2.1.6 LDAP (v3) Revision (ldapbis)

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

       http://www.openldap.org/ietf/ldapbis/ -- Additional LDAPBIS Web Page
NOTE: This charter is a snapshot of the 60th IETF Meeting in San Diego, CA USA. It may now be out-of-date.

Last Modified: 2004-06-15

Kurt Zeilenga <kurt@openLDAP.org>
RL Bob Morgan <rlmorgan@washington.edu>
Applications Area Director(s):
Ted Hardie <hardie@qualcomm.com>
Scott Hollenbeck <sah@428cobrajet.net>
Applications Area Advisor:
Ted Hardie <hardie@qualcomm.com>
Mailing Lists:
General Discussion: ietf-ldapbis@openldap.org
To Subscribe: ietf-ldapbis-request@openldap.org
In Body: (un)subscribe
Archive: http://www.openldap.org/lists/ietf-ldapbis/
Description of Working Group:
The LDAPv3 "core" specification is RFC 2251-2256 and 2829-2831. The purpose of this working group is to shepherd these RFCs through the Internet Standard process.

The group will deliver revised LDAPv3 specifications suitable for consideration as a Draft Standard. This work will be based upon RFCs 2251-2256, 2829-2831.

The group will deliver a document detailing IANA considerations for LDAP suitable for consideration as a Best Current Practice.

The group will deliver an applicability statement defining LDAPv3. This work will be based upon draft-hodges-ldapv3-as-00.txt.

The following areas are out of scope: - "LDAPv4"

- All LDAP Extensions (LDAPext) excepting StartTLS.

- LDAP Replication (LDUP)- LDAP non-"core" Schema

- Connection-less LDAP (LDAPext)

Goals and Milestones:
Done  Submit LDAP Applicability Statement I-D
Done  Submit LDAP Overview / Data Model I-D
Done  Submit LDAP Protocol I-D
Done  Submit LDAP Attribute Syntaxes I-D
Done  Submit LDAP DN I-D
Done  Submit LDAP Filter I-D
Done  Submit LDAP URL I-D
Done  Submit LDAP User Schema I-D
Done  Submit LDAP Authentication Methods I-D
Done  Submit LDAP Start TLS I-D
Done  Submit LDAP Applicability Statement I-D to the IESG for consideration as Proposed Standard
Done  Submit IANA Considerations for LDAP I-D to IESG for consideration as BCP
Sep 03  Deliver revised LDAP
Sep 03  Deliver revised BCP 64 I-D to IESG for consideration to the IESG as a BCP
Oct 03  ubmit Interoperability Report I-D
Apr 04  Deliver Interoperability Report to IESG with recommendation that revised LDAP
  • - draft-ietf-ldapbis-dn-14.txt
  • - draft-ietf-ldapbis-protocol-25.txt
  • - draft-ietf-ldapbis-filter-07.txt
  • - draft-ietf-ldapbis-authmeth-11.txt
  • - draft-ietf-ldapbis-url-06.txt
  • - draft-ietf-ldapbis-user-schema-08.txt
  • - draft-ietf-ldapbis-syntaxes-08.txt
  • - draft-ietf-ldapbis-roadmap-05.txt
  • - draft-ietf-ldapbis-models-11.txt
  • - draft-ietf-ldapbis-strprep-04.txt
  • - draft-ietf-ldapbis-bcp64-03.txt
  • Request For Comments:
    RFC3377 PS Lightweight Directory Access Protocol (v3):Technical Specification
    RFC3383BCPInternet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)

    Current Meeting Report

    IETF ldapbis WG meeting minutes
    IETF 60, San Diego, USA
    2004-08-03, 1700-1800
    submitted by: RL "Bob" Morgan
    also thanks to Alexey Melnikov for Jabber scribing

    The meeting was called to order at 1700 by the chairs, Kurt Zeilenga and RL "Bob" Morgan.

    The first agenda item was WG status. Kurt noted that two documents remain to be finished, protocol and authmeth. The protocol document is ready for last call. It went through LC before but has been modified, so needs to go through again. The authmeth document is almost ready for LC.

    Question: Will there be an implementation report?
    Kurt: No, the docs are being submitted at the Proposed level, so no report yet. During the 6 months' wait until going to Draft level the report can be started.
    Question: Will there be interop testing as part of preparing the report?
    Kurt: No, the report just states what interop has been observed.

    Kurt asked Ted Hardie, AD, to arrange for a security review of the authmeth document, on the -12 version that will be produced next week. Ted said he would do so.

    Roger Harrison talked about the authmeth document (draft-ietf-ldapbis-authmeth-11.txt). He got lots of feedback on -10, and addressed almost all issues in -11. The reorganization of the material is just about complete. There is a new section 2 on implementation requirements. There is a new section 3.1.4 describing use of client certificates with StartTLS. Section 4 pulls together material on LDAP associations, including default state, effect of a failed bind, and invalidated associations. Remaining issues include:

    * zero-length serverSaslCreds field vs non-present field in final bind response
    * section 12 on cleartext password transmission needs scope clarification
    * ensure consistent use of connection terminology
    * TLS cipher suites recommendations security review requested to clarify what to say on this

    Review was requested on -11. Roger said -12 should be out shortly, and this version would be submitted for WG Last Call.

    Kurt noted that there is an issue about Digest-MD5 as the mandatory-to-implement security mechanism. There is some question about whether there are interoperable implementations of Digest-MD5 security layers. Implementors will be surveyed about this. If there are none, perhaps MTI security should be changed. Simple-authentication over TLS would be an obvious choice. Alexey Melnikov noted that Digest is changing to require AES as MTI, but there are no implementations yet.

    Jim Sermersheim talked about the protocol document (draft-ietf-ldapbis-protocol-25.txt). The only issue is that an ASN.1 change to require a term after and/or in filters will be backed out to accomodate a true/false filter. Also a pointer will be added to the Cancel extended operation. Otherwise the document should be complete.

    Kurt suggested doing a WG LC on the protocol document first, then authmeth. The WG charter milestones need to be updated based on completion dates for these. The WG is obviously close to finishing, may not need to meet at IETF 61.

    The meeting was adjourned at 1730.