Last Modified: 2004-06-15
The group will deliver revised LDAPv3 specifications suitable for consideration as a Draft Standard. This work will be based upon RFCs 2251-2256, 2829-2831.
The group will deliver a document detailing IANA considerations for LDAP suitable for consideration as a Best Current Practice.
The group will deliver an applicability statement defining LDAPv3. This work will be based upon draft-hodges-ldapv3-as-00.txt.
The following areas are out of scope: - "LDAPv4"
- All LDAP Extensions (LDAPext) excepting StartTLS.
- LDAP Replication (LDUP)- LDAP non-"core" Schema
- Connection-less LDAP (LDAPext)
|Done||Submit LDAP Applicability Statement I-D|
|Done||Submit LDAP Overview / Data Model I-D|
|Done||Submit LDAP Protocol I-D|
|Done||Submit LDAP Attribute Syntaxes I-D|
|Done||Submit LDAP DN I-D|
|Done||Submit LDAP Filter I-D|
|Done||Submit LDAP URL I-D|
|Done||Submit LDAP User Schema I-D|
|Done||Submit LDAP Authentication Methods I-D|
|Done||Submit LDAP Start TLS I-D|
|Done||Submit LDAP Applicability Statement I-D to the IESG for consideration as Proposed Standard|
|Done||Submit IANA Considerations for LDAP I-D to IESG for consideration as BCP|
|Sep 03||Deliver revised LDAP|
|Sep 03||Deliver revised BCP 64 I-D to IESG for consideration to the IESG as a BCP|
|Oct 03||ubmit Interoperability Report I-D|
|Apr 04||Deliver Interoperability Report to IESG with recommendation that revised LDAP|
|RFC3377||PS||Lightweight Directory Access Protocol (v3):Technical Specification|
|RFC3383||BCP||Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)|
IETF ldapbis WG meeting minutes
IETF 60, San Diego, USA
submitted by: RL "Bob" Morgan
also thanks to Alexey Melnikov for Jabber scribing
The meeting was called to order at 1700 by the chairs, Kurt Zeilenga and RL "Bob" Morgan.
The first agenda item was WG status. Kurt noted that two documents remain to be finished, protocol and authmeth. The protocol document is ready for last call. It went through LC before but has been modified, so needs to go through again. The authmeth document is almost ready for LC.
Question: Will there be an implementation report?
Kurt: No, the docs are being submitted at the Proposed level, so no report yet. During the 6 months' wait until going to Draft level the report can be started.
Question: Will there be interop testing as part of preparing the report?
Kurt: No, the report just states what interop has been observed.
Kurt asked Ted Hardie, AD, to arrange for a security review of the authmeth document, on the -12 version that will be produced next week. Ted said he would do so.
Roger Harrison talked about the authmeth document (draft-ietf-ldapbis-authmeth-11.txt). He got lots of feedback on -10, and addressed almost all issues in -11. The reorganization of the material is just about complete. There is a new section 2 on implementation requirements. There is a new section 3.1.4 describing use of client certificates with StartTLS. Section 4 pulls together material on LDAP associations, including default state, effect of a failed bind, and invalidated associations. Remaining issues include:
* zero-length serverSaslCreds field vs non-present field in final bind response
* section 12 on cleartext password transmission needs scope clarification
* ensure consistent use of connection terminology
* TLS cipher suites recommendations security review requested to clarify what to say on this
Review was requested on -11. Roger said -12 should be out shortly, and this version would be submitted for WG Last Call.
Kurt noted that there is an issue about Digest-MD5 as the mandatory-to-implement security mechanism. There is some question about whether there are interoperable implementations of Digest-MD5 security layers. Implementors will be surveyed about this. If there are none, perhaps MTI security should be changed. Simple-authentication over TLS would be an obvious choice. Alexey Melnikov noted that Digest is changing to require AES as MTI, but there are no implementations yet.
Jim Sermersheim talked about the protocol document (draft-ietf-ldapbis-protocol-25.txt). The only issue is that an ASN.1 change to require a term after and/or in filters will be backed out to accomodate a true/false filter. Also a pointer will be added to the Cancel extended operation. Otherwise the document should be complete.
Kurt suggested doing a WG LC on the protocol document first, then authmeth. The WG charter milestones need to be updated based on completion dates for these. The WG is obviously close to finishing, may not need to meet at IETF 61.
The meeting was adjourned at 1730.