draft-ietf-ldapbis-bcp64-01.txt   draft-ietf-ldapbis-bcp64-02.txt 
INTERNET-DRAFT Kurt D. Zeilenga INTERNET-DRAFT Kurt D. Zeilenga
Intended Category: BCP OpenLDAP Foundation Intended Category: BCP OpenLDAP Foundation
Expires in six months 27 October 2003 Expires in six months 15 February 2004
Obsoletes: RFC 3383 Obsoletes: RFC 3383
IANA Considerations for LDAP IANA Considerations for LDAP
<draft-ietf-ldapbis-bcp64-01.txt> <draft-ietf-ldapbis-bcp64-02.txt>
Status of Memo Status of Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
This document is intended to be, after appropriate review and This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Best Current Practice revision, submitted to the RFC Editor as a Best Current Practice
document. Distribution of this memo is unlimited. Technical document. Distribution of this memo is unlimited. Technical
discussion of this document will take place on the IETF LDAP Revision discussion of this document will take place on the IETF LDAP Revision
skipping to change at page 1, line 38 skipping to change at page 1, line 38
maximum of six months and may be updated, replaced, or obsoleted by maximum of six months and may be updated, replaced, or obsoleted by
other documents at any time. It is inappropriate to use other documents at any time. It is inappropriate to use
Internet-Drafts as reference material or to cite them other than as Internet-Drafts as reference material or to cite them other than as
``work in progress.'' ``work in progress.''
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
Internet-Draft Shadow Directories can be accessed at Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>. <http://www.ietf.org/shadow.html>.
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Please see the Full Copyright section near the end of this document Please see the Full Copyright section near the end of this document
for more information. for more information.
Abstract Abstract
This document provides procedures for registering extensible elements This document provides procedures for registering extensible elements
of Lightweight Directory Access Protocol (LDAP). The document also of Lightweight Directory Access Protocol (LDAP). The document also
provides guidelines to Internet Assigned Numbers Authority (IANA) provides guidelines to Internet Assigned Numbers Authority (IANA)
describing conditions under which new values can be assigned. describing conditions under which new values can be assigned.
skipping to change at page 3, line 32 skipping to change at page 3, line 32
number = DIGIT / ( LDIGIT 1*DIGIT ) number = DIGIT / ( LDIGIT 1*DIGIT )
keychar = ALPHA / DIGIT / HYPHEN keychar = ALPHA / DIGIT / HYPHEN
leadkeychar = ALPHA leadkeychar = ALPHA
keystring = leadkeychar *keychar keystring = leadkeychar *keychar
A keyword is a case-insensitive string of UTF-8 [UTF-8] encoded A keyword is a case-insensitive string of UTF-8 [UTF-8] encoded
characters from the Universal Character Set (UCS) [ISO10646] Unicode [Unicode] restricted to the <keystring> production.
restricted to the <keystring> production.
3. IANA Considerations for LDAP 3. IANA Considerations for LDAP
This section details each kind of protocol value which can be This section details each kind of protocol value which can be
registered and provides IANA guidelines on how to assign new values. registered and provides IANA guidelines on how to assign new values.
IANA may reject obviously bogus registrations described. IANA may reject obviously bogus registrations described.
3.1. Object Identifiers 3.1. Object Identifiers
skipping to change at page 4, line 33 skipping to change at page 4, line 32
Practices for IANA assignment of Internet Enterprise and Experimental Practices for IANA assignment of Internet Enterprise and Experimental
OIDs are detailed in STD 16 [RFC1155]. OIDs are detailed in STD 16 [RFC1155].
3.2 Protocol Mechanisms 3.2 Protocol Mechanisms
LDAP provides a number of Root DSE attributes for discovery of LDAP provides a number of Root DSE attributes for discovery of
protocol mechanisms identified by OIDs, including: protocol mechanisms identified by OIDs, including:
- supportedControl [Models], - supportedControl [Models],
- supportedExtension [Models], and - supportedExtension [Models], and
- supportedFeatures [Features], - supportedFeatures [RFC3674],
A registry of OIDs used for discover of protocol mechanisms is A registry of OIDs used for discover of protocol mechanisms is
provided to allow implementors and others to locate the technical provided to allow implementors and others to locate the technical
specification for these protocol mechanisms. Future specifications specification for these protocol mechanisms. Future specifications
of additional Root DSE attributes holding values identifying protocol of additional Root DSE attributes holding values identifying protocol
mechanisms MAY extend this registry for their values. mechanisms MAY extend this registry for their values.
OIDs associated with discoverable protocol mechanisms SHOULD be OIDs associated with discoverable protocol mechanisms SHOULD be
registered. These are be considered on a First Come First Served registered. These are be considered on a First Come First Served
with Specification Required basis. with Specification Required basis.
skipping to change at page 5, line 20 skipping to change at page 5, line 19
(e.g., they begin with "x-"). Descriptors defined in RFCs MUST be (e.g., they begin with "x-"). Descriptors defined in RFCs MUST be
registered. registered.
While the protocol allows the same descriptor to refer to different While the protocol allows the same descriptor to refer to different
object identifiers in certain cases and the registry supports object identifiers in certain cases and the registry supports
multiple registrations of the same descriptor (each indicating a multiple registrations of the same descriptor (each indicating a
different kind of schema element and different object identifier), different kind of schema element and different object identifier),
multiple registrations of the same descriptor are to be avoided. All multiple registrations of the same descriptor are to be avoided. All
such registration requests require Expert Review. such registration requests require Expert Review.
Descriptors are restricted to strings of UTF-8 encoded UCS characters Descriptors are restricted to strings of UTF-8 encoded Unicode
restricted by the following ABNF: characters restricted by the following ABNF:
name = keystring name = keystring
Descriptors are case-insensitive. Descriptors are case-insensitive.
Multiple names may be assigned to a given OID. For purposes of Multiple names may be assigned to a given OID. For purposes of
registration, an OID is to be represented in numeric OID form registration, an OID is to be represented in numeric OID form (e.g.,
conforming to the ABNF: 1.1.0.23.40) conforming to the ABNF:
numericoid = number *( DOT number ) ; e.g. 1.1.0.23.40 numericoid = number 1*( DOT number )
While the protocol places no maximum length restriction upon While the protocol places no maximum length restriction upon
descriptors, they should be short. Descriptors longer than 48 descriptors, they should be short. Descriptors longer than 48
characters may be viewed as too long to register. characters may be viewed as too long to register.
A values ending with a hyphen ("-") reserve all descriptors which A value ending with a hyphen ("-") reserves all descriptors which
start with the value. For example, the registration of the option start with that value. For example, the registration of the option
"descrFamily-" reserves all options which start with "descrFamily-" "descrFamily-" reserves all options which start with "descrFamily-"
for some related purpose. for some related purpose.
Descriptors beginning with "x-" are for Private Use and cannot be Descriptors beginning with "x-" are for Private Use and cannot be
registered. registered.
Descriptors beginning with "e-" are reserved for experiments and will Descriptors beginning with "e-" are reserved for experiments and will
be registered on a First Come First Served basis. be registered on a First Come First Served basis.
All other descriptors require Expert Review to be registered. All other descriptors require Expert Review to be registered.
The registrant need not "own" the OID being named. The registrant need not "own" the OID being named.
The OID name space is managed by The ISO/IEC Joint Technical The OID name space is managed by The ISO/IEC Joint Technical
Committee 1 - Subcommittee 6. Committee 1 - Subcommittee 6.
3.4. AttributeDescription Options 3.4. AttributeDescription Options
An AttributeDescription [Models] can contain zero or more options An AttributeDescription [Models] can contain zero or more options
specifying additional semantics. An option SHALL be restricted to a specifying additional semantics. An option SHALL be restricted to a
string UTF-8 encoded UCS characters limited by the following ABNF: string UTF-8 encoded Unicode characters limited by the following
ABNF:
option = keystring option = keystring
Options are case-insensitive. Options are case-insensitive.
While the protocol places no maximum length restriction upon option While the protocol places no maximum length restriction upon option
strings, they should be short. Options longer than 24 characters may strings, they should be short. Options longer than 24 characters may
be viewed as too long to register. be viewed as too long to register.
Values ending with a hyphen ("-") reserve all option names which Values ending with a hyphen ("-") reserve all option names which
skipping to change at page 6, line 40 skipping to change at page 6, line 39
Options beginning with "e-" are reserved for experiments and will be Options beginning with "e-" are reserved for experiments and will be
registered on a First Come First Served basis. registered on a First Come First Served basis.
All other options require Standards Action or Expert Review with All other options require Standards Action or Expert Review with
Specification Required to be registered. Specification Required to be registered.
3.5. LDAP Message Types 3.5. LDAP Message Types
Each protocol message is encapsulated in an LDAPMessage envelope Each protocol message is encapsulated in an LDAPMessage envelope
[Protocol]. The protocolOp CHOICE indicates the type of message [Protocol]. The protocolOp CHOICE indicates the type of message
encapsulated. Each message type consists of a keyword and a encapsulated. Each message type consists of an ASN.1 identifier in
non-negative choice number is combined with the class (APPLICATION) the form of a keyword and a non-negative choice number. The choice
and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in number is combined with the class (APPLICATION) and data type
the message's encoding. The choice numbers for existing protocol (CONSTRUCTED or PRIMITIVE) to construct the BER tag in the message's
messages are implicit in the protocol's ASN.1 defined in [Protocol]. encoding. The choice numbers for existing protocol messages are
implicit in the protocol's ASN.1 defined in [Protocol].
New values will be registered upon Standards Action. New values will be registered upon Standards Action.
Note: LDAP provides extensible messages which reduces, but does not Note: LDAP provides extensible messages which reduces, but does not
eliminate, the need to add new message types. eliminate, the need to add new message types.
3.6. LDAP Result Codes 3.6. LDAP Result Codes
LDAP result messages carry an resultCode enumerated value to indicate LDAP result messages carry an resultCode enumerated value to indicate
the outcome of the operation [Protocol]. Each result code consists the outcome of the operation [Protocol]. Each result code consists
of a keyword and a non-negative integer. of a ASN.1 identifier in the form of a keyword and a non-negative
integer.
New resultCodes integers in the range 0-1023 require Standards Action New resultCodes integers in the range 0-1023 require Standards Action
to be registered. New resultCode integers in the range 1024-4095 to be registered. New resultCode integers in the range 1024-4095
require Expert Review with Specification Required. New resultCode require Expert Review with Specification Required. New resultCode
integers in the range 4096-16383 will be registered on a First Come integers in the range 4096-16383 will be registered on a First Come
First Served basis. Keywords associated with integers in the range First Served basis. Keywords associated with integers in the range
0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with 0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with
integers in the range 4096-16383 SHALL start with "e-". Values integers in the range 4096-16383 SHALL start with "e-". Values
greater than or equal to 16384 and keywords starting with "x-" are greater than or equal to 16384 and keywords starting with "x-" are
for Private Use and cannot be registered. for Private Use and cannot be registered.
3.7. LDAP Authentication Method 3.7. LDAP Authentication Method
The LDAP Bind operation supports multiple authentication methods The LDAP Bind operation supports multiple authentication methods
[Protocol]. Each authentication choice consists of a keyword and a [Protocol]. Each authentication choice consists of an ASN.1
non-negative integer. identifier in the form of a keyword and a non-negative integer.
The registrant SHALL classify the authentication method usage using The registrant SHALL classify the authentication method usage using
one of the following terms: one of the following terms:
COMMON - method is appropriate for common use on the COMMON - method is appropriate for common use on the
Internet, Internet,
LIMITED USE - method is appropriate for limited use, LIMITED USE - method is appropriate for limited use,
OBSOLETE - method has been deprecated or otherwise found to be OBSOLETE - method has been deprecated or otherwise found to be
inappropriate for any use. inappropriate for any use.
skipping to change at page 8, line 4 skipping to change at page 8, line 6
integers in the range 1024-4095 require Expert Review with integers in the range 1024-4095 require Expert Review with
Specification Required. New authentication method integers in the Specification Required. New authentication method integers in the
range 4096-16383 will be registered on a First Come First Served range 4096-16383 will be registered on a First Come First Served
basis. Keywords associated with integers in the range 0-4095 SHALL basis. Keywords associated with integers in the range 0-4095 SHALL
NOT start with "e-" or "x-". Keywords associated with integers in NOT start with "e-" or "x-". Keywords associated with integers in
the range 4096-16383 SHALL start with "e-". Values greater than or the range 4096-16383 SHALL start with "e-". Values greater than or
equal to 16384 and keywords starting with "x-" are for Private Use equal to 16384 and keywords starting with "x-" are for Private Use
and cannot be registered. and cannot be registered.
Note: LDAP supports Simple Authentication and Security Layers [SASL] Note: LDAP supports Simple Authentication and Security Layers [SASL]
as an authentication choice. SASL is an extensible LDAP as an authentication choice. SASL is an extensible
authentication method. authentication framework.
3.8. Directory Systems Names 3.8. Directory Systems Names
The IANA-maintained "Directory Systems Names" registry [IANADSN] of The IANA-maintained "Directory Systems Names" registry [IANADSN] of
valid keywords for well known attributes used in the LDAPv2 string valid keywords for well known attributes was used in the LDAPv2
representation of a distinguished name [RFC1779], now Historic string representation of a distinguished name [RFC1779]. LDAPv2 is
[RFC3494]. now Historic [RFC3494].
Directory systems names are not known to be used in any other Directory systems names are not known to be used in any other
context. LDAPv3 uses Object Identifier Descriptors [Section 3.2] context. LDAPv3 uses Object Identifier Descriptors [Section 3.2]
(which have a different syntax than directory system names). (which have a different syntax than directory system names).
New Directory System Names will no longer be accepted. For New Directory System Names will no longer be accepted. For
historical purposes, the current list of registered names should historical purposes, the current list of registered names should
remain publicly available. remain publicly available.
4. Registration Procedure 4. Registration Procedure
skipping to change at page 10, line 48 skipping to change at page 11, line 5
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997. Requirement Levels", BCP 14 (also RFC 2119), March 1997.
[RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26 (also RFC IANA Considerations Section in RFCs", BCP 26 (also RFC
2434), October 1998. 2434), October 1998.
[RFC3639] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 3639 (also STD 63), November 2003.
[Features] Zeilenga, K., "Feature Discovery in LDAP", RFC 3674,
December 2003.
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
progress. progress.
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
draft-ietf-ldapbis-protocol-xx.txt, a work in progress. draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
[Models] Zeilenga, K. (editor), "LDAP: Directory Information [Models] Zeilenga, K. (editor), "LDAP: Directory Information
Models", draft-ietf-ldapbis-models-xx.txt, a work in Models", draft-ietf-ldapbis-models-xx.txt, a work in
progress. progress.
[LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator", [LDAPURL] Smith, M. (editor), "LDAP: Uniform Resource Locator",
draft-ietf-ldapbis-url-xx.txt, a work in progress. draft-ietf-ldapbis-url-xx.txt, a work in progress.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO [Unicode] The Unicode Consortium, "The Unicode Standard, Version
10646", draft-yergeau-rfc2279bis-xx.txt, a work in 3.2.0" is defined by "The Unicode Standard, Version 3.0"
progress. (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
as amended by the "Unicode Standard Annex #27: Unicode
[ISO10646] International Organization for Standardization, 3.1" (http://www.unicode.org/reports/tr27/) and by the
"Universal Multiple-Octet Coded Character Set (UCS) - "Unicode Standard Annex #28: Unicode 3.2"
Architecture and Basic Multilingual Plane", ISO/IEC (http://www.unicode.org/reports/tr28/).
10646-1 : 1993.
[X.680] International Telecommunication Union - [X.680] International Telecommunication Union -
Telecommunication Standardization Sector, "Abstract Telecommunication Standardization Sector, "Abstract
Syntax Notation One (ASN.1) - Specification of Basic Syntax Notation One (ASN.1) - Specification of Basic
Notation", X.680(1997) (also ISO/IEC 8824-1:1998). Notation", X.680(1997) (also ISO/IEC 8824-1:1998).
10. Informative References 10. Informative References
[RFC1779] Kille, S., "A String Representation of Distinguished [RFC1779] Kille, S., "A String Representation of Distinguished
Names", RFC 1779, March 1995. Names", RFC 1779, March 1995.
[IANADSN] IANA, "Directory Systems Names",
http://www.iana.org/assignments/directory-system-names.
[RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol [RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol
version 2 (LDAPv2) to Historic Status", RFC 3494, March version 2 (LDAPv2) to Historic Status", RFC 3494, March
2003. 2003.
[SASL] Melnikov, A. (Editor), "Simple Authentication and [SASL] Melnikov, A. (Editor), "Simple Authentication and
Security Layer (SASL)", Security Layer (SASL)",
draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress. draft-ietf-sasl-rfc2222bis-xx.txt, a work in progress.
Appendix A. Registration Templates Appendix A. Registration Templates
skipping to change at page 12, line 39 skipping to change at page 13, line 4
Author/Change Controller: Author/Change Controller:
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
A.3. LDAP Descriptor Registration Template A.3. LDAP Descriptor Registration Template
Subject: Request for LDAP Descriptor Registration Subject: Request for LDAP Descriptor Registration
Descriptor (short name): Descriptor (short name):
Object Identifier: Object Identifier:
Person & email address to contact for further information: Person & email address to contact for further information:
Usage: (One of attribute type, URL extension, Usage: (One of attribute type, URL extension, object class,
object class, or other) or other)
Specification: (RFC, I-D, URI) Specification: (RFC, I-D, URI)
Author/Change Controller: Author/Change Controller:
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
A.4. LDAP Attribute Description Option Registration Template A.4. LDAP Attribute Description Option Registration Template
Subject: Request for LDAP Attribute Description Option Registration Subject: Request for LDAP Attribute Description Option Registration
skipping to change at page 14, line 49 skipping to change at page 15, line 13
private-use name space) be registered. Additionally, all private-use name space) be registered. Additionally, all
requests for multiple registrations of the same descriptor are requests for multiple registrations of the same descriptor are
now subject to Expert Review. now subject to Expert Review.
- Protocol Mechanisms practices were updated to include values of - Protocol Mechanisms practices were updated to include values of
the 'supportedFeatures' attribute type. the 'supportedFeatures' attribute type.
- References to RFCs comprising the LDAP technical specifications - References to RFCs comprising the LDAP technical specifications
have been updated to latest revisions. have been updated to latest revisions.
- References to ISO 10646 have been replaced with [Unicode].
- The "Assigned Values" appendix providing initial registry values - The "Assigned Values" appendix providing initial registry values
was removed. was removed.
- Numerous editorial changes were made. - Numerous editorial changes were made.
Full Copyright Full Copyright
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published and or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind, distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be followed, copyrights defined in the Internet Standards process must be followed,
or as required to translate it into languages other than English. or as required to translate it into languages other than English.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/