WDIFF

draft-zeilenga-ldap-uuid-03.txt --> draft-zeilenga-ldap-uuid-04.txt

INTERNET-DRAFT Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
Expires in six months 3 11 February 2004 2005

The LDAP entryUUID operational attribute
<draft-zeilenga-ldap-uuid-03.txt>
<draft-zeilenga-ldap-uuid-04.txt>

Status of this Memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.

This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as an Standard Track document.
Distribution of this memo is unlimited. Technical discussion of this
document will take place on the IETF LDAP Extensions mailing list
<ldapext@ietf.org>. Please send editorial comments directly to the
author <Kurt@OpenLDAP.org>.

By submitting this Internet-Draft, I accept the provisions of Section
4 of RFC 3667. By submitting this Internet-Draft, I certify that any
applicable patent or other IPR claims of which I am aware have been
disclosed, or will be disclosed, and any of which I become aware will
be disclosed, in accordance with RFC 3668.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work "work in progress.'' progress."

The list of current Internet-Drafts can be accessed at
<http://www.ietf.org/ietf/1id-abstracts.txt>.
http://www.ietf.org/1id-abstracts.html

The list of Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
http://www.ietf.org/shadow.html

Please see the Full Copyright section near the end of this document
for more information.

Zeilenga draft-zeilenga-ldap-uuid-04 [Page 1]

INTERNET-DRAFT LDAP entryUUID 11 February 2005

Abstract

This document describes the LDAP/X.500 'entryUUID' operational
attribute and associated matching rules and syntax. The attribute
holds a server-assigned Universally Unique Identifier (UUID) for the
object. Directory clients may use this attribute to distinguish
objects identified by a distinguished name or to locate an object
after renaming.

Zeilenga draft-zeilenga-ldap-uuid-03 [Page 1]

INTERNET-DRAFT LDAP entryUUID 3 February 2004

1. Background and Intended Use

In X.500 Directory Services [X.501], such as those accessible using
the Lightweight Directory Access Protocol (LDAP) [RFC3377], [Roadmap], an object
is identified by its distinguished name (DN). However, DNs are not
stable identifiers. That is, a new object may be identified by a DN
which previously identified another (now renamed or deleted) object.

A Universally Unique Identifier (UUID) is "an identifier unique across
both space and time, with respect to the space of all UUIDs"
[UUIDURN]. UUIDs are used in a wide range of systems.

This document describes the 'entryUUID' operational attribute which
holds the Universally Unique Identifier (UUID) [ISO11578] UUID assigned to the object by the server. Clients may use
this attribute to distinguish objects identified by a particular
distinguished name or to locate an a particular object after renaming.

This document defines the UUID syntax, the 'uuidMatch' and
'uuidOrderingMatch' matching rules, and the 'entryUUID' attribute
type.

Schema definitions are provided using LDAP description formats
[Models]. Definitions provided here are formatted (line wrapped) for
readability.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].

Schema definitions are provided using LDAP description formats
[RFC2252]. Definitions provided here are formatted (line wrapped) for
readability.

2. UUID Schema Elements

2.1 UUID Syntax

A Universally Unique Identifier (UUID) [ISO11578] [UUIDURN] is a 16-octet
(128-bit) value which identifies an object. The ASN.1 [X.690] [X.680] type
UUID is defined to represent UUIDs. UUIDs as follows:

Zeilenga draft-zeilenga-ldap-uuid-04 [Page 2]

INTERNET-DRAFT LDAP entryUUID 11 February 2005

UUID ::= OCTET STRING (SIZE(16))
-- constrained to an UUID [ISO11578]

In LDAP, values of the UUID type values are encoded using the [ASCII] character string
representation described in [ISO11578]. [UUIDURN]. For example,
"597ae2f6-16a6-1027-98f4-d28b5365dc14".

The following is a LDAP syntax description [RFC2252] suitable for publication in the subschema.
subschema subentries.

( IANA-ASSIGNED-OID.1 DESC 'UUID' )

2.2 'uuidMatch' Matching Rule

Zeilenga draft-zeilenga-ldap-uuid-03 [Page 2]

INTERNET-DRAFT LDAP entryUUID 3 February 2004

The 'uuidMatch' matching rule compares an asserted UUID with a stored
UUID for equality. Its semantics are same as the 'octetStringMatch'
[X.520][RFC2252]
[X.520][Syntaxes] matching rule. The rule differs from
'octetStringMatch' in that the assertion value is encoded using the
UUID string representation instead of the normal OCTET STRING string
representation.

The following is a LDAP matching rule description [RFC2252] suitable for
publication in the subschema. subschema subentries.

( IANA-ASSIGNED-OID.2 NAME 'uuidMatch'
SYNTAX IANA-ASSIGNED-OID.1 )

2.3 'uuidOrderingMatch' Matching Rule

The 'uuidOrderingMatch' matching rule compares an asserted UUID
with a stored UUID for ordering. Its semantics are the same as the
'octetStringOrderingMatch' [X.520][RFC2252] [X.520][Syntaxes] matching rule. The
rule differs from 'octetStringOrderingMatch' in that the assertion
value is encoded using the UUID string representation instead of
the normal OCTET STRING string representation.

The following is a LDAP matching rule description [RFC2252] suitable for
publication in the subschema. subschema subentries.

( IANA-ASSIGNED-OID.3 NAME 'uuidMatch' 'uuidOrderingMatch'
SYNTAX IANA-ASSIGNED-OID.1 )

It is noted that not all UUID variants have a defined ordering and,
even where so, servers are not obligated to assign UUIDs in any
particular order. This matching rule is provided for completeness.

Zeilenga draft-zeilenga-ldap-uuid-04 [Page 3]

INTERNET-DRAFT LDAP entryUUID 11 February 2005

2.4. 'entryUUID' attribute

The 'entryUUID' operational attribute provides the Universally Unique
Identifier (UUID) [ISO11578] assigned to the entry.

The following is a LDAP attribute type description [RFC2252] suitable for
publication in the subschema. subschema subentries.

( IANA-ASSIGNED-OID.4 NAME 'entryUUID'
DESC 'UUID of the entry'
EQUALITY uuidMatch
ORDERING uuidOrderingMatch
SYNTAX IANA-ASSIGNED-OID.1
SINGLE-VALUE

Zeilenga draft-zeilenga-ldap-uuid-03 [Page 3]

INTERNET-DRAFT LDAP entryUUID 3 February 2004
NO-USER-MODIFICATION
USAGE directoryOperation )

Servers SHALL generate and assign a new UUID to each entry upon its
addition to the directory and provide that UUID as the value of the
'entryUUID' operational attribute. An entry's UUID is immutable.

3. Security Considerations

Use of UUIDs

UUID are to identify entries, especially be generated in accordance with Section 4 of [UUIDURN].
In particular, servers MUST ensure that each generated UUID is unique
in authentication,
authorization, space and related applications, offers a number time.

3. Security Considerations

An entry's relative distinguish name (RDN) is composed from attribute
values of benefits the entry, values which are commonly descriptive of the
object the entry represents. While deployers are encouraged to use of DNs. For instance DNs, aside from not being stable,
naming attributes whose values are widely disclosable [LDAPDN],
entries are often named using information which cannot be disclosed to
all parties. As UUIDs do not contain sensitive information. Designers any descriptive information of directory applications
should consider using UUID
the object they identify, UUIDs may be used to identify entries.

Servers should ensure that all components a particular
entry without disclosure of its contents.

General UUID values are publicly
disclosable. security considerations [UUIDURN] apply.

General LDAP security considerations [RFC3377] apply.

4. IANA Considerations

4.1. Object Identifier Registration

It is requested that IANA register upon Standards Action an LDAP
Object Identifier for use in this technical specification.

Zeilenga draft-zeilenga-ldap-uuid-04 [Page 4]

INTERNET-DRAFT LDAP entryUUID 11 February 2005

Subject: Request for LDAP OID Registration
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Specification: RFC XXXX
Author/Change Controller: IESG
Comments:
Identifies the UUID schema elements

4.2. Registration of the uuidMatch descriptor

It is requested that IANA register upon Standards Action the LDAP
'uuidMatch' descriptor.

Subject: Request for LDAP Descriptor Registration
Descriptor (short name): uuidMatch
Object Identifier: IANA-ASSIGNED-OID.2
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>

Zeilenga draft-zeilenga-ldap-uuid-03 [Page 4]

INTERNET-DRAFT LDAP entryUUID 3 February 2004
Usage: Matching Rule
Specification: RFC XXXX
Author/Change Controller: IESG

4.3. Registration of the uuidOrderingMatch descriptor

It is requested that IANA register upon Standards Action the LDAP
'uuidOrderingMatch' descriptor.

Subject: Request for LDAP Descriptor Registration
Descriptor (short name): uuidOrderingMatch
Object Identifier: IANA-ASSIGNED-OID.3
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Matching Rule
Specification: RFC XXXX
Author/Change Controller: IESG

4.4.

5.4. Registration of the entryUUID descriptor

It is requested that IANA register upon Standards Action the LDAP
'entryUUID' descriptor.

Subject: Request for LDAP Descriptor Registration
Descriptor (short name): entryUUID
Object Identifier: IANA-ASSIGNED-OID.4
Person & email address to contact for further information:

Zeilenga draft-zeilenga-ldap-uuid-04 [Page 5]

INTERNET-DRAFT LDAP entryUUID 11 February 2005

Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Attribute Type
Specification: RFC XXXX
Author/Change Controller: IESG

6. Acknowledgments

This document is based upon discussions in the LDAP Update and
Duplication Protocols (LDUP) WG. Members of the concluded LDAP
Extensions (LDAPEXT) Working Group provided review.

7. Author's Address

Kurt D. Zeilenga
OpenLDAP Foundation

Email: Kurt@OpenLDAP.org

Zeilenga draft-zeilenga-ldap-uuid-03 [Page 5]

INTERNET-DRAFT LDAP entryUUID 3 February 2004

8. References

[[Note to the RFC Editor: please replace the citation tags used in
referencing Internet-Drafts with tags of the form RFCnnnn where
possible.]]

8.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997.

[RFC2252] Wahl, M., A. Coulbeck, T. Howes, and S. Kille,
"Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions", RFC 2252, December 1997.

[RFC3377] Hodges, J. and

[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
progress.

[UUIDURN] Leach, P, M. Mealling, R. Morgan, "Lightweight Salz, "A UUID URN Namespace",
a work in progress.

[Models] Zeilenga, K. (editor), "LDAP: Directory Access
Protocol (v3): Technical Specification", RFC 3377,
September 2002.

[ISO11578] International Organization for Standardization,
"Information technology - Open Systems Interconnection -
Remote Procedure Call", ISO/IEC 11578:1996. Information
Models", draft-ietf-ldapbis-models-xx.txt, a work in
progress.

[Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.

[ASCII] Coded Character Set--7-bit American Standard Code for

Zeilenga draft-zeilenga-ldap-uuid-04 [Page 6]

INTERNET-DRAFT LDAP entryUUID 11 February 2005

Information Interchange, ANSI X3.4-1986.

[X.501] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory
-- Models," X.501(1993) (also ISO/IEC 9594-2:1994).

[X.520] International Telecommunication Union -
Telecommunication Standardization Sector, "The
Directory: Selected Attribute Types", X.520(1993) (also
ISO/IEC 9594-6:1994).

[X.680] International Telecommunication Union -
Telecommunication Standardization Sector, "Abstract
Syntax Notation One (ASN.1) - Specification of Basic
Notation", X.680(1997) (also ISO/IEC 8824-1:1998).

8.2. Informative References

[RFC3383]

[LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
work in progress.

[BCP64bis] Zeilenga, K., "IANA Considerations for LDAP", BCP 64
(also RFC 3383), September 2002.

[UUIDinfo] The Open Group, "Universally Unique Identifier" appendix
of the CAE Specification "DCE 1.1: Remote Procedure
Calls", Document Number C706,
<http://www.opengroup.org/products/publications/
catalog/c706.htm> (appendix available at:
<http://www.opengroup.org/onlinepubs/9629399/
apdxa.htm>), August 1997.

Zeilenga draft-zeilenga-ldap-uuid-03 [Page 6]

INTERNET-DRAFT LDAP entryUUID 3 February 2004
draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.

Intellectual Property Rights

The IETF takes no position regarding the validity or scope of any
intellectual property
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither nor does it represent that it has
made any independent effort to identify any such rights. Information
on the IETF's procedures with respect to rights in standards-track and
standards-related documentation RFC documents can be found
in BCP-11. BCP 78 and BCP 79.

Copies of
claims of rights IPR disclosures made available for publication to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementors implementers or users of this specification
can be obtained from the IETF Secretariat. on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any

Zeilenga draft-zeilenga-ldap-uuid-04 [Page 7]

INTERNET-DRAFT LDAP entryUUID 11 February 2005

copyrights, patents or patent applications, or other proprietary
rights which that may cover technology that may be required to practice implement
this standard. Please address the information to the IETF Executive
Director. at
ietf-ipr@ietf.org.

Full Copyright

Copyright (C) The Internet Society (2004). All Rights Reserved. (2005). This document and translations of it may be copied and furnished is subject
to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies rights, licenses and derivative works. However, this
document itself may not be modified restrictions contained in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, BCP 78, and
except as needed for the purpose of
developing Internet standards in which case set forth therein, the procedures for
copyrights defined in authors retain all their rights.

This document and the Internet Standards process must be followed,
or as required to translate it into languages other than English. information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Zeilenga draft-zeilenga-ldap-uuid-03 draft-zeilenga-ldap-uuid-04 [Page 7] 8]

----