draft-ietf-regext-allocation-token-09.txt   draft-ietf-regext-allocation-token-10.txt 
Network Working Group J. Gould Network Working Group J. Gould
Internet-Draft VeriSign, Inc. Internet-Draft VeriSign, Inc.
Intended status: Standards Track K. Feher Intended status: Standards Track K. Feher
Expires: February 4, 2019 Neustar Expires: February 22, 2019 Neustar
August 3, 2018 August 21, 2018
Allocation Token Extension for the Extensible Provisioning Protocol Allocation Token Extension for the Extensible Provisioning Protocol
(EPP) (EPP)
draft-ietf-regext-allocation-token-09 draft-ietf-regext-allocation-token-10
Abstract Abstract
This document describes an Extensible Provisioning Protocol (EPP) This document describes an Extensible Provisioning Protocol (EPP)
extension for including an Allocation Token in "query" and extension for including an Allocation Token in "query" and
"transform" commands. The Allocation Token is used as a credential "transform" commands. The Allocation Token is used as a credential
that authorizes a client to request the allocation of a specific that authorizes a client to request the allocation of a specific
object from the server, using one of the EPP transform commands object from the server, using one of the EPP transform commands
including create and transfer. including create and transfer.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 4, 2019. This Internet-Draft will expire on February 22, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Conventions Used in This Document . . . . . . . . . . . . 3 1.1. Conventions Used in This Document . . . . . . . . . . . . 3
2. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 4 2. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Allocation Token . . . . . . . . . . . . . . . . . . . . 4 2.1. Allocation Token . . . . . . . . . . . . . . . . . . . . 4
3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 4 3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 5
3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 4 3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 5
3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 5 3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 5
3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 8 3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 9
3.1.3. EPP <transfer> Query Command . . . . . . . . . . . . 10 3.1.3. EPP <transfer> Query Command . . . . . . . . . . . . 11
3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 11 3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 12
3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 11 3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 12
3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 12 3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 13
3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 12 3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 13
3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 12 3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 13
3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 13 3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 14
4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 14 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 15
4.1. Allocation Token Extension Schema . . . . . . . . . . . . 14 4.1. Allocation Token Extension Schema . . . . . . . . . . . . 15
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 15 5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 16
5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 15 5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 16
6. Implementation Status . . . . . . . . . . . . . . . . . . . . 15 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 16
6.1. Verisign EPP SDK . . . . . . . . . . . . . . . . . . . . 16 6.1. Verisign EPP SDK . . . . . . . . . . . . . . . . . . . . 17
6.2. Neustar EPP SDK . . . . . . . . . . . . . . . . . . . . . 16 6.2. Neustar EPP SDK . . . . . . . . . . . . . . . . . . . . . 17
6.3. Neustar gTLD SRS . . . . . . . . . . . . . . . . . . . . 17 6.3. Neustar gTLD SRS . . . . . . . . . . . . . . . . . . . . 18
6.4. Net::DRI . . . . . . . . . . . . . . . . . . . . . . . . 17 6.4. Net::DRI . . . . . . . . . . . . . . . . . . . . . . . . 18
7. Security Considerations . . . . . . . . . . . . . . . . . . . 18 7. Security Considerations . . . . . . . . . . . . . . . . . . . 19
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
9.1. Normative References . . . . . . . . . . . . . . . . . . 18 9.1. Normative References . . . . . . . . . . . . . . . . . . 19
9.2. Informative References . . . . . . . . . . . . . . . . . 19 9.2. Informative References . . . . . . . . . . . . . . . . . 20
9.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 20
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 19 A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 20
A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 19
A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 20 A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 20
A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 20 A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 21
A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 20 A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 21
A.5. Change from 04 to REGEXT 00 . . . . . . . . . . . . . . . 20 A.5. Change from 04 to REGEXT 00 . . . . . . . . . . . . . . . 21
A.6. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 20 A.6. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 21
A.7. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 20 A.7. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 21
A.8. Change from REGEXT 02 to REGEXT 03 . . . . . . . . . . . 20 A.8. Change from REGEXT 02 to REGEXT 03 . . . . . . . . . . . 21
A.9. Change from REGEXT 03 to REGEXT 04 . . . . . . . . . . . 20 A.9. Change from REGEXT 03 to REGEXT 04 . . . . . . . . . . . 21
A.10. Change from REGEXT 04 to REGEXT 05 . . . . . . . . . . . 20 A.10. Change from REGEXT 04 to REGEXT 05 . . . . . . . . . . . 21
A.11. Change from REGEXT 05 to REGEXT 06 . . . . . . . . . . . 21 A.11. Change from REGEXT 05 to REGEXT 06 . . . . . . . . . . . 22
A.12. Change from REGEXT 06 to REGEXT 07 . . . . . . . . . . . 22 A.12. Change from REGEXT 06 to REGEXT 07 . . . . . . . . . . . 23
A.13. Change from REGEXT 07 to REGEXT 08 . . . . . . . . . . . 22 A.13. Change from REGEXT 07 to REGEXT 08 . . . . . . . . . . . 23
A.14. Change from REGEXT 08 to REGEXT 09 . . . . . . . . . . . 23 A.14. Change from REGEXT 08 to REGEXT 09 . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 A.15. Change from REGEXT 09 to REGEXT 10 . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction 1. Introduction
This document describes an extension mapping for version 1.0 of the This document describes an extension mapping for version 1.0 of the
Extensible Provisioning Protocol (EPP) [RFC5730]. This mapping, an Extensible Provisioning Protocol (EPP) [RFC5730]. This mapping, an
extension to EPP object mappings like the EPP domain name mapping extension to EPP object mappings like the EPP domain name mapping
[RFC5731], supports passing an Allocation Token as a credential that [RFC5731], supports passing an Allocation Token as a credential that
authorizes a client to request the allocation of a specific object authorizes a client to request the allocation of a specific object
from the server, using one of the EPP transform commands including from the server, using one of the EPP transform commands including
create and transfer. create and transfer.
Allocation is when a server assigns the sponsoring client of an Allocation is when a server assigns the sponsoring client of an
object based on the use of an Allocation Token credential. Examples object based on the use of an Allocation Token credential. Examples
include allocating a registration based on a pre-eligibility include allocating a registration based on a pre-eligibility
Allocation Token, allocating a premium domain name registration based Allocation Token, allocating a premium domain name registration based
on an auction Allocation Token, allocating a registration based on a on an auction Allocation Token, allocating a registration based on a
founders Allocation Token, and allocating an existing domain name founders Allocation Token, and allocating an existing domain name
held by the server or by a different sponsoring client based on an held by the server or by a different sponsoring client based on an
Allocation Token passed with a transfer command. Allocation Token passed with a transfer command.
A client MUST pass an Allocation Token known to the server to be Clients pass an Allocation Token to the server for validation, and
authorized to use one of the supported EPP transform commands. It is the server determines if the supplied Allocation Token is one
up to server policy which EPP transform commands and which objects supported by the server. It is up to server policy which EPP
require the Allocation Token. The Allocation Token MAY be returned transform commands and which objects require the Allocation Token.
to an authorized client for passing out-of-band to a client that uses The Allocation Token MAY be returned to an authorized client for
it with an EPP transform command. passing out-of-band to a client that uses it with an EPP transform
command.
1.1. Conventions Used in This Document 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [1] [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
XML is case sensitive. Unless stated otherwise, XML specifications XML is case sensitive. Unless stated otherwise, XML specifications
and examples provided in this document MUST be interpreted in the and examples provided in this document MUST be interpreted in the
character case presented in order to develop a conforming character case presented in order to develop a conforming
implementation. implementation.
In examples, "C:" represents lines sent by a protocol client and "S:" In examples, "C:" represents lines sent by a protocol client and "S:"
represents lines returned by a protocol server. Indentation and represents lines returned by a protocol server. Indentation and
white space in examples are provided only to illustrate element white space in the examples are provided only to illustrate element
relationships and are not a REQUIRED feature of this protocol. relationships and are not REQUIRED in the protocol.
The XML namespace prefix "allocationToken" is used for the namespace The XML namespace prefix "allocationToken" is used for the namespace
"urn:ietf:params:xml:ns:allocationToken-1.0", but implementations "urn:ietf:params:xml:ns:allocationToken-1.0", but implementations
MUST NOT depend on it and instead employ a proper namespace-aware XML MUST NOT depend on it and instead employ a proper namespace-aware XML
parser and serializer to interpret and output the XML documents. parser and serializer to interpret and output the XML documents.
The "abc123" token value is used as a placeholder value in the
examples. The server MUST support token values that follow the
Security Considerations (Section 7) section.
The domain object attribute values, including the "2fooBAR"
<domain:pw> value, in the examples are provided for illustration
purposes only. Refer to [RFC5731] for details on the domain object
attributes.
2. Object Attributes 2. Object Attributes
This extension adds additional elements to EPP object mappings like This extension adds additional elements to EPP object mappings like
the EPP domain name mapping [RFC5731]. Only those new elements are the EPP domain name mapping [RFC5731]. Only those new elements are
described here. described here.
2.1. Allocation Token 2.1. Allocation Token
The Allocation Token is a simple XML "token" type. The exact format The Allocation Token is a simple XML "token" type. The exact format
of the Allocation Token is up to server policy. The server MAY have of the Allocation Token is up to server policy. The server MAY have
the Allocation Token for each object to match against the Allocation the Allocation Token for each object to match against the Allocation
Token passed by the client to authorize the allocation of the object. Token passed by the client to authorize the allocation of the object.
The <allocationToken:allocationToken> element is used for all of the The <allocationToken:allocationToken> element is used for all of the
supported EPP commands as well as the info response. If the supported EPP commands as well as the info response. If the supplied
Allocation Token passed to the server does not apply to the object, Allocation Token passed to the server does not apply to the object,
the server MUST return an EPP error result code of 2201. the server MUST return an EPP error result code of 2201.
Authorization information, like what is defined in the EPP domain
name mapping [RFC5731], is associated with objects to facilitate
transfer operations. The authorization information is assigned when
an object is created. The Allocation Token and the authorization
information are both credentials, but used for different purposes and
used in different ways. The Allocation Token is used to facilitate
the allocation of an object instead of transferring the sponsorship
of the object. The Allocation Token is not managed by the client,
but is validated by the server to authorize assigning the initial
sponsoring client of the object.
An example <allocationToken:allocationToken> element with value of An example <allocationToken:allocationToken> element with value of
"abc123": "abc123":
<allocationToken:allocationToken xmlns:allocationToken= <allocationToken:allocationToken xmlns:allocationToken=
"urn:ietf:params:xml:ns:allocationToken-1.0"> "urn:ietf:params:xml:ns:allocationToken-1.0">
abc123 abc123
</allocationToken:allocationToken> </allocationToken:allocationToken>
3. EPP Command Mapping 3. EPP Command Mapping
skipping to change at page 6, line 6 skipping to change at page 6, line 43
1. If an object requires an Allocation Token and the Allocation 1. If an object requires an Allocation Token and the Allocation
Token does apply to the object, then the server MUST return the Token does apply to the object, then the server MUST return the
availability status as available (e.g., "avail" attribute is "1" availability status as available (e.g., "avail" attribute is "1"
or "true"). or "true").
2. If an object requires an Allocation Token and the Allocation 2. If an object requires an Allocation Token and the Allocation
Token does not apply to the object or an object does not require Token does not apply to the object or an object does not require
an Allocation Token, then the server SHOULD return the an Allocation Token, then the server SHOULD return the
availability status as unavailable (e.g., "avail" attribute is availability status as unavailable (e.g., "avail" attribute is
"0" or "false"). "0" or "false").
3. If an object does not require an Allocation Token, the server MAY
return the availability status as available (e.g., "avail"
attribute is "1" or "true").
Example <check> domain response for a <check> command using the Example <check> domain response for a <check> command using the
<allocationToken:allocationToken> extension: <allocationToken:allocationToken> extension:
S:<?xml version="1.0" encoding="UTF-8"?> S:<?xml version="1.0" encoding="UTF-8"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response> S: <response>
S: <result code="1000"> S: <result code="1000">
S: <msg lang="en-US">Command completed successfully</msg> S: <msg lang="en-US">Command completed successfully</msg>
S: </result> S: </result>
skipping to change at page 8, line 44 skipping to change at page 9, line 44
described in the [RFC5730]. described in the [RFC5730].
3.1.2. EPP <info> Command 3.1.2. EPP <info> Command
This extension defines additional elements to extend the EPP <info> This extension defines additional elements to extend the EPP <info>
command of an object mapping like [RFC5731]. command of an object mapping like [RFC5731].
The EPP <info> command allows a client to request information The EPP <info> command allows a client to request information
associated with an existing object. Authorized clients MAY retrieve associated with an existing object. Authorized clients MAY retrieve
the Allocation Token (Section 2.1) along with the other object the Allocation Token (Section 2.1) along with the other object
information using the <allocationToken:info> element. The information by supplying the <allocationToken:info> element in the
<allocationToken:info> element is an empty element that serves as a command. Authorized clients MAY retrieve the Allocation Token
marker to the server to return the <allocationToken:allocationToken> (Section 2.1) along with the other object information using the
element in the info response. If the client is not authorized to <allocationToken:info> element. The <allocationToken:info> element
receive the Allocation Token, the server MUST return an EPP error is an empty element that serves as a marker to the server to return
result code of 2201. If the client is authorized to receive the the <allocationToken:allocationToken> element in the info response.
Allocation Token, but there is no Allocation Token associated with If the client is not authorized to receive the Allocation Token, the
the object, the server MUST return an EPP error result code of 2303. server MUST return an EPP error result code of 2201. If the client
The auhorization is subject to server policy. is authorized to receive the Allocation Token, but there is no
Allocation Token associated with the object, the server MUST return
an EPP error result code of 2303. The authorization is subject to
server policy.
Example <info> command with the allocationToken:info extension for Example <info> command with the allocationToken:info extension for
the allocation.example domain name: the allocation.example domain name:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command> C: <command>
C: <info> C: <info>
C: <domain:info C: <domain:info
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
skipping to change at page 9, line 31 skipping to change at page 10, line 34
C: <extension> C: <extension>
C: <allocationToken:info C: <allocationToken:info
C: xmlns:allocationToken= C: xmlns:allocationToken=
C: "urn:ietf:params:xml:ns:allocationToken-1.0/> C: "urn:ietf:params:xml:ns:allocationToken-1.0/>
C: </extension> C: </extension>
C: <clTRID>ABC-12345</clTRID> C: <clTRID>ABC-12345</clTRID>
C: </command> C: </command>
C:</epp> C:</epp>
If the query was successful, the server replies with an If the query was successful, the server replies with an
<allocationToken:allocationToken> element, as described in <allocationToken:allocationToken> element along with the regular EPP
Section 2.1. <resData>. The <allocationToken:allocationToken> element is
described in Section 2.1.
Example <info> domain response using the Example <info> domain response using the
<allocationToken:allocationToken> extension: <allocationToken:allocationToken> extension:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response> S: <response>
S: <result code="1000"> S: <result code="1000">
S: <msg>Command completed successfully</msg> S: <msg>Command completed successfully</msg>
S: </result> S: </result>
skipping to change at page 14, line 20 skipping to change at page 15, line 20
The formal syntax presented here is a complete schema representation The formal syntax presented here is a complete schema representation
of the object mapping suitable for automated validation of EPP XML of the object mapping suitable for automated validation of EPP XML
instances. The BEGIN and END tags are not part of the schema; they instances. The BEGIN and END tags are not part of the schema; they
are used to note the beginning and ending of the schema for URI are used to note the beginning and ending of the schema for URI
registration purposes. registration purposes.
4.1. Allocation Token Extension Schema 4.1. Allocation Token Extension Schema
BEGIN BEGIN
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<schema <schema xmlns="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:ietf:params:xml:ns:allocationToken-1.0"
xmlns:allocationToken="urn:ietf:params:xml:ns:allocationToken-1.0" xmlns:allocationToken="urn:ietf:params:xml:ns:allocationToken-1.0"
xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:ietf:params:xml:ns:allocationToken-1.0"
elementFormDefault="qualified" elementFormDefault="qualified">
>
<annotation> <annotation>
<documentation> <documentation>
Extensible Provisioning Protocol v1.0 Extensible Provisioning Protocol v1.0
Allocation Allocation Token Extension
Token Extension.
</documentation> </documentation>
</annotation> </annotation>
<!-- Element used in info command to get allocation token. --> <!-- Element used in info command to get allocation token. -->
<element name="info"/> <element name="info">
<complexType>
<complexContent>
<restriction base="anyType" />
</complexContent>
</complexType>
</element>
<!-- Allocation Token used in transform <!-- Allocation Token used in transform
commands and info response --> commands and info response -->
<element <element name="allocationToken"
name="allocationToken" type="allocationToken:allocationTokenType" />
type="allocationToken:allocationTokenType"/>
<simpleType name="allocationTokenType"> <simpleType name="allocationTokenType">
<restriction base="token"> <restriction base="token">
<minLength value="1"/> <minLength value="1" />
</restriction> </restriction>
</simpleType> </simpleType>
<!-- End of schema. --> <!-- End of schema. -->
</schema> </schema>
END END
5. IANA Considerations 5. IANA Considerations
5.1. XML Namespace 5.1. XML Namespace
This document uses URNs to describe XML namespaces and XML schemas This document uses URNs to describe XML namespaces and XML schemas
conforming to a registry mechanism described in [RFC3688]. conforming to a registry mechanism described in [RFC3688].
Registration request for the allocationToken namespace: Registration request for the allocationToken namespace:
URI: ietf:params:xml:ns:allocationToken-1.0 URI: urn:ietf:params:xml:ns:allocationToken-1.0
Registrant Contact: IESG Registrant Contact: IESG
XML: None. Namespace URIs do not represent an XML specification. XML: None. Namespace URIs do not represent an XML specification.
Registration request for the allocationToken XML schema: Registration request for the allocationToken XML schema:
URI: ietf:params:xml:schema:allocationToken-1.0 URI: urn:ietf:params:xml:schema:allocationToken-1.0
Registrant Contact: IESG Registrant Contact: IESG
XML: See the "Formal Syntax" section of this document. XML: See the "Formal Syntax" section of this document.
5.2. EPP Extension Registry 5.2. EPP Extension Registry
The following registration of the EPP Extension Registry, described The following registration of the EPP Extension Registry, described
in [RFC7451], is requested: in [RFC7451], is requested:
Name of Extension: "Allocation Token Extension for the Extensible Name of Extension: "Allocation Token Extension for the Extensible
Provisioning Protocol (EPP)" Provisioning Protocol (EPP)"
skipping to change at page 18, line 14 skipping to change at page 19, line 14
7. Security Considerations 7. Security Considerations
The mapping described in this document does not provide any security The mapping described in this document does not provide any security
services beyond those described by EPP [RFC5730] and protocol layers services beyond those described by EPP [RFC5730] and protocol layers
used by EPP. The security considerations described in these other used by EPP. The security considerations described in these other
specifications apply to this specification as well. specifications apply to this specification as well.
The mapping acts as a conduit for the passing of Allocation Tokens The mapping acts as a conduit for the passing of Allocation Tokens
between a client and a server. The definition of the Allocation between a client and a server. The definition of the Allocation
Token is defined outside of this mapping. The following are security Token SHOULD be defined outside of this mapping. The following are
considerations in the definition and use of an Allocation Token: security considerations in the definition and use of an Allocation
Token:
1. An Allocation Token should be considered secret information by 1. An Allocation Token should be considered secret information by
the client and should be protected at rest and in transit. the client and SHOULD be protected at rest and MUST be protected
in transit.
2. An Allocation Token should be single use, meaning it should be 2. An Allocation Token should be single use, meaning it should be
unique per object and per allocation operation. unique per object and per allocation operation.
3. An Allocation Token should have a limited life with some form of 3. An Allocation Token should have a limited life with some form of
expiry in the Allocation Token if generated by a trusted 3rd expiry in the Allocation Token if generated by a trusted 3rd
third party, or with a server-side expiry if generated by the third party, or with a server-side expiry if generated by the
server. server.
4. An Allocation Token should use a strong random value if it is 4. An Allocation Token should use a strong random value if it is
based on an unsigned code. based on an unsigned code.
5. An Allocation Token should leverage digital signatures to confirm 5. An Allocation Token should leverage digital signatures to confirm
its authenticity if generated by a trusted 3rd party. its authenticity if generated by a trusted 3rd party.
6. An Allocation Token that is signed XML should be encoded (e.g., 6. An Allocation Token that is signed XML should be encoded (e.g.,
base64 [RFC4648]) to mitigate server validation issues. base64 [RFC4648]) to mitigate server validation issues.
8. Acknowledgements 8. Acknowledgements
The authors wish to acknowledge the original concept for this draft The authors wish to acknowledge the original concept for this draft
and the efforts in the initial versions of this draft by Trung Tran and the efforts in the initial versions of this draft by Trung Tran
and Sharon Wodjenski. and Sharon Wodjenski.
Special suggestions that have been incorporated into this document Special suggestions that have been incorporated into this document
were provided by Scott Hollenbeck, Rubens Kuhl, Alexander Mayrhofer, were provided by Scott Hollenbeck, Benjamin Kaduk, Mirja Kuehlewind,
Patrick Mevzek, and Adam Roach. Rubens Kuhl, Alexander Mayrhofer, Patrick Mevzek, Eric Rescoria, and
Adam Roach.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
skipping to change at page 19, line 37 skipping to change at page 20, line 37
<https://www.rfc-editor.org/info/rfc4648>. <https://www.rfc-editor.org/info/rfc4648>.
[RFC7451] Hollenbeck, S., "Extension Registry for the Extensible [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible
Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451, Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451,
February 2015, <https://www.rfc-editor.org/info/rfc7451>. February 2015, <https://www.rfc-editor.org/info/rfc7451>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.3. URIs
[1] https://tools.ietf.org/html/bcp14
Appendix A. Change History Appendix A. Change History
A.1. Change from 00 to 01 A.1. Change from 00 to 01
1. Amended XML Namespace section of IANA Considerations, added EPP 1. Amended XML Namespace section of IANA Considerations, added EPP
Extension Registry section. Extension Registry section.
2. Moved Change History to the back section as an Appendix. 2. Moved Change History to the back section as an Appendix.
A.2. Change from 01 to 02 A.2. Change from 01 to 02
skipping to change at page 23, line 29 skipping to change at page 24, line 29
clients" to "This extension allows clients". clients" to "This extension allows clients".
6. Use domains reserved by RFC 2026 for the examples. The 6. Use domains reserved by RFC 2026 for the examples. The
example domain "example.tld" was changed to example domain "example.tld" was changed to
"allocation.example" and the example domain "example2.tld" "allocation.example" and the example domain "example2.tld"
was changed to "allocation2.example". was changed to "allocation2.example".
7. In "EPP <info> Command", change "...the server MUST return 7. In "EPP <info> Command", change "...the server MUST return
an EPP error result code of 2303 object referencing the an EPP error result code of 2303 object referencing the
<allocationToken:info> element." to "...the server MUST <allocationToken:info> element." to "...the server MUST
return an EPP error result code of 2303." return an EPP error result code of 2303."
8. In "EPP <transfer> Query Command", remove "the" before 8. In "EPP <transfer> Query Command", remove "the" before
"[RFC5730]". "RFC5730".
9. In "EPP <transfer> Command", change "If the Allocation Token 9. In "EPP <transfer> Command", change "If the Allocation Token
does not apply to the object..." to "If the Allocation Token does not apply to the object..." to "If the Allocation Token
is invalid or not required for the object...". is invalid or not required for the object...".
10. In "XML Namespace", remove the sentence "The following URI 10. In "XML Namespace", remove the sentence "The following URI
assignment is requested of IANA:" assignment is requested of IANA:"
11. In "Security Considerations", change "An Allocation Token 11. In "Security Considerations", change "An Allocation Token
should is" to "An Allocation Token that is". Also should is" to "An Allocation Token that is". Also
informatively cite RFC 4648 for the base64 reference. informatively cite RFC 4648 for the base64 reference.
2. Change "ietf:params:xml:ns:allocationToken-1.0" to 2. Change "ietf:params:xml:ns:allocationToken-1.0" to
"ietf:params:xml:schema:allocationToken-1.0" for the XML schema "ietf:params:xml:schema:allocationToken-1.0" for the XML schema
IANA registration. IANA registration.
Authors' Addresses A.15. Change from REGEXT 09 to REGEXT 10
1. Changed "auhorization" to "authorization" in the "EPP <info>
Command" section.
2. Added 'If an object does not require an Allocation Token, the
server MAY return the availability status as available (e.g.,
"avail" attribute is "1" or "true").' to the check response
cases, based on feedback by Mirja Kuehlewind.
3. Changed the definition of the <info> element in the XML schema to
only allow an empty element, based on IANA's expert review.
4. Added normative language to the storage and transport of the
Allocation Token, in the "Security Considerations" section, based
on feedback from Eric Rescoria.
5. Changed "The definition of the Allocation Token is defined
outside of this mapping" to "The definition of the Allocation
Token SHOULD be defined outside of this mapping", in the
"Security Considerations" section, based on feedback from Eric
Rescoria.
6. Added the missing "urn:" prefix with the IANA URI registrations.
7. The URL for the BCP 14 was removed based on feedback from Alissa
Cooper.
8. Updates based on review by Benjamin Kaduk, that include:
1. Added the second paragraph to the "Allocation Token" section
to describe the difference (motivation) of using the
Allocation Token versus the EPP RFC authorization mechanism.
2. Added a paragraph to the "Conventions Used in This Document"
section for the use of the "abc123" token value and the use
of domain object "2fooBAR" password value in the examples.
3. Changed the "A client MUST pass an Allocation Token known to
the server to be authorized to use one of the supported EPP
transform commands." sentence in the "Introduction" section
to "Clients pass an Allocation Token to the server for
validation, and the server determines if the supplied
Allocation Token is one supported by the server."
4. Changed the "Indentation and white space in the examples are
provided only to illustrate element relationships and are not
REQUIRED in the protocol." sentence in the "Conventions Used
in This Document" section to "Indentation and white space in
the examples are provided only to illustrate element
relationships and are not REQUIRED in the protocol."
5. Changed the "Authorized clients MAY retrieve..." sentence in
the "EPP <info> Command" section.
6. Changed the "If the query was successful..." sentence in the
"EPP <info> Command" section.
7. Added "supplied" to the "If the supplied Allocation Token
passed..." sentence in the "Allocation Token" section.
8. Removed an extra newline in the <annotation> element in the
"Allocation Token Extension Schema" section.
Authors' Addresses
James Gould James Gould
VeriSign, Inc. VeriSign, Inc.
12061 Bluemont Way 12061 Bluemont Way
Reston, VA 20190 Reston, VA 20190
US US
Email: jgould@verisign.com Email: jgould@verisign.com
URI: http://www.verisigninc.com URI: http://www.verisigninc.com
Kal Feher Kal Feher
Neustar Neustar
lvl 8/10 Queens Road lvl 8/10 Queens Road
Melbourne, VIC 3004 Melbourne, VIC 3004
AU AU
Email: ietf@feherfamily.org Email: ietf@feherfamily.org
URI: http://www.neustar.biz URI: http://www.neustar.biz
 End of changes. 31 change blocks. 
93 lines changed or deleted 171 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/