idnits 2.17.1
draft-ietf-beep-framework-07.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
** Looks like you're using RFC 2026 boilerplate. This must be updated to
follow RFC 3978/3979, as updated by RFC 4748.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
== No 'Intended status' indicated for this document; assuming Proposed
Standard
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack an Authors' Addresses Section.
** The document seems to lack separate sections for Informative/Normative
References. All references will be assumed normative when checking for
downward references.
== There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses
in the document. If these are example addresses, they should be changed.
** The document seems to lack a both a reference to RFC 2119 and the
recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
keywords.
RFC 2119 keyword, line 1460: '...s identification MUST start with "x-"....'
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
match the current year
== Line 1630 has weird spacing: '...reeting err...'
== Line 1721 has weird spacing: '... code mea...'
-- The document seems to lack a disclaimer for pre-RFC5378 work, but may
have content which was first submitted before 10 November 2008. If you
have contacted all the original authors and they are all willing to grant
the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
this comment. If not, you may need to add the pre-RFC5378 disclaimer.
(See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (October 30, 2000) is 8550 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
-- Looks like a reference, but probably isn't: 'RFC-2396' on line 1604
-- Looks like a reference, but probably isn't: 'RFC-1766' on line 1613
-- Looks like a reference, but probably isn't: '1-5' on line 1616
-- Looks like a reference, but probably isn't: '0-9' on line 1616
== Unused Reference: '11' is defined on line 1832, but no explicit
reference was found in the text
== Unused Reference: '13' is defined on line 1838, but no explicit
reference was found in the text
-- Possible downref: Non-RFC (?) normative reference: ref. '2'
** Obsolete normative reference: RFC 2246 (ref. '3') (Obsoleted by RFC 4346)
** Obsolete normative reference: RFC 2222 (ref. '4') (Obsoleted by RFC
4422, RFC 4752)
== Outdated reference: A later version (-06) exists of
draft-ietf-beep-tcpmapping-04
** Obsolete normative reference: RFC 793 (ref. '6') (Obsoleted by RFC 9293)
** Obsolete normative reference: RFC 2234 (ref. '7') (Obsoleted by RFC 4234)
** Obsolete normative reference: RFC 1766 (ref. '9') (Obsoleted by RFC
3066, RFC 3282)
** Obsolete normative reference: RFC 2396 (ref. '10') (Obsoleted by RFC
3986)
** Obsolete normative reference: RFC 2401 (ref. '12') (Obsoleted by RFC
4301)
** Obsolete normative reference: RFC 2279 (ref. '13') (Obsoleted by RFC
3629)
** Obsolete normative reference: RFC 2078 (ref. '14') (Obsoleted by RFC
2743)
-- Possible downref: Non-RFC (?) normative reference: ref. '15'
-- Possible downref: Non-RFC (?) normative reference: ref. '16'
Summary: 13 errors (**), 0 flaws (~~), 8 warnings (==), 9 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group M.T. Rose
3 Internet-Draft Invisible Worlds, Inc.
4 Expires: April 30, 2001 October 30, 2000
6 The Blocks Extensible Exchange Protocol Framework
7 draft-ietf-beep-framework-07
9 Status of this Memo
11 This document is an Internet-Draft and is in full conformance with
12 all provisions of Section 10 of RFC2026.
14 Internet-Drafts are working documents of the Internet Engineering
15 Task Force (IETF), its areas, and its working groups. Note that
16 other groups may also distribute working documents as
17 Internet-Drafts.
19 Internet-Drafts are draft documents valid for a maximum of six
20 months and may be updated, replaced, or obsoleted by other documents
21 at any time. It is inappropriate to use Internet-Drafts as reference
22 material or to cite them other than as "work in progress."
24 The list of current Internet-Drafts can be accessed at
25 http://www.ietf.org/ietf/1id-abstracts.txt.
27 The list of Internet-Draft Shadow Directories can be accessed at
28 http://www.ietf.org/shadow.html.
30 This Internet-Draft will expire on April 30, 2001.
32 Copyright Notice
34 Copyright (C) The Internet Society (2000). All Rights Reserved.
36 Abstract
38 This memo describes a generic application protocol framework for
39 connection-oriented, asynchronous interactions. The framework
40 permits simultaneous and independent exchanges within the context of
41 a single application user-identity, supporting both textual and
42 binary messages.
44 Table of Contents
46 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 4
47 2. The BEEP Framework . . . . . . . . . . . . . . . . . . . . 5
48 2.1 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . 6
49 2.1.1 Exchange Styles . . . . . . . . . . . . . . . . . . . . . 6
50 2.2 Messages and Frames . . . . . . . . . . . . . . . . . . . 7
51 2.2.1 Frame Syntax . . . . . . . . . . . . . . . . . . . . . . . 8
52 2.2.1.1 Frame Header . . . . . . . . . . . . . . . . . . . . . . . 9
53 2.2.1.2 Frame Payload . . . . . . . . . . . . . . . . . . . . . . 12
54 2.2.1.3 Frame Trailer . . . . . . . . . . . . . . . . . . . . . . 13
55 2.2.2 Frame Semantics . . . . . . . . . . . . . . . . . . . . . 14
56 2.2.2.1 Poorly-formed Messages . . . . . . . . . . . . . . . . . . 14
57 2.3 Channel Management . . . . . . . . . . . . . . . . . . . . 15
58 2.3.1 Message Semantics . . . . . . . . . . . . . . . . . . . . 16
59 2.3.1.1 The Greeting Message . . . . . . . . . . . . . . . . . . . 16
60 2.3.1.2 The Start Message . . . . . . . . . . . . . . . . . . . . 17
61 2.3.1.3 The Close Message . . . . . . . . . . . . . . . . . . . . 20
62 2.3.1.4 The OK Message . . . . . . . . . . . . . . . . . . . . . . 22
63 2.3.1.5 The Error Message . . . . . . . . . . . . . . . . . . . . 22
64 2.4 Session Establishment and Release . . . . . . . . . . . . 24
65 2.5 Transport Mappings . . . . . . . . . . . . . . . . . . . . 26
66 2.5.1 Session Management . . . . . . . . . . . . . . . . . . . . 26
67 2.5.2 Message Exchange . . . . . . . . . . . . . . . . . . . . . 26
68 2.6 Parallelism . . . . . . . . . . . . . . . . . . . . . . . 27
69 2.6.1 Within a Single Channel . . . . . . . . . . . . . . . . . 27
70 2.6.2 Between Different Channels . . . . . . . . . . . . . . . . 27
71 2.6.3 Pre-emptive Replies . . . . . . . . . . . . . . . . . . . 27
72 2.6.4 Interference . . . . . . . . . . . . . . . . . . . . . . . 27
73 2.7 Peer-to-Peer Behavior . . . . . . . . . . . . . . . . . . 28
74 3. Transport Security . . . . . . . . . . . . . . . . . . . . 29
75 3.1 The TLS Transport Security Profile . . . . . . . . . . . . 32
76 3.1.1 Profile Identification and Initialization . . . . . . . . 32
77 3.1.2 Message Syntax . . . . . . . . . . . . . . . . . . . . . . 33
78 3.1.3 Message Semantics . . . . . . . . . . . . . . . . . . . . 34
79 3.1.3.1 The Ready Message . . . . . . . . . . . . . . . . . . . . 34
80 3.1.3.2 The Proceed Message . . . . . . . . . . . . . . . . . . . 34
81 4. User Authentication . . . . . . . . . . . . . . . . . . . 35
82 4.1 The SASL Family of Profiles . . . . . . . . . . . . . . . 36
83 4.1.1 Profile Identification and Initialization . . . . . . . . 37
84 4.1.2 Message Syntax . . . . . . . . . . . . . . . . . . . . . . 40
85 4.1.3 Message Semantics . . . . . . . . . . . . . . . . . . . . 41
86 5. Registration Templates . . . . . . . . . . . . . . . . . . 42
87 5.1 Profile Registration Template . . . . . . . . . . . . . . 42
88 5.2 Feature Registration Template . . . . . . . . . . . . . . 42
89 6. Initial Registrations . . . . . . . . . . . . . . . . . . 43
90 6.1 Registration: BEEP Channel Management . . . . . . . . . . 43
91 6.2 Registration: TLS Transport Security Profile . . . . . . . 43
92 6.3 Registration: SASL Family of Profiles . . . . . . . . . . 44
93 6.4 Registration: application/beep+xml . . . . . . . . . . . . 45
94 7. DTDs . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
95 7.1 BEEP Channel Management DTD . . . . . . . . . . . . . . . 46
96 7.2 TLS Transport Security Profile DTD . . . . . . . . . . . . 48
97 7.3 SASL Family of Profiles DTD . . . . . . . . . . . . . . . 49
98 8. Reply Codes . . . . . . . . . . . . . . . . . . . . . . . 50
99 9. Security Considerations . . . . . . . . . . . . . . . . . 51
100 References . . . . . . . . . . . . . . . . . . . . . . . . 52
101 Author's Address . . . . . . . . . . . . . . . . . . . . . 53
102 A. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 54
103 B. IANA Considerations . . . . . . . . . . . . . . . . . . . 55
104 Full Copyright Statement . . . . . . . . . . . . . . . . . 56
106 1. Introduction
108 This memo describes a generic application protocol framework for
109 connection-oriented, asynchronous interactions.
111 At the core of the BEEP framework is a framing mechanism that
112 permits simultaneous and independent exchanges of messages between
113 peers. Messages are arbitrary MIME[1] content, but are usually
114 textual (structured using XML[2]).
116 All exchanges occur in the context of a channel -- a binding to a
117 well-defined aspect of the application, such as transport security,
118 user authentication, or data exchange.
120 Each channel has an associated "profile" that defines the syntax and
121 semantics of the messages exchanged. Implicit in the operation of
122 BEEP is the notion of channel management. In addition to defining
123 BEEP's channel management profile, this document defines:
125 o the TLS[3] transport security profile; and,
127 o the SASL[4] family of profiles.
129 Other profiles, such as those used for data exchange, are defined by
130 an application protocol designer.
132 2. The BEEP Framework
134 A BEEP session is mapped onto an underlying transport service. A
135 separate series of documents describe how a particular transport
136 service realizes a BEEP session. For example, [5] describes how a
137 BEEP session is mapped onto a single TCP[6] connection.
139 When a session is established, each BEEP peer advertises the profile
140 it supports. Later on, during the creation of a channel, the client
141 supplies one or more proposed profiles for that channel. If the
142 server creates the channel, it selects one of the profiles and sends
143 it in a reply; otherwise, it may indicate that none of the profiles
144 are acceptable, and decline creation of the channel.
146 Channel usage falls into one of two categories:
148 initial tuning: these are used by profiles that perform
149 initialization once the BEEP session is established (e.g.,
150 negotiating the use of transport security); although several
151 exchanges may be required to perform the initialization, these
152 channels become inactive early in the BEEP session and remain so
153 for the duration.
155 continuous: these are used by profiles that support data exchange;
156 typically, these channels are created after the initial tuning
157 channels have gone quiet.
159 2.1 Roles
161 Although BEEP is peer-to-peer, it is convenient to label each peer
162 in the context of the role it is performing at a given time:
164 o When a BEEP session is established, the peer that awaits new
165 connections is acting in the listening role, and the other peer,
166 which establishes a connection to the listener, is acting in the
167 initiating role. In the examples which follow, these are referred
168 to as "L:" and "I:", respectively.
170 o A BEEP peer starting an exchange is termed the client; similarly,
171 the other BEEP peer is termed the server. In the examples which
172 follow, these are referred to as "C:" and "S:", respectively.
174 Typically, a BEEP peer acting in the server role is also acting in a
175 listening role. However, because BEEP is peer-to-peer in nature, no
176 such requirement exists.
178 2.1.1 Exchange Styles
180 BEEP allows three styles of exchange:
182 MSG/RPY: the client sends a "MSG" message asking the server to
183 perform some task, the server performs the task and replies with
184 a "RPY" message (termed a positive reply).
186 MSG/ERR: the client sends a "MSG" message, the server does not
187 perform any task and replies with an "ERR" message (termed a
188 negative reply).
190 MSG/ANS: the client sends a "MSG" message, the server, during the
191 course of performing some task, replies with zero or more "ANS"
192 messages, and, upon completion of the task, sends a "NUL"
193 message, which signifies the end of the reply.
195 The first two styles are termed one-to-one exchanges, whilst the
196 third style is termed a one-to-many exchange.
198 2.2 Messages and Frames
200 A message is structured according to the rules of MIME. Accordingly,
201 each message may begin with "entity-headers" (c.f., MIME[1]'s
202 Section 3). If none, or only some, of the "entity-headers" are
203 present:
205 o the default "Content-Type" is "application/octet-stream"; and,
207 o the default "Content-Transfer-Encoding" is "binary".
209 Normally, a message is sent in a single frame. However, it may be
210 convenient or necesary to segment a message into multiple frames
211 (e.g., if only part of a message is ready to be sent).
213 Each frame consists of a header, the payload, and a trailer. The
214 header and trailer are each represented using printable ASCII
215 characters and are terminated with a CRLF pair. Between the header
216 and the trailer is the payload, consisting of zero or more octets.
218 For example, here is a message contained in a single frame that
219 contains a payload of 119 octets spread over 5 lines (each line is
220 terminated with a CRLF pair):
222 C: MSG 0 1 . 52 132
223 C: Content-Type: application/beep+xml
224 C:
225 C:
226 C:
227 C:
228 C: END
230 In this example, note that the entire message is represented in a
231 single frame.
233 2.2.1 Frame Syntax
235 The ABNF[7] for a frame is:
237 frame = data / mapping
239 data = header payload trailer
241 header = msg / rpy / err / ans / nul
243 msg = "MSG" SP common CR LF
244 rpy = "RPY" SP common CR LF
245 ans = "ANS" SP common SP ansno CR LF
246 err = "ERR" SP common CR LF
247 nul = "NUL" SP common CR LF
249 common = channel SP msgno SP more SP seqno SP size
250 channel = 0..2147483647
251 msgno = 0..2147483647
252 more = "." / "*"
253 seqno = 0..4294967295
254 size = 0..2147483647
255 ansno = 0..2147483647
257 payload = *OCTET
259 trailer = "END" CR LF
261 mapping = ;; each transport mapping may define additional frames
263 2.2.1.1 Frame Header
265 The frame header consists of a three-character keyword (one of:
266 "MSG", "RPY", "ERR", "ANS", or "NUL"), followed by zero or more
267 parameters. A single space character (decimal code 32, " ")
268 separates each component. The header is terminated with a CRLF pair.
270 The channel number ("channel") must be a non-negative integer (in
271 the range 0..2147483647).
273 The message number ("msgno") must be a non-negative integer (in the
274 range 0..2147483647) and have a different value than all other "MSG"
275 messages for which a reply has not been completely received.
277 The continuation indicator ("more", one of: decimal code 42, "*", or
278 decimal code 46, ".") specifies whether this is the final frame of
279 the message:
281 intermediate ("*"): at least one other frame follows for the
282 message; or,
284 complete ("."): this frame completes the message.
286 The sequence number ("seqno") must be a non-negative integer (in the
287 range 0..4294967295) and specifies the sequence number of the first
288 octet in the payload, for the associated channel.
290 The payload size ("size") must be a non-negative integer (in the
291 range 0..2147483647) and specifies the exact number of octets in the
292 payload. (This does not include either the header or trailer.)
294 Note that a frame may have an empty payload, e.g.,
296 S: RPY 0 1 * 287 20
297 S: ...
298 S: ...
299 S: END
300 S: RPY 0 1 . 307 0
301 S: END
303 The answer number ("ansno") must be a non-negative integer (in the
304 range 0..4294967295) and must have a different value than all other
305 answers in progress for the message being replied to.
307 There are two kinds of frames: data and mapping. each transport
308 mapping (c.f., Section 2.5) may define its own frames. For example,
309 [5] defines the SEQ frame. The remainder of this section discusses
310 data frames.
312 When a message is segmented and sent as several frames, those frames
313 must be sent sequentally, without any intervening frames from other
314 messages on the same channel. However, there are two exceptions:
315 first, no restriction is made with respect to the interleaving of
316 frames for other channels; and, second, in a one-to-many exchange,
317 multiple answers may be simultaneously in progress. Accordingly,
318 frames for "ANS" messages may be interleaved on the same channel --
319 the answer number is used for collation, e.g.,
321 S: ANS 1 0 * 0 20 0
322 S: ...
323 S: ...
324 S: END
325 S: ANS 1 0 * 20 20 1
326 S: ...
327 S: ...
328 S: END
329 S: ANS 1 0 . 40 10 0
330 S: ...
331 S: END
333 which shows two "ANS" messages interleaved on channel 1 as part of a
334 reply to message number 0. Note that the sequence number is advanced
335 for each frame sent on the channel, and is independent of the
336 messages sent in those frames.
338 There are several rules for identifying poorly-formed frames:
340 o if the header doesn't start with "MSG", "RPY", "ERR", "ANS", or
341 "NUL";
343 o if any of the parameters in the header cannot be determined or
344 are invalid (i.e., syntactically incorrect);
346 o if the value of the channel number doesn't refer to an existing
347 channel;
349 o if the header starts with "MSG", and the message number refers to
350 a "MSG" message that has been completely received but for which a
351 reply has not been completely sent;
353 o if the header doesn't start with "MSG", and refers to a message
354 number for which a reply has already been completely received;
356 o if the header doesn't start with "MSG", and refers to a message
357 number that has never been sent (except during session
358 establishment, c.f., Section 2.3.1.1);
360 o if the header starts with "MSG", "RPY", "ERR", or "ANS", and
361 refers to a message number for which at least one other frame has
362 been received, and the three-character keyword starting this
363 frame and the immediately-previous received frame for this
364 message number are not identical;
366 o if the header starts with "NUL", and refers to a message number
367 for which at least one other frame has been received, and the
368 keyword of of the immediately-previous received frame for this
369 reply isn't "ANS";
371 o if the continuation indicator of the previous frame received on
372 the same channel was intermediate ("*"), and its message number
373 isn't identical to this frame's message number;
375 o if the value of the sequence number doesn't correspond to the
376 expected value for the associated channel (c.f., Section
377 2.2.1.2); or,
379 o if the header starts with "NUL", and the continuation indicator
380 is intermediate ("*") or the payload size is non-zero.
382 If a frame is poorly-formed, then the session is terminated without
383 generating a response, and it is recommended that a diagnostic entry
384 be logged.
386 2.2.1.2 Frame Payload
388 The frame payload consists of zero or more octets.
390 Every payload octet sent in each direction on a channel has an
391 associated sequence number. Numbering of payload octets within a
392 frame is such that the first payload octet is the lowest numbered,
393 and the following payload octets are numbered consecutively. (When a
394 channel is created, the sequence number associated with the first
395 payload octet of the first frame is 0.)
397 The actual sequence number space is finite, though very large,
398 ranging from 0..4294967295 (2**32 - 1). Since the space is finite,
399 all arithmetic dealing with sequence numbers is performed modulo
400 2**32. This unsigned arithmetic preserves the relationship of
401 sequence numbers as they cycle from 2**32 - 1 to 0 again. Consult
402 Sections 2 through 5 of [8] for a discussion of the arithmetic
403 properties of sequence numbers.
405 When receiving a frame, the sum of its sequence number and payload
406 size, modulo 4294967296 (2**32), gives the expected sequence number
407 associated with the first payload octet of the next frame received.
408 Accordingly, when receiving a frame if the sequence number isn't the
409 expected value for this channel, then the BEEP peers have lost
410 synchronization, then the session is terminated without generating a
411 response, and it is recommended that a diagnostic entry be logged.
413 2.2.1.3 Frame Trailer
415 The frame trailer consists of "END" followed by a CRLF pair.
417 When receiving a frame, if the characters immediately following the
418 payload don't correspond to a trailer, then the session is
419 terminated without generating a response, and it is recommended that
420 a diagnostic entry be logged.
422 2.2.2 Frame Semantics
424 The semantics of each message is channel-specific. Accordingly, the
425 profile associated with a channel must define:
427 o the initialization messages, if any, exchanged during channel
428 creation;
430 o the messages that may be exchanged in the payload of the channel;
431 and,
433 o the semantics of these messages.
435 A profile registration template (Section 5.1) organizes this
436 information.
438 2.2.2.1 Poorly-formed Messages
440 When defining the behavior of the profile, the template must specify
441 how poorly-formed "MSG" messages are replied to. For example, the
442 channel management profile sends a negative reply containing an
443 error message (c.f., Section 2.3.1.5).
445 If a poorly-formed reply is received on channel zero, the session is
446 terminated without generating a response, and it is recommended that
447 a diagnostic entry be logged.
449 If a poorly-formed reply is received on another channel, then the
450 channel must be closed using the procedure in Section 2.3.1.3.
452 2.3 Channel Management
454 When a BEEP session starts, only channel number zero is defined,
455 which is used for channel management. Section 6.1 contains the
456 profile registration for BEEP channel management.
458 Channel management allows each BEEP peer to advertise the profiles
459 that it supports (c.f., Section 2.3.1.1), bind an instance of one of
460 those profiles to a channel (c.f., Section 2.3.1.2), and then later
461 close any channels or release the BEEP session (c.f., Section
462 2.3.1.3).
464 A BEEP peer should support at least 257 concurrent channels.
466 2.3.1 Message Semantics
468 2.3.1.1 The Greeting Message
470 When a BEEP session is established, each BEEP peer signifies its
471 availability by immediately sending a positive reply with a message
472 number of zero that contains a "greeting" element, e.g.,
474 L:
475 I:
476 L: RPY 0 0 . 0 122
477 L: Content-Type: application/beep+xml
478 L:
479 L:
480 L:
481 L:
482 L: END
483 I: RPY 0 0 . 0 52
484 I: Content-Type: application/beep+xml
485 I:
486 I:
487 I: END
489 Note that this example implies that the BEEP peer in the initiating
490 role waits until the BEEP peer in the listening role sends its
491 greeting -- this is an artifact of the presentation; in fact, both
492 BEEP peers send their replies independently.
494 The "greeting" element has two optional attributes ("features" and
495 "localize") and zero or more "profile" elements, one for each
496 profile supported by the BEEP peer acting in a server role:
498 o the "features" attribute, if present, contains one or more
499 feature tokens, each indicating an optional feature of the
500 channel management profile supported by the BEEP peer;
502 o the "localize" attribute, if present, contains one or more
503 language tokens (defined in [9]), each identifying a desirable
504 language tag to be used by the remote BEEP peer when generating
505 textual diagnostics for the "close" and "error" elements (the
506 tokens are ordered from most to least desirable); and,
508 o each "profile" element contained within the "greeting" element
509 identifies a profile, and unlike the "profile" elements that
510 occur within the "start" element, the content of each "profile"
511 element may not contain an optional initialization message.
513 Section 5.2 defines a registration template for optional features.
515 2.3.1.2 The Start Message
517 When a BEEP peer wants to create a channel, it sends a "start"
518 element on channel zero, e.g.,
520 C: MSG 0 1 . 52 132
521 C: Content-Type: application/beep+xml
522 C:
523 C:
524 C:
525 C:
526 C: END
528 The "start" element has a "number" attribute, an optional
529 "serverName" attribute, and one or more "profile" elements:
531 o the "number" attribute indicates the channel number (in the range
532 1..2147483647) used to identify the channel in future messages;
534 o the "serverName" attribute, an arbitrary string, indicates the
535 desired server name for this BEEP session; and,
537 o each "profile" element contained with the "start" element has a
538 "uri" attribute, an optional "encoding" attribute, and arbitrary
539 character data as content:
541 * the "uri" attribute authoritatively identifies the profile;
543 * the "encoding" attribute, if present, specifies whether the
544 content of the "profile" element is represented as a
545 base64-encoded string; and,
547 * the content of the "profile" element, if present, must be no
548 longer than 4K octets in length and specifies an
549 initialization message given to the channel as soon as it is
550 created.
552 To avoid conflict in assigning channel numbers when requesting the
553 creation of a channel, BEEP peers acting in the initiating role use
554 only positive integers that are odd-numbered; similarly, BEEP peers
555 acting in the listening role use only positive integers that are
556 even-numbered.
558 The "serverName" attribute for the first successful "start" element
559 received by a BEEP peer is meaningful for the duration of the BEEP
560 session. If present, the BEEP peer decides whether to operate as the
561 indicated "serverName"; if not, an "error" element is sent in a
562 negative reply.
564 When a BEEP peer receives a "start" element on channel zero, it
565 examines each of the proposed profiles, and decides whether to use
566 one of them to create the channel. If so, the appropriate "profile"
567 element is sent in a positive reply; otherwise, an "error" element
568 is sent in a negative reply.
570 When creating the channel, the value of the "serverName" attribute
571 from the first successful "start" element is consulted to provide
572 configuration information, e.g., the desired server-side certificate
573 when starting the TLS transport security profile (Section 3.1).
575 For example, a successful channel creation might look like this:
577 C: MSG 0 1 . 52 209
578 C: Content-Type: application/beep+xml
579 C:
580 C:
581 C:
582 C:
584 C:
585 C: END
586 S: RPY 0 1 . 264 99
587 S: Content-Type: application/beep+xml
588 S:
589 S:
590 S: END
592 Similarly, an unsuccessful channel creation might look like this:
594 C: MSG 0 1 . 52 132
595 C: Content-Type: application/beep+xml
596 C:
597 C:
598 C:
599 C:
600 C: END
601 S: ERR 0 1 . 264 127
602 S: Content-Type: application/beep+xml
603 S:
604 S: number attribute
605 S: in <start> element must be odd-valued
606 S: END
608 Finally, here's an example in which an initialization element is
609 exchanged during channel creation:
611 C: MSG 0 1 . 52 170
612 C: Content-Type: application/beep+xml
613 C:
614 C:
615 C:
616 C: ]]>
617 C:
618 C:
619 C: END
620 S: RPY 0 1 . 122 133
621 S: Content-Type: application/beep+xml
622 S:
623 S:
624 S: ]]>
625 S:
626 S: END
628 2.3.1.3 The Close Message
630 When a BEEP peer wants to close a channel, it sends a "close"
631 element on channel zero, e.g.,
633 C: MSG 0 2 . 247 71
634 C: Content-Type: application/beep+xml
635 C:
636 C:
637 C: END
639 The "close" element has a "number" attribute, a "code" attribute, an
640 optional "xml:lang" attribute, and an optional textual diagnostic as
641 its content:
643 o the "number" attribute indicates the channel number;
645 o the "code" attribute is a three-digit reply code meaningful to
646 programs (c.f., Section 8);
648 o the "xml:lang" attribute identifies the language that the
649 element's content is written in (the value is suggested, but not
650 mandated, by the "localize" attribute of the "greeting" element
651 sent by the remote BEEP peer); and,
653 o the textual diagnostic (which may be multiline) is meaningful to
654 implementers, perhaps administrators, and possibly even users,
655 but never programs.
657 Note that if the textual diagnostic is present, then the "xml:lang"
658 attribute is absent only if the language indicated as the remote
659 BEEP peer's first choice is used.
661 If the value of the "number" attribute is zero, then the BEEP peer
662 wants to release the BEEP session (c.f., Section 2.4) -- otherwise
663 the value of the "number" attribute refers to an existing channel.
665 When a BEEP peer receives a "close" element on channel zero, it
666 decides whether it is willing to close the channel. If so, an "ok"
667 element is sent in a positive reply; otherwise, an "error" element
668 is sent in a negative reply.
670 For example, a successful channel close might look like this:
672 C: MSG 0 2 . 247 71
673 C: Content-Type: application/beep+xml
674 C:
675 C:
676 C: END
677 S: RPY 0 2 . 447 46
678 S: Content-Type: application/beep+xml
679 S:
680 S:
681 S: END
683 Similarly, an unsuccessful channel close might look like this:
685 C: MSG 0 2 . 247 71
686 C: Content-Type: application/beep+xml
687 C:
688 C:
689 C: END
690 S: ERR 0 2 . 447 79
691 S: Content-Type: application/beep+xml
692 S:
693 S: still working
694 S: END
696 2.3.1.4 The OK Message
698 When a BEEP peer agrees to close a channel (or release the BEEP
699 session), it sends an "ok" element in a positive reply.
701 The "ok" element has no attributes and no content.
703 2.3.1.5 The Error Message
705 When a BEEP peer declines the creation of a channel, it sends an
706 "error" element in a negative reply, e.g.,
708 I: MSG 0 1 . 52 127
709 I: Content-Type: application/beep+xml
710 I:
711 I:
712 I:
713 I:
714 I: END
715 L: ERR 0 1 . 264 105
716 L: Content-Type: application/beep+xml
717 L:
718 L: all requested profiles are
719 L: unsupported
720 L: END
722 The "error" element has a "code" attribute, an optional "xml:lang"
723 attribute, and an optional textual diagnostic as its content:
725 o the "code" attribute is a three-digit reply code meaningful to
726 programs (c.f., Section 8);
728 o the "xml:lang" attribute identifies the language that the
729 element's content is written in (the value is suggested, but not
730 mandated, by the "localize" attribute of the "greeting" element
731 sent by the remote BEEP peer); and,
733 o the textual diagnostic (which may be multiline) is meaningful to
734 implementers, perhaps administrators, and possibly even users,
735 but never programs.
737 Note that if the textual diagnostic is present, then the "xml:lang"
738 attribute is absent only if the language indicated as the remote
739 BEEP peer's first choice is used.
741 In addition, a BEEP peer sends an "error" element whenever:
743 o it receives a "MSG" message containing a poorly-formed or
744 unexpected element;
746 o it receives a "MSG" message asking to close a channel (or release
747 the BEEP session) and it declines to do so; or
749 o a BEEP session is established, the BEEP peer is acting in the
750 listening role, and that BEEP peer is unavailable (in this case,
751 the BEEP acting in the listening role does not send a "greeting"
752 element).
754 In the final case, both BEEP peers terminate the session, and it is
755 recommended that a diagnostic entry be logged by both BEEP peers.
757 2.4 Session Establishment and Release
759 When a BEEP session is established, each BEEP peer signifies its
760 availability by immediately sending a positive reply with a message
761 number of zero on channel zero that contains a "greeting" element,
762 e.g.,
764 L:
765 I:
766 L: RPY 0 0 . 0 122
767 L: Content-Type: application/beep+xml
768 L:
769 L:
770 L:
771 L:
772 L: END
773 I: RPY 0 0 . 0 52
774 I: Content-Type: application/beep+xml
775 I:
776 I:
777 I: END
779 Alternatively, if the BEEP peer acting in the listening role is
780 unavailable, it sends a negative reply, e.g.,
782 L:
783 I:
784 L: ERR 0 0 . 0 60
785 L: Content-Type: application/beep+xml
786 L:
787 L:
788 L: END
789 I: RPY 0 0 . 0 52
790 I: Content-Type: application/beep+xml
791 I:
792 I:
793 I: END
794 I:
795 L:
796 L:
798 and the "greeting" element sent by the BEEP peer acting in the
799 initiating role is ignored. It is recommended that a diagnostic
800 entry be logged by both BEEP peers.
802 Note that both of these examples imply that the BEEP peer in the
803 initiating role waits until the BEEP peer in the listening role
804 sends its greeting -- this is an artifact of the presentation; in
805 fact, both BEEP peers send their replies independently.
807 When a BEEP peer wants to release the BEEP session, it sends a
808 "close" element with a zero-valued "number" attribute on channel
809 zero. The other BEEP peer indicates its willingness by sending an
810 "ok" element in a positive reply, e.g.,
812 C: MSG 0 1 . 52 60
813 C: Content-Type: application/beep+xml
814 C:
815 C:
816 C: END
817 S: RPY 0 1 . 264 46
818 S: Content-Type: application/beep+xml
819 S:
820 S:
821 S: END
822 I:
823 L:
824 L:
826 Alternatively, if the other BEEP doesn't want to release the BEEP
827 session, the exchange might look like this:
829 C: MSG 0 1 . 52 60
830 C: Content-Type: application/beep+xml
831 C:
832 C:
833 C: END
834 S: ERR 0 1 . 264 79
835 S: Content-Type: application/beep+xml
836 S:
837 S: still working
838 S: END
840 If session release is declined, the BEEP session should not be
841 terminated, if possible.
843 2.5 Transport Mappings
845 All transport interactions occur in the context of a session -- a
846 mapping onto a particular transport service. Accordingly, this memo
847 defines the requirements that must be satisified by any document
848 describing how a particular transport service realizes a BEEP
849 session.
851 2.5.1 Session Management
853 A BEEP session is connection-oriented. A mapping document must
854 define:
856 o how a BEEP session is established;
858 o how a BEEP peer is identified as acting in the listening role;
860 o how a BEEP peer is identified as acting in the initiating role;
862 o how a BEEP session is released; and,
864 o how a BEEP session is terminated.
866 2.5.2 Message Exchange
868 A BEEP session is message-oriented. A mapping document must define:
870 o how messages are reliably sent and received;
872 o how messages on the same channel are received in the same order
873 as they were sent; and,
875 o how messages on different channels are sent without ordering
876 constraint.
878 2.6 Parallelism
880 2.6.1 Within a Single Channel
882 A BEEP peer acting in the client role may send multiple "MSG"
883 messages on the same channel without waiting to receive the
884 corresponding replies.
886 A BEEP peer acting in the server role must process all "MSG"
887 messages for a given channel in the same order as they are received.
888 As a consequence, the BEEP peer must generate replies in the same
889 order as the corresponding "MSG" messages are received on a given
890 channel.
892 2.6.2 Between Different Channels
894 A BEEP peer acting in the client role may send multiple "MSG"
895 messages on different channels without waiting to receive the
896 corresponding replies.
898 A BEEP peer acting in the server role may process "MSG" messages
899 received on different channels in any order it chooses. As a
900 consequence, although the replies for a given channel appear to be
901 generated in the same order in which the corresponding "MSG"
902 messages are received, there is no ordering constraint for replies
903 on different channels.
905 2.6.3 Pre-emptive Replies
907 A BEEP peer acting in the server role may send a negative reply
908 before it receives the final "MSG" frame of a message. If it does
909 so, that BEEP peer is obliged to ignore any subsequent "MSG" frames
910 for that message, up to and including the final "MSG" frame.
912 If a BEEP peer acting in the client role receives a negative reply
913 before it sends the final "MSG" frame for a message, then it is
914 required to send a "MSG" frame with a continuation status of
915 complete (".") and having a zero-length payload.
917 2.6.4 Interference
919 If the processing of a particular message has sequencing impacts on
920 other messages (either intra-channel or inter-channel), then the
921 corresponding profile should define this behavior, e.g., a profile
922 whose messages alter the underlying transport mapping.
924 2.7 Peer-to-Peer Behavior
926 BEEP is peer-to-peer -- as such both peers must be prepared to
927 receive all messages defined in this memo. Accordingly, an
928 initiating BEEP peer capable of acting only in the client role must
929 behave gracefully if it receives a "MSG" message. Accordingly, all
930 profiles must provide an appropriate error message for replying to
931 unexpected "MSG" messages.
933 As a consequence of the peer-to-peer nature of BEEP, message numbers
934 are unidirectionally-significant. That is, the message numbers in
935 "MSG" messages sent by a BEEP peer acting in the initiating role are
936 unrelated to the message numbers in "MSG" messages sent by a BEEP
937 peer acting in the listening role.
939 For example, these two messages
941 I: MSG 0 1 . 52 132
942 I: Content-Type: application/beep+xml
943 I:
944 I:
945 I:
946 I:
947 I: END
948 L: MSG 0 1 . 264 128
949 L: Content-Type: application/beep+xml
950 L:
951 L:
952 L:
953 L:
954 L: END
956 refer to different messages sent on channel zero.
958 3. Transport Security
960 When a BEEP session is established, plaintext transfer, without
961 privacy, is provided. Accordingly, transport security in BEEP is
962 achieved using an initial tuning profile.
964 This document defines one profile:
966 o the TLS transport security profile, based on TLS version one[3].
968 Other profiles may be defined and deployed on a bilateral basis.
969 Note that because of their intimate relationship with the tranpsort
970 service, a given transport security profile tends to be relevant to
971 a single transort mapping (c.f., Section 2.5).
973 When a channel associated with transport security begins the
974 underlying negotiation process, all channels (including channel
975 zero) are closed on the BEEP session. Accordingly, upon completion
976 of the negotiation process, regardless of its outcome, a new
977 greeting is issued by both BEEP peers. (If the negotiation process
978 fails, then either BEEP peer may instead terminate the session, and
979 it is recommended that a diagnostic entry be logged.)
981 A BEEP peer may choose to issue different greetings based on whether
982 privacy is in use, e.g.,
984 L:
985 I:
986 L: RPY 0 0 . 0 122
987 L: Content-Type: application/beep+xml
988 L:
989 L:
990 L:
991 L:
992 L: END
993 I: RPY 0 0 . 0 52
994 I: Content-Type: application/beep+xml
995 I:
996 I:
997 I: END
998 I: MSG 0 1 . 52 170
999 I: Content-Type: application/beep+xml
1000 I:
1001 I:
1002 I:
1003 I: ]]>
1004 I:
1005 I:
1006 I: END
1007 L: RPY 0 1 . 122 133
1008 L: Content-Type: application/beep+xml
1009 L:
1010 L:
1011 L: ]]>
1012 L:
1013 L: END
1015 ... successful transport security negotiation ...
1017 L: RPY 0 0 . 0 264
1018 L: Content-Type: application/beep+xml
1019 L:
1020 L:
1021 L:
1023 L:
1024 L:
1025 L:
1026 L: END
1027 I: RPY 0 0 . 0 52
1028 I: Content-Type: application/beep+xml
1029 I:
1030 I:
1031 I: END
1033 Of course, not all BEEP peers need be as single-minded:
1035 L:
1036 I:
1037 L: RPY 0 0 . 0 323
1038 L: Content-Type: application/beep+xml
1039 L:
1040 L:
1041 L:
1043 L:
1044 L:
1045 L:
1046 L:
1047 L: END
1048 I: RPY 0 0 . 0 52
1049 I: Content-Type: application/beep+xml
1050 I:
1051 I:
1052 I: END
1053 I: MSG 0 1 . 52 170
1054 I: Content-Type: application/beep+xml
1055 I:
1057 I:
1058 I:
1059 I: ]]>
1060 I:
1061 I:
1062 I: END
1063 L: RPY 0 1 . 323 133
1064 L: Content-Type: application/beep+xml
1065 L:
1066 L:
1067 L: ]]>
1068 L:
1069 L: END
1071 ... failed transport security negotiation ...
1073 L: RPY 0 0 . 0 323
1074 L: Content-Type: application/beep+xml
1075 L:
1076 L:
1077 L:
1079 L:
1080 L:
1081 L:
1082 L:
1083 L: END
1084 I: RPY 0 0 . 0 52
1085 I: Content-Type: application/beep+xml
1086 I:
1087 I:
1088 I: END
1090 3.1 The TLS Transport Security Profile
1092 Section 6.2 contains the registration for this profile.
1094 3.1.1 Profile Identification and Initialization
1096 The TLS transport security profile is identified as:
1098 http://xml.resource.org/profiles/TLS
1100 in the BEEP "profile" element during channel creation.
1102 During channel creation, the corresponding "profile" element in the
1103 BEEP "start" element may contain a "ready" element. If channel
1104 creation is successful, then before sending the corresponding reply,
1105 the BEEP peer processes the "ready" element and includes the
1106 resulting response in the reply, e.g.,
1108 C: MSG 0 1 . 52 170
1109 C: Content-Type: application/beep+xml
1110 C:
1111 C:
1112 C:
1113 C: ]]>
1114 C:
1115 C:
1116 C: END
1117 S: RPY 0 1 . 122 133
1118 S: Content-Type: application/beep+xml
1119 S:
1120 S:
1121 S: ]]>
1122 S:
1123 S: END
1125 Note that it is possible for the channel to be created, but for the
1126 encapsulated operation to fail, e.g.,
1128 C: MSG 0 1 . 52 185
1129 C: Content-Type: application/beep+xml
1130 C:
1131 C:
1132 C:
1133 C: ]]>
1134 C:
1135 C:
1136 C: END
1137 S: RPY 0 1 . 122 205
1138 S: Content-Type: application/beep+xml
1139 S:
1140 S:
1141 S: version attribute
1142 S: poorly formed in <ready> element]]>
1143 S:
1144 S: END
1146 In this case, a positive reply is sent (as channel creation
1147 succeeded), but the encapsulated response contains an indication as
1148 to why the operation failed.
1150 3.1.2 Message Syntax
1152 Section 7.2 defines the messages that are used in the TLS transport
1153 security profile.
1155 3.1.3 Message Semantics
1157 3.1.3.1 The Ready Message
1159 The "ready" element has an optional "version" attribute and no
1160 content:
1162 o the "version" element defines the earliest version of TLS
1163 acceptable for use.
1165 When a BEEP peer sends the "ready" element, it must not send any
1166 further traffic on any channel until a corresponding reply is
1167 received; similarly, before processing a "ready" element, the
1168 receiving BEEP peer waits until any pending replies have been
1169 generated and sent.
1171 3.1.3.2 The Proceed Message
1173 The "proceed" element has no attributes and no content. It is sent
1174 as a reply to the "ready" element. When a BEEP peer receives the
1175 "ready" element, it begins the underlying negotiation process for
1176 transport security.
1178 4. User Authentication
1180 When a BEEP session is established, anonymous access, without trace
1181 information, is provided. Accordingly, user authentication in BEEP
1182 is achieved using an initial tuning profile.
1184 This document defines a family of profiles based on SASL mechanisms:
1186 o each mechanism in the IANA SASL registry[15] has an associated
1187 profile.
1189 Other profiles may be defined and deployed on a bilateral basis.
1191 Whenever a successful authentication occurs, on any channel, the
1192 authenticated identity is updated for all existing and future
1193 channels on the BEEP session; further, no additional attempts at
1194 authentication are allowed.
1196 Note that regardless of transport security and user authentication,
1197 authorization is an internal matter for each BEEP peer. As such,
1198 each peer may choose to restrict the operations it allows based on
1199 the authentication credentials provided (i.e., unauthorized
1200 operations might be rejected with error code 530).
1202 4.1 The SASL Family of Profiles
1204 Section 6.3 contains the registration for this profile.
1206 Note that SASL may provide both user authentication and transport
1207 security. Once transport security is successfully negotiated for a
1208 BEEP session, then a SASL security layer must not be negotiated;
1209 similarly, once any SASL negotiation is successful, a transport
1210 security profile must not begin its underlying negotiation process.
1212 Section 4 of the SASL specification[4] requires the following
1213 information be supplied by a protocol definition:
1215 service name: "beep"
1217 initiation sequence: Creating a channel using a BEEP profile
1218 corresponding to a SASL mechanism starts the exchange. An
1219 optional parameter corresponding to the "initial response" sent
1220 by the client is carried within a "blob" element during channel
1221 creation.
1223 exchange sequence: "Challenges" and "responses" are carried in
1224 exchanges of the "blob" element. The "status" attribute of the
1225 "blob" element is used both by a server indicating a successful
1226 completion of the exchange, and a client aborting the exchange,
1227 The server indicates failure of the exchange by sending an
1228 "error" element.
1230 security layer negotiation: When a security layer starts
1231 negotiation, all channels (including channel zero) are closed on
1232 the BEEP session. Accordingly, upon completion of the negotiation
1233 process, regardless of its outcome, a new greeting is issued by
1234 both BEEP peers.
1236 If a security layer is successfully negotiated, it takes effect
1237 immediately following the message that concludes the server's
1238 successful completion reply.
1240 use of the authorization identity: This is made available to all
1241 channels for the duration of the BEEP session.
1243 4.1.1 Profile Identification and Initialization
1245 Each SASL mechanism registered with the IANA is identified as:
1247 http://xml.resource.org/profiles/sasl/MECHANISM
1249 where "MECHANISM" is the token assigned to that mechanism by the
1250 IANA.
1252 Note that during channel creation, a BEEP peer may provide multiple
1253 profiles to the remote peer, e.g.,
1255 C: MSG 0 1 . 52 209
1256 C: Content-Type: application/beep+xml
1257 C:
1258 C:
1259 C:
1261 C:
1262 C:
1263 C: END
1264 S: RPY 0 1 . 264 99
1265 S: Content-Type: application/beep+xml
1266 S:
1267 S:
1268 S: END
1270 During channel creation, the corresponding "profile" element in the
1271 BEEP "start" element may contain a "blob" element. Note that it is
1272 possible for the channel to be created, but for the encapsulated
1273 operation to fail, e.g.,
1275 C: MSG 0 1 . 52 195
1276 C: Content-Type: application/beep+xml
1277 C:
1278 C:
1279 C:
1280 C: AGJsb2NrbWFzdGVy]]>
1281 C:
1282 C:
1283 C: END
1284 S: RPY 0 1 . 264 190
1285 S: Content-Type: application/beep+xml
1286 S:
1287 S:
1288 S: authentication mechanism is
1289 S: too weak]]>
1290 S:
1291 S: END
1293 In this case, a positive reply is sent (as channel creation
1294 succeeded), but the encapsulated response contains an indication as
1295 to why the operation failed.
1297 Otherwise, the server sends a challenge (or signifies success), e.g.,
1299 C: MSG 0 1 . 52 195
1300 C: Content-Type: application/beep+xml
1301 C:
1302 C:
1303 C:
1304 C: AGJsb2NrbWFzdGVy]]>
1305 C:
1306 C:
1307 C: END
1308 S: RPY 0 1 . 264 183
1309 S: Content-Type: application/beep+xml
1310 S:
1311 S:
1312 S: b3RwLXNoYTEgOTk5NyBwaXh5bWlzYXM4NTgwNSBleHQ=
1313 ]]>
1314 S:
1315 S: END
1317 Note that this example implies that the "blob" element in the
1318 server's reply appears on two lines -- this is an artifact of the
1319 presentation; in fact, only one line is used.
1321 If a challenge is received, then the client responds and awaits
1322 another reply, e.g.,
1324 C: MSG 1 0 . 0 97
1325 C: Content-Type: application/beep+xml
1326 C:
1327 C: d29yZDpmZXJuIGhhbmcgYnJvdyBib25nIGhlcmQgdG9n
1328 C: END
1329 S: RPY 1 0 . 0 66
1330 S: Content-Type: application/beep+xml
1331 S:
1332 S:
1333 S: END
1335 Of course, the client could abort the authentication process by
1336 sending "" instead.
1338 Alternatively, the server might reject the response with an error:
1339 e.g.,
1341 C: MSG 1 0 . 0 97
1342 C: Content-Type: application/beep+xml
1343 C:
1344 C: d29yZDpmZXJuIGhhbmcgYnJvdyBib25nIGhlcmQgdG9n
1345 C: END
1346 S: ERR 1 1 . 0 60
1347 S: Content-Type: application/beep+xml
1348 S:
1349 S:
1350 S: END
1352 Finally, depending on the SASL mechanism, an initialization element
1353 may be exchanged unidirectionally during channel creation, e.g.,
1355 C: MSG 0 1 . 52 145
1356 C: Content-Type: application/beep+xml
1357 C:
1358 C:
1359 C:
1361 C:
1362 C: END
1363 S: RPY 0 1 . 264 197
1364 S: Content-Type: application/beep+xml
1365 S:
1366 S:
1367 S: PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1
1368 jaS5uZXQ+]]>
1369 S:
1370 S: END
1372 Note that this example implies that the "blob" element in the
1373 server's reply appears on two lines -- this is an artifact of the
1374 presentation; in fact, only one line is used.
1376 4.1.2 Message Syntax
1378 Section 7.3 defines the messages that are used for each profile in
1379 the SASL family.
1381 Note that because many SASL mechanisms exchange binary data, the
1382 content of the "blob" element is always a base64-encoded string.
1384 4.1.3 Message Semantics
1386 The "blob" element has an optional "status" attribute, and arbitrary
1387 octets as its content:
1389 o the "status" attribute, if present, takes one of three values:
1391 abort: used by a client to indicate that it is aborting the
1392 authentication process;
1394 complete: used by a server to indicate that the exchange is
1395 complete and successful; or,
1397 continue: used by either a client or server, otherwise.
1399 Finally, note that SASL's EXTERNAL mechanism works with an "external
1400 authentication" service, which is provided by one of:
1402 o a transport security profile, capable of providing authentication
1403 information (e.g., Section 3.1), being active on the connection;
1405 o a network service, capable of providing strong authentication
1406 (e.g., IPSec[12]), underlying the connection; or,
1408 o a locally-defined security service.
1410 For authentication to succeed, two conditions must hold:
1412 o an external authentication service must be active; and,
1414 o if present, the authentication identity must be consistent with
1415 the credentials provided by the external authentication service
1416 (if the authentication identity is empty, then an authorization
1417 identity is automatically derived from the credentials provided
1418 by the external authentication service).
1420 5. Registration Templates
1422 5.1 Profile Registration Template
1424 When a profile is registered, the following information is supplied:
1426 Profile Identification: specify a URI[10] that authoritatively
1427 identifies this profile.
1429 Message Exchanged during Channel Creation: specify the datatypes
1430 that may be exchanged during channel creation.
1432 Messages starting one-to-one exchanges: specify the datatypes that
1433 may be present when an exchange starts.
1435 Messages in positive replies: specify the datatypes that may be
1436 present in a positive reply.
1438 Messages in negative replies: specify the datatypes that may be
1439 present in a negative reply.
1441 Messages in one-to-many exchanges: specify the datatypes that may be
1442 present in a one-to-many exchange.
1444 Message Syntax: specify the syntax of the datatypes exchanged by the
1445 profile.
1447 Message Semantics: specify the semantics of the datatypes exchanged
1448 by the profile.
1450 Contact Information: specify the postal and electronic contact
1451 information for the author of the profile.
1453 5.2 Feature Registration Template
1455 When a feature for the channel management profile is registered, the
1456 following information is supplied:
1458 Feature Identification: specify a string that identifies this
1459 feature. Unless the feature is registered with the IANA, the
1460 feature's identification MUST start with "x-".
1462 Feature Semantics: specify the semantics of the feature.
1464 Contact Information: specify the postal and electronic contact
1465 information for the author of the feature.
1467 6. Initial Registrations
1469 6.1 Registration: BEEP Channel Management
1471 Profile Identification: not applicable
1473 Messages exchanged during Channel Creation: not applicable
1475 Messages starting one-to-one exchanges: "start" or "close"
1477 Messages in positive replies: "greeting", "profile", or "ok"
1479 Messages in negative replies: "error"
1481 Messages in one-to-many exchanges: none
1483 Message Syntax: c.f., Section 7.1
1485 Message Semantics: c.f., Section 2.3.1
1487 Contact Information: c.f., the "Author's Address" section of this
1488 memo
1490 6.2 Registration: TLS Transport Security Profile
1492 Profile Identification: http://xml.resource.org/profiles/TLS
1494 Messages exchanged during Channel Creation: "ready"
1496 Messages starting one-to-one exchanges: "ready"
1498 Messages in positive replies: "proceed"
1500 Messages in negative replies: "error"
1502 Messages in one-to-many exchanges: none
1504 Message Syntax: c.f., Section 7.2
1506 Message Semantics: c.f., Section 3.1.3
1508 Contact Information: c.f., the "Author's Address" section of this
1509 memo
1511 6.3 Registration: SASL Family of Profiles
1513 Profile Identification:
1514 http://xml.resource.org/profiles/sasl/MECHANISM, where
1515 "MECHANISM" is a token registered with the IANA[16]
1517 Messages exchanged during Channel Creation: "blob"
1519 Messages starting one-to-one exchanges: "blob"
1521 Messages in positive replies: "blob"
1523 Messages in negative replies: "error"
1525 Messages in one-to-many exchanges: none
1527 Message Syntax: c.f., Section 7.3
1529 Message Semantics: c.f., Section 4.1.3
1531 Contact Information: c.f., the "Author's Address" section of this
1532 memo
1534 6.4 Registration: application/beep+xml
1536 MIME media type name: application
1538 MIME subtype name: beep+xml
1540 Required parameters: none
1542 Optional parameters: charset (defaults to "UTF-8"[13])
1544 Encoding considerations: This media type may contain binary content;
1545 accordingly, when used over a transport that does not permit
1546 binary transfer, an appropriate encoding must be applied
1548 Security considerations: none, per se; however, any BEEP profile
1549 which uses this media type must describe its relevant security
1550 considerations
1552 Interoperability considerations: n/a
1554 Published specification: This media type is a proper subset of the
1555 the XML 1.0 specification[2]. Two restrictions are made.
1557 First, no entity references other than the five predefined
1558 general entities references ("&", "<", ">", "'",
1559 and """) and numeric entity references may be present.
1561 Second, neither the "XML" declaration (e.g., ) nor the "DOCTYPE" declaration (e.g., ) may be
1563 present. (Accordingly, if another character set other than UTF-8
1564 is desired, then the "charset" parameter must be present.)
1566 All other XML 1.0 instructions (e.g., CDATA blocks, processing
1567 instructions, and so on) are allowed.
1569 Applications which use this media type: any BEEP profile wishing to
1570 make use of this XML 1.0 subset
1572 Additional Information: none
1574 Contact for further information: c.f., the "Author's Address"
1575 section of this memo
1577 Intended usage: limited use
1579 Author/Change controller: the IESG
1581 7. DTDs
1583 7.1 BEEP Channel Management DTD
1585
1595
1619
1620
1621
1622
1623
1624
1625
1637
1638
1642
1643
1647
1648
1649
1653
1654
1659
1661
1662
1666 7.2 TLS Transport Security Profile DTD
1668
1678
1686
1687
1690
1692 7.3 SASL Family of Profiles DTD
1694
1704
1712
1713
1719 8. Reply Codes
1721 code meaning
1722 ==== =======
1723 421 service not available
1725 450 requested action not taken
1726 (e.g., lock already in use)
1728 451 requested action aborted
1729 (e.g., local error in processing)
1731 454 temporary authentication failure
1733 500 general syntax error
1734 (e.g., poorly-formed XML)
1736 501 syntax error in parameters
1737 (e.g., non-valid XML)
1739 504 parameter not implemented
1741 530 authentication required
1743 534 authentication mechanism insufficient
1744 (e.g., too weak, sequence exhausted, etc.)
1746 535 authentication failure
1748 537 action not authorized for user
1750 538 authentication mechanism requires encryption
1752 550 requested action not taken
1753 (e.g., no requested profiles are acceptable)
1755 553 parameter invalid
1757 554 transaction failed
1758 (e.g., policy violation)
1760 9. Security Considerations
1762 The BEEP framing mechanism, per se, provides no protection against
1763 attack; however, judicious use of initial tuning profiles provides
1764 varying degrees of assurance:
1766 1. If one of the profiles from the SASL family is used, refer to
1767 [4]'s Section 9 for a discussion of security considerations.
1769 2. If the TLS transport security profile is used (or if a SASL
1770 security layer is negotiated), then:
1772 1. A man-in-the-middle may remove the security-related profiles
1773 from the BEEP greeting or generate a negative reply to the
1774 "ready" element of the TLS transport security profile. A
1775 BEEP peer may be configurable to refuse to proceed without
1776 an acceptable level of privacy.
1778 2. A man-in-the-middle may cause a down-negotiation to the
1779 weakest cipher suite available. A BEEP peer should be
1780 configurable to refuse weak cipher suites.
1782 3. A man-in-the-middle may modify any protocol exchanges prior
1783 to a successful negotiation. Upon completing the
1784 negotiation, a BEEP peer must discard previously cached
1785 information about the BEEP session.
1787 As different TLS ciphersuites provide varying levels of
1788 security, administrators should carefully choose which
1789 ciphersuites are provisioned.
1791 As BEEP is peer-to-peer in nature, before performing any task
1792 associated with a message, each channel should apply the appropriate
1793 access control based on the authenticated identity and privacy level
1794 associated with the BEEP session.
1796 References
1798 [1] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
1799 Extensions (MIME) Part One: Format of Internet Message
1800 Bodies", RFC 2045, November 1996.
1802 [2] World Wide Web Consortium, "Extensible Markup Language (XML)
1803 1.0", W3C XML, February 1998,
1804 .
1806 [3] Dierks, T., Allen, C., Treese, W., Karlton, P. L., Freier, A.
1807 O. and P. C. Kocher, "The TLS Protocol Version 1.0", RFC 2246,
1808 January 1999.
1810 [4] Myers, J.G., "Simple Authentication and Security Layer
1811 (SASL)", RFC 2222, October 1997.
1813 [5] Rose, M.T., "Mapping the BEEP Framework onto TCP",
1814 draft-ietf-beep-tcpmapping-04 (work in progress), October 2000.
1816 [6] Postel, J., "Transmission Control Protocol", RFC 793, STD 7,
1817 Sep 1981.
1819 [7] Crocker, D. H. and P. Overell, "Augmented BNF for Syntax
1820 Specifications: ABNF", RFC 2234, November 1997.
1822 [8] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
1823 August 1996.
1825 [9] Alvestrand, H., "Tags for the Identification of Languages",
1826 RFC 1766, March 1995.
1828 [10] Berners-Lee, T., Fielding, R.T. and L. Masinter, "Uniform
1829 Resource Identifiers (URI): Generic Syntax", RFC 2396, August
1830 1998.
1832 [11] Newman, C., "The One-Time-Password SASL Mechanism", RFC 2444,
1833 October 1998.
1835 [12] Kent, S. and R. Atkinson, "Security Architecture for the
1836 Internet Protocol", RFC 2401, November 1998.
1838 [13] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
1839 RFC 2279, January 1998.
1841 [14] Linn, J., "Generic Security Service Application Program
1842 Interface, Version 2", RFC 2078, January 1997.
1844 [15]
1846 [16]
1847 Author's Address
1849 Marshall T. Rose
1850 Invisible Worlds, Inc.
1851 1179 North McDowell Boulevard
1852 Petaluma, CA 94954-6559
1853 US
1855 Phone: +1 707 789 3700
1856 EMail: mrose@invisible.net
1857 URI: http://invisible.net/
1859 Appendix A. Acknowledgements
1861 The author gratefully acknowledges the contributions of: David
1862 Clark, Dave Crocker, Steve Deering, Wesley Michael Eddy, Huston
1863 Franklin, Marco Gazzetta, Danny Goodman, Steve Harris, Robert
1864 Herriot, Ken Hirsch, Greg Hudson, Ben Laurie, Carl Malamud, Michael
1865 Mealling, Keith McCloghrie, Paul Mockapetris, RL 'Bob' Morgan, Frank
1866 Morton, Darren New, Chris Newman, Joe Touch, Paul Vixie, Gabe
1867 Wachob, Daniel Woods, and, James Woodyatt. In particular, Dave
1868 Crocker provided helpful suggestions on the nature of segmentation
1869 in the framing mechanism.
1871 Appendix B. IANA Considerations
1873 The IANA registers "beep" as a GSSAPI[14] service name, as specified
1874 in Section 4.1.
1876 The IANA maintains a list of:
1878 o BEEP profiles, c.f., Section 5.1; and,
1880 o features for the channel management profile, c.f., Section 5.2.
1882 The IANA makes the registrations specified in Section 6.2 and
1883 Section 6.3. It is recommended that the IANA register these profiles
1884 using the IANA as a URI-prefix, and populate those URIs with the
1885 respective profile registrations.
1887 Full Copyright Statement
1889 Copyright (C) The Internet Society (2000). All Rights Reserved.
1891 This document and translations of it may be copied and furnished to
1892 others, and derivative works that comment on or otherwise explain it
1893 or assist in its implementation may be prepared, copied, published
1894 and distributed, in whole or in part, without restriction of any
1895 kind, provided that the above copyright notice and this paragraph
1896 are included on all such copies and derivative works. However, this
1897 document itself may not be modified in any way, such as by removing
1898 the copyright notice or references to the Internet Society or other
1899 Internet organizations, except as needed for the purpose of
1900 developing Internet standards in which case the procedures for
1901 copyrights defined in the Internet Standards process must be
1902 followed, or as required to translate it into languages other than
1903 English.
1905 The limited permissions granted above are perpetual and will not be
1906 revoked by the Internet Society or its successors or assigns.
1908 This document and the information contained herein is provided on an
1909 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
1910 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
1911 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
1912 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
1913 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1915 Acknowledgement
1917 Funding for the RFC editor function is currently provided by the
1918 Internet Society.