Multiple |
| | | instances of this field are | | | | instances of this field are |
| | | allowed, with one reference | | | | allowed, with one reference |
| | | each. | | | | each. |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Expert | <Name of expert | OPTIONAL, see Section 8.2.2. | | Expert | <Name of expert | OPTIONAL, see Section 8.2.2. |
| Reviewer | reviewers, possibly | Multiple instances of this | | Reviewer | reviewers, possibly | Multiple instances of this |
| | WG names> | field are allowed, with one | | | WG names> | field are allowed, with one |
| | | expert reviewer | | | | expert reviewer |
| | | per-instance. | | | | per-instance. Leave this |
| | | field blank when requesting |
| | | a registration. It will be |
| | | filled in by the Expert who |
| | | reviews the registration. |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Expert | <Notes from the | Expert reviewers may request | | Expert | <Notes from the | Expert reviewers may request |
| Review Notes | expert review> | that some comments be | | Review Notes | expert review> | that some comments be |
| | | included with the | | | | included with the |
| | | registration, e.g., | | | | registration, e.g., |
| | | regarding security | | | | regarding security |
| | | considerations of the | | | | considerations of the |
| | | registered extension. | | | | registered extension. |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Status | 'Registered', | Status of the registration. | | Status | 'Registered' or | Status of the registration. |
| | 'Obsoleted' | | | | 'Obsoleted' | |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
| Obsoleting | <Reference> | Reference to document, if | | Obsoleting | <Reference> | Reference to document, if |
| Reference | | any, that obsoletes this | | Reference | | any, that obsoletes this |
| | | registration. Multiple | | | | registration. Multiple |
| | | instances of this field are | | | | instances of this field are |
| | | allowed, with one reference | | | | allowed, with one reference |
| | | each. (OPTIONAL) | | | | each. (OPTIONAL) |
+--------------+---------------------+------------------------------+ +--------------+---------------------+------------------------------+
The IANA should create a single GSS-API namespace registry, or The IANA should create a single GSS-API namespace registry, or
multiple registries, one for symbolic names and one for constant multiple registries, one for symbolic names and one for constant
values, and/or it may create a registry per-programming language, at values, and/or it may create a registry per-programming language, at
its convenience. its convenience.
Entries in these registries should consist of all the fields from Entries in these registries should consist of all the fields from
their corresponding registration entries. their corresponding registration entries.
Entries should be sorted by: registration type, progamming language, Entries should be sorted by: programming language, registration type,
object type, and symbol name/pattern. object type, and symbol name/pattern.
8. IANA Considerations 8. IANA Considerations
This document deals with IANA considerations throughout. This document deals with IANA considerations throughout.
Specifically it creates a single registry of various kinds of things, Specifically it creates a single registry of various kinds of things,
thought the IANA may instead create multiple registries each for one though the IANA may instead create multiple registries each for one
of those kinds of things. Of particular interest may be that IANA of those kinds of things. Of particular interest may be that IANA
will now be the registration authority for the GSS-API name type OID will now be the registration authority for the GSS-API name type OID
space. space.
8.1. Initial Namespace Registrations 8.1. Initial Namespace Registrations
Initial registry content corresponding to the items defined in Initial registry content corresponding to the items defined in
[RFC2743], [RFC2744], [RFC2853], [RFC1964] and [RFC4121] and others [RFC2743], [RFC2744], [RFC2853], [RFC1964] and [RFC4121] and others
will be supplied during the IANA review portion of the RFC publishing will be supplied during the IANA review portion of the RFC publishing
process. The KITTEN WG chairs MUST indicate that such content has process. [[Note to RFC Editor: Delete the following sentence before
been reviewed by the WG and that there is WG consensus that the publication:]] The KITTEN WG chairs MUST indicate that such content
has been reviewed by the WG and that there is WG consensus that the
entries are in agreement with those RFCs. entries are in agreement with those RFCs.
8.2. Registration Maintenance Guidelines 8.2. Registration Maintenance Guidelines
Standards-Track RFCs can create new items with any non-conflicting Standards-Track RFCs can create new items with any non-conflicting
Symbol Name/Prefix value for this registry by virtue of IESG approval Symbol Name/Prefix value for this registry by virtue of IESG approval
to publish as a Standards-Track RFC -- that is, without additional to publish as a Standards-Track RFC -- that is, without additional
expert review. expert review.
Standards-Track RFCs can mark existing entries as obsolete, and can Standards-Track RFCs can mark existing entries as obsolete, and can
skipping to change at page 8, line 15 skipping to change at page 8, line 24
that the IANA receives an individual submission for registration in that the IANA receives an individual submission for registration in
this registry, there is are any IETF Working Groups chartered to this registry, there is are any IETF Working Groups chartered to
produce GSS-API-related documents, then the IANA SHALL ask the chairs produce GSS-API-related documents, then the IANA SHALL ask the chairs
of such WGs to be expert reviewers or to name one. If there are no of such WGs to be expert reviewers or to name one. If there are no
such WGs at that time, then the IANA SHALL ask past chairs of the such WGs at that time, then the IANA SHALL ask past chairs of the
KITTEN WG and the author/editor of this RFC to act as expert KITTEN WG and the author/editor of this RFC to act as expert
reviewers or name an alternate. reviewers or name an alternate.
Expert reviewers of individual registration submissions with Expert reviewers of individual registration submissions with
Registration Type == Sub-namespace should check that the registration Registration Type == Sub-namespace should check that the registration
request has a suitable description (which need not be sufficiently request has a suitable description (which doesn't need to be
detailsed for others to implement) and that the Symbol Name/Prefix is sufficiently detailed for others to implement) and that the Symbol
sufficiently descriptive of the purpose of the sub-namespace or Name/Prefix is sufficiently descriptive of the purpose of the sub-
reflective of the name of the submitter or associated company. namespace or reflective of the name of the submitter or associated
company.
Expert reviewers of individual registration submissions with Expert reviewers of individual registration submissions with
Registration Type == Instance should check that the Symbol Name falls Registration Type == Instance should check that the Symbol Name falls
under a sub-namespace controlled by the submitter. Registration of under a sub-namespace controlled by the submitter. Registration of
such entries which do not fall under such a sub-namespace may be such entries which do not fall under such a sub-namespace may be
allowed provided that they correspond to long existing non-standard allowed provided that they correspond to long existing non-standard
extensions to the GSS-API and this can be easily checked or extensions to the GSS-API and this can be easily checked or
demonstrated, otherwise IESG Protocol Action is REQUIRED (see demonstrated, otherwise IESG Protocol Action is REQUIRED (see
previous section). Also, reviewers should check that any previous section). Also, reviewers should check that any
registration of constant values have a detailed description that is registration of constant values have a detailed description that is
skipping to change at page 8, line 47 skipping to change at page 9, line 9
GSS_Accept_sec_context which have new input and/or output parameters GSS_Accept_sec_context which have new input and/or output parameters
which imply changes on the wire or in behaviour that may result in which imply changes on the wire or in behaviour that may result in
interoperability issues. A reviewer could choose to add notes to the interoperability issues. A reviewer could choose to add notes to the
registration describing such issues, or the reviewer might conclude registration describing such issues, or the reviewer might conclude
that the danger to Internet interoperability is sufficient to warrant that the danger to Internet interoperability is sufficient to warrant
rejecting the registration. rejecting the registration.
8.2.3. Change Control 8.2.3. Change Control
Registered entries may be marked obsoleted using the same expert Registered entries may be marked obsoleted using the same expert
review process as for registering entries. Obsoleted entries are review process as for registering new entries. Obsoleted entries are
not, however, to be deleted, but merely marked having Obsoleted not, however, to be deleted, but merely marked having Obsoleted
Status. Note that entries may be created as obsoleted to record the Status. Note that entries may be created as obsoleted to record the
fact that the given symbol(s) have been used before, even though fact that the given symbol(s) have been used before, even though
continued use of them is discouraged. continued use of them is discouraged.
Registered entries may also be updated in two other ways: additional Registered entries may also be updated in two other ways: additional
references, obsoleting references, and descriptions may be added. references, obsoleting references, and descriptions may be added.
All changes are subject to expert review. The submitter of a change All changes are subject to expert review. The submitter of a change
request need not be the same as the original submitter. request need not be the same as the original submitter.
Registrations may be modified by addtion, but under no circumstance Registrations may be modified by addition, but under no circumstance
may any fields be modified except for the Status field. may any fields be modified except for the Status field or Contact
Address, or to correct for transcription errors in filing or
processing registration requests.
The IANA SHALL add a field describing the date that a an addition or The IANA SHALL add a field describing the date that a an addition or
modification was made, and a description of the change. modification was made, and a description of the change.
9. Security Considerations 9. Security Considerations
General security considerations relating to IANA registration General security considerations relating to IANA registration
services apply; see [RFC5226]. services apply; see [RFC5226].
Also, expert reviewers should look for and may document security Also, expert reviewers should look for and may document security
skipping to change at page 10, line 13 skipping to change at page 10, line 25
C-bindings", RFC 2744, January 2000. C-bindings", RFC 2744, January 2000.
[RFC2853] Kabat, J. and M. Upadhyay, "Generic Security Service API [RFC2853] Kabat, J. and M. Upadhyay, "Generic Security Service API
Version 2 : Java Bindings", RFC 2853, June 2000. Version 2 : Java Bindings", RFC 2853, June 2000.
[RFC4121] Zhu, L., Jaganathan, K., and S. Hartman, "The Kerberos [RFC4121] Zhu, L., Jaganathan, K., and S. Hartman, "The Kerberos
Version 5 Generic Security Service Application Program Version 5 Generic Security Service Application Program
Interface (GSS-API) Mechanism: Version 2", RFC 4121, Interface (GSS-API) Mechanism: Version 2", RFC 4121,
July 2005. July 2005.
Author's Address Authors' Addresses
Nicolas Williams Nicolas Williams
Sun Microsystems Cryptonector LLC
5300 Riata Trace Ct
Austin, TX 78727
US
Email: Nicolas.Williams@sun.com Email: nico@cryptonector.com
Alexey Melnikov
Isode Ltd
5 Castle Business Village
36 Station Road
Hampton, Middlesex TW12 2BX
UK
Email: Alexey.Melnikov@isode.com
 End of changes. 31 change blocks. 
66 lines changed or deleted 75 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/