idnits 2.17.1 

draft-chen-epp-identifier-mapping-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of lines with control characters in the document.

  == There is 1 instance of lines with non-RFC3849-compliant IPv6 addresses
     in the document.  If these are example addresses, they should be changed.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 108: '...in this document MUST be interpreted i...'
     RFC 2119 keyword, line 115: '...ps and are not a REQUIRED feature of t...'
     RFC 2119 keyword, line 162: '...espace described in this document MUST...'
     RFC 2119 keyword, line 170: '...   it MAY also apply to handle identif...'
     RFC 2119 keyword, line 183: '...dentifier object MUST always have at l...'
     (78 more instances...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  == Line 491 has weird spacing: '...version  used ...'

  == Line 712 has weird spacing: '...version  used ...'

  == Line 975 has weird spacing: '...tion of   the...'

  == Line 985 has weird spacing: '...version  used ...'

  == Line 987 has weird spacing: '...contain  the...'

  -- The document date (August 17, 2020) is 1341 days in the past.  Is this
     intentional?


  Checking references for intended status: Experimental
  ----------------------------------------------------------------------------

  == Missing Reference: 'RFC3688' is mentioned on line 1558, but not defined

  == Unused Reference: 'RFC0791' is defined on line 1608, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC1558' is defined on line 1625, but no explicit
     reference was found in the text

  -- Obsolete informational reference (is this intentional?): RFC 1558
     (Obsoleted by RFC 1960)


     Summary: 2 errors (**), 0 flaws (~~), 10 warnings (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Internet Engineering Task Force                                  Y. Chen
2	Internet Draft                                                    J. Xie
3	Intended status: Experimental                                      Z. Li
4	Expires: February 24, 2021                                        Z. Fan
5	              China Academy of Information and Communications Technology
6	                                                       August 17, 2020

8	         Extensible Provisioning Protocol (EPP) Industrial Internet
9	                            Identifier Mapping
10	                   draft-chen-epp-identifier-mapping-03

12	Abstract

14	   This document describes an Extensible Provisioning Protocol
15	   (EPP)mapping for the provisioning and management of Industrial
16	   Internet Identifiers. Specified in XML, the mapping defines EPP
17	   command syntax and semantics as applied to identifiers.

19	Status of this Memo

21	   This Internet-Draft is submitted in full conformance with the
22	   provisions of BCP 78 and BCP 79.

24	   Internet-Drafts are working documents of the Internet Engineering
25	   Task Force (IETF), its areas, and its working groups.  Note that
26	   other groups may also distribute working documents as Internet-
27	   Drafts.

29	   Internet-Drafts are draft documents valid for a maximum of six
30	   months and may be updated, replaced, or obsoleted by other documents
31	   at any time.  It is inappropriate to use Internet-Drafts as
32	   reference material or to cite them other than as "work in progress."

34	   The list of current Internet-Drafts can be accessed at
35	   http://www.ietf.org/ietf/1id-abstracts.txt

37	   The list of Internet-Draft Shadow Directories can be accessed at
38	   http://www.ietf.org/shadow.html

40	   This Internet-Draft will expire on February 24, 2021.

42	Copyright Notice

44	   Copyright (c) 2020 IETF Trust and the persons identified as the
45	   document authors. All rights reserved.

47	   This document is subject to BCP 78 and the IETF Trust's Legal
48	   Provisions Relating to IETF Documents
49	   (http://trustee.ietf.org/license-info) in effect on the date of
50	   publication of this document. Please review these documents
51	   carefully, as they describe your rights and restrictions with
52	   respect to this document. Code Components extracted from this
53	   document must include Simplified BSD License text as described in
54	   Section 4.e of the Trust Legal Provisions and are provided without
55	   warranty as described in the Simplified BSD License.

57	Table of Contents

59	   1. Introduction ................................................... 4
60	      1.1. Conventions Used in This Document ......................... 4
61		  1.2. Scope of Experimentation   ................................ 4
62	   2. Object Attributes .............................................. 4
63	      2.1. Industrial Internet Identifier Object ..................... 5
64	      2.2. Client Identifiers ........................................ 5
65	      2.3. Status Values ............................................. 5
66	      2.4. Dates and Times.............................................7
67	      2.5. IP Addresses ...............................................7
68	   3. EPP Command Mapping ............................................ 7
69	      3.1. EPP Query Commands ........................................ 7
70	         3.1.1. EPP <check> Command   ................................ 8
71	         3.1.2. EPP <info> Command   ................................ 10
72	         3.1.3. EPP <transfer> Query Command ........................ 14
73	      3.2. EPP Transform Commands  .................................. 14
74	         3.2.1. EPP <create> Command   .............................. 15
75	         3.2.2. EPP <delete> Command   .............................. 19
76	         3.2.3. EPP <renew> Command    .............................. 20
77	         3.2.4. EPP <transfer> Command   ............................ 20
78	         3.2.5. EPP <update> Command    ............................. 20
79	   4. Formal Syntax ................................................. 25
80	   5. Internationalization Considerations ........................... 33
81	   6. Security Considerations   ..................................... 34
82	   7. IANA Considerations ........................................... 34
83	   8. Acknowledgments ................................................35
84	   9. References .....................................................35
85	      9.1. Normative References   ................................... 35
86	      9.2. Informative References   ................................. 36

88	1. Introduction

90	   Industrial Internet Identifiers are character strings with a
91	   specified format that may consist of digits, letters or notations
92	   being structured in a way that is interpretable by one or more
93	   computational facilities.

95	   This document describes an Industrial Internet Identifier mapping
96	   for version 1.0 of the Extensible Provisioning Protocol (EPP). This
97	   mapping is specified using the Extensible Markup Language (XML)1.0
98	   as described in [W3C.REC-xml-20040204] and XML Schema notation as
99	   described in [W3C.REC-xmlschema-1-20041028] and [W3C.REC-xmlschema-
100	   2-20041028].

102	   [RFC5730]provides a complete description of EPP command and response
103	   structures.  A thorough understanding of the base protocol
104	   specification is necessary to understand the mapping described in
105	   this document.

107	   XML is case sensitive.  Unless stated otherwise, XML specifications
108	   and examples provided in this document MUST be interpreted in the
109	   character case presented to develop a conforming implementation.

111	1.1. Conventions Used in This Document
112	   In examples, "C:" represents lines sent by a protocol client and
113	   "S:" represents lines returned by a protocol server.  Indentation
114	   and white space in examples are provided only to illustrate element
115	   relationships and are not a REQUIRED feature of this protocol.

117	1.2. Scope of Experimentation

119	   This document describes an experimental extension to EPP protocol.
120	   This section specifies scope of this experiment and how it can yield
121	   useful information.

123	   This EPP extension is designed to manage the registration,
124	   modification and resolution of digital objects, handles, OID, for
125	   example throughout the Industrial Internet. According to the
126	   definition of EPP, this extension is an XML text protocol that
127	   permits multiple service providers to perform object-provisioning
128	   operations using a shared central object repository. It is designed
129	   for use in a layered protocol environment. Bindings to specific
130	   transport and security protocols are outside the scope of this
131	   specification.

133	    Given the above points, the experiment can be run on the open
134	   Internet between consenting client and server implementations.

136	2. Object Attributes

138	   An EPP identifier object has attributes and associated values that
139	   can be viewed and modified by the sponsoring client or the server.
140	   This section describes each attribute type in detail.  The formal
141	   syntax for the attribute values described here can be found in the
142	   "Formal Syntax" section of this document and in the appropriate
143	   normative references.

145	2.1. Industrial Internet Identifier Object

147	   Industrial Internet Identifiers are character strings with a
148	   specified format that may consist of digits, letters or notations
149	   being structured in a way that is interpretable by one or more
150	   computational facilities.

152	   It is an unique persistent set of bits used to identify and obtain
153	   state information about physical resource such as machines,
154	   products, or digital resources such as algorithms, manufacturing
155	   process, etc.

157	   This document provides an overview of the EPP mapping of Industrial
158	   Internet Identification.  Handle mapping is specified as an example,
159	   while description in this document applies to other identification
160	   techniques as well.

162	   The syntax for handle namespace described in this document MUST
163	   conform to [RFC3650], [RFC3651], [RFC3652]. Handle identifiers are
164	   character strings with a specified length and a specified format.

166	   All handle identifiers are of the form prefix/suffix where, by
167	   default, the prefix may first be resolved to locate the specific
168	   identifier service and the suffix may be any bit sequence. Epp
169	   mapping on the prefix examples are provided in this document while
170	   it MAY also apply to handle identifiers with suffix.

172	   These conformance requirements might change in the future as a
173	   result of progressing work in developing standards for
174	   internationalized digital object identification.

176	2.2. Client Identifiers

178	   All EPP clients are identified by a server-unique identifier. Client
179	   identifiers conform to the "clIDType" syntax described in [RFC5730].

181	2.3. Status Values

183	   An EPP identifier object MUST always have at least one associated
184	   status value.  Status values MAY be set only by the client that
185	   sponsors an identifier object and by the server on which the object
186	   resides.  A client can change the status of object using the EPP
187	   <update> command.  Each status value MAY be accompanied by a string
188	   of human-readable text that describes the rationale for the status
189	   applied to the object.

191	   A client MUST NOT alter status values set by the server.  A server
192	   MAY alter or override status values set by a client, subject to
193	   local server policies.  The status of an object MAY change as a
194	   result of either a client-initiated transform command or an action
195	   performed by a server operator.

197	   Status values that can be added or removed by a client are prefixed
198	   with "client". Corresponding status values that can be added or
199	   removed by a server are prefixed with "server".  Status values that
200	   do not begin with either "client" or "server" are server-managed.

202	   Status Value Descriptions:

204	   -  clientDeleteProhibited, serverDeleteProhibited

206	      Requests to delete the object MUST be rejected.

208	   -  clientUpdateProhibited, serverUpdateProhibited

210	      Requests to update the object (other than to remove this status)
211	   MUST be rejected.

213	   -  linked

215	      The identifier object has at least one active association with
216	   another object. Servers SHOULD provide services to determine
217	   existing object associations.

219	   -  ok

221	      This is the normal status value for an object that has no pending
222	   operations or prohibitions.  This value is set and removed by the
223	   server as other status values are added or removed.

225	   -  pendingCreate, pendingDelete, pendingTransfer, pendingUpdate

227	    A transform command has been processed for the object, but the
228	   action has not been completed by the server.  Server operators can
229	   delay action completion for a variety of reasons, such as to allow
230	   for human review or third-party action.  A transform command that is
231	   processed, but whose requested action is pending, is noted with
232	   response code 1001.

234	   When the requested action has been completed, the pendingCreate,
235	   pendingDelete, pendingTransfer, or pendingUpdate status value MUST
236	   be removed.  All clients involved in the transaction MUST be
237	   notified using a service message that the action has been completed
238	   and that the status of the object has changed.

240	   "ok" status MAY only be combined with "linked" status.

242	   "linked" status MAY be combined with any status.

244	   "pendingDelete" status MUST NOT be combined with either
245	   "clientDeleteProhibited" or "serverDeleteProhibited" status.

247	   "pendingUpdate" status MUST NOT be combined with either
248	   "clientUpdateProhibited" or "serverUpdateProhibited" status.

250	   The pendingCreate, pendingDelete, pendingTransfer, and pendingUpdate
251	   status values MUST NOT be combined with each other.

253	   Other status combinations not expressly prohibited MAY be used.

255	2.4. Dates and Times

257	   Date and time attribute values MUST be represented in Universal
258	   Coordinated Time (UTC) using the Gregorian calendar. The extended
259	   date-time form using upper case "T" and "Z" characters defined in
260	   [W3C.REC-xmlschema-2-20041028] MUST be used to represent date-time
261	   values, as XML Schema does not support truncated date-time forms or
262	   lower case "T" and "Z" characters.

264	2.5. IP Addresses

266	   The syntax for IPv4 addresses described in this document MUST
267	   conform To[RFC5730].  The syntax for IPv6 addresses described in
268	   this document MUST conform to [RFC4291].  Practical considerations
269	   for publishing IPv6 address information in zone files are documented
270	   in [RFC2874] and [RFC3596].  A server MAY reject IP addresses that
271	   have not been allocated for public use by IANA.

273	3. EPP Command Mapping

275	   A detailed description of the EPP syntax and semantics is specified
276	   in [RFC5730].  The command mappings described here are specifically
277	   for use in provisioning and managing Industrial Internet identifiers
278	   via EPP.

280	3.1. EPP Query Commands

282	   EPP provides two commands to retrieve object information: <check> to
283	   determine if an EPP object can be provisioned within a repository,
284	   and <info> to retrieve detailed information associated with an EPP
285	   object.

287	3.1.1. EPP <check> Command

289	   The EPP <check> command is used to determine if an object can be
290	   provisioned within a repository.  It provides a hint that allows a
291	   client to anticipate the success or failure of provisioning an
292	   object using the <create> command, as object-provisioning
293	   requirements are ultimately a matter of server policy.

295	   In addition to the standard EPP command elements, the <check>
296	   command MUST contain an <identifier: check> element that recognizes
297	   the identifier namespace. The <identifier: check> element contains
298	   the following child elements:

300	   o One or more <identifier:name> elements that contain the fully
301	      qualified names of the identifier objects to be queried.

303	   example <check> command:

305	   C:<?xml version="1.0" encoding="utf-8"?>
306	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi=
307	   C:"http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=
308	   C:"urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
309	   C:  <command>
310	   C:    <check>
311	   C:      <identifier:check xmlns:identifier="urn:ietf:params:xml:ns:
312	   C:      identifier-1.0" xsi:schemaLocation="urn:ietf:params:xml:ns:
313	   C:      identifier-1.0 identifier-1.0.xsd">
314	   C:        <identifier:name>88.1000.1</identifier:name>
315	   C:        <identifier:name>88.1000.2</identifier:name>
316	   C:      </identifier:check>
317	   C:    </check>
318	   C:    <clTRID>ABC-12345</clTRID>
319	   C:  </command>
320	   C:</epp>

322	   When a <check> command has been processed successfully, a server
323	   MUST respond with an EPP <resData> element that MUST contain a child
324	   element that identifies the identifier object namespace.  The child
325	   elements of the <resData> element are identifier-specific, though
326	   the EPP <resData> element MUST contain a child <identifier:chkData>
327	   element that contains one or more <identifier:cd> (check data)
328	   elements. Each <identifier:cd> element contains the following child
329	   elements:

331	   o An identifier-specific element that identifies the queried
332	      identifier.

334	      This element MUST contain an "avail" attribute whose value
335	   indicates object availability (can it be provisioned or not) at
336	   the moment the <check> command was completed. A value of "1" or
337	   "true" means that the identifier can be provisioned. A value of "0"
338	   or "false" means that the identifier cannot be provisioned.

340	   o An <identifier:reason> element that is provided when an
341	      identifier cannot be provisioned.  This element contains server-
342	      specific text to help explain why the identifier cannot be
343	      provisioned.  This text MUST be represented in the response
344	      language previously negotiated with the client; an OPTIONAL "lang"
345	      attribute MAY be present to identify the language if the
346	      negotiated value is something other than the default value of "en"
347	      (English).

349	   Example <check> response:

351	   S:<?xml version="1.0" encoding="utf-8"?>
352	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
353	   S:  <response>
354	   S:    <result code="1000">
355	   S:      <msg>Command completed successfully</msg>
356	   S:    </result>
357	   S:    <resData>
358	   S:      <identifier:chkData xmlns:identifier="urn:ietf:params:
359	   S:      xml:ns:identifier-1.0">
360	   S:        <identifier:cd>
361	   S:          <identifier:name avail="false">88.1000.1
362	   S:          </identifier:name>
363	   S:          <identifier:reason>The identifier already exists
364	   S:          </identifier:reason>
365	   S:        </identifier:cd>
366	   S:        <identifier:cd>
367	   S:          <identifier:name avail="true">88.1000.1
368	   S:          </identifier:name>
369	   S:        </identifier:cd>
370	   S:      </identifier:chkData>
371	   S:    </resData>
372	   S:    <trID>
373	   S:      <clTRID>ABC-12345</clTRID>
374	   S:      <svTRID>54321-XYZ</svTRID>
375	   S:    </trID>
376	   S:  </response>
377	   S:</epp>

379	   An EPP error response MUST be returned if a <check> command cannotbe
380	   processed for any reason.

382	3.1.2. EPP <info> Command

384	   The EPP <info> command is used to retrieve information associated
385	   with an Industrial Internet Identifier object.  In addition to the
386	   standard EPP command elements, the <info> command MUST contain an
387	   <identifier:info> element that identifies the identifier namespace.
388	   The <identifier:info> element contains one child element:

390	   An <identifier:name> element that contains the fully qualified name
391	   of the identifier object for which information is requested.

393	   Example <info> command:

395	   C:<?xml version="1.0" encoding="utf-8"?>
396	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi=
397	   C:"http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation
398	   C:="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
399	   C:  <command>
400	   C:    <info>
401	   C:      <identifier:info xmlns:identifier="urn:ietf:params:xml:
402	   C:      ns:identifier-1.0" xsi:schemaLocation="urn:ietf:params:xml
403	   C:      :ns:identifier-1.0 identifier-1.0.xsd">
404	   C:        <identifier:name>88.1000.1</identifier:name>
405	   C:      </identifier:info>
406	   C:    </info>
407	   C:    <clTRID>ABC-12345</clTRID>
408	   C:  </command>
409	   C:</epp>

411	   When an <info> command has been processed successfully, the EPP
412	   <resData> element MUST contain a child <identifier:infData> element
413	   that identifies the identifier namespace.  The <identifier:infData>
414	   element contains the following child elements:

416	   o An <identifier:name> element that contains the fully qualified
417	      name of the identifier object to be created. The identifier name
418	      with a minimum length of 1 byte and a maximum length of 255 bytes
419	      SHOULD be unique and SHOULD NOT be reused.

421	   o An <identifier:type> element that specifies type of identification
422	      technique of the identifier object. Handle is taken as an example
423	      in this document.

425	   o Zero or more OPTIONAL <identifier:contact> elements that contain
426	      contact information of the enterprise that applies for the
427	      identifier to be queried.

429	   o Zero or more OPTIONAL <identifier:URL> elements that contain the
430	      URL associated with the identifier object to be queried.

432	o An <identifier:administratorList> element that contains one or more
433	      <identifier:administrator> elements that specify administrator
434	      information of the identifier object. Identifier administrators
435	      are entitled to create identifier or sub-naming authorities under
436	      the handle prefix according to the permission defined by its
437	      <identifier:permissionList> sub-element.

439	      Each <identifier:administrator> element includes the following
440	      child elements:

442	      An <identifier:adminIndex> element that provides the reference to
443	      the authentication key that can be used to authenticate the
444	      administrator.

446	      An <identifier:pubkey> element that contains the authentication
447	      key of the administrator and information of the type of the
448	      technique used to authenticate administrator. The public key is
449	      processed with base64 encoding schemes.

451	      Three types of algorithms are recommended to authenticate the
452	      identifier administrator: Digital Signature Algorithm (DSA)
453	      public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key
454	      cryptography, or the password-based authentication mechanism.

456	      The Digital Signature Algorithm (DSA) is a typical kind of
457	      cryptographic algorithm to generate pairs of keys used in
458	      public-key system:  public keys which may be stored in the
459	      server, and private keys which are known only to the client.

461	    The RSA is one of the first public-key cryptosystems and is another
462	    kind of cryptographic algorithm used for secure data transmission.

464	    The password is a word or string of characters used for user
465	    authentication to prove identity of the administrator.

467	    An <identifier:permissionList> element MAY contain zero or more
468	    <identifier:permission> elements that specify information about
469	    the administration authority of the administrator.  A set of
470	    administration functions that include adding, deleting, and
471	    modifying identifier or identifier values are supported by the
472	    identifier service.  Before fulfilling any administration request,
473	    the server must authenticate the client as the identifier
474	    administrator that is authorized for the administrative operation.

476	    List of all the permissions see the "Formal Syntax" section of this
477	    document.

479	   o An <identifier:siteList> element that contains one or more
480	      <identifier:siteInfo> elements that provide information to locate
481	      the site to implement provisions and resolution of the identifier.
482	      In this section, the element defines a handle service site by
483	      identifying the server computers that comprise the site along with
484	      their service configurations (e.g., port numbers).

486	      Each <identifier:siteInfo> contains the following child elements:
487	      An <identifier:siteIndex>  element that indicates the specific
488	      index of a site.

490	      An <identifier:protocolVersion>  element that indicates handle
491	      protocol version  used to create the handle identifier.

493	      One or more <identifier:serviceInfo> elements that contain the
494	      following elements:

496	      An <identifier:serverID> element defines the number of servers in
497	      the service site.

499	      One or more <identifier:addr> elements that describe IP address of
500	      the identifier service.  Each <identifier:addr> element MAY
501	      contain an "ip" attribute to identify the IP address format.
502	      Attribute value "v4" is used to note IPv4 address format.
503	      Attribute value "v6" is used to note IPv6 address format.  If the
504	      "ip" attribute is not specified,"v4" is the default attribute
505	      value.

507	      An <identifier:pubkey> element that contains the server's public
508	      key with a "type" attribute that specifies algorithms used to
509	      generate the public key. Public key in the
510	      <identifier:serviceInfo> can be used to authenticate any service
511	      response from the handle server.

513	    One or more <identifier:serviceInterfaces> elements that have
514	    three child elements: an <identifier:serviceType> element that
515	    indicates whether the service is for query or for administration,
516	    an <identifier:protocol> element that specifies transmission
517	    protocol, where UDP and HTTP could be considered as alternative
518	    protocols, and the <identifier:port> element that represents
519	    service port of specific the service component.

521	   Example <info> response:

523	   S:<?xml version="1.0" encoding="utf-8"?>
524	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
525	   S:  <response>
526	   S:    <result code="1000">
527	   S:      <msg>Command completed successfully</msg>
528	   S:    </result>
529	   S:    <resData>
530	   S:      <identifier:infData
531	   S:      xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0">
532	   S:        <identifier:name>88.1000.1</identifier:name>
533	   S:        <identifier:type>handle</identifier:type>
534	   S:        <identifier:status s="clientUpdateProhibited"/>
535	   S:        <identifier:contact>jd1234</identifier:contact>
536	   S:        <identifier:url>www.caict.ac.cn</identifier:url>
537	   S:        <identifier:administratorList>
538	   S:          <identifier:administrator>
539	   S:            <identifier:adminIndex>100</identifier:adminIndex>
540	   S:            <identifier:pubkey type="dsa_pub_key">
541	   S:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf
542	   S:            wYFTfB05hhLDC1...</identifier:pubkey>
543	   S:            <identifier:permissionList>
544	   S:              <identifier:permission>add_handle
545	   S:              </identifier:permission>
546	   S:              <identifier:permission>delete_handle
547	   S:              </identifier:permission>
548	   S:              <identifier:permission>add_value
549	   S:              </identifier:permission>
550	   S:              <identifier:permission>modify_admin
551	   S:              </identifier:permission>
552	   S:              <identifier:permission>remove_admin
553	   S:              </identifier:permission>
554	   S:            </identifier:permissionList>
555	   S:          </identifier:administrator>
556	   S:        </identifier:administratorList>
557	   S:        <identifier:siteList>
558	   S:          <identifier:siteInfo>
559	   S:            <identifier:siteIndex>500</identifier:siteIndex>
560	   S:            <identifier:protocolVersion>2.10
561	   S:            </identifier:protocolVersion>
562	   S:            <identifier:serviceInfo>
563	   S:              <identifier:serverID>1</identifier:serverID>
564	   S:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
565	   S:              <identifier:addr ip="v6">
566	   S:              1080:0:0:0:8:800:200C:417A
567	   S:              </identifier:addr>
568	   S:              <identifier:pubkey type="dsa_pub_key">
569	   S:              AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03QfwY
570	   S:              FTfB05hhLDC1...</identifier:pubkey>
571	   S:              <identifier:serviceInterfaces>
572	   S:                <identifier:serviceType>query
573	   S:                </identifier:serviceType>
574	   S:                <identifier:protocol>tcp</identifier:protocol>
575	   S:                <identifier:port>2641</identifier:port>
576	   S:              </identifier:serviceInterfaces>
577	   S:            </identifier:serviceInfo>
578	   S:          </identifier:siteInfo>
579	   S:        </identifier:siteList>
580	   S:      </identifier:infData>
581	   S:    </resData>
582	   S:    <trID>
583	   S:      <clTRID>ABC-12345</clTRID>
584	   S:      <svTRID>54322-XYZ</svTRID>
585	   S:    </trID>
586	   S:  </response>
587	   S:</epp>
588	   An EPP error response MUST be returned if an <info> command cannot
589	   be processed for any reason.

591	3.1.3. EPP <transfer> Query Command

593	   Transfer semantics do not directly apply to identifier objects, so
594	   there is no mapping defined for the EPP <transfer> query command.

596	3.2. EPP Transform Commands

598	   EPP provides three commands to transform identifier objects:
599	   <create> to create an instance of an identifier object, <delete> to
600	   delete an instance of an identifier object, and <update> to change
601	   information associated with an identifier object.  This document
602	   does not define identifier-object mappings for the EPP <renew> and
603	   <transfer> commands.

605	   Transform commands are typically processed and completed in real
606	   time.  Server operators MAY receive and process transform commands
607	   but defer completing the requested action if human or third-party
608	   review is required before the requested action can be completed.  In
609	   such situations, the server MUST return a 1001 response code to the
610	   client to note that the command has been received and processed but
611	   that the requested action is pending.  The server MUST also manage
612	   the status of the object that is the subject of the command to
613	   reflect the initiation and completion of the requested action.  Once
614	   the action has been completed; all clients involved in the
615	   transaction MUST be notified using a service message that the action
616	   has been completed and that the status of the object has changed.

618	   Other notification methods MAY be used in addition to the required
619	   service message.

621	   Server operators SHOULD confirm that a client is authorized to
622	   perform a transform command on a given object.  Any attempt to
623	   transform an object by an unauthorized client MUST be rejected, and
624	   the server MUST return a 2201 response code to the client to note
625	   that the client lacks privileges to execute the requested command.

627	3.2.1. EPP <create> Command

629	   The EPP <create> command provides an operation that allows a client
630	   to create an identifier object. In addition to the standard EPP
631	   command elements, the <create> command MUST contain an <identifier:
632	   create> element that identifies the identifier to be created.  The
633	   <identifier:create> element contains the following child elements:

635	   o An <identifier:name> element that contains the fully qualified
636	      name of the identifier object to be created. The identifier name
637	      with a minimum length of 1 byte and a maximum length of 255 bytes
638	      SHOULD be unique and SHOULD NOT be reused.

640	   o An <identifier:type> element that specifies type of identification
641	      technique of the identifier object. Handle is taken as an example
642	      in this document.

644	   o Zero or more OPTIONAL <identifier:contact> elements that contain
645	      contact information of the enterprise that applies for the
646	      identifier to be created.

648	   o Zero or more OPTIONAL <identifier:URL> elements that contain the
649	      URL associated with the identifier object to be created.

651	   o An <identifier:administratorList> element that contains one or
652	      more <identifier:administrator> elements that specify
653	      administrator information of the identifier object. Identifier
654	      administrators are entitled to administrate or resolve identifier
655	      or identifier values according to the permission defined by its
656	      <identifier:permissionList> sub-element.

658	      Each <identifier:administrator> element includes the following
659	      child elements:

661	      An <identifier:adminIndex> element that provides the reference to
662	      the authentication key that can be used to authenticate the
663	      administrator.

665	      An <identifier:pubkey> element that contains the authentication
666	      key of the administrator and information of the type of the
667	      technique used to authenticate administrator. The public key is
668	      processed with base64 encoding schemes.

670	      Three types of algorithms are recommended to authenticate the
671	      identifier administrator: Digital Signature Algorithm (DSA)
672	      public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key
673	      cryptography, or the password-based authentication mechanism.

675	      The Digital Signature Algorithm (DSA) is a typical kind of
676	      cryptographic algorithm to generate pairs of keys used in public-
677	      key system:  public keys which may be stored in the server, and
678	      private keys which are known only to the client.

680	      The RSA is one of the first public-key cryptosystems and is
681	      another kind of cryptographic algorithm used for secure data
682	      transmission.

684	      The password is a word or string of characters used for user
685	      authentication to prove identity of the administrator.

687	      An <identifier:permissionList> element MAY contain zero or more
688	      <identifier:permission> elements that specify information about
689	      the administration authority of the administrator.  A set of
690	      administration functions that include adding, deleting, and
691	      modifying identifier or identifier values are supported by the
692	      identifier service.  Before fulfilling any administration request,
693	      the server must authenticate the client as the identifier
694	      administrator that is authorized for the administrative operation.

696	      List of all the permissions see the "Formal Syntax" section of
697	      this document.

699	   o An <identifier:siteList> element that contains one or more
700	      <identifier:siteInfo> elements that provide information to locate

702	    the site to implement provisions and resolution of the identifier.
703	    In this section, the element defines a handle service site by
704	    identifying the server computers that comprise the site along with
705	    their service configurations (e.g., port numbers).

707	    Each <identifier:siteInfo> contains the following child elements:
708	    An <identifier:siteIndex>  element that indicates the specific
709	    index of a site.

711	    An <identifier:protocolVersion>  element that indicates handle
712	    protocol version  used to create the handle identifier.

714	    One or more <identifier:serviceInfo> elements that contain the
715	    following elements:

717	      An <identifier:serverID> element defines the number of servers in
718	      the service site.

720	      One or more <identifier:addr> elements that describe IP address of
721	      the identifier service.  Each <identifier:addr> element MAY
722	      contain an "ip" attribute to identify the IP address format.

724	      Attribute value "v4" is used to note IPv4 address format.
725	      Attribute value "v6" is used to note IPv6 address format.  If the
726	      "ip" attribute is not specified,"v4" is the default attribute
727	      value.

729	      An <identifier:pubkey> element that contains the server's public
730	      key with a "type" attribute that specifies algorithms used to
731	      generate the public key. Public key in the
732	      <identifier:serviceInfo> can be used to authenticate any service
733	      response from the handle server.

735	      One or more <identifier:serviceInterfaces> elements that have
736	      three child elements: an <identifier:serviceType> element that
737	      indicates whether the service is for query or for administration,
738	      an <identifier:protocol> element that specifies transmission
739	      protocol, where UDP and HTTP could be considered as alternative
740	      protocols, and the <identifier:port> element that represents
741	      service port of specific the service component.

743	   Example <create> command:

745	   C:<?xml version="1.0" encoding="utf-8" standalone="no"?>
746	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
747	   C:xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
748	   C:xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
749	   C:  <command>
750	   C:    <create>
751	   C:      <identifier:create
752	   C:      xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0"
753	   C:      xsi:schemaLocation="urn:ietf:params:xml:ns:identifier-1.0
754	   C:      identifier-1.0.xsd">
755	   C:        <identifier:name>88.1000.1</identifier:name>
756	   C:        <identifier:type>handle</identifier:type>
757	   C:        <identifier:contact>jd1234</identifier:contact>
758	   C:        <identifier:url>www.caict.ac.cn</identifier:url>
759	   C:        <identifier:administratorList>
760	   C:          <identifier:administrator>
761	   C:            <identifier:adminIndex>100</identifier:adminIndex>
762	   C:            <identifier:pubkey type="dsa_pub_key">
763	   C:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4
764	   C:            e175lVnv03QfwYFTfB05hhLDC1...</identifier:pubkey>
765	   C:            <identifier:permissionList>
766	   C:              <identifier:permission>add_handle
767	   C:              </identifier:permission>
768	   C:              <identifier:permission>delete_handle
769	   C:              </identifier:permission>
770	   C:              <identifier:permission>add_value
771	   C:              </identifier:permission>
772	   C:              <identifier:permission>modify_admin
773	   C:              </identifier:permission>
774	   C:              <identifier:permission>remove_admin
775	   C:              </identifier:permission>
776	   C:            </identifier:permissionList>
777	   C:          </identifier:administrator>
778	   C:        </identifier:administratorList>
779	   C:        <identifier:siteList>
780	   C:          <identifier:siteInfo>
781	   C:            <identifier:siteIndex>500</identifier:siteIndex>
782	   C:            <identifier:protocolVersion>2.10
783	   C:            </identifier:protocolVersion>
784	   C:            <identifier:serviceInfo>
785	   C:              <identifier:serverID>1</identifier:serverID>
786	   C:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
787	   C:              <identifier:addr ip="v6">1080:0:0:0:8:800:200C:417A
788	   C:              </identifier:addr>
789	   C:              <identifier:pubkey type="dsa_pub_key">
790	   C:              AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e
791	   C:              175lVnv03QfwYFTfB05hhLDC1...</identifier:pubkey>
792	   C:              <identifier:serviceInterfaces>
793	   C:                <identifier:serviceType>query
794	   C:                </identifier:serviceType>
795	   C:                <identifier:protocol>tcp</identifier:protocol>
796	   C:                <identifier:port>2641</identifier:port>
797	   C:              </identifier:serviceInterfaces>
798	   C:            </identifier:serviceInfo>
799	   C:          </identifier:siteInfo>
800	   C:        </identifier:siteList>
801	   C:      </identifier:create>
802	   C:    </create>
803	   C:    <clTRID>ABC-12345</clTRID>
804	   C:  </command>
805	   C:</epp>
806	   When a <create> command has been processed successfully, the EPP
807	   <response> element MUST contain a child <result code> element that
808	   identifies the result of processing.

810	   Example <create> response:

812	   S:<?xml version="1.0" encoding="utf-8" standalone="no"?>
813	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
814	   S:  <response>
815	   S:    <result code="1000">
816	   S:      <msg>Command completed successfully</msg>
817	   S:    </result>
818	   S:    <trID>
819	   S:      <clTRID>ABC-12345</clTRID>
820	   S:      <svTRID>54321-XYZ</svTRID>
821	   S:    </trID>
822	   S:  </response>
823	   S:</epp>

825	   An EPP error response MUST be returned if a <create> command cannot
826	   be processed for any reason.

828	3.2.2. EPP <delete> Command

830	   The EPP <delete> command provides an operation that allows a client
831	   to delete an identifier object. In addition to the standard EPP
832	   command elements, the <delete> command MUST contain an
833	   <identifier:delete> element that specifies the identifier namespace.
834	   The<identifier:delete> element contains the following child element:

836	   o An <identifier:name> element that contains the fully qualified
837	      name of the identifier object to be deleted.

839	   Example <delete> command:

841	   C:<?xml version="1.0" encoding="utf-8"?>
842	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi=
843	   C:"http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=
844	   C:"urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
845	   C:  <command>
846	   C:    <delete>
847	   C:      <identifier:delete xmlns:identifier="urn:ietf:params:
848	   C:      xml:ns:identifier-1.0" xsi:schemaLocation="urn:ietf:
849	   C:      params:xml:ns:identifier-1.0 identifier-1.0.xsd">
850	   C:        <identifier:name>88.1000.1</identifier:name>
851	   C:      </identifier:delete>
852	   C:    </delete>
853	   C:    <clTRID>ABC-12345</clTRID>
854	   C:  </command>
855	   C:</epp>

857	   When a <delete> command has been processed successfully, a server
858	   MUST respond with an EPP response with no <resData> element.

860	   Example <delete> response

862	   <?xml version="1.0" encoding="utf-8"?>

864	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
865	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
866	   S:  <response>
867	   S:    <result code="1000">
868	   S:      <msg>Command completed successfully</msg>
869	   S:    </result>
870	   S:    <trID>
871	   S:      <clTRID>ABC-12345</clTRID>
872	   S:      <svTRID>54321-XYZ</svTRID>
873	   S:    </trID>
874	   S:  </response>
875	   S:</epp>

877	   An EPP error response MUST be returned if a <delete> command cannot
878	   be processed for any reason.

880	3.2.3. EPP <renew> Command

882	   Renewal semantics do not apply to identifier objects, so there is no
883	   identifier mapping defined for the EPP <renew> command.

885	3.2.4. EPP <transfer> Command

887	   Transfer semantics do not directly apply to identifier objects, so
888	   there is no mapping defined for the EPP <transfer> command.

890	3.2.5. EPP <update> Command

892	   The EPP <update> command provides an operation that allows a client
893	   to modify the attributes of an identifier.  In addition to the
894	   standard EPP command elements, the <update> command MUST contain an
895	   <identifier:update> element that identifies the identifier object
896	   and attributes to be updated.  The <identifier:update> element
897	   contains the following child elements:

899	   o An <identifier:name> element that contains the fully qualified
900	      name of the identifier object to be updated.

902	   o An OPTIONAL <identifier:add> element that contains attribute
903	      values to be added to the identifier object.

905	   o An OPTIONAL <identifier:rem> element that contains attribute
906	      values to be removed from the object. It has the following child
907	      elements: An OPTIONAL <identifier:contact> element that contains
908	      contact information that is to be removed from the identifier.

910	      An optional <identifier:url> element that contains the URL to be
911	      removed. An OPTIONAL <identifier:adminIndex> element that
912	      specifies the index of the identifier administrator to be deleted.
913	      An OPTIONAL <identifier:siteIndex> element that contains
914	      information about index of the site to be removed from the
915	      identifier object. At least one child element of MUST be provided
916	      if the <identifier:rem> element is present.

918	   o An OPTIONAL <identifier:chg> element that contains object
919	      attribute values to be changed. The name of an identifier MUST NOT
920	      be changed, due to impacts on associated identifier objects.

922	   At least one <identifier:add>, <identifier:rem>, or <identifier:chg>
923	   element MUST be provided if the command is not being extended.  All
924	   of these elements MAY be omitted if an <update> extension is
925	   present. The <identifier:add> and <identifier:chg> elements share
926	   two common child elements: <identifier:administrator> and the
927	   <identifier:siteInfo> element.

929	   The <identifier:add> element has two additional child elements:
930	   <identifier:contact> and <identifier:url>  other than the common
931	   element.

933	   Whereas the <identifier:chg> has an additional <identifier:status>
934	   element that specifies status of the identifier object. Description
935	   of the common child elements of <identifier:add> and
936	   <identifier:chg> goes as follows:

938	       - An <identifier:administrator> element that specifies
939	         administrator information of the identifier object. Identifier
940	         administrators are entitled to administrate or resolve
941	         identifier or identifier values according to the permission
942	         defined by its <identifier:permissionList> sub-element. An
943	         <identifier:administrator> element includes the following

945	         child elements:

947	         An <identifier:adminIndex> element that provides the reference
948	         to the authentication key that can be used to authenticate the
949	         administrator.

951	        An <identifier:pubkey> element that contains the authentication
952	        key of the administrator and information of the type of the
953	        technique used to authenticate administrator. The public key is
954	        processed with base64 encoding schemes.

956	        Three types of algorithms are recommended to authenticate the
957	        identifier administrator: Digital Signature Algorithm (DSA)
958	        public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key
959	        cryptography, or the password-based authentication mechanism.

961	        An <identifier:permissionList> element MAY contain zero or more
962	        <identifier:permission> elements that specify information about
963	        the administration authority of the administrator.  A set of
964	        administration functions that include adding, deleting, and
965	        modifying identifier or identifier values are supported by the
966	        identifier service.  Before fulfilling any administration
967	        request, the server must authenticate the client as the
968	        identifier administrator that is authorized for the
969	        administrative operation.

971	        Lists of all the permissions see the "Formal Syntax" section of
972	        this document.

974	     -  An <identifier:siteInfo> element that provides information to
975	       locate the site to implement provisions and resolution of   the
976	       identifier.The <identifier:siteInfo> element defines a handle
977	       service site by identifying the server computers that comprise
978	       the site along with their service configurations (e.g., port
979	       numbers).It contains the following child elements:

981	       An <identifier:siteIndex>  element that indicates the specific
982	       index of a site that is added or modified.

984	       An <identifier:protocolVersion>  element that indicates handle
985	       protocol version  used to create the handle identifier.

987	       One or more <identifier:serviceInfo> elements that contain  the
988	       following elements: An <identifier:serverID> element defines the
989	       number of servers in the service site. One or more
990	       <identifier:addr> elements that describe IP address of the
991	       identifier service.  Each <identifier:addr> element MAY contain
992	       an "ip" attribute to identify the IP address format. Attribute
993	       value "v4" is used to note IPv4 address format.  Attribute value
994	       "v6" is used to note IPv6 address format.  If the "ip" attribute
995	       is not specified,"v4" is the default attribute value. An
996	       <identifier:pubkey> element that contains the server's public key
997	       with a "type" attribute that specifies algorithms used to
998	       generate the public key. Public key in the
999	       <identifier:serviceInfo> can be used to authenticate any service
1000	       response from the handle server. One or more
1001	       <identifier:serviceInterfaces> elements that have three child
1002	       elements: an <identifier:serviceType> element that indicates
1003	       whether the service is for query or for administration, an
1004	       <identifier:protocol> element that specifies transmission
1005	       protocol, where UDP and HTTP could be considered as alternative
1006	       protocols, and the <identifier:port> element that represents
1007	       service port of specific the service component.

1009	   Example <update> command:

1011	   C:<?xml version="1.0" encoding="utf-8"?>
1012	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
1013	   C:xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
1014	   C:xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
1015	   C:  <command>
1016	   C:    <update>
1017	   C:      <identifier:update
1018	   C:      xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0"
1019	   C:      xsi:schemaLocation="urn:ietf:params:xml:ns:identifier-1.0
1020	   C:      identifier-1.0.xsd">
1021	   C:        <identifier:name>88.1000.1</identifier:name>
1022	   C:        <identifier:add>
1023	   C:          <identifier:contact>jd12345</identifier:contact>
1024	   C:          <identifier:url>www.abc.com</identifier:url>
1025	   C:          <identifier:administrator>
1026	   C:            <identifier:adminIndex>101</identifier:adminIndex>
1027	   C:            <identifier:pubkey type="dsa_pub_key">
1028	   C:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf
1029	   C:            wYFTfB05hhLDC1...</identifier:pubkey>
1030	   C:            <identifier:permissionList>
1031	   C:              <identifier:permission>add_handle
1032	   C:              </identifier:permission>
1033	   C:              <identifier:permission>delete_handle
1034	   C:              </identifier:permission>
1035	   C:              <identifier:permission>add_value
1036	   C:              </identifier:permission>
1037	   C:              <identifier:permission>modify_admin
1038	   C:              </identifier:permission>
1039	   C:              <identifier:permission>remove_admin
1040	   C:              </identifier:permission>
1041	   C:            </identifier:permissionList>
1042	   C:          </identifier:administrator>
1043	   C:          <identifier:siteInfo>
1044	   C:            <identifier:siteIndex>501</identifier:siteIndex>
1045	   C:            <identifier:protocolVersion>2.10
1046	   C:            </identifier:protocolVersion>
1047	   C:            <identifier:serviceInfo>
1048	   C:              <identifier:serverID>1</identifier:serverID>
1049	   C:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
1050	   C:              <identifier:addr ip="v6">1080:0:0:0:8:800:200C:417A
1051	   C:              </identifier:addr>
1052	   C:              <identifier:pubkey type="dsa_pub_key">
1053	   C:              AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e
1054	   C:              175lVnv03QfwYFTfB05hhLDC1...</identifier:pubkey>
1055	   C:              <identifier:serviceInterfaces>
1056	   C:                <identifier:serviceType>admin
1057	   C:                </identifier:serviceType>
1058	   C:                <identifier:protocol>tcp</identifier:protocol>
1059	   C:                <identifier:port>2641</identifier:port>
1060	   C:              </identifier:serviceInterfaces>
1061	   C:            </identifier:serviceInfo>
1062	   C:          </identifier:siteInfo>
1063	   C:        </identifier:add>
1064	   C:        <identifier:rem>
1065	   C:          <identifier:contact>jd12345</identifier:contact>
1066	   C:          <identifier:url>www.abc.com</identifier:url>
1067	   C:          <identifier:adminIndex>101</identifier:adminIndex>
1068	   C:          <identifier:siteIndex>500</identifier:siteIndex>
1069	   C:        </identifier:rem>
1070	   C:        <identifier:chg>
1071	   C:          <identifier:status s="clientUpdateProhibited"/>
1072	   C:          <identifier:administrator>
1073	   C:            <identifier:adminIndex>102</identifier:adminIndex>
1074	   C:            <identifier:pubkey type="dsa_pub_key">
1075	   C:            AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf
1076	   C:            wYFTfB05hhLDC1...</identifier:pubkey>
1077	   C:            <identifier:permissionList>
1078	   C:              <identifier:permission>add_handle
1079	   C:              </identifier:permission>
1080	   C:              <identifier:permission>delete_handle
1081	   C:              </identifier:permission>
1082	   C:              <identifier:permission>add_value
1083	   C:              </identifier:permission>
1084	   C:            </identifier:permissionList>
1085	   C:          </identifier:administrator>
1086	   C:          <identifier:siteInfo>
1087	   C:            <identifier:siteIndex>500</identifier:siteIndex>
1088	   C:            <identifier:protocolVersion>2.10
1089	   C:            </identifier:protocolVersion>
1090	   C:            <identifier:serviceInfo>
1091	   C:              <identifier:serverID>2</identifier:serverID>
1092	   C:              <identifier:addr ip="v4">192.0.2.2</identifier:addr>
1093	   C:              <identifier:addr ip="v6">1080:0:0:0:8:800:200C:417A
1094	   C:              </identifier:addr>
1095	   C:              <identifier:serviceInterfaces>
1096	   C:                <identifier:serviceType>query
1097	   C:                </identifier:serviceType>
1098	   C:                <identifier:protocol>tcp</identifier:protocol>
1099	   C:                <identifier:port>2641</identifier:port>
1100	   C:              </identifier:serviceInterfaces>
1101	   C:            </identifier:serviceInfo>
1102	   C:          </identifier:siteInfo>
1103	   C:        </identifier:chg>
1104	   C:      </identifier:update>
1105	   C:    </update>
1106	   C:    <clTRID>ABC-12345</clTRID>
1107	   C:  </command>
1108	   C:</epp>

1110	   When an <update> command has been processed successfully, a server
1111	   MUST respond with an EPP response with no <resData> element.

1113	   Example <update> response:

1115	   S:<?xml version="1.0" encoding="utf-8"?>
1116	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
1117	   S:  <response>
1118	   S:    <result code="1000">
1119	   S:      <msg>Command completed successfully</msg>
1120	   S:    </result>
1121	   S:    <trID>
1122	   S:      <clTRID>ABC-12345</clTRID>
1123	   S:      <svTRID>54321-XYZ</svTRID>
1124	   S:    </trID>
1125	   S:  </response>
1126	   S:</epp>

1128	   An EPP error response MUST be returned if an <update> command could
1129	   not be processed for any reason.

1131	4. Formal Syntax

1133	   An EPP object mapping is specified in XML Schema notation.  The
1134	   formal syntax presented here is a complete schema representation of
1135	   the object mapping suitable for automated validation of EPP XML
1136	   instances.  The BEGIN and END tags are not part of the schema; they
1137	   are used to note the beginning and ending of the schema for URI
1138	   registration purposes.

1140	   Redistribution and use in source and binary forms, with or without
1141	   modification, are permitted provided that the following conditions
1142	   are met:

1144	   o Redistributions of source code must retain the above copyright
1145	      notice, this list of conditions and the following disclaimer.

1147	   o Redistributions in binary form must reproduce the above copyright
1148	      notice, this list of conditions and the following disclaimer in
1149	      the documentation and/or other materials provided with the
1150	      distribution.

1152	   o Neither the name of Internet Society, IETF or IETF Trust, nor the
1153	      names of specific contributors, may be used to endorse or promote
1154	      products derived from this software without specific prior written
1155	      permission.

1157	   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
1158	   CONTRIBUTORS"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
1159	   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1160	   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1161	   IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
1162	   ANY DIRECT, INDIRECT, INCIDENTAL,SPECIAL, EXEMPLARY, OR
1163	   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1164	   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,DATA, OR PROFITS; OR
1165	   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
1166	   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
1167	   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
1168	   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

1170	   BEGIN

1172	   <?xml version="1.0" encoding="utf-8"?>

1174	   <schema xmlns="http://www.w3.org/2001/XMLSchema"
1175	   xmlns:identifier="urn:ietf:params:xml:ns:identifier-1.0"
1176	   xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"
1177	   xmlns:eppcom="urn:ietf:params:xml:ns:eppcom-1.0"
1178	   targetNamespace="urn:ietf:params:xml:ns:identifier-1.0"
1179	   elementFormDefault="qualified">
1180	     <!--
1181	       Import common element types.
1182	       -->
1183	     <import namespace="urn:ietf:params:xml:ns:eppcom-1.0"
1184	     schemaLocation="eppcom-1.0.xsd"/>
1185	     <import namespace="urn:ietf:params:xml:ns:epp-1.0"
1186	     schemaLocation="epp-1.0.xsd"/>
1187	     <annotation>
1188	       <documentation>Extensible Provisioning Protocol v1.0
1189	       identifier provisioning schema.</documentation>
1190	     </annotation>
1191	     <!--
1192	       Child elements found in EPP commands.
1193	       -->
1194	     <element name="check" type="identifier:mNameType"/>
1195	     <element name="create" type="identifier:createType"/>
1196	     <element name="update" type="identifier:updateType"/>
1197	     <element name="info" type="identifier:sNameType"/>
1198	     <element name="delete" type="identifier:sNameType"/>
1199	     <!--
1200	       Child elements of the <create> command.
1201	       -->
1202	     <complexType name="createType">
1203	       <sequence>
1204	         <element name="name" type="eppcom:labelType"/>
1205	         <element name="type" type="identifier:typeEnumType"/>
1206	         <element name="contact" type="identifier:contactType"
1207	         maxOccurs="unbounded"/>
1208	         <element name="url" type="anyURI" maxOccurs="unbounded"/>
1209	         <element name="administratorList"
1210	         type="identifier:administratorListType" minOccurs="0"/>
1211	         <element name="siteList"
1212	         type="identifier:siteListType" minOccurs="0"/>
1213	       </sequence>
1214	     </complexType>
1215	     <!--
1216	      Child elements of the <delete> and <info> commands.
1217	      -->
1218	     <complexType name="sNameType">
1219	       <sequence>
1220	         <element name="name" type="eppcom:labelType"/>
1221	       </sequence>
1222	     </complexType>
1223	     <!--
1224	      Child element of commands that accept multiple names.
1225	      -->
1226	     <complexType name="mNameType">
1227	       <sequence>
1228	         <element name="name" type="eppcom:labelType"
1229	         maxOccurs="unbounded"/>
1230	       </sequence>
1231	     </complexType>
1232	     <simpleType name="typeEnumType">
1233	       <restriction base="token">
1234	         <enumeration value="handle"/>
1235	         <enumeration value="oid"/>
1236	         <enumeration value="ecode"/>
1237	         <enumeration value="epc"/>
1238	         <enumeration value="other"/>
1239	       </restriction>
1240	     </simpleType>
1241	     <complexType name="contactType">
1242	       <simpleContent>
1243	         <extension base="eppcom:clIDType">
1244	           <attribute name="type" type="identifier:contactAttrType"/>

1246	         </extension>
1247	       </simpleContent>
1248	     </complexType>
1249	     <simpleType name="contactAttrType">
1250	       <restriction base="token">
1251	         <enumeration value="admin"/>
1252	         <enumeration value="billing"/>
1253	         <enumeration value="tech"/>
1254	       </restriction>
1255	     </simpleType>
1256	     <complexType name="administratorListType">
1257	       <sequence>
1258	         <element name="administrator"
1259	         type="identifier:administratorType" minOccurs="0"
1260	         maxOccurs="unbounded"/>
1261	       </sequence>
1262	     </complexType>
1263	     <complexType name="administratorType">
1264	       <sequence>
1265	         <element name="adminIndex" type="unsignedInt"/>
1266	         <element name="pubkey" type="identifier:pubkeyType"/>
1267	         <element name="permissionList" type="identifier:
1268	         permissionListType"/>
1269	       </sequence>
1270	     </complexType>
1271	     <complexType name="pubkeyType">
1272	       <simpleContent>
1273	         <extension base="base64Binary">
1274	           <attribute name="type" type="identifier:
1275	           pubkeyTypeType"/>
1276	         </extension>
1277	       </simpleContent>
1278	     </complexType>
1279	     <simpleType name="pubkeyTypeType">
1280	       <restriction base="token">
1281	         <enumeration value="dsa_pub_key"/>
1282	         <enumeration value="rsa_pub_key"/>
1283	         <enumeration value="secret_key"/>
1284	       </restriction>
1285	     </simpleType>
1286	     <complexType name="permissionListType">
1287	       <sequence>
1288	         <element name="permission" type="identifier:permissionType"
1289	         minOccurs="0" maxOccurs="unbounded"/>
1290	       </sequence>

1292	     </complexType>
1293	     <simpleType name="permissionType">
1294	       <restriction base="token">
1295	         <enumeration value="add_handle"/>
1296	         <enumeration value="delete_handle"/>
1297	         <enumeration value="add_na"/>
1298	         <enumeration value="delete_na"/>
1299	         <enumeration value="modify_value"/>
1300	         <enumeration value="delete_value"/>
1301	         <enumeration value="add_value"/>
1302	         <enumeration value="modify_admin"/>
1303	         <enumeration value="remove_admin"/>
1304	         <enumeration value="add_admin"/>
1305	         <enumeration value="authorized_read"/>
1306	         <enumeration value="list_handle"/>
1307	       </restriction>
1308	     </simpleType>
1309	     <complexType name="siteListType">
1310	       <sequence>
1311	         <element name="siteInfo" type="identifier:siteInfoType"
1312	         minOccurs="0" maxOccurs="unbounded"/>
1313	       </sequence>
1314	     </complexType>
1315	     <complexType name="siteInfoType">
1316	       <sequence>
1317	         <element name="siteIndex" type="unsignedInt"/>
1318	         <element name="protocolVersion" type="token"/>
1319	         <element name="serviceInfo" type="identifier:serviceInfoType"
1320	         minOccurs="0" maxOccurs="unbounded"/>
1321	       </sequence>
1322	     </complexType>
1323	     <complexType name="serviceInfoType">
1324	       <sequence>
1325	         <element name="serverID" type="unsignedInt"/>
1326	         <element name="addr" type="identifier:addrType" minOccurs="0"
1327	         maxOccurs="unbounded"/>
1328	         <element name="pubkey" type="identifier:pubkeyType"
1329	         minOccurs="0" maxOccurs="1"/>
1330	         <element name="serviceInterfaces"
1331	         type="identifier:serviceInterfacesType"
1332	         minOccurs="0" maxOccurs="unbounded"/>
1333	       </sequence>
1334	     </complexType>
1335	     <complexType name="addrType">
1336	       <simpleContent>
1337	         <extension base="identifier:addrStringType">
1338	           <attribute name="ip" type="identifier:ipType" default="v4"/>
1339	         </extension>
1340	       </simpleContent>
1341	     </complexType>
1342	     <simpleType name="addrStringType">
1343	       <restriction base="token">
1344	         <minLength value="3"/>
1345	         <maxLength value="45"/>
1346	       </restriction>
1347	     </simpleType>
1348	     <simpleType name="ipType">
1349	       <restriction base="token">
1350	         <enumeration value="v4"/>
1351	         <enumeration value="v6"/>
1352	       </restriction>
1353	     </simpleType>
1354	     <complexType name="serviceInterfacesType">
1355	       <sequence>
1356	         <element name="serviceType"
1357	   type="identifier:serviceTypeType"/>
1358	         <element name="protocol" type="identifier:protocolType"/>
1359	         <element name="port" type="unsignedShort"/>
1360	       </sequence>
1361	     </complexType>
1362	     <simpleType name="serviceTypeType">
1363	       <restriction base="token">
1364	         <enumeration value="query"/>
1365	         <enumeration value="admin"/>
1366	       </restriction>
1367	     </simpleType>
1368	     <simpleType name="protocolType">
1369	       <restriction base="token">
1370	         <enumeration value="tcp"/>
1371	         <enumeration value="udp"/>
1372	         <enumeration value="http"/>
1373	       </restriction>
1374	     </simpleType>
1375	     <!--
1376	       Child elements of the <update> command.
1377	       -->
1378	     <complexType name="updateType">
1379	       <sequence>
1380	         <element name="name" type="eppcom:labelType"/>
1381	         <element name="add" type="identifier:addType" minOccurs="0"/>
1382	         <element name="rem" type="identifier:remType" minOccurs="0"/>
1383	         <element name="chg" type="identifier:chgType" minOccurs="0"/>
1384	       </sequence>
1385	     </complexType>
1386	     <complexType name="addType">
1387	       <sequence>
1388	         <element name="contact" type="identifier:contactType"
1389	         minOccurs="0" maxOccurs="unbounded"/>
1390	         <element name="url" type="eppcom:labelType" minOccurs="0"
1391	         maxOccurs="unbounded"/>
1392	         <element name="administrator"
1393	         type="identifier:administratorType"
1394	         minOccurs="0" maxOccurs="unbounded"/>
1395	         <element name="siteInfo" type="identifier:siteInfoType"
1396	         minOccurs="0" maxOccurs="unbounded"/>
1397	         <element name="cert" type="token" minOccurs="0"
1398	   maxOccurs="1"/>
1399	         <element name="signature" type="token" minOccurs="0"
1400	         maxOccurs="1"/>
1401	       </sequence>
1402	     </complexType>
1403	     <complexType name="remType">
1404	       <sequence>
1405	         <element name="contact" type="identifier:contactType"
1406	         minOccurs="0" maxOccurs="unbounded"/>
1407	         <element name="url" type="eppcom:labelType" minOccurs="0"
1408	         maxOccurs="unbounded"/>
1409	         <element name="adminIndex" type="unsignedInt" minOccurs="0"
1410	         maxOccurs="unbounded"/>
1411	         <element name="siteIndex" type="unsignedInt" minOccurs="0"
1412	         maxOccurs="unbounded"/>
1413	       </sequence>
1414	     </complexType>
1415	     <complexType name="chgType">
1416	       <sequence>
1417	         <element name="status" type="identifier:statusType"
1418	         minOccurs="0"/>
1419	         <element name="administrator"
1420	         type="identifier:administratorType" minOccurs="0"
1421	         maxOccurs="unbounded"/>
1422	         <element name="siteInfo" type="identifier:siteInfoType"
1423	         minOccurs="0" maxOccurs="unbounded"/>
1424	         <element name="cert" type="token" minOccurs="0"
1425	         maxOccurs="1"/>
1426	         <element name="signature" type="token" minOccurs="0"
1427	         maxOccurs="1"/>
1428	       </sequence>
1429	     </complexType>
1430	     <!--
1431	       Status is a combination of attributes and an optional
1432	       human-readable message that may be expressed in languages other
1433	       than English.
1434	       -->
1435	     <complexType name="statusType">
1436	       <simpleContent>
1437	         <extension base="normalizedString">
1438	           <attribute name="s" type="identifier:statusValueType"
1439	           use="required"/>
1440	           <attribute name="lang" type="language" default="en"/>
1441	         </extension>
1442	       </simpleContent>
1443	     </complexType>
1444	     <simpleType name="statusValueType">
1445	       <restriction base="token">
1446	         <enumeration value="clientDeleteProhibited"/>
1447	         <enumeration value="clientHold"/>
1448	         <enumeration value="clientRenewProhibited"/>
1449	         <enumeration value="clientTransferProhibited"/>
1450	         <enumeration value="clientUpdateProhibited"/>
1451	         <enumeration value="inactive"/>
1452	         <enumeration value="ok"/>
1453	         <enumeration value="pendingCreate"/>
1454	         <enumeration value="pendingDelete"/>
1455	         <enumeration value="pendingRenew"/>
1456	         <enumeration value="pendingTransfer"/>
1457	         <enumeration value="pendingUpdate"/>
1458	         <enumeration value="serverDeleteProhibited"/>
1459	         <enumeration value="serverHold"/>
1460	         <enumeration value="serverRenewProhibited"/>
1461	         <enumeration value="serverTransferProhibited"/>
1462	         <enumeration value="serverUpdateProhibited"/>
1463	       </restriction>
1464	     </simpleType>
1465	     <!--
1466	      Child response elements.
1467	      -->
1468	     <element name="chkData" type="identifier:chkDataType"/>
1469	     <element name="infData" type="identifier:infDataType"/>
1470	     <!--
1471	      <check> response elements.

1473	      -->
1474	     <complexType name="chkDataType">
1475	       <sequence>
1476	         <element name="cd" type="identifier:checkType"
1477	         maxOccurs="unbounded"/>
1478	       </sequence>
1479	     </complexType>
1480	     <complexType name="checkType">
1481	       <sequence>
1482	         <element name="name" type="identifier:checkNameType"/>
1483	         <element name="reason" type="eppcom:reasonType"
1484	   minOccurs="0"/>
1485	       </sequence>
1486	     </complexType>
1487	     <complexType name="checkNameType">
1488	       <simpleContent>
1489	         <extension base="eppcom:labelType">
1490	           <attribute name="avail" type="boolean" use="required"/>
1491	         </extension>
1492	       </simpleContent>
1493	     </complexType>
1494	     <complexType name="infDataType">
1495	       <sequence>
1496	         <element name="name" type="eppcom:labelType"/>
1497	         <element name="type" type="identifier:typeEnumType"/>
1498	         <element name="status" type="identifier:statusType"/>
1499	         <element name="contact" type="identifier:contactType"
1500	         maxOccurs="unbounded"/>
1501	         <element name="url" type="anyURI" maxOccurs="unbounded"/>
1502	         <element name="administratorList"
1503	         type="identifier:administratorListType" minOccurs="0"/>
1504	         <element name="siteList" type="identifier:siteListType"
1505	         minOccurs="0"/>
1506	       </sequence>
1507	     </complexType>
1508	     <!--
1509	       End of schema.
1510	       -->
1511	   </schema>
1512	   END
1513	5. Internationalization Considerations

1515	   EPP is represented in XML, which provides native support for
1516	   encoding information using the Unicode character set and its more
1517	   compact representations including UTF-8.  Conformant XML processors
1518	   recognize both UTF-8 and UTF-16 [RFC2781].  Though XML includes
1519	   provisions to identify and use other character encodings through use
1520	   of an "encoding" attribute in an <?xml?> declaration, use of UTF-8
1521	   is RECOMMENDED in environments where parser encoding support
1522	   incompatibility exists.

1524	   All date-time values presented via EPP MUST be expressed in
1525	   Universal Coordinated Time using the Gregorian calendar.  XML Schema
1526	   allows use of time zone identifiers to indicate offsets from the
1527	   zero meridian, but this option MUST NOT be used with EPP.  The
1528	   extended date-time form using upper case "T" and "Z" characters
1529	   defined in [W3C.REC-xmlschema-2-20041028] MUST be used to represent
1530	   date-time values, as XML Schema does not support truncated date-time
1531	   forms or lower case "T" and "Z" characters.

1533	   The syntax for handle identifiers described in this document MUST
1534	   conform to [RFC3650], [RFC3651], [RFC3652]. The conformance
1535	   requirements might change as a result of progressing work in
1536	   developing standards for internationalized identifier techniques.

1538	6. Security Considerations

1540	   Authorization information as described in Section 3.2 is REQUIRED to
1541	   create an identifier object.  This information is used in some query
1542	   and transfer operations as an additional means of determining client
1543	   authorization to perform the command.  Failure to protect
1544	   authorization information from inadvertent disclosure can result in
1545	   unauthorized transfer operations and unauthorized information
1546	   release.  Both client and server MUST ensure that authorization
1547	   information is stored and exchanged with high-grade encryption
1548	   mechanisms to provide privacy services.

1550	   The object mapping described in this document does not provide any
1551	   other security services or introduce any additional considerations
1552	   beyond those described by [RFC5730] or those caused by the protocol
1553	   layers used by EPP.

1555	7. IANA Considerations

1557	   This document uses URNs to describe XML namespaces and XML schemas
1558	   conforming to a registry mechanism described in [RFC3688].  Two URI
1559	   assignments have been registered by the IANA.

1561	   Registration request for the identifier namespace:

1563	      URI: urn:ietf:params:xml:ns:identifier-1.0

1565	      Registrant Contact: See the "Author's Address" section of this
1566	   document.

1568	      XML: None.  Namespace URIs do not represent an XML specification.

1570	   Registration request for the identifier XML schema:

1572	      URI: urn:ietf:params:xml:schema:identifier-1.0

1574	      Registrant Contact: See the "Author's Address" section of this
1575	   document.

1577	      XML: See the "Formal Syntax" section of this document.

1579	8. Acknowledgments

1581	   This document is based on an identifier application of EPP.Thus, the
1582	   authors would like to thank J. Xie who suggested improvements and
1583	   provided many invaluable comments. This document are individual
1584	   submissions, based on the work done in RFC 5730.
1585	   This document was prepared using 2-Word-v2.0.template.dot.

1587	9. References

1589	9.1. Normative References

1591	   [W3C.REC-xml-20040204] Sperberg-McQueen, C., Maler, E., Yergeau,
1592	             F., Paoli, J., and T. Bray, "Extensible Markup Language
1593	             (XML) 1.0 (Third Edition)", World Wide Web Consortium
1594	             FirstEdition REC-xml-20040204, February 2004,
1595	             <http://www.w3.org/TR/2004/REC-xml-20040204>.

1597	   [W3C.REC-xmlschema-1-20041028]  Maloney, M., Thompson, H.,
1598	             Mendelsohn, N., and D. Beech, "XML Schema Part 1:
1599	             Structures Second Edition", World Wide Web Consortium
1600	             Recommendation REC-xmlschema-1-20041028, October 2004,
1601	             <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.

1603	   [W3C.REC-xmlschema-2-20041028]  Malhotra, A. and P. Biron, "XML
1604	             Schema Part 2: Datatypes Second Edition", World Wide Web
1605	             Consortium Recommendation REC-xmlschema-2-20041028,
1606	             October 2004, <http://www.w3.org/TR/2004/REC-xmlschema-2-
1607	             20041028>.
1608	   [RFC0791]  Postel, J., "Internet Protocol",
1609	             STD 5, RFC 791, September 1981.

1611	   [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
1612	             STD 69, RFC 5730, August 2009.

1614	   [RFC3650] Sun, S. and L. Lannom, "Handle System Overview", November
1615	             2003.

1617	   [RFC3651] Sun, S., Reilly, S. and L. Lannom, "Handle System
1618	             Namespace and Service Definition", November 2003.

1620	   [RFC3652] Sun, S., Reilly, S. and L. Lannom, "Handle System Protocol
1621	             (ver 2.1) Specification", November 2003.

1623	9.2. Informative References

1625	   [RFC1558] T. Howes, "A String Representation of LDAP Search Filters",
1626	             RFC 1558, December 1993.

1628	   [RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO
1629	             10646", RFC 2781, February 2000.

1631	   [RFC2874] Crawford, M. and C. Huitema, "DNS Extensions to Support
1632	             IPv6 Address Aggregation and Renumbering", RFC 2874, July
1633	             2000.

1635	   [RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi,
1636	             "DNS Extensions to Support IP Version 6", RFC 3596,
1637	             October 2003.

1639	   [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
1640	             Architecture", RFC 4291, February 2006.

1642	Author's Address

1644	   Yuying Chen
1645	   CAICT
1646	   No.52 Huayuan North Road, Haidian District
1647	   Beijing, Beijing, 100191
1648	   China

1650	   Phone: +86 188 1008 2358
1651	   Email: chenyuying@caict.ac.cn

1653	   Jiagui Xie
1654	   CAICT
1655	   No.52 Huayuan North Road, Haidian District
1656	   Beijing, Beijing, 100191
1657	   China

1659	   Phone: +86 150 0138 5070
1660	   Email: xiejiagui@caict.ac.cn

1662	   Zhiping Li
1663	   CAICT
1664	   No.52 Huayuan North Road, Haidian District
1665	   Beijing, Beijing, 100191
1666	   China

1668	   Phone: +86 185 1107 1386
1669	   Email: lizhiping@caict.ac.cn

1671	   Zhipeng Fan
1672	   CAICT
1673	   No.52 Huayuan North Road, Haidian District
1674	   Beijing, Beijing, 100191
1675	   China

1677	   Phone: +86 159 1112 3285
1678	   Email: fanzhipeng@caict.ac.cn