idnits 2.17.1 

draft-chen-epp-identifier-mapping-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 2 instances of too long lines in the document, the longest one
     being 1 character in excess of 72.

  == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses
     in the document.  If these are example addresses, they should be changed.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords -- however, there's a paragraph with a matching beginning.
     Boilerplate error?

     RFC 2119 keyword, line 109: '...in this document MUST be interpreted i...'
     RFC 2119 keyword, line 122: '...ps and are not a REQUIRED feature of t...'
     RFC 2119 keyword, line 149: '...espace described in this document MUST...'
     RFC 2119 keyword, line 157: '...   MAY also apply to handle identifier...'
     RFC 2119 keyword, line 170: '...dentifier object MUST always have at l...'
     (79 more instances...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  == Line 479 has weird spacing: '...version  used ...'

  == Line 966 has weird spacing: '...version  used ...'

  -- The document date (August 5, 2019) is 1723 days in the past.  Is this
     intentional?


  Checking references for intended status: Experimental
  ----------------------------------------------------------------------------

  == Missing Reference: 'RFC2119' is mentioned on line 118, but not defined

  == Missing Reference: 'RFC3688' is mentioned on line 1534, but not defined

  == Unused Reference: 'RFC0791' is defined on line 1583, but no explicit
     reference was found in the text


     Summary: 2 errors (**), 0 flaws (~~), 7 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Internet Engineering Task Force                                  Y. Chen
2	Internet Draft                                                    J. Xie
3	Intended status: Experimental                                      Z. Li
4	Expires: February 5, 2020                                         Z. Fan
5	              China Academy of Information and Communications Technology
6	                                                          August 5, 2019

8	         Extensible Provisioning Protocol (EPP) Industrial Internet
9	                            Identifier Mapping
10	                   draft-chen-epp-identifier-mapping-00

12	Abstract

14	   This document describes an Extensible Provisioning Protocol
15	   (EPP)mapping for the provisioning and management of Industrial
16	   Internet Identifiers. Specified in XML, the mapping defines EPP
17	   command syntax and semantics as applied to identifiers.

19	Status of this Memo

21	   This Internet-Draft is submitted in full conformance with the
22	   provisions of BCP 78 and BCP 79.

24	   Internet-Drafts are working documents of the Internet Engineering
25	   Task Force (IETF), its areas, and its working groups.  Note that
26	   other groups may also distribute working documents as
27	   Internet-Drafts.

29	   Internet-Drafts are draft documents valid for a maximum of six months
30	   and may be updated, replaced, or obsoleted by other documents at any
31	   time.  It is inappropriate to use Internet-Drafts as reference
32	   material or to cite them other than as "work in progress."

34	   The list of current Internet-Drafts can be accessed at
35	   http://www.ietf.org/ietf/1id-abstracts.txt

37	   The list of Internet-Draft Shadow Directories can be accessed at
38	   http://www.ietf.org/shadow.html

40	   This Internet-Draft will expire on February 5, 2020.

42	Copyright Notice

44	   Copyright (c) 2019 IETF Trust and the persons identified as the
45	   document authors. All rights reserved.

47	   This document is subject to BCP 78 and the IETF Trust's Legal
48	   Provisions Relating to IETF Documents
49	   (http://trustee.ietf.org/license-info) in effect on the date of
50	   publication of this document. Please review these documents
51	   carefully, as they describe your rights and restrictions with respect
52	   to this document.

54	   Code Components extracted from this document must include Simplified
55	   BSD License text as described in Section 4.e of the Trust Legal
56	   Provisions and are provided without warranty as described in the
57	   Simplified BSD License.

59	Table of Contents

61	   1. Introduction ....................................................3
62	      1.1. Conventions Used in This Document ..........................4
63	   2. Object Attributes ...............................................4
64	      2.1. Industrial Internet Identifier Object ......................4
65	      2.2. Client Identifiers..........................................5
66	      2.3. Status Values ..............................................5
67	      2.4. Dates and Times.............................................6
68	      2.5. IP Addresses ...............................................7
69	   3. EPP Command Mapping .............................................7
70	      3.1. EPP Query Commands..........................................7
71	         3.1.1. EPP <check> Command....................................7
72	         3.1.2. EPP <info> Command.....................................9
73	         3.1.3. EPP <transfer> Query Command .........................13
74	      3.2. EPP Transform Commands.....................................13
75	         3.2.1. EPP <create> Command..................................14
76	         3.2.2. EPP <delete> Command..................................18
77	         3.2.3. EPP <renew> Command...................................19
78	         3.2.4. EPP <transfer> Command................................19
79	         3.2.5. EPP <update> Command..................................20
80	   4. Formal Syntax ..................................................25
81	   5. Internationalization Considerations ............................33
82	   6. Security Considerations.........................................33
83	   7. IANA Considerations ............................................34
84	   8. Acknowledgments ................................................34
85	   9. References .....................................................34
86	      9.1. Normative References.......................................34
87	      9.2. Informative References.....................................35

89	1. Introduction

91	   Industrial Internet Identifiers are character strings with a
92	   specified format that may consist of digits, letters or notations
93	   being structured in a way that is interpretable by one or more
94	   computational facilities.

96	   This document describes an Industrial Internet Identifier mapping for
97	   version 1.0 of the Extensible Provisioning Protocol (EPP). This
98	   mapping is specified using the Extensible Markup Language (XML)1.0 as
99	   described in [W3C.REC-xml-20040204] and XML Schema notation as
100	   described in [W3C.REC-xmlschema-1-20041028] and [W3C.REC-xmlschema-2-
101	   20041028].

103	   [RFC5730]provides a complete description of EPP command and response
104	   structures.  A thorough understanding of the base protocol
105	   specification is necessary to understand the mapping described in
106	   this document.

108	   XML is case sensitive.  Unless stated otherwise, XML specifications
109	   and examples provided in this document MUST be interpreted in the
110	   character case presented to develop a conforming implementation.

112	1.1. Conventions Used in This Document

114	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
115	   NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
116	   this document are to be interpreted as described in RFC 2119
117	   [RFC2119].

119	   In examples, "C:" represents lines sent by a protocol client and "S:"
120	   represents lines returned by a protocol server.  Indentation and
121	   white space in examples are provided only to illustrate element
122	   relationships and are not a REQUIRED feature of this protocol.

124	2. Object Attributes

126	   An EPP identifier object has attributes and associated values that
127	   can be viewed and modified by the sponsoring client or the server.
128	   This section describes each attribute type in detail.  The formal
129	   syntax for the attribute values described here can be found in the
130	   "Formal Syntax" section of this document and in the appropriate
131	   normative references.

133	2.1. Industrial Internet Identifier Object

135	   Industrial Internet Identifiers are character strings with a
136	   specified format that may consist of digits, letters or notations
137	   being structured in a way that is interpretable by one or more
138	   computational facilities.

140	   It is an unique persistent set of bits used to identify and obtain
141	   state information about physical resource such as machines, products,
142	   or digital resources such as algorithms, manufacturing process, etc.

144	   This document provides an overview of the EPP mapping of Industrial
145	   Internet Identification.  Handle mapping is specified as an example,
146	   while description in this document applies to other identification
147	   techniques as well.

149	   The syntax for handle namespace described in this document MUST
150	   conform to [RFC3650], [RFC3651], [RFC3652]. Handle identifiers are
151	   character strings with a specified length and a specified format.

153	   All handle identifiers are of the form prefix/suffix where, by
154	   default, the prefix may first be resolved to locate the specific
155	   identifier service and the suffix may be any bit sequence. Epp
156	   mapping on the prefix examples are provided in this document while it
157	   MAY also apply to handle identifiers with suffix.

159	   These conformance requirements might change in the future as a result
160	   of progressing work in developing standards for internationalized
161	   digital object identification.

163	2.2. Client Identifiers

165	   All EPP clients are identified by a server-unique identifier. Client
166	   identifiers conform to the "clIDType" syntax described in [RFC5730].

168	2.3. Status Values

170	   An EPP identifier object MUST always have at least one associated
171	   status value.  Status values MAY be set only by the client that
172	   sponsors an identifier object and by the server on which the object
173	   resides.  A client can change the status of object using the EPP
174	   <update> command.  Each status value MAY be accompanied by a string
175	   of human-readable text that describes the rationale for the status
176	   applied to the object.

178	   A client MUST NOT alter status values set by the server.  A server
179	   MAY alter or override status values set by a client, subject to local
180	   server policies.  The status of an object MAY change as a result of
181	   either a client-initiated transform command or an action performed by
182	   a server operator.

184	   Status values that can be added or removed by a client are prefixed
185	   with "client". Corresponding status values that can be added or
186	   removed by a server are prefixed with "server".  Status values that
187	   do not begin with either "client" or "server" are server-managed.

189	   Status Value Descriptions:

191	   -  clientDeleteProhibited, serverDeleteProhibited

193	      Requests to delete the object MUST be rejected.

195	   -  clientUpdateProhibited, serverUpdateProhibited

197	      Requests to update the object (other than to remove this status)
198	   MUST be rejected.

200	   -  linked

202	      The identifier object has at least one active association with
203	   another object. Servers SHOULD provide services to determine existing
204	   object associations.

206	   -  ok

208	      This is the normal status value for an object that has no pending
209	   operations or prohibitions.  This value is set and removed by the
210	   server as other status values are added or removed.

212	   -  pendingCreate, pendingDelete, pendingTransfer, pendingUpdate

214	    A transform command has been processed for the object, but the
215	   action has not been completed by the server.  Server operators can
216	   delay action completion for a variety of reasons, such as to allow
217	   for human review or third-party action.  A transform command that is
218	   processed, but whose requested action is pending, is noted with
219	   response code 1001.

221	   When the requested action has been completed, the pendingCreate,
222	   pendingDelete, pendingTransfer, or pendingUpdate status value MUST be
223	   removed.  All clients involved in the transaction MUST be notified
224	   using a service message that the action has been completed and that
225	   the status of the object has changed.

227	   "ok" status MAY only be combined with "linked" status.

229	   "linked" status MAY be combined with any status.

231	   "pendingDelete" status MUST NOT be combined with either
232	   "clientDeleteProhibited" or "serverDeleteProhibited" status.

234	   "pendingUpdate" status MUST NOT be combined with either
235	   "clientUpdateProhibited" or "serverUpdateProhibited" status.

237	   The pendingCreate, pendingDelete, pendingTransfer, and pendingUpdate
238	   status values MUST NOT be combined with each other.

240	   Other status combinations not expressly prohibited MAY be used.

242	2.4. Dates and Times

244	   Date and time attribute values MUST be represented in Universal
245	   Coordinated Time (UTC) using the Gregorian calendar. The extended
246	   date-time form using upper case "T" and "Z" characters defined in
247	   [W3C.REC-xmlschema-2-20041028] MUST be used to represent date-time
248	   values, as XML Schema does not support truncated date-time forms or
249	   lower case "T" and "Z" characters.

251	2.5. IP Addresses

253	   The syntax for IPv4 addresses described in this document MUST conform
254	   to[RFC5730].  The syntax for IPv6 addresses described in this
255	   document MUST conform to [RFC4291].  Practical considerations for
256	   publishing IPv6 address information in zone files are documented in
257	   [RFC2874] and [RFC3596].  A server MAY reject IP addresses that have
258	   not been allocated for public use by IANA.

260	3. EPP Command Mapping

262	   A detailed description of the EPP syntax and semantics is specified
263	   in [RFC5730].  The command mappings described here are specifically
264	   for use in provisioning and managing Industrial Internet identifiers
265	   via EPP.

267	3.1. EPP Query Commands

269	   EPP provides two commands to retrieve object information: <check> to
270	   determine if an EPP object can be provisioned within a repository,
271	   and <info> to retrieve detailed information associated with an EPP
272	   object.

274	3.1.1. EPP <check> Command

276	   The EPP <check> command is used to determine if an object can be
277	   provisioned within a repository.  It provides a hint that allows a
278	   client to anticipate the success or failure of provisioning an object
279	   using the <create> command, as object-provisioning requirements are
280	   ultimately a matter of server policy.

282	   In addition to the standard EPP command elements, the <check> command
283	   MUST contain an <identifier: check> element that recognizes the
284	   identifier namespace. The <identifier: check> element contains the
285	   following child elements:

287	   o One or more <identifier:name> elements that contain the fully
288	     qualified names of the identifier objects to be queried.

290	   example <check> command:

292	   C:<?xml version="1.0" encoding="utf-8"?>
293	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi=
294	   C:"http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=
295	   C:"urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
296	   C:  <command>
297	   C:    <check>
298	   C:      <identifier:check xmlns:identifier="urn:ietf:params:xml:ns:
299	   C:      identifier-1.0" xsi:schemaLocation="urn:ietf:params:xml:ns:

301	   C:      identifier-1.0 identifier-1.0.xsd">
302	   C:        <identifier:name>88.1000.1</identifier:name>
303	   C:        <identifier:name>88.1000.2</identifier:name>
304	   C:      </identifier:check>
305	   C:    </check>
306	   C:    <clTRID>ABC-12345</clTRID>
307	   C:  </command>
308	   C:</epp>

310	   When a <check> command has been processed successfully, a server MUST
311	   respond with an EPP <resData> element that MUST contain a child
312	   element that identifies the identifier object namespace.  The child
313	   elements of the <resData> element are identifier-specific, though the
314	   EPP <resData> element MUST contain a child <identifier:chkData>
315	   element that contains one or more <identifier:cd> (check data)
316	   elements. Each <identifier:cd> element contains the following child
317	   elements:

319	   o An identifier-specific element that identifies the queried
320	     identifier.

322	    This element MUST contain an "avail" attribute whose value
323	    indicates object availability (can it be provisioned or not) at
324	    the moment the <check> command was completed. A value of "1" or
325	    "true" means that the identifier can be provisioned. A value of "0"
326	    or "false" means that the identifier cannot be provisioned.

328	   o An <identifier:reason> element that is provided when an
329	     identifier cannot be provisioned.  This element contains server-
330	     specific text to help explain why the identifier cannot be
331	     provisioned.  This text MUST be represented in the response
332	     language previously negotiated with the client; an OPTIONAL "lang"
333	     attribute MAY be present to identify the language if the
334	     negotiated value is something other than the default value of "en"
335	     (English).

337	   Example <check> response:

339	   S:<?xml version="1.0" encoding="utf-8"?>
340	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
341	   S:  <response>
342	   S:    <result code="1000">
343	   S:      <msg>Command completed successfully</msg>
344	   S:    </result>
345	   S:    <resData>
346	   S:      <identifier:chkData xmlns:identifier="urn:ietf:params:
347	   S:      xml:ns:identifier-1.0">
348	   S:        <identifier:cd>
349	   S:          <identifier:name avail="false">88.1000.1
350	   S:          </identifier:name>
351	   S:          <identifier:reason>The identifier already exists
352	   S:          </identifier:reason>
353	   S:        </identifier:cd>
354	   S:        <identifier:cd>
355	   S:          <identifier:name avail="true">88.1000.1
356	   S:          </identifier:name>
357	   S:        </identifier:cd>
358	   S:      </identifier:chkData>
359	   S:    </resData>
360	   S:    <trID>
361	   S:      <clTRID>ABC-12345</clTRID>
362	   S:      <svTRID>54321-XYZ</svTRID>
363	   S:    </trID>
364	   S:  </response>
365	   S:</epp>

367	   An EPP error response MUST be returned if a <check> command cannotbe
368	   processed for any reason.

370	3.1.2. EPP <info> Command

372	   The EPP <info> command is used to retrieve information associated
373	   with an Industrial Internet Identifier object.  In addition to the
374	   standard EPP command elements, the <info> command MUST contain an
375	   <identifier:info> element that identifies the identifier namespace.
376	   The <identifier:info> element contains one child element:

378	   An <identifier:name> element that contains the fully qualified name
379	   of the identifier object for which information is requested.

381	   Example <info> command:

383	   C:<?xml version="1.0" encoding="utf-8"?>
384	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi=
385	   C:"http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation
386	   C:="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
387	   C:  <command>
388	   C:    <info>
389	   C:      <identifier:info xmlns:identifier="urn:ietf:params:xml:
390	   C:      ns:identifier-1.0" xsi:schemaLocation="urn:ietf:params:xml
391	   C:      :ns:identifier-1.0 identifier-1.0.xsd">
392	   C:        <identifier:name>88.1000.1</identifier:name>
393	   C:      </identifier:info>
394	   C:    </info>
395	   C:    <clTRID>ABC-12345</clTRID>
396	   C:  </command>
397	   C:</epp>

399	   When an <info> command has been processed successfully, the EPP
400	   <resData> element MUST contain a child <identifier:infData> element
401	   that identifies the identifier namespace.  The <identifier:infData>
402	   element contains the following child elements:

404	   o An <identifier:name> element that contains the fully qualified
405	     name of the identifier object to be created. The identifier name
406	     with a minimum length of 1 byte and a maximum length of 255 bytes
407	     SHOULD be unique and SHOULD NOT be reused.

409	   o An <identifier:type> element that specifies type of identification
410	     technique of the identifier object. Handle is taken as an example
411	     in this document.

413	   o Zero or more OPTIONAL <identifier:contact> elements that contain
414	     contact information of the enterprise that applies for the
415	     identifier to be queried.

417	   o Zero or more OPTIONAL <identifier:URL> elements that contain the
418	     URL associated with the identifier object to be queried.

420	   o An <identifier:administratorList> element that contains one or more
421	     <identifier:administrator> elements that specify administrator
422	     information of the identifier object. Identifier administrators
423	     are entitled to create identifier or sub-naming authorities under
424	     the handle prefix according to the permission defined by its
425	     <identifier:permissionList> sub-element.

427	     Each <identifier:administrator> element includes the following
428	     child elements:

430	     An <identifier:adminIndex> element that provides the reference to
431	     the authentication key that can be used to authenticate the
432	     administrator.

434	     An <identifier:pubkey> element that contains the authentication
435	     key of the administrator and information of the type of the
436	     technique used to authenticate administrator. The public key is
437	     processed with base64 encoding schemes.

439	     Three types of algorithms are recommended to authenticate the
440	     identifier administrator: Digital Signature Algorithm (DSA)
441	     public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key
442	     cryptography, or the password-based authentication mechanism.

444	     The Digital Signature Algorithm (DSA) is a typical kind of
445	     cryptographic algorithm to generate pairs of keys used in
446	     public-key system:  public keys which may be stored in the
447	     server, and private keys which are known only to the client.

449	     The RSA is another kind of cryptographic algorithm used for secure
450	     data transmission.

452	     The password is a word or string of characters used for user
453	     authentication to prove identity of the administrator.

455	     An <identifier:permissionList> element MAY contain zero or more
456	     <identifier:permission> elements that specify information about
457	     the administration authority of the administrator.  A set of
458	     administration functions that include adding, deleting, and
459	     modifying identifier or identifier values are supported by the
460	     identifier service.  Before fulfilling any administration request,
461	     the server must authenticate the client as the identifier
462	     administrator that is authorized for the administrative operation.

464	     List of all the permissions see the "Formal Syntax" section of this
465	     document.

467	   o An <identifier:siteList> element that contains one or more
468	     <identifier:siteInfo> elements that provide information to locate
469	     the site to implement provisions and resolution of the identifier.
470	     In this section, the element defines a handle service site by
471	     identifying the server computers that comprise the site along with
472	     their service configurations (e.g., port numbers).

474	     Each <identifier:siteInfo> contains the following child elements:
475	     An <identifier:siteIndex>  element that indicates the specific
476	     index of a site.

478	     An <identifier:protocolVersion>  element that indicates handle
479	     protocol version  used to create the handle identifier.

481	     One or more <identifier:serviceInfo> elements that contain the
482	     following elements:

484	      An <identifier:serverID> element defines the number of servers in
485	      the service site.

487	      One or more <identifier:addr> elements that describe IP address of
488	      the identifier service.  Each <identifier:addr> element MAY
489	      contain an "ip" attribute to identify the IP address format.
490	      Attribute value "v4" is used to note IPv4 address format.
491	      Attribute value "v6" is used to note IPv6 address format.  If the
492	      "ip" attribute is not specified,"v4" is the default attribute
493	      value.

495	      An <identifier:pubkey> element that contains the server's public
496	      key with a "type" attribute that specifies algorithms used to
497	      generate the public key. Public key in the
498	      <identifier:serviceInfo> can be used to authenticate any service
499	      response from the handle server.

501	      One or more <identifier:serviceInterfaces> elements that have
502	      three child elements: an <identifier:serviceType> element that
503	      indicates whether the service is for query or for administration,
504	      an <identifier:protocol> element that specifies transmission
505	      protocol, where UDP and HTTP could be considered as alternative
506	      protocols, and the <identifier:port> element that represents
507	      service port of specific the service component.

509	   Example <info> response:

511	   S:<?xml version="1.0" encoding="utf-8"?>
512	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
513	   S:  <response>
514	   S:    <result code="1000">
515	   S:      <msg>Command completed successfully</msg>
516	   S:    </result>
517	   S:    <resData>
518	   S:      <identifier:infData
519	   S:      xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0">
520	   S:        <identifier:name>88.1000.1</identifier:name>
521	   S:        <identifier:type>handle</identifier:type>
522	   S:        <identifier:status s="clientUpdateProhibited"/>
523	   S:        <identifier:contact>jd1234</identifier:contact>
524	   S:        <identifier:url>www.caict.ac.cn</identifier:url>
525	   S:        <identifier:administratorList>
526	   S:          <identifier:administrator>
527	   S:            <identifier:adminIndex>100</identifier:adminIndex>
528	   S:            <identifier:pubkey type="dsa_pub_key">
529	   S:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf
530	   S:            wYFTfB05hhLDC1...</identifier:pubkey>
531	   S:            <identifier:permissionList>
532	   S:              <identifier:permission>add_handle
533	   S:              </identifier:permission>
534	   S:              <identifier:permission>delete_handle
535	   S:              </identifier:permission>
536	   S:              <identifier:permission>add_value
537	   S:              </identifier:permission>
538	   S:              <identifier:permission>modify_admin
539	   S:              </identifier:permission>
540	   S:              <identifier:permission>remove_admin
541	   S:              </identifier:permission>
542	   S:            </identifier:permissionList>
543	   S:          </identifier:administrator>
544	   S:        </identifier:administratorList>
545	   S:        <identifier:siteList>
546	   S:          <identifier:siteInfo>
547	   S:            <identifier:siteIndex>500</identifier:siteIndex>
548	   S:            <identifier:protocolVersion>2.10
549	   S:            </identifier:protocolVersion>
550	   S:            <identifier:serviceInfo>
551	   S:              <identifier:serverID>1</identifier:serverID>
552	   S:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
553	   S:              <identifier:addr ip="v6">
554	   S:              1080:0:0:0:8:800:200C:417A
555	   S:              </identifier:addr>
556	   S:              <identifier:pubkey type="dsa_pub_key">
557	   S:              AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03QfwY
558	   S:              FTfB05hhLDC1...</identifier:pubkey>
559	   S:              <identifier:serviceInterfaces>
560	   S:                <identifier:serviceType>query
561	   S:                </identifier:serviceType>
562	   S:                <identifier:protocol>tcp</identifier:protocol>
563	   S:                <identifier:port>2641</identifier:port>
564	   S:              </identifier:serviceInterfaces>
565	   S:            </identifier:serviceInfo>
566	   S:          </identifier:siteInfo>
567	   S:        </identifier:siteList>
568	   S:      </identifier:infData>
569	   S:    </resData>
570	   S:    <trID>
571	   S:      <clTRID>ABC-12345</clTRID>
572	   S:      <svTRID>54322-XYZ</svTRID>
573	   S:    </trID>
574	   S:  </response>
575	   S:</epp>
576	   An EPP error response MUST be returned if an <info> command cannot be
577	   processed for any reason.

579	3.1.3. EPP <transfer> Query Command

581	   Transfer semantics do not directly apply to identifier objects, so
582	   there is no mapping defined for the EPP <transfer> query command.

584	3.2. EPP Transform Commands

586	   EPP provides three commands to transform identifier objects: <create>
587	   to create an instance of an identifier object, <delete> to delete an
588	   instance of an identifier object, and <update> to change information
589	   associated with an identifier object.  This document does not define
590	   identifier-object mappings for the EPP <renew> and <transfer>
591	   commands.

593	   Transform commands are typically processed and completed in real time.
594	   Server operators MAY receive and process transform commands but defer
595	   completing the requested action if human or third-party review is
596	   required before the requested action can be completed.  In such
597	   situations, the server MUST return a 1001 response code to the client
598	   to note that the command has been received and processed but that the
599	   requested action is pending.  The server MUST also manage the status
600	   of the object that is the subject of the command to reflect the
601	   initiation and completion of the requested action.  Once the action
602	   has been completed; all clients involved in the transaction MUST be
603	   notified using a service message that the action has been completed
604	   and that the status of the object has changed. Other notification
605	   methods MAY be used in addition to the required service message.

607	   Server operators SHOULD confirm that a client is authorized to
608	   perform a transform command on a given object.  Any attempt to
609	   transform an object by an unauthorized client MUST be rejected, and
610	   the server MUST return a 2201 response code to the client to note
611	   that the client lacks privileges to execute the requested command.

613	3.2.1. EPP <create> Command

615	   The EPP <create> command provides an operation that allows a client
616	   to create an identifier object. In addition to the standard EPP
617	   command elements, the <create> command MUST contain an <identifier:
618	   create> element that identifies the identifier to be created.  The
619	   <identifier:create> element contains the following child elements:

621	   o An <identifier:name> element that contains the fully qualified
622	     name of the identifier object to be created. The identifier name
623	     with a minimum length of 1 byte and a maximum length of 255 bytes
624	     SHOULD be unique and SHOULD NOT be reused.

626	   o An <identifier:type> element that specifies type of identification
627	     technique of the identifier object. Handle is taken as an example
628	     in this document.

630	   o Zero or more OPTIONAL <identifier:contact> elements that contain
631	     contact information of the enterprise that applies for the
632	     identifier to be created.

634	   o Zero or more OPTIONAL <identifier:URL> elements that contain the
635	     URL associated with the identifier object to be created.

637	   o An <identifier:administratorList> element that contains one or
638	     more <identifier:administrator> elements that specify
639	     administrator information of the identifier object. Identifier
640	     administrators are entitled to administrate or resolve identifier
641	     or identifier values according to the permission defined by its
642	     <identifier:permissionList> sub-element.

644	     Each <identifier:administrator> element includes the following
645	     child elements:

647	      An <identifier:adminIndex> element that provides the reference to
648	      the authentication key that can be used to authenticate the
649	      administrator.

651	      An <identifier:pubkey> element that contains the authentication
652	      key of the administrator and information of the type of the
653	      technique used to authenticate administrator. The public key is
654	      processed with base64 encoding schemes.

656	      Three types of algorithms are recommended to authenticate the
657	      identifier administrator: Digital Signature Algorithm (DSA)
658	      public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key
659	      cryptography, or the password-based authentication mechanism.

661	      The Digital Signature Algorithm (DSA) is a typical kind of
662	      cryptographic algorithm to generate pairs of keys used in public-
663	      key system:  public keys which may be stored in the server, and
664	      private keys which are known only to the client.

666	      The RSA is one of the first public-key cryptosystems and is
667	      another kind of cryptographic algorithm used for secure data
668	      transmission.

670	      The password is a word or string of characters used for user
671	      authentication to prove identity of the administrator.

673	      An <identifier:permissionList> element MAY contain zero or more
674	      <identifier:permission> elements that specify information about
675	      the administration authority of the administrator.  A set of
676	      administration functions that include adding, deleting, and
677	      modifying identifier or identifier values are supported by the
678	      identifier service.  Before fulfilling any administration request,
679	      the server must authenticate the client as the identifier
680	      administrator that is authorized for the administrative operation.

682	      List of all the permissions see the "Formal Syntax" section of
683	      this document.

685	   o An <identifier:siteList> element that contains one or more
686	     <identifier:siteInfo> elements that provide information to locate
687	     the site to implement provisions and resolution of the identifier.
688	     In this section, the element defines a handle service site by
689	     identifying the server computers that comprise the site along with
690	     their service configurations (e.g., port numbers).

692	     Each <identifier:siteInfo> contains the following child elements:
693	     An <identifier:siteIndex>  element that indicates the specific
694	     index of a site.

696	     An <identifier:protocolVersion>  element that indicates handle
697	     protocol version used to create the handle identifier.

699	     One or more <identifier:serviceInfo> elements that contain the
700	     following elements:

702	      An <identifier:serverID> element defines the number of servers in
703	      the service site.
704	      One or more <identifier:addr> elements that describe IP address
705	      of the identifier service.  Each <identifier:addr> element MAY
706	      contain an "ip" attribute to identify the IP address format.
707	      Attribute value "v4" is used to note IPv4 address format.
708	      Attribute value "v6" is used to note IPv6 address format.  If the
709	      "ip" attribute is not specified,"v4" is the default attribute
710	      value.

712	      An <identifier:pubkey> element that contains the server's public
713	      key with a "type" attribute that specifies algorithms used to
714	      generate the public key. Public key in the
715	      <identifier:serviceInfo> can be used to authenticate any service
716	      response from the handle server.

718	      One or more <identifier:serviceInterfaces> elements that have
719	      three child elements: an <identifier:serviceType> element that
720	      indicates whether the service is for query or for administration,
721	      an <identifier:protocol> element that specifies transmission
722	      protocol, where UDP and HTTP could be considered as alternative
723	      protocols, and the <identifier:port> element that represents
724	      service port of specific the service component.

726	   Example <create> command:

728	   C:<?xml version="1.0" encoding="utf-8" standalone="no"?>
729	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
730	   C:xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
731	   C:xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
732	   C:  <command>
733	   C:    <create>
734	   C:      <identifier:create
735	   C:      xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0"
736	   C:      xsi:schemaLocation="urn:ietf:params:xml:ns:identifier-1.0
737	   C:      identifier-1.0.xsd">
738	   C:        <identifier:name>88.1000.1</identifier:name>
739	   C:        <identifier:type>handle</identifier:type>
740	   C:        <identifier:contact>jd1234</identifier:contact>
741	   C:        <identifier:url>www.caict.ac.cn</identifier:url>
742	   C:        <identifier:administratorList>
743	   C:          <identifier:administrator>
744	   C:            <identifier:adminIndex>100</identifier:adminIndex>
745	   C:            <identifier:pubkey type="dsa_pub_key">
746	   C:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4
747	   C:            e175lVnv03QfwYFTfB05hhLDC1...</identifier:pubkey>
748	   C:            <identifier:permissionList>
749	   C:              <identifier:permission>add_handle
750	   C:              </identifier:permission>
751	   C:              <identifier:permission>delete_handle
752	   C:              </identifier:permission>
753	   C:              <identifier:permission>add_value
754	   C:              </identifier:permission>
755	   C:              <identifier:permission>modify_admin
756	   C:              </identifier:permission>
757	   C:              <identifier:permission>remove_admin
758	   C:              </identifier:permission>
759	   C:            </identifier:permissionList>
760	   C:          </identifier:administrator>
761	   C:        </identifier:administratorList>
762	   C:        <identifier:siteList>
763	   C:          <identifier:siteInfo>
764	   C:            <identifier:siteIndex>500</identifier:siteIndex>
765	   C:            <identifier:protocolVersion>2.10
766	   C:            </identifier:protocolVersion>
767	   C:            <identifier:serviceInfo>
768	   C:              <identifier:serverID>1</identifier:serverID>
769	   C:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
770	   C:              <identifier:addr ip="v6">1080:0:0:0:8:800:200C:417A
771	   C:              </identifier:addr>
772	   C:              <identifier:pubkey type="dsa_pub_key">
773	   C:              AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e
774	   C:              175lVnv03QfwYFTfB05hhLDC1...</identifier:pubkey>
775	   C:              <identifier:serviceInterfaces>
776	   C:                <identifier:serviceType>query
777	   C:                </identifier:serviceType>
778	   C:                <identifier:protocol>tcp</identifier:protocol>
779	   C:                <identifier:port>2641</identifier:port>
780	   C:              </identifier:serviceInterfaces>
781	   C:            </identifier:serviceInfo>
782	   C:          </identifier:siteInfo>
783	   C:        </identifier:siteList>
784	   C:      </identifier:create>
785	   C:    </create>
786	   C:    <clTRID>ABC-12345</clTRID>
787	   C:  </command>
788	   C:</epp>
789	   When a <create> command has been processed successfully, the EPP
790	   <response> element MUST contain a child <result code> element that
791	   identifies the result of processing.

793	   Example <create> response:

795	   S:<?xml version="1.0" encoding="utf-8" standalone="no"?>
796	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
797	   S:  <response>
798	   S:    <result code="1000">
799	   S:      <msg>Command completed successfully</msg>
800	   S:    </result>
801	   S:    <trID>
802	   S:      <clTRID>ABC-12345</clTRID>
803	   S:      <svTRID>54321-XYZ</svTRID>
804	   S:    </trID>
805	   S:  </response>
806	   S:</epp>

808	   An EPP error response MUST be returned if a <create> command cannot
809	   be processed for any reason.

811	3.2.2. EPP <delete> Command

813	   The EPP <delete> command provides an operation that allows a client
814	   to delete an identifier object. In addition to the standard EPP
815	   command elements, the <delete> command MUST contain an
816	   <identifier:delete> element that specifies the identifier namespace.
817	   The<identifier:delete> element contains the following child element:

819	   o An <identifier:name> element that contains the fully qualified
820	      name of the identifier object to be deleted.

822	   Example <delete> command:

824	   C:<?xml version="1.0" encoding="utf-8"?>
825	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi=
826	   C:"http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=
827	   C:"urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
828	   C:  <command>
829	   C:    <delete>
830	   C:      <identifier:delete xmlns:identifier="urn:ietf:params:
831	   C:      xml:ns:identifier-1.0" xsi:schemaLocation="urn:ietf:
832	   C:      params:xml:ns:identifier-1.0 identifier-1.0.xsd">
833	   C:        <identifier:name>88.1000.1</identifier:name>
834	   C:      </identifier:delete>
835	   C:    </delete>
836	   C:    <clTRID>ABC-12345</clTRID>
837	   C:  </command>
838	   C:</epp>

840	   When a <delete> command has been processed successfully, a server
841	   MUST respond with an EPP response with no <resData> element.

843	   Example <delete> response

845	   <?xml version="1.0" encoding="utf-8"?>

847	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
848	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
849	   S:  <response>
850	   S:    <result code="1000">
851	   S:      <msg>Command completed successfully</msg>
852	   S:    </result>
853	   S:    <trID>
854	   S:      <clTRID>ABC-12345</clTRID>
855	   S:      <svTRID>54321-XYZ</svTRID>
856	   S:    </trID>
857	   S:  </response>
858	   S:</epp>

860	   An EPP error response MUST be returned if a <delete> command cannot
861	   be processed for any reason.

863	3.2.3. EPP <renew> Command

865	   Renewal semantics do not apply to identifier objects, so there is no
866	   identifier mapping defined for the EPP <renew> command.

868	3.2.4. EPP <transfer> Command

870	   Transfer semantics do not directly apply to identifier objects, so
871	   there is no mapping defined for the EPP <transfer> command.

873	3.2.5. EPP <update> Command

875	   The EPP <update> command provides an operation that allows a client
876	   to modify the attributes of an identifier.  In addition to the
877	   standard EPP command elements, the <update> command MUST contain an
878	   <identifier:update> element that identifies the identifier object and
879	   attributes to be updated.  The <identifier:update> element contains
880	   the following child elements:

882	   o An <identifier:name> element that contains the fully qualified
883	     name of the identifier object to be updated.

885	   o An OPTIONAL <identifier:add> element that contains attribute
886	     values to be added to the identifier object.

888	   o An OPTIONAL <identifier:rem> element that contains attribute
889	     values to be removed from the object. It has the following child
890	     elements: An OPTIONAL <identifier:contact> element that contains
891	     contact information that is to be removed from the identifier.
892	     An optional <identifier:url> element that contains the URL to be
893	     removed. An OPTIONAL <identifier:adminIndex> element that
894	     specifies the index of the identifier administrator to be deleted.
895	     An OPTIONAL <identifier:siteIndex> element that contains
896	     information about index of the site to be removed from the
897	     identifier object. At least one child element of MUST be provided
898	     if the <identifier:rem> element is present.

900	   o An OPTIONAL <identifier:chg> element that contains object
901	     attribute values to be changed. The name of an identifier MUST NOT
902	     be changed, due to impacts on associated identifier objects.

904	   At least one <identifier:add>, <identifier:rem>, or <identifier:chg>
905	   element MUST be provided if the command is not being extended.  All
906	   of these elements MAY be omitted if an <update> extension is present.
907	   The <identifier:add> and <identifier:chg> elements share two common
908	   child elements: <identifier:administrator> and the
909	   <identifier:siteInfo> element.

911	   The <identifier:add> element has two additional child elements:
912	   <identifier:contact> and <identifier:url>  other than the common
913	   element.

915	   Whereas the <identifier:chg> has an additional <identifier:status>
916	   element that specifies status of the identifier object. Description
917	   of the common child elements of <identifier:add> and <identifier:chg>
918	   goes as follows:

920	    - An <identifier:administrator> element that specifies
921	      administrator information of the identifier object. Identifier
922	      administrators are entitled to administrate or resolve
923	      identifier or identifier values according to the permission
924	      defined by its <identifier:permissionList> sub-element. An
925	      <identifier:administrator> element includes the following
926	      child elements:

928	       An <identifier:adminIndex> element that provides the reference
929	       to the authentication key that can be used to authenticate the
930	       administrator.

932	       An <identifier:pubkey> element that contains the authentication
933	       key of the administrator and information of the type of the
934	       technique used to authenticate administrator. The public key is
935	       processed with base64 encoding schemes.

937	       Three types of algorithms are recommended to authenticate the
938	       identifier administrator: Digital Signature Algorithm (DSA)
939	       public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key
940	       cryptography, or the password-based authentication mechanism.

942	       An <identifier:permissionList> element MAY contain zero or more
943	       <identifier:permission> elements that specify information about
944	       the administration authority of the administrator.  A set of
945	       administration functions that include adding, deleting, and
946	       modifying identifier or identifier values are supported by the
947	       identifier service.  Before fulfilling any administration
948	       request, the server must authenticate the client as the
949	       identifier administrator that is authorized for the
950	       administrative operation.

952	       Lists of all the permissions see the "Formal Syntax" section of
953	       this document.

955	    - An <identifier:siteInfo> element that provides information to
956	      locate the site to implement provisions and resolution of the
957	      identifier.  The <identifier:siteInfo> element defines a handle
958	      service site by identifying the server computers that comprise
959	      the site along with their service configurations (e.g., port
960	      numbers).It contains the following child elements:

962	       An <identifier:siteIndex>  element that indicates the specific
963	       index of a site that is added or modified.

965	       An <identifier:protocolVersion>  element that indicates handle
966	       protocol version  used to create the handle identifier.

968	       One or more <identifier:serviceInfo> elements that contain the
969	       following elements: An <identifier:serverID> element defines the
970	       number of servers in the service site. One or more
971	       <identifier:addr> elements that describe IP address of the
972	       identifier service.  Each <identifier:addr> element MAY contain
973	       an "ip" attribute to identify the IP address format. Attribute
974	       value "v4" is used to note IPv4 address format.  Attribute value
975	       "v6" is used to note IPv6 address format.  If the "ip" attribute
976	       is not specified,"v4" is the default attribute value. An
977	       <identifier:pubkey> element that contains the server's public key
978	       with a "type" attribute that specifies algorithms used to
979	       generate the public key. Public key in the
980	       <identifier:serviceInfo> can be used to authenticate any service
981	       response from the server. One or more
982	       <identifier:serviceInterfaces> elements that have three child
983	       elements: an <identifier:serviceType> element that indicates
984	       whether the service is for query or for administration, an
985	       <identifier:protocol> element that specifies transmission
986	       protocol, where UDP and HTTP could be considered as alternative
987	       protocols, and the <identifier:port> element that represents
988	       service port of specific the service component.

990	   Example <update> command:

992	   C:<?xml version="1.0" encoding="utf-8"?>
993	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
994	   C:xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
995	   C:xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
996	   C:  <command>
997	   C:    <update>
998	   C:      <identifier:update
999	   C:      xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0"
1000	   C:      xsi:schemaLocation="urn:ietf:params:xml:ns:identifier-1.0
1001	   C:      identifier-1.0.xsd">
1002	   C:        <identifier:name>88.1000.1</identifier:name>
1003	   C:        <identifier:add>
1004	   C:          <identifier:contact>jd12345</identifier:contact>
1005	   C:          <identifier:url>www.abc.com</identifier:url>
1006	   C:          <identifier:administrator>
1007	   C:            <identifier:adminIndex>101</identifier:adminIndex>
1008	   C:            <identifier:pubkey type="dsa_pub_key">
1009	   C:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf
1010	   C:            wYFTfB05hhLDC1...</identifier:pubkey>
1011	   C:            <identifier:permissionList>
1012	   C:              <identifier:permission>add_handle
1013	   C:              </identifier:permission>
1014	   C:              <identifier:permission>delete_handle
1015	   C:              </identifier:permission>
1016	   C:              <identifier:permission>add_value
1017	   C:              </identifier:permission>
1018	   C:              <identifier:permission>modify_admin
1019	   C:              </identifier:permission>
1020	   C:              <identifier:permission>remove_admin
1021	   C:              </identifier:permission>
1022	   C:            </identifier:permissionList>
1023	   C:          </identifier:administrator>
1024	   C:          <identifier:siteInfo>
1025	   C:            <identifier:siteIndex>501</identifier:siteIndex>
1026	   C:            <identifier:protocolVersion>2.10
1027	   C:            </identifier:protocolVersion>
1028	   C:            <identifier:serviceInfo>
1029	   C:              <identifier:serverID>1</identifier:serverID>
1030	   C:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
1031	   C:              <identifier:addr ip="v6">1080:0:0:0:8:800:200C:417A
1032	   C:              </identifier:addr>
1033	   C:              <identifier:pubkey type="dsa_pub_key">
1034	   C:              AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e
1035	   C:              175lVnv03QfwYFTfB05hhLDC1...</identifier:pubkey>
1036	   C:              <identifier:serviceInterfaces>
1037	   C:                <identifier:serviceType>admin
1038	   C:                </identifier:serviceType>
1039	   C:                <identifier:protocol>tcp</identifier:protocol>
1040	   C:                <identifier:port>2641</identifier:port>
1041	   C:              </identifier:serviceInterfaces>
1042	   C:            </identifier:serviceInfo>
1043	   C:          </identifier:siteInfo>
1044	   C:        </identifier:add>
1045	   C:        <identifier:rem>
1046	   C:          <identifier:contact>jd12345</identifier:contact>
1047	   C:          <identifier:url>www.abc.com</identifier:url>
1048	   C:          <identifier:adminIndex>101</identifier:adminIndex>
1049	   C:          <identifier:siteIndex>500</identifier:siteIndex>
1050	   C:        </identifier:rem>
1051	   C:        <identifier:chg>
1052	   C:          <identifier:status s="clientUpdateProhibited"/>
1053	   C:          <identifier:administrator>
1054	   C:            <identifier:adminIndex>102</identifier:adminIndex>
1055	   C:            <identifier:pubkey type="dsa_pub_key">
1056	   C:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf
1057	   C:            wYFTfB05hhLDC1...</identifier:pubkey>
1058	   C:            <identifier:permissionList>
1059	   C:              <identifier:permission>add_handle
1060	   C:              </identifier:permission>
1061	   C:              <identifier:permission>delete_handle
1062	   C:              </identifier:permission>
1063	   C:              <identifier:permission>add_value
1064	   C:              </identifier:permission>
1065	   C:            </identifier:permissionList>
1066	   C:          </identifier:administrator>
1067	   C:          <identifier:siteInfo>
1068	   C:            <identifier:siteIndex>500</identifier:siteIndex>
1069	   C:            <identifier:protocolVersion>2.10
1070	   C:            </identifier:protocolVersion>
1071	   C:            <identifier:serviceInfo>
1072	   C:              <identifier:serverID>2</identifier:serverID>
1073	   C:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
1074	   C:              <identifier:addr ip="v6">1080:0:0:0:8:800:200C:417A
1075	   C:              </identifier:addr>
1076	   C:              <identifier:serviceInterfaces>
1077	   C:                <identifier:serviceType>query
1078	   C:                </identifier:serviceType>
1079	   C:                <identifier:protocol>tcp</identifier:protocol>
1080	   C:                <identifier:port>2641</identifier:port>
1081	   C:              </identifier:serviceInterfaces>
1082	   C:            </identifier:serviceInfo>
1083	   C:          </identifier:siteInfo>
1084	   C:        </identifier:chg>
1085	   C:      </identifier:update>
1086	   C:    </update>
1087	   C:    <clTRID>ABC-12345</clTRID>
1088	   C:  </command>
1089	   C:</epp>

1091	   When an <update> command has been processed successfully, a server
1092	   MUST respond with an EPP response with no <resData> element.

1094	   Example <update> response:

1096	   S:<?xml version="1.0" encoding="utf-8"?>
1097	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
1098	   S:  <response>
1099	   S:    <result code="1000">
1100	   S:      <msg>Command completed successfully</msg>
1101	   S:    </result>
1102	   S:    <trID>
1103	   S:      <clTRID>ABC-12345</clTRID>
1104	   S:      <svTRID>54321-XYZ</svTRID>
1105	   S:    </trID>
1106	   S:  </response>
1107	   S:</epp>

1109	   An EPP error response MUST be returned if an <update> command could
1110	   not be processed for any reason.

1112	4. Formal Syntax

1114	   An EPP object mapping is specified in XML Schema notation.  The
1115	   formal syntax presented here is a complete schema representation of
1116	   the object mapping suitable for automated validation of EPP XML
1117	   instances.  The BEGIN and END tags are not part of the schema; they
1118	   are used to note the beginning and ending of the schema for URI
1119	   registration purposes.

1121	   Redistribution and use in source and binary forms, with or without
1122	   modification, are permitted provided that the following conditions
1123	   are met:

1125	   o Redistributions of source code must retain the above copyright
1126	      notice, this list of conditions and the following disclaimer.

1128	   o Redistributions in binary form must reproduce the above copyright
1129	      notice, this list of conditions and the following disclaimer in
1130	      the documentation and/or other materials provided with the
1131	      distribution.

1133	   o Neither the name of Internet Society, IETF or IETF Trust, nor the
1134	      names of specific contributors, may be used to endorse or promote
1135	      products derived from this software without specific prior written
1136	      permission.

1138	   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
1139	   CONTRIBUTORS"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
1140	   BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
1141	   FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
1142	   THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
1143	   INDIRECT, INCIDENTAL,SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1144	   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1145	   SERVICES; LOSS OF USE,DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1146	   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1147	   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
1148	   IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1149	   POSSIBILITY OF SUCH DAMAGE.

1151	   BEGIN

1153	   <?xml version="1.0" encoding="utf-8"?>

1155	   <schema xmlns="http://www.w3.org/2001/XMLSchema"
1156	   xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0"
1157	   xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"
1158	   xmlns:eppcom="urn:ietf:params:xml:ns:eppcom-1.0"
1159	   targetNamespace="urn:ietf:params:xml:ns:identifier-1.0"
1160	   elementFormDefault="qualified">
1161	     <!--
1162	       Import common element types.

1164	       -->
1165	     <import namespace="urn:ietf:params:xml:ns:eppcom-1.0"
1166	     schemaLocation="eppcom-1.0.xsd"/>
1167	     <import namespace="urn:ietf:params:xml:ns:epp-1.0"
1168	     schemaLocation="epp-1.0.xsd"/>
1169	     <annotation>
1170	       <documentation>Extensible Provisioning Protocol v1.0
1171	       identifier provisioning schema.</documentation>
1172	     </annotation>
1173	     <!--
1174	       Child elements found in EPP commands.
1175	       -->
1176	     <element name="check" type="identifier:mNameType"/>
1177	     <element name="create" type="identifier:createType"/>
1178	     <element name="update" type="identifier:updateType"/>
1179	     <element name="info" type="identifier:sNameType"/>
1180	     <element name="delete" type="identifier:sNameType"/>
1181	     <!--
1182	       Child elements of the <create> command.
1183	       -->
1184	     <complexType name="createType">
1185	       <sequence>
1186	         <element name="name" type="eppcom:labelType"/>
1187	         <element name="type" type="identifier:typeEnumType"/>
1188	         <element name="contact" type="identifier:contactType"
1189	         maxOccurs="unbounded"/>
1190	         <element name="url" type="anyURI" maxOccurs="unbounded"/>
1191	         <element name="administratorList"
1192	         type="identifier:administratorListType" minOccurs="0"/>
1193	         <element name="siteList"
1194	         type="identifier:siteListType" minOccurs="0"/>
1195	       </sequence>
1196	     </complexType>
1197	     <!--
1198	      Child elements of the <delete> and <info> commands.
1199	      -->
1200	     <complexType name="sNameType">
1201	       <sequence>
1202	         <element name="name" type="eppcom:labelType"/>
1203	       </sequence>
1204	     </complexType>
1205	     <!--
1206	      Child element of commands that accept multiple names.
1207	      -->
1208	     <complexType name="mNameType">
1209	       <sequence>
1210	         <element name="name" type="eppcom:labelType"
1211	         maxOccurs="unbounded"/>
1212	       </sequence>
1213	     </complexType>
1214	     <simpleType name="typeEnumType">
1215	       <restriction base="token">
1216	         <enumeration value="handle"/>
1217	         <enumeration value="oid"/>
1218	         <enumeration value="ecode"/>
1219	         <enumeration value="epc"/>
1220	         <enumeration value="other"/>
1221	       </restriction>
1222	     </simpleType>
1223	     <complexType name="contactType">
1224	       <simpleContent>
1225	         <extension base="eppcom:clIDType">
1226	           <attribute name="type" type="identifier:contactAttrType"/>
1227	         </extension>
1228	       </simpleContent>
1229	     </complexType>
1230	     <simpleType name="contactAttrType">
1231	       <restriction base="token">
1232	         <enumeration value="admin"/>
1233	         <enumeration value="billing"/>
1234	         <enumeration value="tech"/>
1235	       </restriction>
1236	     </simpleType>
1237	     <complexType name="administratorListType">
1238	       <sequence>
1239	         <element name="administrator"
1240	         type="identifier:administratorType" minOccurs="0"
1241	         maxOccurs="unbounded"/>
1242	       </sequence>
1243	     </complexType>
1244	     <complexType name="administratorType">
1245	       <sequence>
1246	         <element name="adminIndex" type="unsignedInt"/>
1247	         <element name="pubkey" type="identifier:pubkeyType"/>
1248	         <element name="permissionList" type="identifier:
1249	         permissionListType"/>
1250	       </sequence>
1251	     </complexType>
1252	     <complexType name="pubkeyType">
1253	       <simpleContent>
1254	         <extension base="base64Binary">
1255	           <attribute name="type" type="identifier:
1256	           pubkeyTypeType"/>
1257	         </extension>
1258	       </simpleContent>
1259	     </complexType>
1260	     <simpleType name="pubkeyTypeType">
1261	       <restriction base="token">
1262	         <enumeration value="dsa_pub_key"/>
1263	         <enumeration value="rsa_pub_key"/>
1264	         <enumeration value="secret_key"/>
1265	       </restriction>
1266	     </simpleType>
1267	     <complexType name="permissionListType">
1268	       <sequence>
1269	         <element name="permission" type="identifier:permissionType"
1270	         minOccurs="0" maxOccurs="unbounded"/>
1271	       </sequence>
1272	     </complexType>
1273	     <simpleType name="permissionType">
1274	       <restriction base="token">
1275	         <enumeration value="add_handle"/>
1276	         <enumeration value="delete_handle"/>
1277	         <enumeration value="add_na"/>
1278	         <enumeration value="delete_na"/>
1279	         <enumeration value="modify_value"/>
1280	         <enumeration value="delete_value"/>
1281	         <enumeration value="add_value"/>
1282	         <enumeration value="modify_admin"/>
1283	         <enumeration value="remove_admin"/>
1284	         <enumeration value="add_admin"/>
1285	         <enumeration value="authorized_read"/>
1286	         <enumeration value="list_handle"/>
1287	       </restriction>
1288	     </simpleType>
1289	     <complexType name="siteListType">
1290	       <sequence>
1291	         <element name="siteInfo" type="identifier:siteInfoType"
1292	         minOccurs="0" maxOccurs="unbounded"/>
1293	       </sequence>
1294	     </complexType>
1295	     <complexType name="siteInfoType">
1296	       <sequence>
1297	         <element name="siteIndex" type="unsignedInt"/>
1298	         <element name="protocolVersion" type="token"/>
1299	         <element name="serviceInfo" type="identifier:serviceInfoType"
1300	         minOccurs="0" maxOccurs="unbounded"/>
1301	       </sequence>
1302	     </complexType>
1303	     <complexType name="serviceInfoType">
1304	       <sequence>
1305	         <element name="serverID" type="unsignedInt"/>
1306	         <element name="addr" type="identifier:addrType" minOccurs="0"
1307	         maxOccurs="unbounded"/>
1308	         <element name="pubkey" type="identifier:pubkeyType"
1309	         minOccurs="0" maxOccurs="1"/>
1310	         <element name="serviceInterfaces"
1311	         type="identifier:serviceInterfacesType"
1312	         minOccurs="0" maxOccurs="unbounded"/>
1313	       </sequence>
1314	     </complexType>
1315	     <complexType name="addrType">
1316	       <simpleContent>
1317	         <extension base="identifier:addrStringType">
1318	           <attribute name="ip" type="identifier:ipType" default="v4"/>
1319	         </extension>
1320	       </simpleContent>
1321	     </complexType>
1322	     <simpleType name="addrStringType">
1323	       <restriction base="token">
1324	         <minLength value="3"/>
1325	         <maxLength value="45"/>
1326	       </restriction>
1327	     </simpleType>
1328	     <simpleType name="ipType">
1329	       <restriction base="token">
1330	         <enumeration value="v4"/>
1331	         <enumeration value="v6"/>
1332	       </restriction>
1333	     </simpleType>
1334	     <complexType name="serviceInterfacesType">
1335	       <sequence>
1336	         <element name="serviceType" type="identifier:serviceTypeType"/>
1337	         <element name="protocol" type="identifier:protocolType"/>
1338	         <element name="port" type="unsignedShort"/>
1339	       </sequence>
1340	     </complexType>
1341	     <simpleType name="serviceTypeType">
1342	       <restriction base="token">
1343	         <enumeration value="query"/>
1344	         <enumeration value="admin"/>
1345	       </restriction>
1346	     </simpleType>
1347	     <simpleType name="protocolType">
1348	       <restriction base="token">
1349	         <enumeration value="tcp"/>
1350	         <enumeration value="udp"/>
1351	         <enumeration value="http"/>
1352	       </restriction>
1353	     </simpleType>
1354	     <!--
1355	       Child elements of the <update> command.
1356	       -->
1357	     <complexType name="updateType">
1358	       <sequence>
1359	         <element name="name" type="eppcom:labelType"/>
1360	         <element name="add" type="identifier:addType" minOccurs="0"/>
1361	         <element name="rem" type="identifier:remType" minOccurs="0"/>
1362	         <element name="chg" type="identifier:chgType" minOccurs="0"/>
1363	       </sequence>
1364	     </complexType>
1365	     <complexType name="addType">
1366	       <sequence>
1367	         <element name="contact" type="identifier:contactType"
1368	         minOccurs="0" maxOccurs="unbounded"/>
1369	         <element name="url" type="eppcom:labelType" minOccurs="0"
1370	         maxOccurs="unbounded"/>
1371	         <element name="administrator"
1372	         type="identifier:administratorType"
1373	         minOccurs="0" maxOccurs="unbounded"/>
1374	         <element name="siteInfo" type="identifier:siteInfoType"
1375	         minOccurs="0" maxOccurs="unbounded"/>
1376	         <element name="cert" type="token" minOccurs="0" maxOccurs="1"/>
1377	         <element name="signature" type="token" minOccurs="0"
1378	         maxOccurs="1"/>
1379	       </sequence>
1380	     </complexType>
1381	     <complexType name="remType">
1382	       <sequence>
1383	         <element name="contact" type="identifier:contactType"
1384	         minOccurs="0" maxOccurs="unbounded"/>
1385	         <element name="url" type="eppcom:labelType" minOccurs="0"
1386	         maxOccurs="unbounded"/>
1387	         <element name="adminIndex" type="unsignedInt" minOccurs="0"
1388	         maxOccurs="unbounded"/>
1389	         <element name="siteIndex" type="unsignedInt" minOccurs="0"
1390	         maxOccurs="unbounded"/>
1391	       </sequence>
1392	     </complexType>
1393	     <complexType name="chgType">
1394	       <sequence>
1395	         <element name="status" type="identifier:statusType"
1396	         minOccurs="0"/>
1397	         <element name="administrator"
1398	         type="identifier:administratorType" minOccurs="0"
1399	         maxOccurs="unbounded"/>
1400	         <element name="siteInfo" type="identifier:siteInfoType"
1401	         minOccurs="0" maxOccurs="unbounded"/>
1402	         <element name="cert" type="token" minOccurs="0"
1403	         maxOccurs="1"/>
1404	         <element name="signature" type="token" minOccurs="0"
1405	         maxOccurs="1"/>
1406	       </sequence>
1407	     </complexType>
1408	     <!--
1409	       Status is a combination of attributes and an optional
1410	       human-readable message that may be expressed in languages other
1411	       than English.
1412	       -->
1413	     <complexType name="statusType">
1414	       <simpleContent>
1415	         <extension base="normalizedString">
1416	           <attribute name="s" type="identifier:statusValueType"
1417	           use="required"/>
1418	           <attribute name="lang" type="language" default="en"/>
1419	         </extension>
1420	       </simpleContent>
1421	     </complexType>
1422	     <simpleType name="statusValueType">
1423	       <restriction base="token">
1424	         <enumeration value="clientDeleteProhibited"/>
1425	         <enumeration value="clientHold"/>
1426	         <enumeration value="clientRenewProhibited"/>
1427	         <enumeration value="clientTransferProhibited"/>
1428	         <enumeration value="clientUpdateProhibited"/>
1429	         <enumeration value="inactive"/>
1430	         <enumeration value="ok"/>
1431	         <enumeration value="pendingCreate"/>
1432	         <enumeration value="pendingDelete"/>
1433	         <enumeration value="pendingRenew"/>
1434	         <enumeration value="pendingTransfer"/>
1435	         <enumeration value="pendingUpdate"/>
1436	         <enumeration value="serverDeleteProhibited"/>
1437	         <enumeration value="serverHold"/>
1438	         <enumeration value="serverRenewProhibited"/>
1439	         <enumeration value="serverTransferProhibited"/>
1440	         <enumeration value="serverUpdateProhibited"/>
1441	       </restriction>
1442	     </simpleType>
1443	     <!--
1444	      Child response elements.
1445	      -->
1446	     <element name="chkData" type="identifier:chkDataType"/>
1447	     <element name="infData" type="identifier:infDataType"/>
1448	     <!--
1449	      <check> response elements.
1450	      -->
1451	     <complexType name="chkDataType">
1452	       <sequence>
1453	         <element name="cd" type="identifier:checkType"
1454	         maxOccurs="unbounded"/>
1455	       </sequence>
1456	     </complexType>
1457	     <complexType name="checkType">
1458	       <sequence>
1459	         <element name="name" type="identifier:checkNameType"/>
1460	         <element name="reason" type="eppcom:reasonType" minOccurs="0"/>
1461	       </sequence>
1462	     </complexType>
1463	     <complexType name="checkNameType">
1464	       <simpleContent>
1465	         <extension base="eppcom:labelType">
1466	           <attribute name="avail" type="boolean" use="required"/>
1467	         </extension>
1468	       </simpleContent>
1469	     </complexType>
1470	     <complexType name="infDataType">
1471	       <sequence>
1472	         <element name="name" type="eppcom:labelType"/>
1473	         <element name="type" type="identifier:typeEnumType"/>
1474	         <element name="status" type="identifier:statusType"/>
1475	         <element name="contact" type="identifier:contactType"
1476	         maxOccurs="unbounded"/>
1477	         <element name="url" type="anyURI" maxOccurs="unbounded"/>
1478	         <element name="administratorList"
1479	         type="identifier:administratorListType" minOccurs="0"/>
1480	         <element name="siteList" type="identifier:siteListType"
1481	         minOccurs="0"/>
1482	       </sequence>
1483	     </complexType>
1484	     <!--
1485	       End of schema.
1486	       -->
1487	   </schema>
1488	   END
1489	5. Internationalization Considerations

1491	   EPP is represented in XML, which provides native support for encoding
1492	   information using the Unicode character set and its more compact
1493	   representations including UTF-8.  Conformant XML processors recognize
1494	   both UTF-8 and UTF-16 [RFC2781].  Though XML includes provisions to
1495	   identify and use other character encodings through use of an
1496	   "encoding" attribute in an <?xml?> declaration, use of UTF-8 is
1497	   RECOMMENDED in environments where parser encoding support
1498	   incompatibility exists.

1500	   All date-time values presented via EPP MUST be expressed in Universal
1501	   Coordinated Time using the Gregorian calendar.  XML Schema allows use
1502	   of time zone identifiers to indicate offsets from the zero meridian,
1503	   but this option MUST NOT be used with EPP.  The extended date-time
1504	   form using upper case "T" and "Z" characters defined in [W3C.REC-
1505	   xmlschema-2-20041028] MUST be used to represent date-time values, as
1506	   XML Schema does not support truncated date-time forms or lower case
1507	   "T" and "Z" characters.

1509	   The syntax for handle identifiers described in this document MUST
1510	   conform to [RFC3650], [RFC3651], [RFC3652]. The conformance
1511	   requirements might change as a result of progressing work in
1512	   developing standards for internationalized identifier techniques.

1514	6. Security Considerations

1516	   Authorization information as described in Section 3.2 is REQUIRED to
1517	   create an identifier object.  This information is used in some query
1518	   and transfer operations as an additional means of determining client
1519	   authorization to perform the command.  Failure to protect
1520	   authorization information from inadvertent disclosure can result in
1521	   unauthorized transfer operations and unauthorized information release.
1522	   Both client and server MUST ensure that authorization information is
1523	   stored and exchanged with high-grade encryption mechanisms to provide
1524	   privacy services.

1526	   The object mapping described in this document does not provide any
1527	   other security services or introduce any additional considerations
1528	   beyond those described by [RFC5730] or those caused by the protocol
1529	   layers used by EPP.

1531	7. IANA Considerations

1533	   This document uses URNs to describe XML namespaces and XML schemas
1534	   conforming to a registry mechanism described in [RFC3688].  Two URI
1535	   assignments have been registered by the IANA.

1537	   Registration request for the identifier namespace:

1539	      URI: urn:ietf:params:xml:ns:identifier-1.0

1541	      Registrant Contact: See the "Author's Address" section of this
1542	   document.

1544	      XML: None.  Namespace URIs do not represent an XML specification.

1546	   Registration request for the identifier XML schema:

1548	      URI: urn:ietf:params:xml:schema:identifier-1.0

1550	      Registrant Contact: See the "Author's Address" section of this
1551	   document.

1553	      XML: See the "Formal Syntax" section of this document.

1555	8. Acknowledgments

1557	   This document is based on an identifier application of EPP.Thus, the
1558	   author would like to thank J. Xie who suggested improvements and
1559	   provided many invaluable comments. This document are individual
1560	   submissions, based on the work done in RFC 5730.
1561	   This document was prepared using 2-Word-v2.0.template.dot.

1563	9. References

1565	9.1. Normative References

1567	   [W3C.REC-xml-20040204] Sperberg-McQueen, C., Maler, E., Yergeau, F.,
1568	             Paoli, J., and T. Bray, "Extensible Markup Language (XML)
1569	             1.0 (Third Edition)", World Wide Web Consortium
1570	             FirstEdition REC-xml-20040204, February 2004,
1571	             <http://www.w3.org/TR/2004/REC-xml-20040204>.

1573	   [W3C.REC-xmlschema-1-20041028]  Maloney, M., Thompson, H.,
1574	             Mendelsohn, N., and D. Beech, "XML Schema Part 1:
1575	             Structures Second Edition", World Wide Web Consortium
1576	             Recommendation REC-xmlschema-1-20041028, October 2004,
1577	             <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.

1579	   [W3C.REC-xmlschema-2-20041028]  Malhotra, A. and P. Biron, "XML
1580	             Schema Part 2: Datatypes Second Edition", World Wide Web
1581	             Consortium Recommendation REC-xmlschema-2-20041028, October
1582	             2004, <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.
1583	             [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
1584	             September 1981.

1586	   [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
1587	             STD 69, RFC 5730, August 2009.

1589	   [RFC3650] Sun, S. and L. Lannom, "Handle System Overview", November
1590	             2003.

1592	   [RFC3651] Sun, S., Reilly, S. and L. Lannom, "Handle System Namespace
1593	             and Service Definition", November 2003.

1595	   [RFC3652] Sun, S., Reilly, S. and L. Lannom, "Handle System Protocol
1596	             (ver 2.1) Specification", November 2003.

1598	9.2. Informative References

1600	   [RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO
1601	             10646", RFC 2781, February 2000.

1603	   [RFC2874] Crawford, M. and C. Huitema, "DNS Extensions to Support
1604	             IPv6 Address Aggregation and Renumbering", RFC 2874, July
1605	             2000.

1607	   [RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, "DNS
1608	             Extensions to Support IP Version 6", RFC 3596, October
1609	             2003.

1611	   [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
1612	             Architecture", RFC 4291, February 2006.

1614	Author's Address

1616	   Yuying Chen
1617	   CAICT
1618	   No.52 Huayuan North Road, Haidian District
1619	   Beijing, Beijing, 100191
1620	   China

1622	   Phone: +86 188 1008 2358
1623	   Email: chenyuying@caict.ac.cn
1624	   Jiagui Xie
1625	   CAICT
1626	   No.52 Huayuan North Road, Haidian District
1627	   Beijing, Beijing, 100191
1628	   China

1630	   Phone: +86 150 0138 5070
1631	   Email: xiejiagui@caict.ac.cn

1633	   Zhiping Li
1634	   CAICT
1635	   No.52 Huayuan North Road, Haidian District
1636	   Beijing, Beijing, 100191
1637	   China

1639	   Phone: +86 185 1107 1386
1640	   Email: lizhiping@caict.ac.cn

1642	   Zhipeng Fan
1643	   CAICT
1644	   No.52 Huayuan North Road, Haidian District
1645	   Beijing, Beijing, 100191
1646	   China

1648	   Phone: +86 159 1112 3285
1649	   Email: fanzhipeng@caict.ac.cn