draft-ietf-regext-allocation-token-05.txt   draft-ietf-regext-allocation-token-06.txt 
Network Working Group J. Gould Network Working Group J. Gould
Internet-Draft VeriSign, Inc. Internet-Draft VeriSign, Inc.
Intended status: Standards Track K. Feher Intended status: Standards Track K. Feher
Expires: July 6, 2018 Neustar Expires: August 2, 2018 Neustar
January 2, 2018 January 29, 2018
Allocation Token Extension for the Extensible Provisioning Protocol Allocation Token Extension for the Extensible Provisioning Protocol
(EPP) (EPP)
draft-ietf-regext-allocation-token-05 draft-ietf-regext-allocation-token-06
Abstract Abstract
This document describes an Extensible Provisioning Protocol (EPP) This document describes an Extensible Provisioning Protocol (EPP)
extension for including an allocation token or for allocating an extension for including an Allocation Token in query and transform
object like a domain name to the client. The allocation token MAY be commands. The Allocation Token is used as a credential that
transferred out-of-band to a client to give them authorization to authorizes a client to request the allocation of a specific object
allocate an object using one of the EPP transform commands including from the server, using one of the EPP transform commands including
create, update, and transfer. create and transfer.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 6, 2018. This Internet-Draft will expire on August 2, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Conventions Used in This Document . . . . . . . . . . . . 3 1.1. Conventions Used in This Document . . . . . . . . . . . . 3
2. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 3 2. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Allocation Token . . . . . . . . . . . . . . . . . . . . 3 2.1. Allocation Token . . . . . . . . . . . . . . . . . . . . 4
3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 4 3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 4
3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 4 3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 4
3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 4 3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 4
3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 8 3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 8
3.1.3. EPP <transfer> Command . . . . . . . . . . . . . . . 10 3.1.3. EPP <transfer> Query Command . . . . . . . . . . . . 10
3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 11 3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 11
3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 11 3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 11
3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 12 3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 12
3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 12 3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 12
3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 12 3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 12
3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 13 3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 13
4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 14 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1. Allocation Token Extension Schema . . . . . . . . . . . . 15 4.1. Allocation Token Extension Schema . . . . . . . . . . . . 14
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 15 5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 15
5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 16 5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 15
6. Implementation Status . . . . . . . . . . . . . . . . . . . . 16 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 15
6.1. Verisign EPP SDK . . . . . . . . . . . . . . . . . . . . 17 6.1. Verisign EPP SDK . . . . . . . . . . . . . . . . . . . . 16
6.2. Neustar EPP SDK . . . . . . . . . . . . . . . . . . . . . 17 6.2. Neustar EPP SDK . . . . . . . . . . . . . . . . . . . . . 16
6.3. Neustar gTLD SRS . . . . . . . . . . . . . . . . . . . . 17 6.3. Neustar gTLD SRS . . . . . . . . . . . . . . . . . . . . 17
7. Security Considerations . . . . . . . . . . . . . . . . . . . 18 7. Security Considerations . . . . . . . . . . . . . . . . . . . 17
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18
9. Normative References . . . . . . . . . . . . . . . . . . . . 18 9. Normative References . . . . . . . . . . . . . . . . . . . . 18
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 19 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 19
A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 19 A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 19
A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 19 A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 19
A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 19 A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 19
A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 19 A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 19
A.5. Change from 04 to REGEXT 00 . . . . . . . . . . . . . . . 19 A.5. Change from 04 to REGEXT 00 . . . . . . . . . . . . . . . 19
A.6. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 19 A.6. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 19
A.7. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 20 A.7. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 19
A.8. Change from REGEXT 02 to REGEXT 03 . . . . . . . . . . . 20 A.8. Change from REGEXT 02 to REGEXT 03 . . . . . . . . . . . 19
A.9. Change from REGEXT 03 to REGEXT 04 . . . . . . . . . . . 20 A.9. Change from REGEXT 03 to REGEXT 04 . . . . . . . . . . . 19
A.10. Change from REGEXT 04 to REGEXT 05 . . . . . . . . . . . 20 A.10. Change from REGEXT 04 to REGEXT 05 . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 A.11. Change from REGEXT 05 to REGEXT 06 . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
This document describes an extension mapping for version 1.0 of the This document describes an extension mapping for version 1.0 of the
Extensible Provisioning Protocol (EPP) [RFC5730]. This mapping, an Extensible Provisioning Protocol (EPP) [RFC5730]. This mapping, an
extension to EPP object mappings like the EPP domain name mapping extension to EPP object mappings like the EPP domain name mapping
[RFC5731], for passing an allocation token to one of the EPP [RFC5731], supports passing an Allocation Token as a credential that
transform commands including create, update, and transfer. A client authorizes a client to request the allocation of a specific object
MUST pass an allocation token known to the server to be authorized to from the server, using one of the EPP transform commands including
use one of the supported EPP transform commands. It is up to server create and transfer.
policy which EPP transform commands and which objects support the
allocation token. The allocation token MAY be returned to an Allocation is when a server assigns the sponsoring client of an
authorized client for passing out-of-band to a client that uses it object based on the use of an Allocation Token credential. Examples
with an EPP transform command. include allocating a registration based on a pre-eligibility
Allocation Token, allocating a premium domain name registration based
on an auction Allocation Token, allocating a registration based on a
founders Allocation Token, and allocating an existing domain name
held by the server or by a different sponsoring client based on an
Allocation Token passed with a transfer command.
A client MUST pass an Allocation Token known to the server to be
authorized to use one of the supported EPP transform commands. It is
up to server policy which EPP transform commands and which objects
require the Allocation Token. The Allocation Token MAY be returned
to an authorized client for passing out-of-band to a client that uses
it with an EPP transform command.
1.1. Conventions Used in This Document 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
XML is case sensitive. Unless stated otherwise, XML specifications XML is case sensitive. Unless stated otherwise, XML specifications
and examples provided in this document MUST be interpreted in the and examples provided in this document MUST be interpreted in the
character case presented in order to develop a conforming character case presented in order to develop a conforming
skipping to change at page 3, line 51 skipping to change at page 4, line 15
2. Object Attributes 2. Object Attributes
This extension adds additional elements to EPP object mappings like This extension adds additional elements to EPP object mappings like
the EPP domain name mapping [RFC5731]. Only those new elements are the EPP domain name mapping [RFC5731]. Only those new elements are
described here. described here.
2.1. Allocation Token 2.1. Allocation Token
The Allocation Token is a simple XML "token" type. The exact format The Allocation Token is a simple XML "token" type. The exact format
of the Allocation Token is up to server policy. The server MUST have of the Allocation Token is up to server policy. The server MUST have
the allocation token for each object to match against the allocation the Allocation Token for each object to match against the Allocation
token passed by the client to authorize the allocation of the object. Token passed by the client to authorize the allocation of the object.
The <allocationToken:allocationToken> element is used for all of the
The same <allocationToken:allocationToken> element is used for all of supported EPP commands as well as the info response. If the
the supported EPP transform commands as well as the info response. Allocation Token passed to the server does not apply to the object,
If an invalid allocation token is passed the server MUST return an the server MUST return an EPP error result code of 2201.
EPP error result code of 2201.
An example <allocationToken:allocationToken> element with value of An example <allocationToken:allocationToken> element with value of
"abc123": "abc123":
<allocationToken:allocationToken xmlns:allocationToken= <allocationToken:allocationToken xmlns:allocationToken=
"urn:ietf:params:xml:ns:allocationToken-1.0"> "urn:ietf:params:xml:ns:allocationToken-1.0">
abc123 abc123
</allocationToken:allocationToken> </allocationToken:allocationToken>
3. EPP Command Mapping 3. EPP Command Mapping
A detailed description of the EPP syntax and semantics can be found A detailed description of the EPP syntax and semantics can be found
in the EPP core protocol specification [RFC5730]. in the EPP core protocol specification [RFC5730].
3.1. EPP Query Commands 3.1. EPP Query Commands
EPP provides three commands to retrieve object information: <check> EPP provides three commands to retrieve object information: <check>
to determine if an object is known to the server, <info> to retrieve to determine if an object can be provisioned, <info> to retrieve
detailed information associated with an object, and <transfer> to information associated with an object, and <transfer> to retrieve
retrieve object transfer status information. object transfer status information.
3.1.1. EPP <check> Command 3.1.1. EPP <check> Command
This extension defines additional elements to extend the EPP <check> This extension defines additional elements to extend the EPP <check>
command of an object mapping like [RFC5731]. command of an object mapping like [RFC5731].
This extension allow clients to check the availability of an object This extension allow clients to check the availability of an object
with an allocation token, as described in Section 2.1. Clients can with an Allocation Token, as described in Section 2.1. Clients can
check if an object can be created using the allocation token. The check if an object can be created using the Allocation Token. The
allocation token is applied to all object names included in the EPP Allocation Token is applied to all object names included in the EPP
<check> command. <check> command.
Example <check> command for the example.tld domain name using the Example <check> command for the example.tld domain name using the
<allocationToken:allocationToken> extension with the allocation token <allocationToken:allocationToken> extension with the allocation token
of 'abc123': of 'abc123':
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command> C: <command>
C: <check> C: <check>
skipping to change at page 5, line 29 skipping to change at page 5, line 29
C: <allocationToken:allocationToken C: <allocationToken:allocationToken
C: xmlns:allocationToken= C: xmlns:allocationToken=
C: "urn:ietf:params:xml:ns:allocationToken-1.0"> C: "urn:ietf:params:xml:ns:allocationToken-1.0">
C: abc123 C: abc123
C: </allocationToken:allocationToken> C: </allocationToken:allocationToken>
C: </extension> C: </extension>
C: <clTRID>ABC-12345</clTRID> C: <clTRID>ABC-12345</clTRID>
C: </command> C: </command>
C:</epp> C:</epp>
If the query was successful, the server replies with an <check> If the query was successful, the server replies with a <check>
response providing availability status of queried object. response providing the availability status of the queried object
based on the following Allocation Token cases, where the object is
otherwise available:
1. If an object requires an Allocation Token and the Allocation
Token does apply to the object, then the server MUST return the
availability status as available (e.g., "avail" attribute is "1"
or "true").
2. If an object requires an Allocation Token and the Allocation
Token does not apply to the object or an object does not require
an Allocation Token, then the server SHOULD return the
availability status as unavailable (e.g., "avail" attribute is
"0" or "false").
Example <check> domain response for a <check> command using the Example <check> domain response for a <check> command using the
<allocationToken:allocationToken> extension: <allocationToken:allocationToken> extension:
S:<?xml version="1.0" encoding="UTF-8"?> S:<?xml version="1.0" encoding="UTF-8"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response> S: <response>
S: <result code="1000"> S: <result code="1000">
S: <msg lang="en-US">Command completed successfully</msg> S: <msg lang="en-US">Command completed successfully</msg>
S: </result> S: </result>
S: <resData> S: <resData>
S: <domain:chkData S: <domain:chkData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
S: <domain:cd> S: <domain:cd>
S: <domain:name avail="0">example.tld</domain:name> S: <domain:name avail="0">example.tld</domain:name>
S: <domain:reason>Invalid domain-token pair</domain:reason> S: <domain:reason>Allocation Token mismatch</domain:reason>
S: </domain:cd> S: </domain:cd>
S: </domain:chkData> S: </domain:chkData>
S: </resData> S: </resData>
S: <trID> S: <trID>
S: <clTRID>ABC-DEF-12345</clTRID> S: <clTRID>ABC-DEF-12345</clTRID>
S: <svTRID>54321-XYZ</svTRID> S: <svTRID>54321-XYZ</svTRID>
S: </trID> S: </trID>
S: </response> S: </response>
S:</epp> S:</epp>
Example <check> command with the <allocationToken:allocationToken> Example <check> command with the <allocationToken:allocationToken>
extension for the example.tld and example2.tld domain names. extension for the example.tld and example2.tld domain names.
Availability of example.tld and example2.tld domain names are based Availability of example.tld and example2.tld domain names are based
on the allocation token 'abc123': on the Allocation Token 'abc123':
C:<?xml version="1.0" encoding="UTF-8"?> C:<?xml version="1.0" encoding="UTF-8"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command> C: <command>
C: <check> C: <check>
C: <domain:check C: <domain:check
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>example.tld</domain:name> C: <domain:name>example.tld</domain:name>
C: <domain:name>example2.tld</domain:name> C: <domain:name>example2.tld</domain:name>
C: </domain:check> C: </domain:check>
skipping to change at page 8, line 19 skipping to change at page 8, line 19
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response> S: <response>
S: <result code="1000"> S: <result code="1000">
S: <msg lang="en-US">Command completed successfully</msg> S: <msg lang="en-US">Command completed successfully</msg>
S: </result> S: </result>
S: <resData> S: <resData>
S: <domain:chkData S: <domain:chkData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
S: <domain:cd> S: <domain:cd>
S: <domain:name avail="0">example.tld</domain:name> S: <domain:name avail="0">example.tld</domain:name>
S: <domain:reason>Invalid domain-token pair</domain:reason> S: <domain:reason>Allocation Token mismatch</domain:reason>
S: </domain:cd> S: </domain:cd>
S: <domain:cd> S: <domain:cd>
S: <domain:name avail="1">example2.tld</domain:name> S: <domain:name avail="1">example2.tld</domain:name>
S: </domain:cd> S: </domain:cd>
S: </domain:chkData> S: </domain:chkData>
S: </resData> S: </resData>
S: <trID> S: <trID>
S: <clTRID>ABC-DEF-12345</clTRID> S: <clTRID>ABC-DEF-12345</clTRID>
S: <svTRID>54321-XYZ</svTRID> S: <svTRID>54321-XYZ</svTRID>
S: </trID> S: </trID>
skipping to change at page 8, line 41 skipping to change at page 8, line 41
S:</epp> S:</epp>
This extension does not add any elements to the EPP <check> response This extension does not add any elements to the EPP <check> response
described in the [RFC5730]. described in the [RFC5730].
3.1.2. EPP <info> Command 3.1.2. EPP <info> Command
This extension defines additional elements to extend the EPP <info> This extension defines additional elements to extend the EPP <info>
command of an object mapping like [RFC5731]. command of an object mapping like [RFC5731].
The EPP <info> command allows a client to request information on an The EPP <info> command allows a client to request information
existing object. Authorized clients MAY retrieve the allocation associated with an existing object. Authorized clients MAY retrieve
token (Section 2.1) along with the other object information using the the Allocation Token (Section 2.1) along with the other object
<allocationToken:info> element that identifies the extension information using the <allocationToken:info> element. The
namespace. The <allocationToken:info> element is an empty element <allocationToken:info> element is an empty element that serves as a
that serves as a marker to the server to return the marker to the server to return the <allocationToken:allocationToken>
<allocationToken:allocationToken> element, defined in Section 2.1, in element in the info response. If the client is not authorized to
the info response. If the client is not authorized to receive the receive the Allocation Token, the server MUST return an EPP error
allocation token (Section 2.1), the server MUST return an EPP error
result code of 2201. If the client is authorized to receive the result code of 2201. If the client is authorized to receive the
allocation token (Section 2.1), but there is no allocation token Allocation Token, but there is no Allocation Token associated with
(Section 2.1) associated with the object, the server MUST return an the object, the server MUST return an EPP error result code of 2303
EPP error result code of 2303 object referencing the object referencing the <allocationToken:info> element. The
<allocationToken:info> element. auhorization is subject to server policy.
Example <info> command with the allocationToken:info extension for Example <info> command with the allocationToken:info extension for
the example.tld domain name: the example.tld domain name:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command> C: <command>
C: <info> C: <info>
C: <domain:info C: <domain:info
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
skipping to change at page 10, line 45 skipping to change at page 10, line 45
S: abc123 S: abc123
S: </allocationToken:allocationToken> S: </allocationToken:allocationToken>
S: </extension> S: </extension>
S: <trID> S: <trID>
S: <clTRID>ABC-12345</clTRID> S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54321-XYZ</svTRID> S: <svTRID>54321-XYZ</svTRID>
S: </trID> S: </trID>
S: </response> S: </response>
S:</epp> S:</epp>
3.1.3. EPP <transfer> Command 3.1.3. EPP <transfer> Query Command
This extension does not add any elements to the EPP <transfer> query This extension does not add any elements to the EPP <transfer> query
command or <transfer> response described in the [RFC5730]. command or <transfer> query response described in the [RFC5730].
3.2. EPP Transform Commands 3.2. EPP Transform Commands
EPP provides five commands to transform objects: <create> to create EPP provides five commands to transform objects: <create> to create
an instance of an object, <delete> to delete an instance of an an instance of an object, <delete> to delete an instance of an
object, <renew> to extend the validity period of an object, object, <renew> to extend the validity period of an object,
<transfer> to manage object sponsorship changes, and <update> to <transfer> to manage object sponsorship changes, and <update> to
change information associated with an object. change information associated with an object.
3.2.1. EPP <create> Command 3.2.1. EPP <create> Command
This extension defines additional elements to extend the EPP <create> This extension defines additional elements to extend the EPP <create>
command of an object mapping like [RFC5731]. command of an object mapping like [RFC5731].
The EPP <create> command provides a transform operation that allows a The EPP <create> command provides a transform operation that allows a
client to create an object. In addition to the EPP command elements client to create an instance of an object. In addition to the EPP
described in an object mapping like [RFC5731], the command MUST command elements described in an object mapping like [RFC5731], the
contain a child <allocationToken:allocationToken> element, as defined command MUST contain a child <allocationToken:allocationToken>
in Section 2.1, that identifies the extension namespace for the element for the client to be authorized to create and allocate the
client to be authorized to create and allocate the object. If the object. If the Allocation Token does not apply to the object, the
allocation token (Section 2.1) does not match the object's allocation server MUST return an EPP error result code of 2201.
token (Section 2.1), the server MUST return an EPP error result code
of 2201.:
Example <create> command to create a domain object with an allocation Example <create> command to create a domain object with an Allocation
token: Token:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command> C: <command>
C: <create> C: <create>
C: <domain:create C: <domain:create
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>example.tld</domain:name> C: <domain:name>example.tld</domain:name>
C: <domain:registrant>jd1234</domain:registrant> C: <domain:registrant>jd1234</domain:registrant>
C: <domain:contact type="admin">sh8013</domain:contact> C: <domain:contact type="admin">sh8013</domain:contact>
skipping to change at page 13, line 9 skipping to change at page 13, line 9
3.2.4. EPP <transfer> Command 3.2.4. EPP <transfer> Command
This extension defines additional elements to extend the EPP This extension defines additional elements to extend the EPP
<transfer> request command of an object mapping like [RFC5731]. <transfer> request command of an object mapping like [RFC5731].
The EPP <transfer> request command provides a transform operation The EPP <transfer> request command provides a transform operation
that allows a client to request the transfer of an object. In that allows a client to request the transfer of an object. In
addition to the EPP command elements described in an object mapping addition to the EPP command elements described in an object mapping
like [RFC5731], the command MUST contain a child like [RFC5731], the command MUST contain a child
<allocationToken:allocationToken> element, as defined in Section 2.1, <allocationToken:allocationToken> element for the client to be
that identifies the extension namespace for the client to be authorized to transfer and allocate the object. The authorization
authorized to transfer and allocate the object. If the allocation associated with the Allocation Token is in addition to and does not
token (Section 2.1) does not match the object's allocation token replace the authorization mechanism defined for the object's
(Section 2.1), the server MUST return an EPP error result code of <transfer> request command. If the Allocation Token does not apply
to the object, the server MUST return an EPP error result code of
2201. 2201.
Example <transfer> request command to allocate the domain object with Example <transfer> request command to allocate the domain object with
the allocation token: the Allocation Token:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command> C: <command>
C: <transfer op="request"> C: <transfer op="request">
C: <domain:transfer C: <domain:transfer
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>example1.tld</domain:name> C: <domain:name>example1.tld</domain:name>
C: <domain:period unit="y">1</domain:period> C: <domain:period unit="y">1</domain:period>
C: <domain:authInfo> C: <domain:authInfo>
skipping to change at page 13, line 48 skipping to change at page 13, line 49
C: </extension> C: </extension>
C: <clTRID>ABC-12345</clTRID> C: <clTRID>ABC-12345</clTRID>
C: </command> C: </command>
C:</epp> C:</epp>
This extension does not add any elements to the EPP <transfer> This extension does not add any elements to the EPP <transfer>
response described in the [RFC5730]. response described in the [RFC5730].
3.2.5. EPP <update> Command 3.2.5. EPP <update> Command
This extension defines additional elements to extend an extension of This extension does not add any elements to the EPP <update> command
an empty EPP <update> command of an object mapping like [RFC5731]. or <update> response described in the [RFC5730].
An example of an extension of an empty EPP <update> command is the
definition of the restore command within [RFC3915].
An extension of an empty EPP <update> command defines a new verb that
transforms an object. In addition to the EPP command elements
described in an object mapping like [RFC5731], the command MUST
contain a child <allocationToken:allocationToken> element, as defined
in Section 2.1, that identifies the extension namespace for the
client to be authorized to allocate the object. If the allocation
token (Section 2.1) does not match the object's allocation token
(Section 2.1), the server MUST return an EPP error result code of
2201.
Example use an extension of an empty <update> command to release a
domain object with an allocation token:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>example1.tld</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <release:release
C: xmlns:release="urn:ietf:params:xml:ns:release-1.0"/>
C: <allocationToken:allocationToken
C: xmlns:allocationToken=
C: "urn:ietf:params:xml:ns:allocationToken-1.0">
C: abc123
C: </allocationToken:allocationToken>
C: </extension>
C: <clTRID>ABC-12345-XYZ</clTRID>
C: </command>
C:</epp>
This extension does not add any elements to the EPP <update> response
described in the [RFC5730].
4. Formal Syntax 4. Formal Syntax
One schema is presented here that is the EPP Allocation Token One schema is presented here that is the EPP Allocation Token
Extension schema. Extension schema.
The formal syntax presented here is a complete schema representation The formal syntax presented here is a complete schema representation
of the object mapping suitable for automated validation of EPP XML of the object mapping suitable for automated validation of EPP XML
instances. The BEGIN and END tags are not part of the schema; they instances. The BEGIN and END tags are not part of the schema; they
are used to note the beginning and ending of the schema for URI are used to note the beginning and ending of the schema for URI
registration purposes. registration purposes.
4.1. Allocation Token Extension Schema 4.1. Allocation Token Extension Schema
BEGIN BEGIN
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<schema
<schema targetNamespace="urn:ietf:params:xml:ns:allocationToken-1.0" targetNamespace="urn:ietf:params:xml:ns:allocationToken-1.0"
xmlns:allocationToken="urn:ietf:params:xml:ns:allocationToken-1.0" xmlns:allocationToken="urn:ietf:params:xml:ns:allocationToken-1.0"
xmlns="http://www.w3.org/2001/XMLSchema" xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"> elementFormDefault="qualified"
>
<annotation> <annotation>
<documentation> <documentation>
Extensible Provisioning Protocol v1.0 Extensible Provisioning Protocol v1.0
Allocation Token Extension. Allocation
Token Extension.
</documentation> </documentation>
</annotation> </annotation>
<!-- Element used in info command to get allocation token. --> <!-- Element used in info command to get allocation token. -->
<element name="info"/> <element name="info"/>
<!-- Allocation Token used in transform <!-- Allocation Token used in transform
commands and info response --> commands and info response -->
<element name="allocationToken" <element
name="allocationToken"
type="allocationToken:allocationTokenType"/> type="allocationToken:allocationTokenType"/>
<complexType name="allocationTokenType"> <simpleType name="allocationTokenType">
<simpleContent> <restriction base="token">
<extension base="token"/> <minLength value="1"/>
</simpleContent> </restriction>
</complexType> </simpleType>
<!-- End of schema.--> <!-- End of schema. -->
</schema> </schema>
END END
5. IANA Considerations 5. IANA Considerations
5.1. XML Namespace 5.1. XML Namespace
This document uses URNs to describe XML namespaces and XML schemas This document uses URNs to describe XML namespaces and XML schemas
conforming to a registry mechanism described in [RFC3688]. The conforming to a registry mechanism described in [RFC3688]. The
following URI assignment is requested of IANA: following URI assignment is requested of IANA:
URI: ietf:params:xml:ns:allocationToken-1.0 Registration request for the allocationToken namespace:
Registrant Contact: See the "Author's Address" section of this URI: ietf:params:xml:ns:allocationToken-1.0
document. Registrant Contact: IESG
XML: None. Namespace URIs do not represent an XML specification.
XML: See the "Formal Syntax" section of this document. Registration request for the allocationToken XML schema:
URI: ietf:params:xml:ns:allocationToken-1.0
Registrant Contact: IESG
XML: See the "Formal Syntax" section of this document.
5.2. EPP Extension Registry 5.2. EPP Extension Registry
The EPP extension described in this document should be registered by The following registration of the EPP Extension Registry, described
the IANA in the EPP Extension Registry described in [RFC7451]. The in [RFC7451], is requested:
details of the registration are as follows:
Name of Extension: "Allocation Token Extension for the Extensible Name of Extension: "Allocation Token Extension for the Extensible
Provisioning Protocol (EPP)" Provisioning Protocol (EPP)"
Document status: Standards Track Document status: Standards Track
Reference: (insert reference to RFC version of this document) Reference: (insert reference to RFC version of this document)
Registrant Name and Email Address: IESG, <iesg@ietf.org> Registrant Name and Email Address: IESG, <iesg@ietf.org>
skipping to change at page 18, line 9 skipping to change at page 17, line 25
URL: http://registrytoolkit.neustar URL: http://registrytoolkit.neustar
6.3. Neustar gTLD SRS 6.3. Neustar gTLD SRS
Organisation: Neustar Inc. Organisation: Neustar Inc.
Name: Neustar generic Top Level Domain (gTLD) Shared Registry System Name: Neustar generic Top Level Domain (gTLD) Shared Registry System
(SRS). (SRS).
Description: The Neustar gTLD SRS implements the server side of Description: The Neustar gTLD SRS implements the server side of
draft-ietf-regext-allocation-token. For several Top Level Domains draft-ietf-regext-allocation-token for several Top Level Domains.
Level of maturity: Production Level of maturity: Production
Coverage: All server side aspects of the protocol are implemented. Coverage: All server side aspects of the protocol are implemented.
Licensing: Proprietary Licensing: Proprietary
Contact: kal.feher@team.neustar Contact: kal.feher@team.neustar
7. Security Considerations 7. Security Considerations
The mapping extensions described in this document do not provide any The mapping described in this document does not provide any security
security services beyond those described by EPP [RFC5730] and services beyond those described by EPP [RFC5730] and protocol layers
protocol layers used by EPP. The security considerations described used by EPP. The security considerations described in these other
in these other specifications apply to this specification as well. specifications apply to this specification as well.
The mapping acts as a conduit for the passing of Allocation Tokens
between a client and a server. The definition of the Allocation
Token is defined outside of this mapping. The following are security
considerations in the definition and use of an Allocation Token:
1. An Allocation Token should be considered secret information by
the client and should be protected at rest and in transit.
2. An Allocation Token should be single use, meaning it should be
unique per object and per allocation operation.
3. An Allocation Token should have a limited life with some form of
expiry in the Allocation Token if generated by a trusted 3rd
third party, or with a server-side expiry if generated by the
server.
4. An Allocation Token should use a strong random value if it is
based on an unsigned code.
5. An Allocation Token should leverage digital signatures to confirm
its authenticity if generated by a trusted 3rd party.
6. An Allocation Token should is signed XML should be encoded (e.g.,
base64) to mitigate server validation issues.
8. Acknowledgements 8. Acknowledgements
The authors wish to acknowledge the original concept for this draft The authors wish to acknowledge the original concept for this draft
and the efforts in the initial versions of this draft by Trung Tran and the efforts in the initial versions of this draft by Trung Tran
and Sharon Wodjenski. and Sharon Wodjenski.
Special suggestions that have been incorporated into this document Special suggestions that have been incorporated into this document
were provided by Patrick Mevzek. were provided by Scott Hollenbeck, Rubens Kuhl, Alexander Mayrhofer,
and Patrick Mevzek.
9. Normative References 9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, <https://www.rfc- DOI 10.17487/RFC3688, January 2004, <https://www.rfc-
editor.org/info/rfc3688>. editor.org/info/rfc3688>.
[RFC3915] Hollenbeck, S., "Domain Registry Grace Period Mapping for
the Extensible Provisioning Protocol (EPP)", RFC 3915,
DOI 10.17487/RFC3915, September 2004, <https://www.rfc-
editor.org/info/rfc3915>.
[RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
<https://www.rfc-editor.org/info/rfc5730>. <https://www.rfc-editor.org/info/rfc5730>.
[RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) [RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
Domain Name Mapping", STD 69, RFC 5731, Domain Name Mapping", STD 69, RFC 5731,
DOI 10.17487/RFC5731, August 2009, <https://www.rfc- DOI 10.17487/RFC5731, August 2009, <https://www.rfc-
editor.org/info/rfc5731>. editor.org/info/rfc5731>.
[RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running [RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
skipping to change at page 20, line 34 skipping to change at page 20, line 21
EPP..." in the Introduction section. EPP..." in the Introduction section.
3. Reword the "The allocation token is known to the server..." 3. Reword the "The allocation token is known to the server..."
sentence in the Introduction section. sentence in the Introduction section.
4. Modify the "The allocation token MAY be returned to an 4. Modify the "The allocation token MAY be returned to an
authorized client for passing out-of-band to a client that authorized client for passing out-of-band to a client that
uses it with an EPP transform command" to clarify who the two uses it with an EPP transform command" to clarify who the two
separate clients are. separate clients are.
5. Removed an unneeded ":" from the EPP <transfer> Command and 5. Removed an unneeded ":" from the EPP <transfer> Command and
EPP <update> Command sections. EPP <update> Command sections.
A.11. Change from REGEXT 05 to REGEXT 06
1. Fix description of Neustar gTLD SRS based on feedback from Rubens
Kuhl.
2. Updates based on feedback from Alexander Mayrhofer, that include:
1. Making all references to Allocation Token to use the upper
case form.
2. Revise the language of the abstract to include "for
including an Allocation Token in query and transform
commands. The Allocation Token is used as a credential that
authorizes a client to request the allocation of a specific
object from the server, using one of the EPP transform
commands..."
3. Replace the title "EPP <transfer> Command" with "EPP
<transfer> Query Command" for section 3.1.3.
4. Revise the second sentence of the Introduction to "The
mapping, ..., supports passing an Allocation Token..."
5. Change "support" to "require" in the Introduction sentence
"It is up to server policy which EPP transform commands and
which objects support the Allocation Token."
6. Add the definition of Allocation to the Introduction.
7. Removed "transform" from "all of the supported EPP transform
commands" in the "Allocation Token" section, since the
Allocation Token can be used with the "check" command as
well.
8. Remove the word "same" from "The same
<allocationToken:allocationToken> element is used for
all..." in the "Allocation Token" section.
9. Change the description of the use of the 2201 error in the
"Allocation Token" section, the "EPP <create> Command"
section, the "EPP <transfer> Command" section, and the "EPP
<update> Command" section.
10. Revise "<check> to determine if an object is known to the
server..." to "<check> to determine if an object can be
provisioned..." and remove "detailed" in the description of
the <info> in the "EPP Query Commands" section.
11. Add missing description of the expected <check> response
behavior.
12. Replaced the example reason "Invalid domain-token pair" with
"Allocation Token mismatch".
13. Replace "information on" with "information associated with"
in the "EPP <info> Command" section.
14. Removed the "that identifies the extension namespace", the
", defined in...", the Allocation Token links from the error
response sentences, and the "object referencing the
<allocationToken:info> element" in the "EPP <info> Command"
section.
15. Added "The authorization is subject to server policy." to
the "EPP <info> Command" section.
16. Replace "or <transfer> response>" with "or <transfer> query
response>" in the EPP <transfer> Query Command" section.
17. Replace "create an object" with "create an instance of an
object" in the "EPP <create> Command" section.
18. Revised the sentence to include "the command MUST contain a
child <allocationToken:allocationToken> element for the
client to be authorized to create and allocate the object"
in the "EPP <create> Command" section.
19. Removed the reference to section 2.1 and the namespace
identification text in the "EPP <transfer> Command" section.
20. Added "The authorization associated with the Allocation
Token is in addition to and does not replace the
authorization mechanism defined for the object's <transfer>
request command." to the "EPP <transfer> Command" section.
21. Modified the first sentence of the "EPP Extension Registry"
section to read "The following registration of the EPP
Extension Registry, described in RFC7451, is requested"
22. Removed support with using the Allocation Token with an
empty extension of update (e.g., release command), based on
the confusion and lack of known applicability.
3. Updates based on feedback from Scott Hollenbeck, that include:
1. Revised XML schema to included a minimum length of 1 for the
allocationTokenType.
2. Revised the "IANA Considerations" section to include the
registration of the XML schema.
3. Revised the "Security Considerations" section to include
considerations for the definition of the Allocation Tokens.
Authors' Addresses Authors' Addresses
James Gould James Gould
VeriSign, Inc. VeriSign, Inc.
12061 Bluemont Way 12061 Bluemont Way
Reston, VA 20190 Reston, VA 20190
US US
Email: jgould@verisign.com Email: jgould@verisign.com
URI: http://www.verisigninc.com URI: http://www.verisigninc.com
 End of changes. 43 change blocks. 
151 lines changed or deleted 236 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/