draft-ietf-nfsv4-federated-fs-protocol-02.txt   draft-ietf-nfsv4-federated-fs-protocol-03.txt 
NFSv4 Working Group J. Lentini NFSv4 Working Group J. Lentini
Internet-Draft C. Everhart Internet-Draft C. Everhart
Intended status: Standards Track NetApp Intended status: Standards Track NetApp
Expires: January 11, 2010 D. Ellard Expires: February 21, 2010 D. Ellard
BBN Technologies BBN Technologies
R. Tewari R. Tewari
M. Naik M. Naik
IBM Almaden IBM Almaden
July 10, 2009 August 20, 2009
NSDB Protocol for Federated Filesystems NSDB Protocol for Federated Filesystems
draft-ietf-nfsv4-federated-fs-protocol-02 draft-ietf-nfsv4-federated-fs-protocol-03
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 11, 2010. This Internet-Draft will expire on February 21, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 3, line 29 skipping to change at page 3, line 29
3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1. Creating a Fileset and its FSL(s) . . . . . . . . . . . . 11 3.1. Creating a Fileset and its FSL(s) . . . . . . . . . . . . 11
3.1.1. Creating a Fileset and an FSN . . . . . . . . . . . . 11 3.1.1. Creating a Fileset and an FSN . . . . . . . . . . . . 11
3.1.2. Adding a Replica of a Fileset . . . . . . . . . . . . 12 3.1.2. Adding a Replica of a Fileset . . . . . . . . . . . . 12
3.2. Junction Resolution . . . . . . . . . . . . . . . . . . . 12 3.2. Junction Resolution . . . . . . . . . . . . . . . . . . . 12
3.3. Example Use Case for Fileset Annotations . . . . . . . . . 12 3.3. Example Use Case for Fileset Annotations . . . . . . . . . 12
4. Mapping the NSDB onto LDAP . . . . . . . . . . . . . . . . . . 13 4. Mapping the NSDB onto LDAP . . . . . . . . . . . . . . . . . . 13
4.1. Basic LDAP Configuration . . . . . . . . . . . . . . . . . 13 4.1. Basic LDAP Configuration . . . . . . . . . . . . . . . . . 13
4.2. LDAP Schema . . . . . . . . . . . . . . . . . . . . . . . 14 4.2. LDAP Schema . . . . . . . . . . . . . . . . . . . . . . . 14
4.2.1. LDAP Attributes . . . . . . . . . . . . . . . . . . . 14 4.2.1. LDAP Attributes . . . . . . . . . . . . . . . . . . . 14
4.2.2. LDAP Objects . . . . . . . . . . . . . . . . . . . . . 21 4.2.2. LDAP Objects . . . . . . . . . . . . . . . . . . . . . 22
5. NSDB Operations . . . . . . . . . . . . . . . . . . . . . . . 24 5. NSDB Operations . . . . . . . . . . . . . . . . . . . . . . . 24
5.1. NSDB Operations for Administrators . . . . . . . . . . . . 24 5.1. NSDB Operations for Administrators . . . . . . . . . . . . 25
5.1.1. Create an FSN . . . . . . . . . . . . . . . . . . . . 25 5.1.1. Create an FSN . . . . . . . . . . . . . . . . . . . . 25
5.1.2. Delete an FSN . . . . . . . . . . . . . . . . . . . . 26 5.1.2. Delete an FSN . . . . . . . . . . . . . . . . . . . . 26
5.1.3. Create an FSL . . . . . . . . . . . . . . . . . . . . 26 5.1.3. Create an FSL . . . . . . . . . . . . . . . . . . . . 27
5.1.4. Delete an FSL . . . . . . . . . . . . . . . . . . . . 27 5.1.4. Delete an FSL . . . . . . . . . . . . . . . . . . . . 27
5.1.5. Update an FSL . . . . . . . . . . . . . . . . . . . . 27 5.1.5. Update an FSL . . . . . . . . . . . . . . . . . . . . 28
5.2. NSDB Operations for Fileservers . . . . . . . . . . . . . 28 5.2. NSDB Operations for Fileservers . . . . . . . . . . . . . 28
5.2.1. Lookup FSLs for an FSN . . . . . . . . . . . . . . . . 28 5.2.1. Lookup FSLs for an FSN . . . . . . . . . . . . . . . . 28
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
7.1. LDAP Descriptor Registration . . . . . . . . . . . . . . . 30 7.1. LDAP Descriptor Registration . . . . . . . . . . . . . . . 30
8. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 8. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 34
9.1. Normative References . . . . . . . . . . . . . . . . . . . 33 9.1. Normative References . . . . . . . . . . . . . . . . . . . 34
9.2. Informational References . . . . . . . . . . . . . . . . . 34 9.2. Informational References . . . . . . . . . . . . . . . . . 35
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 35 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36
1. Introduction 1. Introduction
A federated filesystem enables file access and namespace traversal in A federated filesystem enables file access and namespace traversal in
a uniform, secure and consistent manner across multiple independent a uniform, secure and consistent manner across multiple independent
fileservers within an enterprise or across multiple enterprises. fileservers within an enterprise or across multiple enterprises.
This document specifies a set of protocols that allow fileservers, This document specifies a set of protocols that allow fileservers,
possibly from different vendors and with different administrators, to possibly from different vendors and with different administrators, to
cooperatively form a federation containing one or more federated cooperatively form a federation containing one or more federated
skipping to change at page 14, line 5 skipping to change at page 13, line 49
admin entity that needs to modify the contents of the database or admin entity that needs to modify the contents of the database or
view privileged information must be made aware of the new DN. view privileged information must be made aware of the new DN.
It MUST be possible for the anonymous (unauthenticated) user to It MUST be possible for the anonymous (unauthenticated) user to
perform LDAP queries that access the NSDB data. perform LDAP queries that access the NSDB data.
All implementations SHOULD use the same schema, or, at minimum, a All implementations SHOULD use the same schema, or, at minimum, a
schema that includes all of the objects, with each of the attributes, schema that includes all of the objects, with each of the attributes,
named in the following sections. named in the following sections.
Given the above configuration guidelines, an NSDB SHOULD be
constructed using a dedicated LDAP directory. Separate LDAP
directories may be used for other purposes, such as storing user
account information. By using an LDAP directory dedicated to storing
NSDB records, there is no need to disturb the configuration of any
other LDAP directories that store information unrelated to an NSDB.
4.2. LDAP Schema 4.2. LDAP Schema
The schema definitions provided in this document use the LDAP schema The schema definitions provided in this document use the LDAP schema
syntax defined in [RFC4512]. The definitions are formatted to allow syntax defined in [RFC4512]. The definitions are formatted to allow
the reader to easily extract them from the document. The reader can the reader to easily extract them from the document. The reader can
use the following shell script to extract the definitions: use the following shell script to extract the definitions:
<CODE BEGINS> <CODE BEGINS>
#!/bin/sh #!/bin/sh
skipping to change at page 15, line 34 skipping to change at page 15, line 40
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.2 NAME 'fedfsNetAddr' /// 1.3.6.1.4.1.31103.1.2 NAME 'fedfsNetAddr'
/// DESC 'The network name of a host or service' /// DESC 'The network name of a host or service'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.3. fsnUuid 4.2.1.3. fedfsFsnUuid
A fsnUuid represents the fsnUuid component of an FSN. A fedfsFsnUuid represents the fedfsFsnUuid component of an FSN.
The fsnUuid is a subclass of fedfsUuid. The fedfsFsnUuid is a subclass of fedfsUuid.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.3 NAME 'fsnUuid' /// 1.3.6.1.4.1.31103.1.3 NAME 'fedfsFsnUuid'
/// DESC 'The FSN UUID component of an FSN' /// DESC 'The FSN UUID component of an FSN'
/// SUP fedfsUuid /// SUP fedfsUuid
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.4. nsdbName 4.2.1.4. fedfsNsdbName
An nsdbName is the NSDB component of an FSN. An fedfsNsdbName is the NSDB component of an FSN.
The nsdbName attribute is a subclass of fedfsNetAddr. The fedfsNsdbName attribute is a subclass of fedfsNetAddr.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.4 NAME 'nsdbName' /// 1.3.6.1.4.1.31103.1.4 NAME 'fedfsNsdbName'
/// DESC 'The NSDB location component of an FSN' /// DESC 'The NSDB location component of an FSN'
/// SUP fedfsNetAddr /// SUP fedfsNetAddr
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.5. fslUuid 4.2.1.5. fedfsFslUuid
Each FSL must have a UUID associated with it, which serves as part of Each FSL must have a UUID associated with it, which serves as part of
its DN. its DN.
The fslUuid attribute is a subclass of fedfsUuid. The fedfsFslUuid attribute is a subclass of fedfsUuid.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.5 NAME 'fslUuid' /// 1.3.6.1.4.1.31103.1.5 NAME 'fedfsFslUuid'
/// DESC 'UUID of an FSL' /// DESC 'UUID of an FSL'
/// SUP fedfsUuid /// SUP fedfsUuid
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.6. fslHost 4.2.1.6. fedfsFslHost
An fslHost is the hostname/port component of an FSL. An fedfsFslHost is the hostname/port component of an FSL.
The fslHost attribute is a subclass of fedfsNetAddr. The fedfsFslHost attribute is a subclass of fedfsNetAddr.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.6 NAME 'fslHost' /// 1.3.6.1.4.1.31103.1.6 NAME 'fedfsFslHost'
/// DESC 'Service location for a fileserver' /// DESC 'Service location for a fileserver'
/// SUP fedfsNetAddr /// SUP fedfsNetAddr
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.7. fslTTL 4.2.1.7. fedfsFslTTL
An fslTTL is the amount of time in seconds an FSL SHOULD be cached by An fedfsFslTTL is the amount of time in seconds an FSL SHOULD be
a fileserver. The numeric fslTTL value should be converted to a cached by a fileserver. The numeric fedfsFslTTL value should be
string and encoded as a UTF-8 string. converted to a string and encoded as a UTF-8 string.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.7 NAME 'fslTTL' /// 1.3.6.1.4.1.31103.1.7 NAME 'fedfsFslTTL'
/// DESC 'Time to live of an FSL' /// DESC 'Time to live of an FSL'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.8. fslNfsPath 4.2.1.8. fedfsNfsPath
The path component of an FSL encoded as a UTF-8 string. The path component of an FSL encoded as a UTF-8 string.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.8 NAME 'fslNfsPath' /// 1.3.6.1.4.1.31103.1.8 NAME 'fedfsNfsPath'
/// DESC 'Server-local path to a fileset' /// DESC 'Server-local path to a fileset'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.9. fslNfsMajorVer 4.2.1.9. fedfsNfsMajorVer
The NFS major version of the associated NFS FSL. The numeric fslTTL The NFS major version of the associated NFS FSL. The numeric
value should be converted to a string and encoded as a UTF-8 string. fedfsNfsMajorVer value should be converted to a string and encoded as
a UTF-8 string.
For example if the FSL was exported via NFS 4.1, the contents of this For example if the FSL was exported via NFS 4.1, the contents of this
attribute would be the value 4. attribute would be the value 4.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.9 NAME 'fslNfsMajorVer' /// 1.3.6.1.4.1.31103.1.9 NAME 'fedfsNfsMajorVer'
/// DESC 'NFS major version' /// DESC 'NFS major version'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.10. fslNfsMinorVer 4.2.1.10. fedfsNfsMinorVer
The NFS minor version of the associated NFS FSL. The numeric fslTTL The NFS minor version of the associated NFS FSL. The numeric
value should be converted to a string and encoded as a UTF-8 string. fedfsNfsMinorVer value should be converted to a string and encoded as
a UTF-8 string.
For example if the FSL was exported via NFS 4.1, the contents of this For example if the FSL was exported via NFS 4.1, the contents of this
attribute would be the value 1. attribute would be the value 1.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.10 NAME 'fslNfsMinorVer' /// 1.3.6.1.4.1.31103.1.10 NAME 'fedfsNfsMinorVer'
/// DESC 'NFS minor version' /// DESC 'NFS minor version'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.11. fslNfsCurrency 4.2.1.11. fedfsNfsCurrency
The currency of an FSL. The signed 32-bit numeric value should be The currency of an FSL. The signed 32-bit numeric value should be
converted to a string encoded as a UTF-8 string. converted to a string encoded as a UTF-8 string.
This attribute is used to populate the NFSv4.1 fs_locations_server's This attribute is used to populate the NFSv4.1 fs_locations_server's
currency field. currency field.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.11 NAME 'fslNfsCurrency' /// 1.3.6.1.4.1.31103.1.11 NAME 'fedfsNfsCurrency'
/// DESC 'up-to-date measure of the data' /// DESC 'up-to-date measure of the data'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.12. fslNfsInfo 4.2.1.12. fedfsNfsInfo
Information about the FSL. The variable sized array of octets is Information about the FSL. The variable sized array of octets is
stored directly in this attribute. stored directly in this attribute.
This attribute is used to populate the NFSv4.1 fs_locations_server's This attribute is used to populate the NFSv4.1 fs_locations_server's
info field. info field.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.12 NAME 'fslNfsInfo' /// 1.3.6.1.4.1.31103.1.12 NAME 'fedfsNfsInfo'
/// DESC 'Information about the FSL' /// DESC 'Information about the FSL'
/// EQUALITY octetStringMatch /// EQUALITY octetStringMatch
/// SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 /// SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String syntax 1.3.6.1.4.1.1466.115.121.1.40 refers to the Octet String syntax
[RFC4517]. [RFC4517].
4.2.1.13. fslNfsFlags 4.2.1.13. fedfsNfsFlags
An NFS FSL's flags. The unsigned 32-bit numeric value should be An NFS FSL's flags. The unsigned 32-bit numeric value should be
converted to a string encoded as a UTF-8 string. converted to a string encoded as a UTF-8 string.
This attribute is used to populate the NFSv4.1 fs_locations_info's This attribute is used to populate the NFSv4.1 fs_locations_info's
fli_flags field. fli_flags field.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.13 NAME 'fslNfsFlags' /// 1.3.6.1.4.1.31103.1.13 NAME 'fedfsNfsFlags'
/// DESC 'Flags' /// DESC 'Flags'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.14. fslNfsValidFor 4.2.1.14. fedfsNfsValidFor
An NFS FSL's "valid for" flag. The signed 32-bit numeric value An NFS FSL's "valid for" flag. The signed 32-bit numeric value
should be converted to a string encoded as a UTF-8 string. should be converted to a string encoded as a UTF-8 string.
This attribute is used to populate the NFSv4.1 fs_locations_info's This attribute is used to populate the NFSv4.1 fs_locations_info's
fli_valid_for field. fli_valid_for field.
This attribute is single-valued. This attribute is single-valued.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.14 NAME 'fslNfsValidFor' /// 1.3.6.1.4.1.31103.1.14 NAME 'fedfsNfsValidFor'
/// DESC 'Valid for time' /// DESC 'Valid for time'
/// SUP name /// SUP name
/// SINGLE-VALUE /// SINGLE-VALUE
/// ) /// )
/// ///
4.2.1.15. annotation 4.2.1.15. fedfsAnnotation
An annotation of an object. An annotation of an object.
This attribute is multi-valued; an object type that permits This attribute is multi-valued; an object type that permits
annotations may have any number of annotations per instance. annotations may have any number of annotations per instance.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.15 NAME 'annotation' /// 1.3.6.1.4.1.31103.1.15 NAME 'fedfsAnnotation'
/// DESC 'Annotation of an object' /// DESC 'Annotation of an object'
/// SUP name /// SUP name
/// ) /// )
/// ///
An annotation attribute MUST be an UTF-8 string formatted as follows: A fedfsAnnotation attribute MUST be an UTF-8 string formatted as
follows:
"KEY" = "VAL" "KEY" = "VAL"
White space, defined as space, form-feed ('\f'), newline ('\n'), White space, defined as space, form-feed ('\f'), newline ('\n'),
carriage return ('\r'), horizontal tab ('\t'), and vertical tab carriage return ('\r'), horizontal tab ('\t'), and vertical tab
('\v') characters, is ignored. ('\v') characters, is ignored.
KEY and VAL MAY may contain any UTF-8 characters. The following KEY and VAL MAY may contain any UTF-8 characters. The following
escape sequences are allowed: escape sequences are allowed:
+-----------------+-------------+ +-----------------+-------------+
| escape sequence | replacement | | escape sequence | replacement |
+-----------------+-------------+ +-----------------+-------------+
skipping to change at page 20, line 50 skipping to change at page 21, line 18
KEY and VAL MAY may contain any UTF-8 characters. The following KEY and VAL MAY may contain any UTF-8 characters. The following
escape sequences are allowed: escape sequences are allowed:
+-----------------+-------------+ +-----------------+-------------+
| escape sequence | replacement | | escape sequence | replacement |
+-----------------+-------------+ +-----------------+-------------+
| \\ | \ | | \\ | \ |
| \" | " | | \" | " |
+-----------------+-------------+ +-----------------+-------------+
An annotation attribute that does not adhere to this format SHOULD be A fedfsAnnotation attribute that does not adhere to this format
ignored. SHOULD be ignored.
The following are examples of valid annotation attributes: The following are examples of valid fedfsAnnotation attributes:
"key1" = "foo" "key1" = "foo"
"another key" = "x=3" "another key" = "x=3"
"key-2" = "A string with \" and \\ characters." "key-2" = "A string with \" and \\ characters."
which correspond to the following key/value pairs: which correspond to the following key/value pairs:
+-------------+-----------------------------------+ +-------------+-----------------------------------+
| key | value | | key | value |
+-------------+-----------------------------------+ +-------------+-----------------------------------+
| key1 | foo | | key1 | foo |
| another key | x=3 | | another key | x=3 |
| key-2 | A string with " and \ characters. | | key-2 | A string with " and \ characters. |
+-------------+-----------------------------------+ +-------------+-----------------------------------+
4.2.1.16. descr 4.2.1.16. fedfsDescr
This attribute is used to store an object's description encoded as a This attribute is used to store an object's description encoded as a
UTF-8 string. UTF-8 string.
This attribute is multi-valued which permits any number of This attribute is multi-valued which permits any number of
descriptions per entry. descriptions per entry.
/// ///
/// attributetype ( /// attributetype (
/// 1.3.6.1.4.1.31103.1.16 NAME 'descr' /// 1.3.6.1.4.1.31103.1.16 NAME 'fedfsDescr'
/// DESC 'Description of an object' /// DESC 'Description of an object'
/// SUP name /// SUP name
/// ) /// )
/// ///
4.2.2. LDAP Objects 4.2.2. LDAP Objects
4.2.2.1. fedfsFsn 4.2.2.1. fedfsFsn
A fedfsFsn represents an FSN. A fedfsFsn represents an FSN.
The required attributes of a fedfsFsn are an nsdbName and fsnUuid. The required attributes of a fedfsFsn are an fedfsNsdbName and
fedfsFsnUuid.
A fedfsFsn's annotation and descr attributes are OPTIONAL. A fedfsFsn's fedfsAnnotation and fedfsDescr attributes are OPTIONAL.
The DN of an FSN is REQUIRED to take the following form: The DN of an FSN is REQUIRED to take the following form:
"fsnUuid=FSNUUID,o=fedfs", where FSNUUID is the UUID of the FSN. "fedfsFsnUuid=FSNUUID,o=fedfs", where FSNUUID is the UUID of the FSN.
Since LDAP requires a DN to be unique, this ensures that each FSN Since LDAP requires a DN to be unique, this ensures that each FSN
entry has a unique UUID value within the LDAP directory. entry has a unique UUID value within the LDAP directory.
A fedfsFsn MAY also have additional attributes, but these attributes A fedfsFsn MAY also have additional attributes, but these attributes
MUST NOT be referenced by any part of this document. MUST NOT be referenced by any part of this document.
/// ///
/// objectclass ( /// objectclass (
/// 1.3.6.1.4.1.31103.1.1001 NAME 'fedfsFsn' /// 1.3.6.1.4.1.31103.1.1001 NAME 'fedfsFsn'
/// DESC 'Represents a fileset' /// DESC 'Represents a fileset'
/// SUP top STRUCTURAL /// SUP top STRUCTURAL
/// MUST ( /// MUST (
/// fsnUuid /// fedfsFsnUuid
/// $ nsdbName /// $ fedfsNsdbName
/// ) /// )
/// MAY ( /// MAY (
/// annotation /// fedfsAnnotation
/// $ descr /// $ fedfsDescr
/// )) /// ))
/// ///
4.2.2.2. fedfsFsl 4.2.2.2. fedfsFsl
The fedfsFsl object class represents an FSL. The fedfsFsl object class represents an FSL.
A fedfsFsl's required attributes are an fslUuid, fsnUuid, nsdbName, A fedfsFsl's required attributes are an fedfsFslUuid, fedfsFsnUuid,
fslHost, and fslTTL. fedfsNsdbName, fedfsFslHost, and fedfsFslTTL.
A fedfsFsl's annotation and descr attributes are OPTIONAL. A fedfsFsl's fedfsAnnotation and fedfsDescr attributes are OPTIONAL.
The fedfsFsl is an abstract object class. Protocol specific subtypes The fedfsFsl is an abstract object class. Protocol specific subtypes
of this object class are used to store FSL information. The of this object class are used to store FSL information. The
fedfsNfsFsl object class defined below is used to record an NFS FSL's fedfsNfsFsl object class defined below is used to record an NFS FSL's
location. Other subtypes MAY be defined for other protocols (e.g. location. Other subtypes MAY be defined for other protocols (e.g.
CIFS). CIFS).
The DN of an FSL is REQUIRED to take the following form: The DN of an FSL is REQUIRED to take the following form:
"fslUuid=FSLUUID,fsnUuid=FSNUUID,o=fedfs" where FSLUUID and FSNUUID "fedfsFslUuid=FSLUUID,fedfsFsnUuid=FSNUUID,o=fedfs" where FSLUUID and
are the UUIDs of the FSL and its FSN respectively. Since LDAP FSNUUID are the UUIDs of the FSL and its FSN respectively. Since
requires a DN to be unique, this ensures that each FSL entry has a LDAP requires a DN to be unique, this ensures that each FSL entry has
unique UUID value within the LDAP directory. a unique UUID value within the LDAP directory.
/// ///
/// objectclass ( /// objectclass (
/// 1.3.6.1.4.1.31103.1.1002 NAME 'fedfsFsl' /// 1.3.6.1.4.1.31103.1.1002 NAME 'fedfsFsl'
/// DESC 'A physical location of a fileset' /// DESC 'A physical location of a fileset'
/// SUP top ABSTRACT /// SUP top ABSTRACT
/// MUST ( /// MUST (
/// fslUuid /// fedfsFslUuid
/// $ fsnUuid /// $ fedfsFsnUuid
/// $ nsdbName /// $ fedfsNsdbName
/// $ fslHost /// $ fedfsFslHost
/// $ fslTTL /// $ fedfsFslTTL
/// ) /// )
/// MAY ( /// MAY (
/// annotation /// fedfsAnnotation
/// $ descr /// $ fedfsDescr
/// )) /// ))
/// ///
4.2.2.3. fedfsNfsFsl 4.2.2.3. fedfsNfsFsl
A fedfsNfsFsl is used to represent an NFS FSL. The fedfsNfsFsl A fedfsNfsFsl is used to represent an NFS FSL. The fedfsNfsFsl
inherits all of the attributes of the fedfsFsl and extends the inherits all of the attributes of the fedfsFsl and extends the
fedfsFsl with information specific to the NFS protocol. fedfsFsl with information specific to the NFS protocol.
The DN of an NFS FSL is REQUIRED to take the following form: The DN of an NFS FSL is REQUIRED to take the following form:
"fslUuid=FSLUUID,fsnUuid=FSNUUID,o=fedfs" where FSLUUID and FSNUUID "fedfsFslUuid=FSLUUID,fedfsFsnUuid=FSNUUID,o=fedfs" where FSLUUID and
are the UUIDs of the FSL and its FSN respectively. Since LDAP FSNUUID are the UUIDs of the FSL and its FSN respectively. Since
requires a DN to be unique, this ensures that each NFS FSL entry has LDAP requires a DN to be unique, this ensures that each NFS FSL entry
a unique UUID value within the LDAP directory. has a unique UUID value within the LDAP directory.
/// ///
/// objectclass ( /// objectclass (
/// 1.3.6.1.4.1.31103.1.1003 NAME 'fedfsNfsFsl' /// 1.3.6.1.4.1.31103.1.1003 NAME 'fedfsNfsFsl'
/// DESC 'A NFS location of a fileset' /// DESC 'A NFS location of a fileset'
/// SUP fedfsFsl STRUCTURAL /// SUP fedfsFsl STRUCTURAL
/// MUST ( /// MUST (
/// fslNfsPath /// fedfsNfsPath
/// $ fslNfsMajorVer /// $ fedfsNfsMajorVer
/// $ fslNfsMinorVer /// $ fedfsNfsMinorVer
/// $ fslNfsCurrency /// $ fedfsNfsCurrency
/// $ fslNfsInfo /// $ fedfsNfsInfo
/// $ fslNfsFlags /// $ fedfsNfsFlags
/// $ fslNfsValidFor /// $ fedfsNfsValidFor
/// )) /// ))
/// ///
5. NSDB Operations 5. NSDB Operations
The operations defined by the protocol can be described as several The operations defined by the protocol can be described as several
sub-protocols that are used by entities within the federation to sub-protocols that are used by entities within the federation to
perform different roles. perform different roles.
The first of these sub-protocols defines how the state of an NSDB The first of these sub-protocols defines how the state of an NSDB
skipping to change at page 25, line 22 skipping to change at page 25, line 39
In the description of the LDAP messages and LDIF, we use the In the description of the LDAP messages and LDIF, we use the
following notation: constant strings and literal names are specified following notation: constant strings and literal names are specified
in lower or mixed case, while variables or values are specified in in lower or mixed case, while variables or values are specified in
uppercase. uppercase.
5.1.1. Create an FSN 5.1.1. Create an FSN
The administrator uses this operation to create a new FSN by The administrator uses this operation to create a new FSN by
requesting the NSDB to create a new fedfsFsn in its LDAP database requesting the NSDB to create a new fedfsFsn in its LDAP database
with an fsnUuid value of FSNUUID and an NsdbName value of NSDBNAME. with an fedfsFsnUuid value of FSNUUID and an NsdbName value of
NSDBNAME.
The NSDB location that receives the request SHOULD check that the The NSDB location that receives the request SHOULD check that the
NSDBNAME matches its own value and return an error if it does not. NSDBNAME matches its own value and return an error if it does not.
This is to ensure that an FSN is always created by the NSDB location This is to ensure that an FSN is always created by the NSDB location
encoded within the FSN as its owner. encoded within the FSN as its owner.
The NSDB location that receives the request SHOULD check all of the The NSDB location that receives the request SHOULD check all of the
attributes for validity and consistency, but this is not generally attributes for validity and consistency, but this is not generally
possible for LDAP servers because the consistency requirements cannot possible for LDAP servers because the consistency requirements cannot
be expressed in the LDAP schema (although many LDAP servers can be be expressed in the LDAP schema (although many LDAP servers can be
extended, via plug-ins or other mechanisms, to add functionality extended, via plug-ins or other mechanisms, to add functionality
beyond the strict definition of LDAP). beyond the strict definition of LDAP).
5.1.1.1. LDAP Request 5.1.1.1. LDAP Request
The admin chooses the fsnUuid and NsdbName of the FSN. The fsnUuid The admin chooses the fedfsFsnUuid and NsdbName of the FSN. The
is a UUID and should be chosen via a standard process for creating a fedfsFsnUuid is a UUID and should be chosen via a standard process
UUID (described in [RFC4122]). The NsdbName is the name of the NSDB for creating a UUID (described in [RFC4122]). The NsdbName is the
location that will serve as the source of definitive information name of the NSDB location that will serve as the source of definitive
about an FSN for the life of that FSN. In the example below, the information about an FSN for the life of that FSN. In the example
admin server chooses a fsnUuid of FSNUUID and the NsdbName of below, the admin server chooses a fedfsFsnUuid of FSNUUID and the
NSDBNAME and then sends an LDAP ADD request, described by the LDIF NsdbName of NSDBNAME and then sends an LDAP ADD request, described by
below, to the NSDB location NSDBNAME. This will create a new the LDIF below, to the NSDB location NSDBNAME. This will create a
fedfsFsn on that NSDB location with the given attributes in the LDAP new fedfsFsn on that NSDB location with the given attributes in the
database. LDAP database.
dn: fsnUuid=FSNUUID,o=fedfs dn: fedfsFsnUuid=FSNUUID,o=fedfs
changeType: add changeType: add
objectClass: fedfsFsn objectClass: fedfsFsn
fsnUuid: FSNUUID fedfsFsnUuid: FSNUUID
nsdbName: NSDBNAME fedfsNsdbName: NSDBNAME
5.1.2. Delete an FSN 5.1.2. Delete an FSN
This operation deletes the given fileset name. If the FSN entry This operation deletes the given fileset name. If the FSN entry
being deleted has child FSL entries, this function MUST return an being deleted has child FSL entries, this function MUST return an
error. This ensures that the NSDB will not contain any orphaned FSL error. This ensures that the NSDB will not contain any orphaned FSL
entries. A compliant LDAP implementation will meet this requirement entries. A compliant LDAP implementation will meet this requirement
since Section 4.8 of [RFC4511] defines the LDAP delete operation to since Section 4.8 of [RFC4511] defines the LDAP delete operation to
only be capable of removing leaf entries. only be capable of removing leaf entries.
skipping to change at page 26, line 34 skipping to change at page 26, line 48
continue to point to this non-existent FSN. A dangling reference may continue to point to this non-existent FSN. A dangling reference may
be detected when a client tries to resolve the target of a junction be detected when a client tries to resolve the target of a junction
that refers to the deleted FSN and the NSDB returns an error. that refers to the deleted FSN and the NSDB returns an error.
5.1.2.1. LDAP Request 5.1.2.1. LDAP Request
The admin sends an LDAP DELETE request to the NSDB server to remove The admin sends an LDAP DELETE request to the NSDB server to remove
the fedfsFsn from the NSDB server. An example LDIF for the delete the fedfsFsn from the NSDB server. An example LDIF for the delete
request is shown below. request is shown below.
dn: fsnUuid=FSNUUID,o=fedfs dn: fedfsFsnUuid=FSNUUID,o=fedfs
changeType: delete changeType: delete
5.1.3. Create an FSL 5.1.3. Create an FSL
This operations creates a new Fileset location at the given location This operations creates a new Fileset location at the given location
denoted by HOST and PATH for the given FSN. Normally an FSL is denoted by HOST and PATH for the given FSN. Normally an FSL is
identified by the HOST:PATH pair. A UUID is an optional way to identified by the HOST:PATH pair. A UUID is an optional way to
identify an FSL if it is recovered to a different HOST:PATH after a identify an FSL if it is recovered to a different HOST:PATH after a
backup/restore. backup/restore.
The FSL create command will result in the admin server sending an The FSL create command will result in the admin server sending an
LDAP ADD request to create a new fedfsFsl at the NSDB maintaining the LDAP ADD request to create a new fedfsFsl at the NSDB maintaining the
given FSN. The example LDIF is shown below. The PATH is the given FSN. The example LDIF is shown below. The PATH is the
pathname where the fileset is located on the fileserver HOST. pathname where the fileset is located on the fileserver HOST.
5.1.3.1. LDAP Request 5.1.3.1. LDAP Request
The admin sends an LDAP ADD request to the NSDB server to add the The admin sends an LDAP ADD request to the NSDB server to add the
FSL. An example LDIF for adding an NFS FSL is shown below. FSL. An example LDIF for adding an NFS FSL is shown below.
dn:fslUuid=UUID,fsnUuid=FSNUUID,o=fedfs dn:fedfsFslUuid=UUID,fedfsFsnUuid=FSNUUID,o=fedfs
changeType: add changeType: add
objectClass: fedfsNfsFsl objectClass: fedfsNfsFsl
fslUuid: UUID fedfsFslUuid: UUID
fsnUuid: FSNUUID fedfsFsnUuid: FSNUUID
nsdbName: NSDBNAME fedfsNsdbName: NSDBNAME
fslHost: HOST fedfsFslHost: HOST
fslTTL: TTL fedfsFslTTL: TTL
fslNfsPath: PATH fedfsNfsPath: PATH
fslNfsMajorVer: MAJOR fedfsNfsMajorVer: MAJOR
fslNfsMinorVer: MINOR fedfsNfsMinorVer: MINOR
fslNfsCurrency: CURRENCY fedfsNfsCurrency: CURRENCY
fslNfsInfo: INFO fedfsNfsInfo: INFO
fslNfsFlags: FLAGS fedfsNfsFlags: FLAGS
fslNfsValidFor: TIME fedfsNfsValidFor: TIME
annotation: ANNOTATION fedfsAnnotation: ANNOTATION
descr: DESCR fedfsDescr: DESCR
5.1.4. Delete an FSL 5.1.4. Delete an FSL
This operation deletes the given Fileset location. The admin This operation deletes the given Fileset location. The admin
requests the NSDB location storing the fedfsFsl to delete it from its requests the NSDB location storing the fedfsFsl to delete it from its
database. This operation does not result in the fileset location's database. This operation does not result in the fileset location's
data being deleted at the fileserver. data being deleted at the fileserver.
5.1.4.1. LDAP Request 5.1.4.1. LDAP Request
The admin sends an LDAP DELETE request to the NSDB server to remove The admin sends an LDAP DELETE request to the NSDB server to remove
the FSL. the FSL.
dn: fslUuid=UUID,fsnUuid=FSNUUID,o=fedfs dn: fedfsFslUuid=UUID,fedfsFsnUuid=FSNUUID,o=fedfs
changeType: delete changeType: delete
5.1.5. Update an FSL 5.1.5. Update an FSL
This operation updates the attributes of a given FSL. This command This operation updates the attributes of a given FSL. This command
results in a change in the attributes of the fedfsFsl at the NSDB results in a change in the attributes of the fedfsFsl at the NSDB
server maintaining this FSL. The attributes that must not change are server maintaining this FSL. The attributes that must not change are
the fslUuid and the fsnUuid of the fileset this FSL implements. the fedfsFslUuid and the fedfsFsnUuid of the fileset this FSL
implements.
5.1.5.1. LDAP Request 5.1.5.1. LDAP Request
The admin sends an LDAP MODIFY request to the NSDB server to update The admin sends an LDAP MODIFY request to the NSDB server to update
the FSL. the FSL.
dn: fslUuid=UUID,fsnUuid=FSNUUID,o=fedfs dn: fedfsFslUuid=UUID,fedfsFsnUuid=FSNUUID,o=fedfs
changeType: modify changeType: modify
replace: ATTRIBUTE-TYPE replace: ATTRIBUTE-TYPE
5.2. NSDB Operations for Fileservers 5.2. NSDB Operations for Fileservers
5.2.1. Lookup FSLs for an FSN 5.2.1. Lookup FSLs for an FSN
Using an LDAP search, the fileserver can obtain all of the FSLs for a Using an LDAP search, the fileserver can obtain all of the FSLs for a
given FSN. The FSN's fsnUuid is used as the search key. To obtain a given FSN. The FSN's fedfsFsnUuid is used as the search key. The
list of all FSLs, the following search can be used: following examples use the LDAP URI format defined in [RFC4516].
LDAP Request To obtain a list of all FSLs on the NSDB named "nsdb.example.com",
Search base: fsnUuid=FSNUUID, o=fedfs the following search can be used (for readability the URI is split
Search scope: onelevel into two lines):
Search filter: (objectClass=fedfsFsl)
ldap://nsdb.example.com/fsnUuid=FSNUUID,o=fedfs??one?
(objectClass=fedfsFsl)
This search is for the children of the object with DN This search is for the children of the object with DN
"fsnUuid=FSNUUID,o=fedfs" with a filter for "objectClass = fedfsFsl". "fedfsFsnUuid=FSNUUID,o=fedfs" with a filter for
(If you want to be doubly careful, you can also filter by the "objectClass=fedfsFsl". The scope value of "one" restricts the
nsdbName.) search to the entry's children (rather than the entire subtree below
the entry) and the filter ensures that only FSL entries are returned.
The following search can be used to obtain only the NFS FSLs: The following search can be used to obtain only the NFS FSLs on the
NSDB named "nsdb.example.com" (for readability the URI is split into
two lines):
LDAP Request ldap://nsdb.example.com/fsnUuid=FSNUUID,o=fedfs??one?
Search base: fsnUuid=FSNUUID, o=fedfs (objectClass=fedfsNfsFsl)
Search scope: onelevel
Search filter: (objectClass=fedfsNfsFsl)
This also searches for the children of the object with DN This also searches for the children of the object with DN
"fsnUuid=FSNUUID,o=fedfs", but the filter for "objectClass = "fedfsFsnUuid=FSNUUID,o=fedfs", but the filter for "objectClass =
fedfsNfsFsl" restricts the results to only NFS FSLs. (If you want to fedfsNfsFsl" restricts the results to only NFS FSLs.
be doubly careful, you can also filter by the nsdbName.)
The fileserver can present the search results in a format useful to The fileserver can present the search results in a format useful to
the type of the client on whose behalf the fileserver is performing the type of the client on whose behalf the fileserver is performing
the request. For an NFS client, the fileserver can use the search the request. For an NFS client, the fileserver can use the search
results to construct an NFSv4 fs_locations list or NFSv4.1 results to construct an NFSv4 fs_locations list or NFSv4.1
fs_locations_info list. fs_locations_info list.
6. Security Considerations 6. Security Considerations
Both LDAP and NFSv4/NFSv4.1 provide security mechanisms. When used Both NFSv4/NFSv4.1 and LDAP provide security mechanisms. When used
in conjunction with the federated filesystem protocols described in in conjunction with the federated filesystem protocols described in
this document, the use of these mechanisms is RECOMMENDED. this document, the use of these mechanisms is RECOMMENDED.
Specifically, the use of RPCSEC_GSS [RFC2203] [RFC2743] is Specifically, the use of RPCSEC_GSS [RFC2203], which is built on the
RECOMMENDED on all connections between a client and fileserver. For GSS-API [RFC2743], is RECOMMENDED on all NFS connections between a
all LDAP connections established by the federated filesystem client and fileserver. The "Security Considerations" sections of the
protocols, TLS [RFC5246] [RFC4513] is RECOMMENDED. the NFSv4 [RFC3530] and NFSv4.1 [NFSv4.1] specifications contain
special considerations for the handling of GETATTR operations for the
fs_locations and fs_locations_info attributes. For all LDAP
connections established by the federated filesystem protocols, the
use of TLS [RFC5246], as described in [RFC4513], is RECOMMENDED.
Within a federation, there are two components that an attacker may be Within a federation, there are two types of components an attacker
able to compromise: a fileserver and an NSDB. If an attacker may compromise: a fileserver and an NSDB.
compromises a fileserver, the attacker can interfere with the
client's filesystem I/O operations (e.g. by returning fictitious data If an attacker compromises a fileserver, the attacker can interfere
in the response to a read request) or fabricating a referral. The with the client's filesystem I/O operations (e.g. by returning
attacker's abilities are the same regardless of whether or not the fictitious data in the response to a read request) or fabricating a
federation protocols are in use. If an attacker compromises an NSDB, referral. The attacker's abilities are the same regardless of
the attacker will be able to forge FSL information and thus poison whether or not the federation protocols are in use. While the
the fileserver's referral information. Therefore an NSDB should be federation protocols do not give the attacker additional
as secure as the fileservers which query it. capabilities, they are additional targets for attack. The LDAP
protocol described in Section 5.2 SHOULD be secured using the methods
described above to defeat attacks on a fileserver via this channel.
If an attacker compromises an NSDB, the attacker will be able to
forge FSL information and thus poison the fileserver's referral
information. Therefore an NSDB should be as secure as the
fileservers which query it. The LDAP protocol described in
Section 5.1 SHOULD be secured using the methods described above to
defeat attacks on an NSDB via this channel.
It should be noted that the federation protocols do not directly It should be noted that the federation protocols do not directly
provide access to filesystem data. The federation protocols only provide access to filesystem data. The federation protocols only
provide a mechanism for building a namespace. All data transfers provide a mechanism for building a namespace. All data transfers
occur between a client and server just as they would if the occur between a client and server just as they would if the
federation protocols were not in use. As a result, the federation federation protocols were not in use. As a result, the federation
protocols do not require new user authentication and authorization protocols do not require new user authentication and authorization
mechanisms or require a file server to act as a proxy for a client. mechanisms or require a file server to act as a proxy for a client.
7. IANA Considerations 7. IANA Considerations
skipping to change at page 30, line 18 skipping to change at page 31, line 4
Person & email address to contact for further information: See Person & email address to contact for further information: See
"Author/Change Controller" "Author/Change Controller"
Specification: draft-ietf-nfsv4-federated-fs-protocol Specification: draft-ietf-nfsv4-federated-fs-protocol
Author/Change Controller: [document authors] Author/Change Controller: [document authors]
Object Identifier: 1.3.6.1.4.1.31103.1.1 Object Identifier: 1.3.6.1.4.1.31103.1.1
Descriptor (short name): fedfsUuid Descriptor (short name): fedfsUuid
Object Identifier: 1.3.6.1.4.1.31103.1.2 Object Identifier: 1.3.6.1.4.1.31103.1.2
Descriptor (short name): fedfsNetAddr Descriptor (short name): fedfsNetAddr
Object Identifier: 1.3.6.1.4.1.31103.1.3 Object Identifier: 1.3.6.1.4.1.31103.1.3
Descriptor (short name): fsnUuid Descriptor (short name): fedfsFsnUuid
Object Identifier: 1.3.6.1.4.1.31103.1.4 Object Identifier: 1.3.6.1.4.1.31103.1.4
Descriptor (short name): nsdbName Descriptor (short name): fedfsNsdbName
Object Identifier: 1.3.6.1.4.1.31103.1.5 Object Identifier: 1.3.6.1.4.1.31103.1.5
Descriptor (short name): fslUuid Descriptor (short name): fedfsFslUuid
Object Identifier: 1.3.6.1.4.1.31103.1.6 Object Identifier: 1.3.6.1.4.1.31103.1.6
Descriptor (short name): fslHost Descriptor (short name): fedfsFslHost
Object Identifier: 1.3.6.1.4.1.31103.1.7 Object Identifier: 1.3.6.1.4.1.31103.1.7
Descriptor (short name): fslTTL Descriptor (short name): fedfsFslTTL
Object Identifier: 1.3.6.1.4.1.31103.1.8 Object Identifier: 1.3.6.1.4.1.31103.1.8
Descriptor (short name): fslNfsPath Descriptor (short name): fedfsNfsPath
Object Identifier: 1.3.6.1.4.1.31103.1.9 Object Identifier: 1.3.6.1.4.1.31103.1.9
Descriptor (short name): fslNfsMajorVer Descriptor (short name): fedfsNfsMajorVer
Object Identifier: 1.3.6.1.4.1.31103.1.10 Object Identifier: 1.3.6.1.4.1.31103.1.10
Descriptor (short name): fslNfsMinorVer Descriptor (short name): fedfsNfsMinorVer
Object Identifier: 1.3.6.1.4.1.31103.1.11 Object Identifier: 1.3.6.1.4.1.31103.1.11
Descriptor (short name): fslNfsCurrency Descriptor (short name): fedfsNfsCurrency
Object Identifier: 1.3.6.1.4.1.31103.1.12 Object Identifier: 1.3.6.1.4.1.31103.1.12
Descriptor (short name): fslNfsInfo Descriptor (short name): fedfsNfsInfo
Object Identifier: 1.3.6.1.4.1.31103.1.13 Object Identifier: 1.3.6.1.4.1.31103.1.13
Descriptor (short name): fslNfsFlags Descriptor (short name): fedfsNfsFlags
Object Identifier: 1.3.6.1.4.1.31103.1.14 Object Identifier: 1.3.6.1.4.1.31103.1.14
Descriptor (short name): fslNfsValidFor Descriptor (short name): fedfsNfsValidFor
Object Identifier: 1.3.6.1.4.1.31103.1.15 Object Identifier: 1.3.6.1.4.1.31103.1.15
Descriptor (short name): annotation Descriptor (short name): fedfsAnnotation
Object Identifier: 1.3.6.1.4.1.31103.1.16 Object Identifier: 1.3.6.1.4.1.31103.1.16
Descriptor (short name): descr Descriptor (short name): fedfsDescr
Object Identifier: 1.3.6.1.4.1.31103.1.1001 Object Identifier: 1.3.6.1.4.1.31103.1.1001
Descriptor (short name): fedfsFsn Descriptor (short name): fedfsFsn
Object Identifier: 1.3.6.1.4.1.31103.1.1002 Object Identifier: 1.3.6.1.4.1.31103.1.1002
Descriptor (short name): fedfsFsl Descriptor (short name): fedfsFsl
Object Identifier: 1.3.6.1.4.1.31103.1.1003 Object Identifier: 1.3.6.1.4.1.31103.1.1003
Descriptor (short name): fedfsNfsFsl Descriptor (short name): fedfsNfsFsl
8. Glossary 8. Glossary
Administrator: user with the necessary authority to initiate Administrator: user with the necessary authority to initiate
administrative tasks on one or more servers. administrative tasks on one or more servers.
skipping to change at page 33, line 35 skipping to change at page 34, line 23
stand-alone fileserver. stand-alone fileserver.
9. References 9. References
9.1. Normative References 9.1. Normative References
[FEDFS-ADMIN] [FEDFS-ADMIN]
Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M. Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M.
Naik, "Administration Protocol for Federated Filesystems", Naik, "Administration Protocol for Federated Filesystems",
draft-ietf-nfsv4-federated-fs-admin (Work In Progress), draft-ietf-nfsv4-federated-fs-admin (Work In Progress),
2008. 2009.
[FEDFS-REQTS] [FEDFS-REQTS]
Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M. Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M.
Naik, "Requirements for Federated File Systems", Naik, "Requirements for Federated File Systems",
draft-ietf-nfsv4-federated-fs-reqts (Work In Progress), draft-ietf-nfsv4-federated-fs-reqts (Work In Progress),
2008. 2009.
[NFSv4.1] Shepler, S. and M. Eisler, "NFS Version 4 Minor Version [NFSv4.1] Shepler, S., Eisler, M., and D. Noveck, "NFS Version 4
1", draft-ietf-nfsv4-minorversion1 (Work In Progress), Minor Version 1", draft-ietf-nfsv4-minorversion1-29 (work
2008. in progress), December 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2203] Eisler, M., Chiu, A., and L. Ling, "RPCSEC_GSS Protocol [RFC2203] Eisler, M., Chiu, A., and L. Ling, "RPCSEC_GSS Protocol
Specification", RFC 2203, September 1997. Specification", RFC 2203, September 1997.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
skipping to change at page 34, line 35 skipping to change at page 35, line 24
(LDAP): The Protocol", RFC 4511, June 2006. (LDAP): The Protocol", RFC 4511, June 2006.
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol [RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP): Directory Information Models", RFC 4512, (LDAP): Directory Information Models", RFC 4512,
June 2006. June 2006.
[RFC4513] Harrison, R., "Lightweight Directory Access Protocol [RFC4513] Harrison, R., "Lightweight Directory Access Protocol
(LDAP): Authentication Methods and Security Mechanisms", (LDAP): Authentication Methods and Security Mechanisms",
RFC 4513, June 2006. RFC 4513, June 2006.
[RFC4516] Smith, M. and T. Howes, "Lightweight Directory Access
Protocol (LDAP): Uniform Resource Locator", RFC 4516,
June 2006.
[RFC4517] Legg, S., "Lightweight Directory Access Protocol (LDAP): [RFC4517] Legg, S., "Lightweight Directory Access Protocol (LDAP):
Syntaxes and Matching Rules", RFC 4517, June 2006. Syntaxes and Matching Rules", RFC 4517, June 2006.
[RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) [RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
Considerations for the Lightweight Directory Access Considerations for the Lightweight Directory Access
Protocol (LDAP)", BCP 64, RFC 4520, June 2006. Protocol (LDAP)", BCP 64, RFC 4520, June 2006.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
 End of changes. 104 change blocks. 
180 lines changed or deleted 210 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/