idnits 2.17.1 draft-giralt-schac-ns-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document is more than 15 pages and seems to lack a Table of Contents. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 24 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (Jun 19, 2011) is 4666 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: '11' is defined on line 435, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2818 (ref. '3') (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 5246 (ref. '4') (Obsoleted by RFC 8446) ** Obsolete normative reference: RFC 3406 (ref. '5') (Obsoleted by RFC 8141) -- Obsolete informational reference (is this intentional?): RFC 2141 (ref. '11') (Obsoleted by RFC 8141) Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group V. Giralt 3 Internet-Draft Univ. Malaga 4 Intended status: Informational R. McDuff 5 Expires: December 21, 2011 Univ. Queensland 6 Jun 19, 2011 8 Definition of a Uniform Resource Name (URN) Namespace for the Schema for 9 Academia (SCHAC) 10 draft-giralt-schac-ns-06 12 Abstract 14 This document describes a Uniform Resource Name (URN) namespace for 15 the Schema for Academia (SCHAC). 17 The namespace described in this document is for naming persistent 18 resources defined by the SCHAC participants internationally, their 19 working groups, and other designated subordinates. The main use of 20 this namespace will be for the creation of controlled vocabulary 21 values for attributes in the SCHAC schema. These values will be 22 associated with particular instances of persons or objects belonging 23 to any of the SCHAC object classes. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in RFC 2119[1]. 31 Status of this Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on December 21, 2011. 48 Copyright Notice 50 Copyright (c) 2011 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 1. Introduction 65 The Schema for Academia (SCHAC) international activity was born 66 inside the Task Force on European Middleware Coordination and 67 Collaboration (TF-EMC2) of the Trans-European Research and Education 68 Network Association (TERENA)[6]. The initial aim of SCHAC was to 69 harmonise the disjoint person schemas of the participating countries 70 in order to have a common way for expressing data about persons, 71 exchanged between educational organizations. SCHAC, as other person 72 schemas, is designed to ease the sharing of information about a given 73 individual between parties, mostly, but not limited to, educational 74 and research institutions. The main aims of this sharing are: to 75 provide resources to individuals and to allow said individuals to 76 move, virtually and physically, between such institutions. Thus, the 77 SCHAC schema was defined with input from all participants' national 78 person schemas[7]. 80 SCHAC does not supplant other person schemas such as 81 organizationalPerson [8], inetOrgPerson [9] or eduPerson [10], it 82 extends those where needed for the purposes of Higher Education 83 outside the United States. This characteristic has made SCHAC, 84 originally an European effort, useful for groups outside Europe. 86 2. Specification Template 88 Namespace ID: 90 schac 92 Registration Information: 94 Registration Version Number 1 96 Registration Date: YYYY-MM-DD [RFC Editor, please replace with the 97 date of approval of this document for publication as an RFC] 99 Registrant of the namespace: 101 European Committee for Academic Middleware (ECAM) 102 Trans-European Research and Education Network Association (TERENA) 103 Singel 104 Amsterdam 105 The Netherlands 107 Designated contacts: 109 Contact: Licia Florio 110 Affiliation: TERENA 111 Singel 468 D 112 Amsterdam, 1017 AW 113 The Netherlands 115 Email: florio@terena.org 116 Phone: +31(0)20 5304488 118 Contact: Victoriano Giralt 119 Affiliation: University of Malaga 120 Central ICT Services 121 Blvd. Louis Pasteur, 33 122 Campus de Teatinos 123 29071 Malaga 124 Spain 126 Email: victoriano@uma.es 127 Phone: +34 95 213 2366 129 Syntactic structure: 131 The Namespace Specific Strings (NSS) of all URNs assigned by SCHAC 132 will conform to the syntax defined in section 2.2 of RFC 2141, 133 "URN Syntax"[11]. In addition, all SCHAC URN NSSs will consist of 134 a left-to-right series of tokens delimited by colons. The left- 135 to-right sequence of colon-delimited tokens corresponds to 136 descending nodes in a tree. To the right of the lowest naming 137 authority node, there may be zero, one, or more levels of 138 hierarchical naming nodes terminating in a rightmost leaf node. 139 See the section below entitled "Identifier assignment" for more on 140 the semantics of NSSs. This syntax convention is captured in the 141 following normative ABNF rules for SCHAC NSSs (see RFC 5234[2]): 143 SCHAC-NSS = 1*subStChar *( ":" 1*subStChar ) 145 subStChar = trans / "%" HEXDIG HEXDIG 147 trans = ALPHA / DIGIT / other / reserved 149 other = "(" / ")" / "+" / "," / "-" / "." / 150 "=" / "@" / ";" / "$" / 151 "_" / "!" / "*" / "'" 153 reserved = "/" / "?" / "#" 155 The exclusion of the colon from the list of "other" characters 156 means that the colon can only occur as a delimiter between string 157 tokens. Note that this ABNF rule set guarantees that any valid 158 SCHAC NSS is also a valid RFC 2141 NSS. 160 Relevant ancillary documentation: 162 None. 164 Identifier uniqueness: 166 It is the responsibility of TERENA to guarantee uniqueness of the 167 names of immediately subordinate naming authorities. Each lower- 168 level naming authority in turn inherits the responsibility of 169 guaranteeing uniqueness of names in their branch of the naming 170 tree. 172 Identifier persistence: 174 TERENA bears ultimate responsibility for maintaining the usability 175 of SCHAC URNs over time. This responsibility MAY be delegated to 176 subordinate naming authorities per the discussion in the section 177 below on identifier assignment. That section provides a mechanism 178 for the delegation to be revoked in the case a subordinate naming 179 authority ceases to function. 181 Identifier assignment: 183 TERENA will create an initial series of immediately subordinate 184 naming authorities, and will define a process for adding to that 185 list of authorities. Such list and the policy for adding to it 186 will be published at the root registry page. Each country with a 187 representative in SCHAC will be invited to designate a naming 188 authority. Country specific namespaces based on the country 189 Internet TLD [12] will be assigned then to the designated 190 authority. The subordinated namespaces int and eu will remain 191 under TERENA authority, controlled by the SCHAC activity members, 192 for entities of global international or European interest. There 193 is also the possibility of granting subordinate namespaces to 194 multi-country organizations, in this case the organizational 195 Internet FQDN will be used as prefix. 197 As an example, an European level interest entity would be any 198 value related to information used in the Higher Education European 199 Space, or the so called Bologna process. Such entities will 200 belong in the eu subordinate namespace. 202 Global international entities could encompass values related to 203 the Grid community or values useful both for some European and 204 Australian universities. Such entities would belong in the int 205 subordinate namespace. 207 Examples of multicountry organizations include TERENA itself or an 208 association like EPI (educationalpolicy.org) that has members from 209 Australia, Canada and the US. 211 URNs intended for values of SCHAC attributes will include the 212 attribute name immediately after the NSS prefix, before any 213 geographical namespace delegation, such that any string can convey 214 information about the attribute for which it is a value. For 215 example, values for schacUserStatus, will be of the from: 217 urn:schac:UserStatus:int 218 urn:schac:UserStatus:au or 219 urn:schac:UserStatus:terena.org 221 Automated registry publication mechanisms will be provided if at 222 all possible, based on the work on distributed URN registries done 223 by the TF-EMC2 task force members. 225 Institutions and communities affiliated with SCHAC participants 226 may request that they be granted subordinate naming authority 227 status. Uniqueness of these namespaces under country authority 228 will be based on the requestor's Internet FQDN. This 229 subordination procedure SHOULD be carried along the delegation 230 chain, i.e., all entities that receive a delegated namespace MUST 231 have a valid FQDN and MUST publish an Internet accessible URN 232 value registry, if at all possible based on the URN registry 233 mechanisms designed by the TF-EMC2 task force members. 235 On at least an annual basis, TERENA will contact the liaisons or 236 directors of each immediately subordinate naming authority. If 237 there is no response, or if the respondent indicates that they 238 wish to relinquish naming authority, the authority over that 239 branch of the tree reverts to TERENA. This process will be 240 enforced recursively by each naming authority on its subordinates. 241 This process guarantees that responsibility for each branch of the 242 tree will lapse for less than one year, at worst, before being 243 reclaimed by a superior authority. 245 Lexical equivalence of two SCHAC namespace specific strings (NSSs) 246 is defined below as an exact, case-sensitive string match. TERENA 247 will assign names of immediately subordinate naming authorities in 248 lowercase only. This forestalls the registration of two SCHAC- 249 subordinate naming authorities whose names differ only in case. 250 Attribute names will use the same mixed case format as in the 251 schema definition. 253 Identifier resolution: 255 The namespace is not currently listed with a Resolution Discovery 256 System (RDS), but nothing about the namespace prohibits the future 257 definition of appropriate resolution methods or listing with an 258 RDS. 260 TERENA will maintain a registry of all SCHAC assigned URN values, 261 both final and for delegation, on its Web site: 263 https://urnreg.terena.org/ 265 Delegation entries will have a pointer to the registry of the 266 subordinate naming authority. This SHOULD recurse down the 267 delegation tree, but registries for several delegated namespaces 268 MAY be maintained by a single naming authority. 270 All registries MUST publish their URNs over https links [3] The 271 https links MUST be secured by sites offering credentials signed 272 by a SHAC-community recognised Certification Authority (CA) using 273 the latest secure methods for accessing a web site, that currently 274 being the latest version of of TLS [4]. Registries SHOULD 275 consider the user interface implications of their choice of CA, 276 taking into account issues like browser alerts and blind trust. 278 Lexical equivalence: 280 Lexical equivalence of two SCHAC Namespace Specific Strings (NSSs) 281 is defined as an exact, case-sensitive string match. 283 Conformance with URN syntax: 285 All SCHAC NSSs fully conform to RFC 2141 syntax rules for NSSs. 287 Validation mechanism: 289 As specified in the "Identifier resolution" section above, TERENA 290 will maintain an index of all SCHAC assigned URNs on its Web site 291 https://urnreg.terena.org/. Presence in that registry or in any 292 subordinate one implies that a given URN is valid. Delegated 293 naming authorities MUST guarantee that values are valid in their 294 assigned spaces. 296 Scope: 298 Global. 300 3. Examples 302 The following examples are not guaranteed to be real. They are 303 listed for pedagogical reasons only. 305 urn:schac:personalUniqueID:es:DNI:9999999Z 306 urn:schac:personalUniqueCode:es:uma.es:codUni:061696758X 307 urn:schac:userStatus:au:uq.edu.au:service:mail:receive:disabled 308 urn:schac:personalPosition:pl:umk.pl:programmer 310 4. Security Considerations 312 There are no additional security considerations beyond those normally 313 associated with the use and resolution of URNs in general. 315 In order to guarantee the validity and origin of SCHAC-NSS URN 316 values, they MUST be published over https links [3]. The https links 317 MUST be secured by sites offering credentials signed by a SHAC- 318 community recognised Certification Authority (CA) using the latest 319 secure methods for accessing a web site, that currently being the 320 latest version of TLS [4]. 322 5. Namespace Considerations 324 Registration of an Namespace Identifier (NID) specific to SCHAC is 325 reasonable given the following considerations: 327 SCHAC would like to assign URNs to some very fine-grained objects. 328 This does not seem to be the primary intended use of the XMLORG 329 namespace (RFC 3120) [13], or the more tightly controlled OASIS 330 [14] namespace (RFC 3121) [15]. 332 SCHAC seeks naming autonomy. SCHAC is not a member of OASIS, so 333 becoming a subordinate naming authority under the OASIS URN space 334 is not an option. There is the MACE (Middleware Architecture 335 Committee for Education) (RFC 3613) [16] namespace but the SCHAC 336 development is done outside MACE activity scope and thus the 337 attributes and values do not belong into the MACE namespace. 338 Using the MACE namespace requires the SCHAC namespace to be placed 339 under one of the SCHAC participants namespace, which hinders its 340 global scope. 342 SCHAC will want to assign URNs to non-XML objects as well. That 343 is another reason that XMLORG may not be an appropriate higher- 344 level naming authority for SCHAC. 346 Some of the already defined SCHAC attribute values have been assigned 347 URNs under the urn:mace:terena.org namespace. These values will 348 enter a deprecation cycle, with clear indication of them being 349 replaced by values under the new namespace once it is assigned. In 350 any case, RFC 3406 [5] (which replaced RFC 2611) includes an explicit 351 statement that two or more URNs may point to the same resource. 353 6. Community Considerations 355 The assignment and use of identifiers within the namespace are open, 356 and the related rule is established by the SCHAC activity members. 357 Registration agencies (the next level naming authorities) will be the 358 National Research and Education Networks (NRENs) and established 359 organizational cross-border organizations that participate in SCHAC. 361 It is expected that the majority of the European NRENs, their 362 constituencies, participants in the Australian Access Federation and 363 some other international activities make use of the SCHAC namespace. 365 After the establishment of the SCHAC namespace, TERENA will establish 366 a registry service (analogously to other distributed pan-European 367 services, like eduroam, PerfSONAR, etc.) for the namespace clients. 368 Available via the root page of the namespace: 369 https://urnreg.terena.org/. The policy for registrations will be 370 defined in documents available at the root page of the registry. 372 7. IANA Considerations 374 In accordance with BCP 66 [5], IANA is asked to register the Formal 375 URN Namespace 'schac' in the Registry of URN Namespaces, using the 376 registration template presented in Section 2 of this document. 378 8. Acknowledgments 380 SCHAC is the result of the TERENA TF-EMC2 task force and many others 381 that have contributed ideas to the development of the schema. 383 This document has been discussed on the URN-NID list, with the 384 special help of Alfred Hoenes who has thoroughly reviewed the 385 documents and helped us correct errors and suggested clarifications 386 to the text. 388 Peter Saint-Andre has also provided comments that have improved the 389 overall document quality, which we herein thank him. We'd also like 390 to thank Chris Lonvick for helping us express our security concerns 391 in a better way. Finally, we thank other reviewers that have helped 392 us to give the final touchs to the text. 394 Special thanks should go to Dyonisius Visser from the TERENA tecnical 395 team for taking the time and effort required to set up the root 396 instance of the namespace registry. 398 9. References 400 9.1. Normative References 402 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 403 Levels", BCP 14, RFC 2119, March 1997. 405 [2] Crocker, D. and P. Overell, "Augmented BNF for Syntax 406 Specifications: ABNF", STD 68, RFC 5234, January 2008. 408 [3] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. 410 [4] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) 411 Protocol Version 1.2", RFC 5246, August 2008. 413 [5] Daigle, L., van Gulik, D., Iannella, R., and P. Faltstrom, 414 "Uniform Resource Names (URN) Namespace Definition Mechanisms", 415 BCP 66, RFC 3406, October 2002. 417 9.2. Informative References 419 [6] TERENA, "Trans-European Research and Education Network 420 Association". http://www.terena.org/ 422 [7] TERENA TF-EMC2, "SCHAC activity web site". 423 http://www.terena.org/activities/tf-emc2/schac.html 425 [8] Sciberras, A., "Lightweight Directory Access Protocol (LDAP): 426 Schema for User Applications", RFC 4519, June 2006. 428 [9] Smith, M., "Definition of the inetOrgPerson LDAP Object Class", 429 RFC 2798, April 2000. 431 [10] MACE-Dir, "eduPerson Object Class Specification", 432 December 2007. 433 http://middleware.internet2.edu/eduperson/docs/internet2-mace-dir-eduperson-200712.html 435 [11] Moats, R., "URN Syntax", RFC 2141, May 1997. 437 [12] IANA, "Country TLDs". http://www.iana.org/root-whois/ 439 [13] Best, K. and N. Walsh, "A URN Namespace for XML.org", RFC 3120, 440 June 2001. 442 [14] OASIS, "Organization for the Advancement of Structured 443 Information Standards: OASIS". http://www.oasis-open.org/ 445 [15] Best, K. and N. Walsh, "A URN Namespace for OASIS", RFC 3121, 446 June 2001. 448 [16] Morgan, R. and K. Hazelton, "Definition of a Uniform Resource 449 Name (URN) Namespace for the Middleware Architecture Committee 450 for Education (MACE)", RFC 3613, October 2003. 452 Authors' Addresses 454 Victoriano Giralt M.D. 455 University of Malaga 456 Avd. Cervantes, 2 457 Malaga, Malaga E-29071 458 Spain 460 Phone: +34-95-213-2366 461 Email: victoriano@uma.es 462 URI: http://www.uma.es/ 464 Dr. Rodney McDuff 465 The University of Queensland 467 Email: r.mcduff@uq.edu.au 468 URI: http://www.uq.edu.au/