mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
340 lines
10 KiB
Plaintext
340 lines
10 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
INTERNET-DRAFT Kurt D. Zeilenga
|
||
Intended Category: Standard Track Isode Limited
|
||
Expires in six months 14 February 2007
|
||
|
||
|
||
|
||
The LDAP Don't Use Copy Control
|
||
<draft-zeilenga-ldap-dontusecopy-04.txt>
|
||
|
||
|
||
Status of this Memo
|
||
|
||
This document is intended to be, after appropriate review and
|
||
revision, submitted to the IESG for consideration as a Standard Track
|
||
document. Distribution of this memo is unlimited. Technical
|
||
discussion of this document will take place on the IETF LDAP
|
||
Extensions mailing list <ldapext@ietf.org>. Please send editorial
|
||
comments directly to the author <Kurt.Zeilenga@Isode.COM>.
|
||
|
||
By submitting this Internet-Draft, each author represents that any
|
||
applicable patent or other IPR claims of which he or she is aware have
|
||
been or will be disclosed, and any of which he or she becomes aware
|
||
will be disclosed, in accordance with Section 6 of BCP 79.
|
||
|
||
Internet-Drafts are working documents of the Internet Engineering Task
|
||
Force (IETF), its areas, and its working groups. Note that other
|
||
groups may also distribute working documents as Internet-Drafts.
|
||
|
||
Internet-Drafts are draft documents valid for a maximum of six months
|
||
and may be updated, replaced, or obsoleted by other documents at any
|
||
time. It is inappropriate to use Internet-Drafts as reference material
|
||
or to cite them other than as "work in progress."
|
||
|
||
The list of current Internet-Drafts can be accessed at
|
||
http://www.ietf.org/1id-abstracts.html.
|
||
|
||
The list of Internet-Draft Shadow Directories can be accessed at
|
||
http://www.ietf.org/shadow.html.
|
||
|
||
|
||
Copyright (C) The IETF Trust (2007). All Rights Reserved.
|
||
|
||
Please see the Full Copyright section near the end of this document
|
||
for more information.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Don't Use Copy Control [Page 1]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-04 14 February 2007
|
||
|
||
|
||
Abstract
|
||
|
||
This document defines the Lightweight Directory Access Protocol (LDAP)
|
||
Don't Use Copy control extension which allows a client to specify that
|
||
copied information should not be used in providing service. This
|
||
control is based upon the X.511 dontUseCopy service control option.
|
||
|
||
|
||
1. Background and Intended Usage
|
||
|
||
This document defines the Lightweight Directory Access Protocol (LDAP)
|
||
[RFC4510] Don't Use Copy control extension. The control may be
|
||
attached to request messages to indicate that copied (replicated or
|
||
cached) information [X.500] should not be used in providing service.
|
||
This control is based upon the X.511 [X.511] dontUseCopy service
|
||
control option.
|
||
|
||
The Don't Use Copy control is intended to be used where the client
|
||
requires the service be provided using original (master) information
|
||
[X.500].
|
||
|
||
|
||
2. Terminology
|
||
|
||
DSA stands for Directory System Agent (or server).
|
||
DSE stands for DSA-specific Entry.
|
||
|
||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||
document are to be interpreted as described in BCP 14 [RFC2119].
|
||
|
||
|
||
3. The Don't Use Copy Control
|
||
|
||
The Don't Use Copy control is an LDAP Control [RFC4511] whose
|
||
controlType is IANA-ASSIGNED-OID and controlValue is absent. The
|
||
criticality MUST be TRUE. There is no corresponding response control.
|
||
|
||
The control is appropriate for both LDAP interrogation operations,
|
||
including Compare and Search operations [RFC4511]. It is
|
||
inappropriate for all other operations, including Abandon, Bind,
|
||
Delete, Modify, ModifyDN, StartTLS, and Unbind operations [RFC4511].
|
||
|
||
When the control is attached to an LDAP request, the requested
|
||
operation MUST NOT be performed on copied information. That is, the
|
||
requested operation MUST be performed on original information.
|
||
|
||
If original information for the target or base object of the operation
|
||
|
||
|
||
|
||
Zeilenga LDAP Don't Use Copy Control [Page 2]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-04 14 February 2007
|
||
|
||
|
||
is not available (either locally or through chaining), the server MUST
|
||
either return a referral directing the client to a server believed to
|
||
be better able to service the request or return an appropriate result
|
||
code (e.g., unwillingToPerform).
|
||
|
||
Servers implementing this technical specification SHOULD publish the
|
||
object identifier IANA-ASSIGNED-OID as a value of the
|
||
'supportedControl' attribute [RFC4512] in their root DSE. A server
|
||
MAY choose to advertise this extension only when the client is
|
||
authorized to use it.
|
||
|
||
|
||
4. Security Considerations
|
||
|
||
This control is intended to be provided where providing service using
|
||
copied information might lead to unexpected application behavior.
|
||
Designers of directory applications should consider where it is
|
||
appropriate for clients to provide this control. Designers should
|
||
consider whether use of copied information, in particular security and
|
||
policy information, may result insecure behavior.
|
||
|
||
Security considerations for the base operations [RFC4511] extended by
|
||
this control, as well as general LDAP security considerations
|
||
[RFC4510], generally apply to implementation and use of this
|
||
extension.
|
||
|
||
|
||
5. IANA Considerations
|
||
|
||
5.1. Object Identifier
|
||
|
||
It is requested that IANA assign upon Standards Action an LDAP Object
|
||
Identifier [RFC4520] to identify the LDAP Don't Use Copy Control
|
||
defined in this document.
|
||
|
||
Subject: Request for LDAP Object Identifier Registration
|
||
Person & email address to contact for further information:
|
||
Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
|
||
Specification: RFC XXXX
|
||
Author/Change Controller: IESG
|
||
Comments:
|
||
Identifies the LDAP Don't Use Copy Control
|
||
|
||
5.2 LDAP Protocol Mechanism
|
||
|
||
Registration of this protocol mechanism [RFC4520] is requested.
|
||
|
||
Subject: Request for LDAP Protocol Mechanism Registration
|
||
|
||
|
||
|
||
Zeilenga LDAP Don't Use Copy Control [Page 3]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-04 14 February 2007
|
||
|
||
|
||
Object Identifier: IANA-ASSIGNED-OID
|
||
Description: Don't Use Copy Control
|
||
Person & email address to contact for further information:
|
||
Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
|
||
Usage: Control
|
||
Specification: RFC XXXX
|
||
Author/Change Controller: IESG
|
||
Comments: none
|
||
|
||
|
||
|
||
6. Author's Address
|
||
|
||
Kurt D. Zeilenga
|
||
Isode Limited
|
||
|
||
Email: Kurt.Zeilenga@Isode.COM
|
||
|
||
|
||
7. References
|
||
|
||
[[Note to the RFC Editor: please replace the citation tags used in
|
||
referencing Internet-Drafts with tags of the form RFCnnnn where
|
||
possible.]]
|
||
|
||
|
||
7.1. Normative References
|
||
|
||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
||
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
|
||
|
||
[RFC4510] Zeilenga, K. (editor), "LDAP: Technical Specification
|
||
Road Map", RFC 4510, June 2006.
|
||
|
||
[RFC4511] Sermersheim, J. (editor), "LDAP: The Protocol", RFC
|
||
4511, June 2006.
|
||
|
||
[RFC4512] Zeilenga, K. (editor), "LDAP: Directory Information
|
||
Models", RFC 4512, June 2006.
|
||
|
||
|
||
7.2. Informative References
|
||
|
||
[X.500] International Telecommunication Union -
|
||
Telecommunication Standardization Sector, "The Directory
|
||
-- Overview of concepts, models and services,"
|
||
X.500(1993) (also ISO/IEC 9594-1:1994).
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Don't Use Copy Control [Page 4]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-04 14 February 2007
|
||
|
||
|
||
[X.511] International Telecommunication Union -
|
||
Telecommunication Standardization Sector, "The
|
||
Directory: Abstract Service Definition", X.511(1993)
|
||
(also ISO/IEC 9594-3:1993).
|
||
|
||
[RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority
|
||
(IANA) Considerations for the Lightweight Directory
|
||
Access Protocol (LDAP)", RFC 4520, BCP 64, June 2006.
|
||
|
||
|
||
|
||
Intellectual Property
|
||
|
||
The IETF takes no position regarding the validity or scope of any
|
||
Intellectual Property Rights or other rights that might be claimed to
|
||
pertain to the implementation or use of the technology described in
|
||
this document or the extent to which any license under such rights
|
||
might or might not be available; nor does it represent that it has
|
||
made any independent effort to identify any such rights. Information
|
||
on the procedures with respect to rights in RFC documents can be found
|
||
in BCP 78 and BCP 79.
|
||
|
||
Copies of IPR disclosures made to the IETF Secretariat and any
|
||
assurances of licenses to be made available, or the result of an
|
||
attempt made to obtain a general license or permission for the use of
|
||
such proprietary rights by implementers or users of this specification
|
||
can be obtained from the IETF on-line IPR repository at
|
||
http://www.ietf.org/ipr.
|
||
|
||
The IETF invites any interested party to bring to its attention any
|
||
copyrights, patents or patent applications, or other proprietary
|
||
rights that may cover technology that may be required to implement
|
||
this standard. Please address the information to the IETF at
|
||
ietf-ipr@ietf.org.
|
||
|
||
|
||
|
||
Full Copyright
|
||
|
||
Copyright (C) The IETF Trust (2007).
|
||
|
||
This document is subject to the rights, licenses and restrictions
|
||
contained in BCP 78, and except as set forth therein, the authors
|
||
retain all their rights.
|
||
|
||
This document and the information contained herein are provided on an
|
||
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
|
||
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
|
||
|
||
|
||
|
||
Zeilenga LDAP Don't Use Copy Control [Page 5]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-dontusecopy-04 14 February 2007
|
||
|
||
|
||
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
|
||
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
|
||
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Don't Use Copy Control [Page 6]
|
||
|