draft-ietf-kitten-gssapi-extensions-iana-08.txt   draft-ietf-kitten-gssapi-extensions-iana-09.txt 
NETWORK WORKING GROUP N. Williams NETWORK WORKING GROUP N. Williams
Internet-Draft Cryptonector LLC Internet-Draft Cryptonector LLC
Intended status: Standards Track A. Melnikov Intended status: Standards Track A. Melnikov
Expires: April 19, 2014 Isode Ltd Expires: July 17, 2015 Isode Ltd
October 16, 2013 January 13, 2015
Namespace Considerations and Registries for GSS-API Extensions Namespace Considerations and Registries for GSS-API Extensions
draft-ietf-kitten-gssapi-extensions-iana-08.txt draft-ietf-kitten-gssapi-extensions-iana-09.txt
Abstract Abstract
This document describes the ways in which the GSS-API may be extended This document describes the ways in which the GSS-API may be extended
and directs the creation of an IANA registry for various GSS-API and directs the creation of an IANA registry for various GSS-API
namespaces. namespaces.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 19, 2014. This Internet-Draft will expire on July 17, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Conventions used in this document . . . . . . . . . . . . . . 2 1. Conventions used in this document . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Extensions to the GSS-API . . . . . . . . . . . . . . . . . . 2 3. Extensions to the GSS-API . . . . . . . . . . . . . . . . . . 2
4. Generic GSS-API Namespaces . . . . . . . . . . . . . . . . . 3 4. Generic GSS-API Namespaces . . . . . . . . . . . . . . . . . 3
5. Language Binding-Specific GSS-API Namespaces . . . . . . . . 3 5. Language Binding-Specific GSS-API Namespaces . . . . . . . . 3
6. Extension-Specific GSS-API Namespaces . . . . . . . . . . . . 3 6. Extension-Specific GSS-API Namespaces . . . . . . . . . . . . 4
7. Registration Form . . . . . . . . . . . . . . . . . . . . . . 4 7. Registration Form . . . . . . . . . . . . . . . . . . . . . . 4
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8.1. Initial Namespace Registrations . . . . . . . . . . . . . . 7 8.1. Initial Namespace Registrations . . . . . . . . . . . . . . 7
8.2. Registration Maintenance Guidelines . . . . . . . . . . . . 7 8.1.1. Example registrations . . . . . . . . . . . . . . . . . . 7
8.2.1. Sub-Namespace Symbol Pattern Matching . . . . . . . . . . 7 8.2. Registration Maintenance Guidelines . . . . . . . . . . . . 9
8.2.2. Expert Reviews of Individual Submissions . . . . . 8 8.2.1. Sub-Namespace Symbol Pattern Matching . . . . . . . . . . 9
8.2.3. Change Control . . . . . . . . . . . . . . . . . . . . . 9 8.2.2. Expert Reviews of Individual Submissions . . . . . 10
9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8.2.3. Change Control . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 9. Security Considerations . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
10.2. Informative References . . . . . . . . . . . . . . . . . . 10 10.1. Normative References . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 10.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Conventions used in this document 1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Introduction 2. Introduction
There is a need for private-use and mechanism-specific extensions to There is a need for private-use and mechanism-specific extensions to
skipping to change at page 4, line 4 skipping to change at page 4, line 6
o Object classes and/or types o Object classes and/or types
o Methods and/or functions o Methods and/or functions
o Constant names o Constant names
o Constant values o Constant values
6. Extension-Specific GSS-API Namespaces 6. Extension-Specific GSS-API Namespaces
Extensions to the GSS-API may create additional namespaces. See Extensions to the GSS-API may create additional namespaces. See
Section 8.2. Section 8.2.
7. Registration Form 7. Registration Form
Registrations for GSS-API namespaces SHALL take the following form: Registrations for GSS-API namespaces SHALL take the following form:
+----------------+-------------------------+------------------------+ +--------------+---------------------+------------------------------+
| Registration | Possible Values | Description | | Registration | Possible Values | Description |
| Field | | | | Field | | |
+----------------+-------------------------+------------------------+ +--------------+---------------------+------------------------------+
| Bindings | 'Generic', | Indicates the name of | | Bindings | 'Generic', | Indicates the name of the |
| | 'C-bindings', 'Java', | the programming | | | 'C-bindings', | programming language that |
| | 'C#', <programming | language that this | | | 'Java', 'C#', | this registration involves, |
| | language name> | registration involves, | | | <programming | or, if 'Generic', that this |
| | | or, if 'Generic', that | | | language name> | is an entry for the generic |
| | | this is an entry for | | | | abstract GSS-API (i.e., not |
| | | the generic abstract | | | | specific to any programming |
| | | GSS-API (i.e., not | | | | language). |
| | | specific to any | +--------------+---------------------+------------------------------+
| | | programming language). | | Registration | 'Instance', 'Sub- | Indicates whether this entry |
+----------------+-------------------------+------------------------+ | type | Namespace' | reserves a given symbol name |
| Registration | 'Instance', 'Sub- | Indicates whether this | | | | (and possibly, constant |
| type | Namespace' | entry reserves a given | | | | value), or whether it |
| | | symbol name (and | | | | reserves an entire sub- |
| | | possibly, constant | | | | namespace (the name is a |
| | | value), or whether it | | | | pattern) or constant value |
| | | reserves an entire | | | | range. |
| | | sub-namespace (the | +--------------+---------------------+------------------------------+
| | | name is a pattern) or | | Object Type | <Symbol> defined by | Indicates the type of the |
| | | constant value range. | | | the binding | object whose symbolic name |
+----------------+-------------------------+------------------------+ | | language (for | or constant value this entry |
| Object Type | <Symbol> defined by the | Indicates the type of | | | example 'Data- | registers. The possible |
| | binding language (for | the object whose | | | Type', 'Function', | values of this field depend |
| | example 'Data-Type', | symbolic name or | | | 'Method', | on the programming language |
| | 'Function', 'Method', | constant value this | | | 'Integer', | in question, therefore they |
| | 'Integer', 'String', | entry registers. The | | | 'String', 'OID', | are not all specified here. |
| | 'OID', 'Context-Flag', | possible values of | | | 'Context-Flag', | |
| | 'Name-Type', 'Macro', | this field depend on | | | 'Name-Type', | |
| | 'Header-File-Name', | the programming | | | 'Macro', 'Header- | |
| | 'Module-Name', 'Class') | language in question, | | | File-Name', | |
| | | therefore they are not | | | 'Module-Name', | |
| | | all specified here. | | | 'Class') | |
+----------------+-------------------------+------------------------+ +--------------+---------------------+------------------------------+
| Symbol | <Symbol name or name | The name of a symbol | | Symbol | <Symbol name or | The name of a symbol or |
| Name/Prefix | pattern> | or symbol sub- | | Name/Prefix | name pattern> | symbol sub-namespace being |
| | | namespace being | | | | registered. See Section |
| | | registered. See | | | | 8.2.1 |
| | | Section 8.2.1 | +--------------+---------------------+------------------------------+
+----------------+-------------------------+------------------------+ | Binding of | <Name of abstract | If the registration is for a |
| Binding of | <Name of abstract API | If the registration is | | | API element of | specific language binding of |
| | element of which this | for a specific | | | which this object | the GSS-API, then this names |
| | object is a binding> | language binding of | | | is a binding> | the abstract API element of |
| | | the GSS-API, then this | | | | which it is a binding |
| | | names the abstract API | | | | (OPTIONAL). |
| | | element of which it is | +--------------+---------------------+------------------------------+
| | | a binding (OPTIONAL). | | Constant | <Constant value> or | The value of the constant |
+----------------+-------------------------+------------------------+ | Value/Range | <constant value | named by the <Symbol |
| Constant | <Constant value> or | The value of the | | | range> | Name/Prefix>. This field is |
| Value/Range | <constant value range> | constant named by the | | | | present only for Instance |
| | | <Symbol Name/Prefix>. | | | | and Sub-namespace |
| | | This field is present | | | | registrations of Constant |
| | | only for Instance and | | | | object types. |
| | | Sub-namespace | +--------------+---------------------+------------------------------+
| | | registrations of | | Description | <Text> | Description of the |
| | | Constant object types. | | | | registration. Multiple |
+----------------+-------------------------+------------------------+ | | | instances of this field may |
| Description | <Text> | Description of the | | | | result (see Section 8.2.3). |
| | | registration. | +--------------+---------------------+------------------------------+
| | | Multiple instances of | | Registration | <Reference> to an | Describes the rules for |
| | | this field may result | | Rules | IANA registration | allocation of items that |
| | | (see Section 8.2.3). | | | Policy defined in | fall in this sub-namespace, |
+----------------+-------------------------+------------------------+ | | [RFC5226] (or an | for entries with |
| Registration | <Reference> to an IANA | Describes the rules | | | RFC that updates | Registration Type of Sub- |
| Rules | registration Policy | for allocation of | | | it), for instance | namespace (OPTIONAL). For |
| | defined in [RFC5226] | items that fall in | | | 'IESG Approval', | private use sub-namespaces |
| | (or an RFC that updates | this sub-namespace, | | | 'Expert Review', | the submitter MUST provide |
| | it), for instance 'IESG | for entries with | | | 'First Come First | the e-mail address of a |
| | Approval', 'Expert | Registration Type of | | | Served', 'Private | responsible contact. If |
| | Review', 'First Come | Sub-namespace | | | Use'. | this field is not specified |
| | First Served', 'Private | (OPTIONAL). For | | | | for a sub-namespace, the |
| | Use'. | private use sub- | | | | default registration rules |
| | | namespaces the | | | | specified in Section 8.2 |
| | | submitter MUST provide | | | | apply. |
| | | the e-mail address of | +--------------+---------------------+------------------------------+
| | | a responsible contact. | | Reference | <Reference> | Reference to a document that |
| | | If this field is not | | | | describes the registration, |
| | | specified for a sub- | | | | if any (OPTIONAL). Multiple |
| | | namespace, the default | | | | instances of this field are |
| | | registration rules | | | | allowed, with one reference |
| | | specified in Section | | | | each. |
| | | 8.2 apply. | +--------------+---------------------+------------------------------+
+----------------+-------------------------+------------------------+ | Expert | <Name of expert | OPTIONAL, see Section 8.2.2. |
| Reference | <Reference> | Reference to a | | Reviewer | reviewers, possibly | Multiple instances of this |
| | | document that | | | WG names> | field are allowed, with one |
| | | describes the | | | | expert reviewer per- |
| | | registration, if any | | | | instance. Leave this field |
| | | (OPTIONAL). Multiple | | | | blank when requesting a |
| | | instances of this | | | | registration. It will be |
| | | field are allowed, | | | | filled in by the Expert who |
| | | with one reference | | | | reviews the registration. |
| | | each. | +--------------+---------------------+------------------------------+
+----------------+-------------------------+------------------------+ | Expert | <Notes from the | Expert reviewers may request |
| Expert | <Name of expert | OPTIONAL, see Section | | Review Notes | expert review> | that some comments be |
| Reviewer | reviewers, possibly WG | 8.2.2. Multiple | | | | included with the |
| | names> | instances of this | | | | registration, e.g., |
| | | field are allowed, | | | | regarding security |
| | | with one expert | | | | considerations of the |
| | | reviewer per-instance. | | | | registered extension. |
| | | Leave this field blank | +--------------+---------------------+------------------------------+
| | | when requesting a | | Status | 'Registered' or | Status of the registration. |
| | | registration. It will | | | 'Obsoleted' | |
| | | be filled in by the | +--------------+---------------------+------------------------------+
| | | Expert who reviews the | | Obsoleting | <Reference> | Reference to a document, if |
| | | registration. | | Reference | | any, that obsoletes this |
+----------------+-------------------------+------------------------+ | | | registration. Multiple |
| Expert Review | <Notes from the expert | Expert reviewers may | | | | instances of this field are |
| Notes | review> | request that some | | | | allowed, with one reference |
| | | comments be included | | | | each. (OPTIONAL) |
| | | with the registration, | +--------------+---------------------+------------------------------+
| | | e.g., regarding |
| | | security |
| | | considerations of the |
| | | registered extension. |
+----------------+-------------------------+------------------------+
| Status | 'Registered' or | Status of the |
| | 'Obsoleted' | registration. |
+----------------+-------------------------+------------------------+
| Obsoleting | <Reference> | Reference to a |
| Reference | | document, if any, that |
| | | obsoletes this |
| | | registration. |
| | | Multiple instances of |
| | | this field are |
| | | allowed, with one |
| | | reference each. |
| | | (OPTIONAL) |
+----------------+-------------------------+------------------------+
The IANA should create a single GSS-API namespace registry, or The IANA should create a single GSS-API namespace registry, or
multiple registries, one for symbolic names and one for constant multiple registries, one for symbolic names and one for constant
values, and/or it may create a registry per-programming language, at values, and/or it may create a registry per-programming language, at
its convenience. its convenience.
Entries in these registries should consist of all the fields from Entries in these registries should consist of all the fields from
their corresponding registration entries. their corresponding registration entries.
Entries should be sorted by: programming language, registration type, Entries should be sorted by: programming language, registration type,
skipping to change at page 7, line 30 skipping to change at page 7, line 15
8.1. Initial Namespace Registrations 8.1. Initial Namespace Registrations
Initial registry content corresponding to the items defined in Initial registry content corresponding to the items defined in
[RFC2743], [RFC2744], [RFC2853], [RFC1964] and [RFC4121] and others [RFC2743], [RFC2744], [RFC2853], [RFC1964] and [RFC4121] and others
will be supplied during the IANA review portion of the RFC publishing will be supplied during the IANA review portion of the RFC publishing
process. [[Note to RFC Editor: Delete the following sentence before process. [[Note to RFC Editor: Delete the following sentence before
publication:]] The KITTEN WG chairs MUST indicate that such content publication:]] The KITTEN WG chairs MUST indicate that such content
has been reviewed by the WG and that there is WG consensus that the has been reviewed by the WG and that there is WG consensus that the
entries are in agreement with those RFCs. entries are in agreement with those RFCs.
8.1.1. Example registrations
In order to sanity check recommended IANA registration templates,
this section registers several entries.
+--------------------+----------------------------------------------+
| Registration Field | Possible Values |
+--------------------+----------------------------------------------+
| Bindings | C-bindings |
+--------------------+----------------------------------------------+
| Registration type | Instance |
+--------------------+----------------------------------------------+
| Object Type | Function |
+--------------------+----------------------------------------------+
| Symbol Name | gss_init_sec_context |
+--------------------+----------------------------------------------+
| Binding of | GSS_Init_sec_context |
+--------------------+----------------------------------------------+
| Constant | N/A |
| Value/Range | |
+--------------------+----------------------------------------------+
| Description | Create a security context by initiator |
+--------------------+----------------------------------------------+
| Registration Rules | N/A |
+--------------------+----------------------------------------------+
| Reference | RFC 2744 |
+--------------------+----------------------------------------------+
| Expert Reviewer | Kitten WG |
+--------------------+----------------------------------------------+
| Expert Review | |
| Notes | |
+--------------------+----------------------------------------------+
| Status | Registered |
+--------------------+----------------------------------------------+
| Obsoleting | N/A |
| Reference | |
+--------------------+----------------------------------------------+
| Bindings | C-bindings |
+--------------------+----------------------------------------------+
| Registration type | Instance |
+--------------------+----------------------------------------------+
| Object Type | Function |
+--------------------+----------------------------------------------+
| Symbol Name | gss_accept_sec_context |
+--------------------+----------------------------------------------+
| Binding of | GSS_Accept_sec_context |
+--------------------+----------------------------------------------+
| Constant | N/A |
| Value/Range | |
+--------------------+----------------------------------------------+
| Description | Accept a security context from initiator |
+--------------------+----------------------------------------------+
| Registration Rules | N/A |
+--------------------+----------------------------------------------+
| Reference | RFC 2744 |
+--------------------+----------------------------------------------+
| Expert Reviewer | Kitten WG |
+--------------------+----------------------------------------------+
| Expert Review | |
| Notes | |
+--------------------+----------------------------------------------+
| Status | Registered |
+--------------------+----------------------------------------------+
| Obsoleting | N/A |
| Reference | |
+--------------------+----------------------------------------------+
| Bindings | C-bindings |
+--------------------+----------------------------------------------+
| Registration type | Instance |
+--------------------+----------------------------------------------+
| Object Type | Context-Flag |
+--------------------+----------------------------------------------+
| Symbol Name | GSS_C_DELEG_FLAG |
+--------------------+----------------------------------------------+
| Binding of | deleg_state or deleg_req_flag |
+--------------------+----------------------------------------------+
| Constant | 1 |
| Value/Range | |
+--------------------+----------------------------------------------+
| Description | On output (if set): Delegated credentials |
| | are available via the delegated_cred_handle |
| | parameter of GSS_Accept_sec_context. On |
| | input (if set): With the call to |
| | GSS_Init_sec_context, delegate credentials |
| | to the acceptor. |
+--------------------+----------------------------------------------+
| Registration Rules | N/A |
+--------------------+----------------------------------------------+
| Reference | RFC 2744 |
+--------------------+----------------------------------------------+
| Expert Reviewer | Kitten WG |
+--------------------+----------------------------------------------+
| Expert Review | |
| Notes | |
+--------------------+----------------------------------------------+
| Status | Registered |
+--------------------+----------------------------------------------+
| Obsoleting | N/A |
| Reference | |
+--------------------+----------------------------------------------+
8.2. Registration Maintenance Guidelines 8.2. Registration Maintenance Guidelines
Standards-Track RFCs can create new items with any non-conflicting Standards-Track RFCs can create new items with any non-conflicting
Symbol Name/Prefix value for this registry by virtue of IESG approval Symbol Name/Prefix value for this registry by virtue of IESG approval
to publish as a Standards-Track RFC -- that is, without additional to publish as a Standards-Track RFC -- that is, without additional
expert review. expert review.
Standards-Track RFCs can mark existing entries as obsolete, and can Standards-Track RFCs can mark existing entries as obsolete, and can
even create conflicting entries if explicitly stated (the IESG, of even create conflicting entries if explicitly stated (the IESG, of
course, should review conflicts carefully, and may reject them). course, should review conflicts carefully, and may reject them).
 End of changes. 10 change blocks. 
147 lines changed or deleted 232 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/