idnits 2.17.1 draft-ietf-beep-framework-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Authors' Addresses Section. ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 1460: '...s identification MUST start with "x-"....' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1630 has weird spacing: '...reeting err...' == Line 1721 has weird spacing: '... code mea...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 30, 2000) is 8550 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC-2396' on line 1604 -- Looks like a reference, but probably isn't: 'RFC-1766' on line 1613 -- Looks like a reference, but probably isn't: '1-5' on line 1616 -- Looks like a reference, but probably isn't: '0-9' on line 1616 == Unused Reference: '11' is defined on line 1832, but no explicit reference was found in the text == Unused Reference: '13' is defined on line 1838, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. '2' ** Obsolete normative reference: RFC 2246 (ref. '3') (Obsoleted by RFC 4346) ** Obsolete normative reference: RFC 2222 (ref. '4') (Obsoleted by RFC 4422, RFC 4752) == Outdated reference: A later version (-06) exists of draft-ietf-beep-tcpmapping-04 ** Obsolete normative reference: RFC 793 (ref. '6') (Obsoleted by RFC 9293) ** Obsolete normative reference: RFC 2234 (ref. '7') (Obsoleted by RFC 4234) ** Obsolete normative reference: RFC 1766 (ref. '9') (Obsoleted by RFC 3066, RFC 3282) ** Obsolete normative reference: RFC 2396 (ref. '10') (Obsoleted by RFC 3986) ** Obsolete normative reference: RFC 2401 (ref. '12') (Obsoleted by RFC 4301) ** Obsolete normative reference: RFC 2279 (ref. '13') (Obsoleted by RFC 3629) ** Obsolete normative reference: RFC 2078 (ref. '14') (Obsoleted by RFC 2743) -- Possible downref: Non-RFC (?) normative reference: ref. '15' -- Possible downref: Non-RFC (?) normative reference: ref. '16' Summary: 13 errors (**), 0 flaws (~~), 8 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M.T. Rose 3 Internet-Draft Invisible Worlds, Inc. 4 Expires: April 30, 2001 October 30, 2000 6 The Blocks Extensible Exchange Protocol Framework 7 draft-ietf-beep-framework-07 9 Status of this Memo 11 This document is an Internet-Draft and is in full conformance with 12 all provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that 16 other groups may also distribute working documents as 17 Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six 20 months and may be updated, replaced, or obsoleted by other documents 21 at any time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt. 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html. 30 This Internet-Draft will expire on April 30, 2001. 32 Copyright Notice 34 Copyright (C) The Internet Society (2000). All Rights Reserved. 36 Abstract 38 This memo describes a generic application protocol framework for 39 connection-oriented, asynchronous interactions. The framework 40 permits simultaneous and independent exchanges within the context of 41 a single application user-identity, supporting both textual and 42 binary messages. 44 Table of Contents 46 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 4 47 2. The BEEP Framework . . . . . . . . . . . . . . . . . . . . 5 48 2.1 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . 6 49 2.1.1 Exchange Styles . . . . . . . . . . . . . . . . . . . . . 6 50 2.2 Messages and Frames . . . . . . . . . . . . . . . . . . . 7 51 2.2.1 Frame Syntax . . . . . . . . . . . . . . . . . . . . . . . 8 52 2.2.1.1 Frame Header . . . . . . . . . . . . . . . . . . . . . . . 9 53 2.2.1.2 Frame Payload . . . . . . . . . . . . . . . . . . . . . . 12 54 2.2.1.3 Frame Trailer . . . . . . . . . . . . . . . . . . . . . . 13 55 2.2.2 Frame Semantics . . . . . . . . . . . . . . . . . . . . . 14 56 2.2.2.1 Poorly-formed Messages . . . . . . . . . . . . . . . . . . 14 57 2.3 Channel Management . . . . . . . . . . . . . . . . . . . . 15 58 2.3.1 Message Semantics . . . . . . . . . . . . . . . . . . . . 16 59 2.3.1.1 The Greeting Message . . . . . . . . . . . . . . . . . . . 16 60 2.3.1.2 The Start Message . . . . . . . . . . . . . . . . . . . . 17 61 2.3.1.3 The Close Message . . . . . . . . . . . . . . . . . . . . 20 62 2.3.1.4 The OK Message . . . . . . . . . . . . . . . . . . . . . . 22 63 2.3.1.5 The Error Message . . . . . . . . . . . . . . . . . . . . 22 64 2.4 Session Establishment and Release . . . . . . . . . . . . 24 65 2.5 Transport Mappings . . . . . . . . . . . . . . . . . . . . 26 66 2.5.1 Session Management . . . . . . . . . . . . . . . . . . . . 26 67 2.5.2 Message Exchange . . . . . . . . . . . . . . . . . . . . . 26 68 2.6 Parallelism . . . . . . . . . . . . . . . . . . . . . . . 27 69 2.6.1 Within a Single Channel . . . . . . . . . . . . . . . . . 27 70 2.6.2 Between Different Channels . . . . . . . . . . . . . . . . 27 71 2.6.3 Pre-emptive Replies . . . . . . . . . . . . . . . . . . . 27 72 2.6.4 Interference . . . . . . . . . . . . . . . . . . . . . . . 27 73 2.7 Peer-to-Peer Behavior . . . . . . . . . . . . . . . . . . 28 74 3. Transport Security . . . . . . . . . . . . . . . . . . . . 29 75 3.1 The TLS Transport Security Profile . . . . . . . . . . . . 32 76 3.1.1 Profile Identification and Initialization . . . . . . . . 32 77 3.1.2 Message Syntax . . . . . . . . . . . . . . . . . . . . . . 33 78 3.1.3 Message Semantics . . . . . . . . . . . . . . . . . . . . 34 79 3.1.3.1 The Ready Message . . . . . . . . . . . . . . . . . . . . 34 80 3.1.3.2 The Proceed Message . . . . . . . . . . . . . . . . . . . 34 81 4. User Authentication . . . . . . . . . . . . . . . . . . . 35 82 4.1 The SASL Family of Profiles . . . . . . . . . . . . . . . 36 83 4.1.1 Profile Identification and Initialization . . . . . . . . 37 84 4.1.2 Message Syntax . . . . . . . . . . . . . . . . . . . . . . 40 85 4.1.3 Message Semantics . . . . . . . . . . . . . . . . . . . . 41 86 5. Registration Templates . . . . . . . . . . . . . . . . . . 42 87 5.1 Profile Registration Template . . . . . . . . . . . . . . 42 88 5.2 Feature Registration Template . . . . . . . . . . . . . . 42 89 6. Initial Registrations . . . . . . . . . . . . . . . . . . 43 90 6.1 Registration: BEEP Channel Management . . . . . . . . . . 43 91 6.2 Registration: TLS Transport Security Profile . . . . . . . 43 92 6.3 Registration: SASL Family of Profiles . . . . . . . . . . 44 93 6.4 Registration: application/beep+xml . . . . . . . . . . . . 45 94 7. DTDs . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 95 7.1 BEEP Channel Management DTD . . . . . . . . . . . . . . . 46 96 7.2 TLS Transport Security Profile DTD . . . . . . . . . . . . 48 97 7.3 SASL Family of Profiles DTD . . . . . . . . . . . . . . . 49 98 8. Reply Codes . . . . . . . . . . . . . . . . . . . . . . . 50 99 9. Security Considerations . . . . . . . . . . . . . . . . . 51 100 References . . . . . . . . . . . . . . . . . . . . . . . . 52 101 Author's Address . . . . . . . . . . . . . . . . . . . . . 53 102 A. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 54 103 B. IANA Considerations . . . . . . . . . . . . . . . . . . . 55 104 Full Copyright Statement . . . . . . . . . . . . . . . . . 56 106 1. Introduction 108 This memo describes a generic application protocol framework for 109 connection-oriented, asynchronous interactions. 111 At the core of the BEEP framework is a framing mechanism that 112 permits simultaneous and independent exchanges of messages between 113 peers. Messages are arbitrary MIME[1] content, but are usually 114 textual (structured using XML[2]). 116 All exchanges occur in the context of a channel -- a binding to a 117 well-defined aspect of the application, such as transport security, 118 user authentication, or data exchange. 120 Each channel has an associated "profile" that defines the syntax and 121 semantics of the messages exchanged. Implicit in the operation of 122 BEEP is the notion of channel management. In addition to defining 123 BEEP's channel management profile, this document defines: 125 o the TLS[3] transport security profile; and, 127 o the SASL[4] family of profiles. 129 Other profiles, such as those used for data exchange, are defined by 130 an application protocol designer. 132 2. The BEEP Framework 134 A BEEP session is mapped onto an underlying transport service. A 135 separate series of documents describe how a particular transport 136 service realizes a BEEP session. For example, [5] describes how a 137 BEEP session is mapped onto a single TCP[6] connection. 139 When a session is established, each BEEP peer advertises the profile 140 it supports. Later on, during the creation of a channel, the client 141 supplies one or more proposed profiles for that channel. If the 142 server creates the channel, it selects one of the profiles and sends 143 it in a reply; otherwise, it may indicate that none of the profiles 144 are acceptable, and decline creation of the channel. 146 Channel usage falls into one of two categories: 148 initial tuning: these are used by profiles that perform 149 initialization once the BEEP session is established (e.g., 150 negotiating the use of transport security); although several 151 exchanges may be required to perform the initialization, these 152 channels become inactive early in the BEEP session and remain so 153 for the duration. 155 continuous: these are used by profiles that support data exchange; 156 typically, these channels are created after the initial tuning 157 channels have gone quiet. 159 2.1 Roles 161 Although BEEP is peer-to-peer, it is convenient to label each peer 162 in the context of the role it is performing at a given time: 164 o When a BEEP session is established, the peer that awaits new 165 connections is acting in the listening role, and the other peer, 166 which establishes a connection to the listener, is acting in the 167 initiating role. In the examples which follow, these are referred 168 to as "L:" and "I:", respectively. 170 o A BEEP peer starting an exchange is termed the client; similarly, 171 the other BEEP peer is termed the server. In the examples which 172 follow, these are referred to as "C:" and "S:", respectively. 174 Typically, a BEEP peer acting in the server role is also acting in a 175 listening role. However, because BEEP is peer-to-peer in nature, no 176 such requirement exists. 178 2.1.1 Exchange Styles 180 BEEP allows three styles of exchange: 182 MSG/RPY: the client sends a "MSG" message asking the server to 183 perform some task, the server performs the task and replies with 184 a "RPY" message (termed a positive reply). 186 MSG/ERR: the client sends a "MSG" message, the server does not 187 perform any task and replies with an "ERR" message (termed a 188 negative reply). 190 MSG/ANS: the client sends a "MSG" message, the server, during the 191 course of performing some task, replies with zero or more "ANS" 192 messages, and, upon completion of the task, sends a "NUL" 193 message, which signifies the end of the reply. 195 The first two styles are termed one-to-one exchanges, whilst the 196 third style is termed a one-to-many exchange. 198 2.2 Messages and Frames 200 A message is structured according to the rules of MIME. Accordingly, 201 each message may begin with "entity-headers" (c.f., MIME[1]'s 202 Section 3). If none, or only some, of the "entity-headers" are 203 present: 205 o the default "Content-Type" is "application/octet-stream"; and, 207 o the default "Content-Transfer-Encoding" is "binary". 209 Normally, a message is sent in a single frame. However, it may be 210 convenient or necesary to segment a message into multiple frames 211 (e.g., if only part of a message is ready to be sent). 213 Each frame consists of a header, the payload, and a trailer. The 214 header and trailer are each represented using printable ASCII 215 characters and are terminated with a CRLF pair. Between the header 216 and the trailer is the payload, consisting of zero or more octets. 218 For example, here is a message contained in a single frame that 219 contains a payload of 119 octets spread over 5 lines (each line is 220 terminated with a CRLF pair): 222 C: MSG 0 1 . 52 132 223 C: Content-Type: application/beep+xml 224 C: 225 C: 226 C: 227 C: 228 C: END 230 In this example, note that the entire message is represented in a 231 single frame. 233 2.2.1 Frame Syntax 235 The ABNF[7] for a frame is: 237 frame = data / mapping 239 data = header payload trailer 241 header = msg / rpy / err / ans / nul 243 msg = "MSG" SP common CR LF 244 rpy = "RPY" SP common CR LF 245 ans = "ANS" SP common SP ansno CR LF 246 err = "ERR" SP common CR LF 247 nul = "NUL" SP common CR LF 249 common = channel SP msgno SP more SP seqno SP size 250 channel = 0..2147483647 251 msgno = 0..2147483647 252 more = "." / "*" 253 seqno = 0..4294967295 254 size = 0..2147483647 255 ansno = 0..2147483647 257 payload = *OCTET 259 trailer = "END" CR LF 261 mapping = ;; each transport mapping may define additional frames 263 2.2.1.1 Frame Header 265 The frame header consists of a three-character keyword (one of: 266 "MSG", "RPY", "ERR", "ANS", or "NUL"), followed by zero or more 267 parameters. A single space character (decimal code 32, " ") 268 separates each component. The header is terminated with a CRLF pair. 270 The channel number ("channel") must be a non-negative integer (in 271 the range 0..2147483647). 273 The message number ("msgno") must be a non-negative integer (in the 274 range 0..2147483647) and have a different value than all other "MSG" 275 messages for which a reply has not been completely received. 277 The continuation indicator ("more", one of: decimal code 42, "*", or 278 decimal code 46, ".") specifies whether this is the final frame of 279 the message: 281 intermediate ("*"): at least one other frame follows for the 282 message; or, 284 complete ("."): this frame completes the message. 286 The sequence number ("seqno") must be a non-negative integer (in the 287 range 0..4294967295) and specifies the sequence number of the first 288 octet in the payload, for the associated channel. 290 The payload size ("size") must be a non-negative integer (in the 291 range 0..2147483647) and specifies the exact number of octets in the 292 payload. (This does not include either the header or trailer.) 294 Note that a frame may have an empty payload, e.g., 296 S: RPY 0 1 * 287 20 297 S: ... 298 S: ... 299 S: END 300 S: RPY 0 1 . 307 0 301 S: END 303 The answer number ("ansno") must be a non-negative integer (in the 304 range 0..4294967295) and must have a different value than all other 305 answers in progress for the message being replied to. 307 There are two kinds of frames: data and mapping. each transport 308 mapping (c.f., Section 2.5) may define its own frames. For example, 309 [5] defines the SEQ frame. The remainder of this section discusses 310 data frames. 312 When a message is segmented and sent as several frames, those frames 313 must be sent sequentally, without any intervening frames from other 314 messages on the same channel. However, there are two exceptions: 315 first, no restriction is made with respect to the interleaving of 316 frames for other channels; and, second, in a one-to-many exchange, 317 multiple answers may be simultaneously in progress. Accordingly, 318 frames for "ANS" messages may be interleaved on the same channel -- 319 the answer number is used for collation, e.g., 321 S: ANS 1 0 * 0 20 0 322 S: ... 323 S: ... 324 S: END 325 S: ANS 1 0 * 20 20 1 326 S: ... 327 S: ... 328 S: END 329 S: ANS 1 0 . 40 10 0 330 S: ... 331 S: END 333 which shows two "ANS" messages interleaved on channel 1 as part of a 334 reply to message number 0. Note that the sequence number is advanced 335 for each frame sent on the channel, and is independent of the 336 messages sent in those frames. 338 There are several rules for identifying poorly-formed frames: 340 o if the header doesn't start with "MSG", "RPY", "ERR", "ANS", or 341 "NUL"; 343 o if any of the parameters in the header cannot be determined or 344 are invalid (i.e., syntactically incorrect); 346 o if the value of the channel number doesn't refer to an existing 347 channel; 349 o if the header starts with "MSG", and the message number refers to 350 a "MSG" message that has been completely received but for which a 351 reply has not been completely sent; 353 o if the header doesn't start with "MSG", and refers to a message 354 number for which a reply has already been completely received; 356 o if the header doesn't start with "MSG", and refers to a message 357 number that has never been sent (except during session 358 establishment, c.f., Section 2.3.1.1); 360 o if the header starts with "MSG", "RPY", "ERR", or "ANS", and 361 refers to a message number for which at least one other frame has 362 been received, and the three-character keyword starting this 363 frame and the immediately-previous received frame for this 364 message number are not identical; 366 o if the header starts with "NUL", and refers to a message number 367 for which at least one other frame has been received, and the 368 keyword of of the immediately-previous received frame for this 369 reply isn't "ANS"; 371 o if the continuation indicator of the previous frame received on 372 the same channel was intermediate ("*"), and its message number 373 isn't identical to this frame's message number; 375 o if the value of the sequence number doesn't correspond to the 376 expected value for the associated channel (c.f., Section 377 2.2.1.2); or, 379 o if the header starts with "NUL", and the continuation indicator 380 is intermediate ("*") or the payload size is non-zero. 382 If a frame is poorly-formed, then the session is terminated without 383 generating a response, and it is recommended that a diagnostic entry 384 be logged. 386 2.2.1.2 Frame Payload 388 The frame payload consists of zero or more octets. 390 Every payload octet sent in each direction on a channel has an 391 associated sequence number. Numbering of payload octets within a 392 frame is such that the first payload octet is the lowest numbered, 393 and the following payload octets are numbered consecutively. (When a 394 channel is created, the sequence number associated with the first 395 payload octet of the first frame is 0.) 397 The actual sequence number space is finite, though very large, 398 ranging from 0..4294967295 (2**32 - 1). Since the space is finite, 399 all arithmetic dealing with sequence numbers is performed modulo 400 2**32. This unsigned arithmetic preserves the relationship of 401 sequence numbers as they cycle from 2**32 - 1 to 0 again. Consult 402 Sections 2 through 5 of [8] for a discussion of the arithmetic 403 properties of sequence numbers. 405 When receiving a frame, the sum of its sequence number and payload 406 size, modulo 4294967296 (2**32), gives the expected sequence number 407 associated with the first payload octet of the next frame received. 408 Accordingly, when receiving a frame if the sequence number isn't the 409 expected value for this channel, then the BEEP peers have lost 410 synchronization, then the session is terminated without generating a 411 response, and it is recommended that a diagnostic entry be logged. 413 2.2.1.3 Frame Trailer 415 The frame trailer consists of "END" followed by a CRLF pair. 417 When receiving a frame, if the characters immediately following the 418 payload don't correspond to a trailer, then the session is 419 terminated without generating a response, and it is recommended that 420 a diagnostic entry be logged. 422 2.2.2 Frame Semantics 424 The semantics of each message is channel-specific. Accordingly, the 425 profile associated with a channel must define: 427 o the initialization messages, if any, exchanged during channel 428 creation; 430 o the messages that may be exchanged in the payload of the channel; 431 and, 433 o the semantics of these messages. 435 A profile registration template (Section 5.1) organizes this 436 information. 438 2.2.2.1 Poorly-formed Messages 440 When defining the behavior of the profile, the template must specify 441 how poorly-formed "MSG" messages are replied to. For example, the 442 channel management profile sends a negative reply containing an 443 error message (c.f., Section 2.3.1.5). 445 If a poorly-formed reply is received on channel zero, the session is 446 terminated without generating a response, and it is recommended that 447 a diagnostic entry be logged. 449 If a poorly-formed reply is received on another channel, then the 450 channel must be closed using the procedure in Section 2.3.1.3. 452 2.3 Channel Management 454 When a BEEP session starts, only channel number zero is defined, 455 which is used for channel management. Section 6.1 contains the 456 profile registration for BEEP channel management. 458 Channel management allows each BEEP peer to advertise the profiles 459 that it supports (c.f., Section 2.3.1.1), bind an instance of one of 460 those profiles to a channel (c.f., Section 2.3.1.2), and then later 461 close any channels or release the BEEP session (c.f., Section 462 2.3.1.3). 464 A BEEP peer should support at least 257 concurrent channels. 466 2.3.1 Message Semantics 468 2.3.1.1 The Greeting Message 470 When a BEEP session is established, each BEEP peer signifies its 471 availability by immediately sending a positive reply with a message 472 number of zero that contains a "greeting" element, e.g., 474 L: 475 I: 476 L: RPY 0 0 . 0 122 477 L: Content-Type: application/beep+xml 478 L: 479 L: 480 L: 481 L: 482 L: END 483 I: RPY 0 0 . 0 52 484 I: Content-Type: application/beep+xml 485 I: 486 I: 487 I: END 489 Note that this example implies that the BEEP peer in the initiating 490 role waits until the BEEP peer in the listening role sends its 491 greeting -- this is an artifact of the presentation; in fact, both 492 BEEP peers send their replies independently. 494 The "greeting" element has two optional attributes ("features" and 495 "localize") and zero or more "profile" elements, one for each 496 profile supported by the BEEP peer acting in a server role: 498 o the "features" attribute, if present, contains one or more 499 feature tokens, each indicating an optional feature of the 500 channel management profile supported by the BEEP peer; 502 o the "localize" attribute, if present, contains one or more 503 language tokens (defined in [9]), each identifying a desirable 504 language tag to be used by the remote BEEP peer when generating 505 textual diagnostics for the "close" and "error" elements (the 506 tokens are ordered from most to least desirable); and, 508 o each "profile" element contained within the "greeting" element 509 identifies a profile, and unlike the "profile" elements that 510 occur within the "start" element, the content of each "profile" 511 element may not contain an optional initialization message. 513 Section 5.2 defines a registration template for optional features. 515 2.3.1.2 The Start Message 517 When a BEEP peer wants to create a channel, it sends a "start" 518 element on channel zero, e.g., 520 C: MSG 0 1 . 52 132 521 C: Content-Type: application/beep+xml 522 C: 523 C: 524 C: 525 C: 526 C: END 528 The "start" element has a "number" attribute, an optional 529 "serverName" attribute, and one or more "profile" elements: 531 o the "number" attribute indicates the channel number (in the range 532 1..2147483647) used to identify the channel in future messages; 534 o the "serverName" attribute, an arbitrary string, indicates the 535 desired server name for this BEEP session; and, 537 o each "profile" element contained with the "start" element has a 538 "uri" attribute, an optional "encoding" attribute, and arbitrary 539 character data as content: 541 * the "uri" attribute authoritatively identifies the profile; 543 * the "encoding" attribute, if present, specifies whether the 544 content of the "profile" element is represented as a 545 base64-encoded string; and, 547 * the content of the "profile" element, if present, must be no 548 longer than 4K octets in length and specifies an 549 initialization message given to the channel as soon as it is 550 created. 552 To avoid conflict in assigning channel numbers when requesting the 553 creation of a channel, BEEP peers acting in the initiating role use 554 only positive integers that are odd-numbered; similarly, BEEP peers 555 acting in the listening role use only positive integers that are 556 even-numbered. 558 The "serverName" attribute for the first successful "start" element 559 received by a BEEP peer is meaningful for the duration of the BEEP 560 session. If present, the BEEP peer decides whether to operate as the 561 indicated "serverName"; if not, an "error" element is sent in a 562 negative reply. 564 When a BEEP peer receives a "start" element on channel zero, it 565 examines each of the proposed profiles, and decides whether to use 566 one of them to create the channel. If so, the appropriate "profile" 567 element is sent in a positive reply; otherwise, an "error" element 568 is sent in a negative reply. 570 When creating the channel, the value of the "serverName" attribute 571 from the first successful "start" element is consulted to provide 572 configuration information, e.g., the desired server-side certificate 573 when starting the TLS transport security profile (Section 3.1). 575 For example, a successful channel creation might look like this: 577 C: MSG 0 1 . 52 209 578 C: Content-Type: application/beep+xml 579 C: 580 C: 581 C: 582 C: 584 C: 585 C: END 586 S: RPY 0 1 . 264 99 587 S: Content-Type: application/beep+xml 588 S: 589 S: 590 S: END 592 Similarly, an unsuccessful channel creation might look like this: 594 C: MSG 0 1 . 52 132 595 C: Content-Type: application/beep+xml 596 C: 597 C: 598 C: 599 C: 600 C: END 601 S: ERR 0 1 . 264 127 602 S: Content-Type: application/beep+xml 603 S: 604 S: number attribute 605 S: in <start> element must be odd-valued 606 S: END 608 Finally, here's an example in which an initialization element is 609 exchanged during channel creation: 611 C: MSG 0 1 . 52 170 612 C: Content-Type: application/beep+xml 613 C: 614 C: 615 C: 616 C: ]]> 617 C: 618 C: 619 C: END 620 S: RPY 0 1 . 122 133 621 S: Content-Type: application/beep+xml 622 S: 623 S: 624 S: ]]> 625 S: 626 S: END 628 2.3.1.3 The Close Message 630 When a BEEP peer wants to close a channel, it sends a "close" 631 element on channel zero, e.g., 633 C: MSG 0 2 . 247 71 634 C: Content-Type: application/beep+xml 635 C: 636 C: 637 C: END 639 The "close" element has a "number" attribute, a "code" attribute, an 640 optional "xml:lang" attribute, and an optional textual diagnostic as 641 its content: 643 o the "number" attribute indicates the channel number; 645 o the "code" attribute is a three-digit reply code meaningful to 646 programs (c.f., Section 8); 648 o the "xml:lang" attribute identifies the language that the 649 element's content is written in (the value is suggested, but not 650 mandated, by the "localize" attribute of the "greeting" element 651 sent by the remote BEEP peer); and, 653 o the textual diagnostic (which may be multiline) is meaningful to 654 implementers, perhaps administrators, and possibly even users, 655 but never programs. 657 Note that if the textual diagnostic is present, then the "xml:lang" 658 attribute is absent only if the language indicated as the remote 659 BEEP peer's first choice is used. 661 If the value of the "number" attribute is zero, then the BEEP peer 662 wants to release the BEEP session (c.f., Section 2.4) -- otherwise 663 the value of the "number" attribute refers to an existing channel. 665 When a BEEP peer receives a "close" element on channel zero, it 666 decides whether it is willing to close the channel. If so, an "ok" 667 element is sent in a positive reply; otherwise, an "error" element 668 is sent in a negative reply. 670 For example, a successful channel close might look like this: 672 C: MSG 0 2 . 247 71 673 C: Content-Type: application/beep+xml 674 C: 675 C: 676 C: END 677 S: RPY 0 2 . 447 46 678 S: Content-Type: application/beep+xml 679 S: 680 S: 681 S: END 683 Similarly, an unsuccessful channel close might look like this: 685 C: MSG 0 2 . 247 71 686 C: Content-Type: application/beep+xml 687 C: 688 C: 689 C: END 690 S: ERR 0 2 . 447 79 691 S: Content-Type: application/beep+xml 692 S: 693 S: still working 694 S: END 696 2.3.1.4 The OK Message 698 When a BEEP peer agrees to close a channel (or release the BEEP 699 session), it sends an "ok" element in a positive reply. 701 The "ok" element has no attributes and no content. 703 2.3.1.5 The Error Message 705 When a BEEP peer declines the creation of a channel, it sends an 706 "error" element in a negative reply, e.g., 708 I: MSG 0 1 . 52 127 709 I: Content-Type: application/beep+xml 710 I: 711 I: 712 I: 713 I: 714 I: END 715 L: ERR 0 1 . 264 105 716 L: Content-Type: application/beep+xml 717 L: 718 L: all requested profiles are 719 L: unsupported 720 L: END 722 The "error" element has a "code" attribute, an optional "xml:lang" 723 attribute, and an optional textual diagnostic as its content: 725 o the "code" attribute is a three-digit reply code meaningful to 726 programs (c.f., Section 8); 728 o the "xml:lang" attribute identifies the language that the 729 element's content is written in (the value is suggested, but not 730 mandated, by the "localize" attribute of the "greeting" element 731 sent by the remote BEEP peer); and, 733 o the textual diagnostic (which may be multiline) is meaningful to 734 implementers, perhaps administrators, and possibly even users, 735 but never programs. 737 Note that if the textual diagnostic is present, then the "xml:lang" 738 attribute is absent only if the language indicated as the remote 739 BEEP peer's first choice is used. 741 In addition, a BEEP peer sends an "error" element whenever: 743 o it receives a "MSG" message containing a poorly-formed or 744 unexpected element; 746 o it receives a "MSG" message asking to close a channel (or release 747 the BEEP session) and it declines to do so; or 749 o a BEEP session is established, the BEEP peer is acting in the 750 listening role, and that BEEP peer is unavailable (in this case, 751 the BEEP acting in the listening role does not send a "greeting" 752 element). 754 In the final case, both BEEP peers terminate the session, and it is 755 recommended that a diagnostic entry be logged by both BEEP peers. 757 2.4 Session Establishment and Release 759 When a BEEP session is established, each BEEP peer signifies its 760 availability by immediately sending a positive reply with a message 761 number of zero on channel zero that contains a "greeting" element, 762 e.g., 764 L: 765 I: 766 L: RPY 0 0 . 0 122 767 L: Content-Type: application/beep+xml 768 L: 769 L: 770 L: 771 L: 772 L: END 773 I: RPY 0 0 . 0 52 774 I: Content-Type: application/beep+xml 775 I: 776 I: 777 I: END 779 Alternatively, if the BEEP peer acting in the listening role is 780 unavailable, it sends a negative reply, e.g., 782 L: 783 I: 784 L: ERR 0 0 . 0 60 785 L: Content-Type: application/beep+xml 786 L: 787 L: 788 L: END 789 I: RPY 0 0 . 0 52 790 I: Content-Type: application/beep+xml 791 I: 792 I: 793 I: END 794 I: 795 L: 796 L: 798 and the "greeting" element sent by the BEEP peer acting in the 799 initiating role is ignored. It is recommended that a diagnostic 800 entry be logged by both BEEP peers. 802 Note that both of these examples imply that the BEEP peer in the 803 initiating role waits until the BEEP peer in the listening role 804 sends its greeting -- this is an artifact of the presentation; in 805 fact, both BEEP peers send their replies independently. 807 When a BEEP peer wants to release the BEEP session, it sends a 808 "close" element with a zero-valued "number" attribute on channel 809 zero. The other BEEP peer indicates its willingness by sending an 810 "ok" element in a positive reply, e.g., 812 C: MSG 0 1 . 52 60 813 C: Content-Type: application/beep+xml 814 C: 815 C: 816 C: END 817 S: RPY 0 1 . 264 46 818 S: Content-Type: application/beep+xml 819 S: 820 S: 821 S: END 822 I: 823 L: 824 L: 826 Alternatively, if the other BEEP doesn't want to release the BEEP 827 session, the exchange might look like this: 829 C: MSG 0 1 . 52 60 830 C: Content-Type: application/beep+xml 831 C: 832 C: 833 C: END 834 S: ERR 0 1 . 264 79 835 S: Content-Type: application/beep+xml 836 S: 837 S: still working 838 S: END 840 If session release is declined, the BEEP session should not be 841 terminated, if possible. 843 2.5 Transport Mappings 845 All transport interactions occur in the context of a session -- a 846 mapping onto a particular transport service. Accordingly, this memo 847 defines the requirements that must be satisified by any document 848 describing how a particular transport service realizes a BEEP 849 session. 851 2.5.1 Session Management 853 A BEEP session is connection-oriented. A mapping document must 854 define: 856 o how a BEEP session is established; 858 o how a BEEP peer is identified as acting in the listening role; 860 o how a BEEP peer is identified as acting in the initiating role; 862 o how a BEEP session is released; and, 864 o how a BEEP session is terminated. 866 2.5.2 Message Exchange 868 A BEEP session is message-oriented. A mapping document must define: 870 o how messages are reliably sent and received; 872 o how messages on the same channel are received in the same order 873 as they were sent; and, 875 o how messages on different channels are sent without ordering 876 constraint. 878 2.6 Parallelism 880 2.6.1 Within a Single Channel 882 A BEEP peer acting in the client role may send multiple "MSG" 883 messages on the same channel without waiting to receive the 884 corresponding replies. 886 A BEEP peer acting in the server role must process all "MSG" 887 messages for a given channel in the same order as they are received. 888 As a consequence, the BEEP peer must generate replies in the same 889 order as the corresponding "MSG" messages are received on a given 890 channel. 892 2.6.2 Between Different Channels 894 A BEEP peer acting in the client role may send multiple "MSG" 895 messages on different channels without waiting to receive the 896 corresponding replies. 898 A BEEP peer acting in the server role may process "MSG" messages 899 received on different channels in any order it chooses. As a 900 consequence, although the replies for a given channel appear to be 901 generated in the same order in which the corresponding "MSG" 902 messages are received, there is no ordering constraint for replies 903 on different channels. 905 2.6.3 Pre-emptive Replies 907 A BEEP peer acting in the server role may send a negative reply 908 before it receives the final "MSG" frame of a message. If it does 909 so, that BEEP peer is obliged to ignore any subsequent "MSG" frames 910 for that message, up to and including the final "MSG" frame. 912 If a BEEP peer acting in the client role receives a negative reply 913 before it sends the final "MSG" frame for a message, then it is 914 required to send a "MSG" frame with a continuation status of 915 complete (".") and having a zero-length payload. 917 2.6.4 Interference 919 If the processing of a particular message has sequencing impacts on 920 other messages (either intra-channel or inter-channel), then the 921 corresponding profile should define this behavior, e.g., a profile 922 whose messages alter the underlying transport mapping. 924 2.7 Peer-to-Peer Behavior 926 BEEP is peer-to-peer -- as such both peers must be prepared to 927 receive all messages defined in this memo. Accordingly, an 928 initiating BEEP peer capable of acting only in the client role must 929 behave gracefully if it receives a "MSG" message. Accordingly, all 930 profiles must provide an appropriate error message for replying to 931 unexpected "MSG" messages. 933 As a consequence of the peer-to-peer nature of BEEP, message numbers 934 are unidirectionally-significant. That is, the message numbers in 935 "MSG" messages sent by a BEEP peer acting in the initiating role are 936 unrelated to the message numbers in "MSG" messages sent by a BEEP 937 peer acting in the listening role. 939 For example, these two messages 941 I: MSG 0 1 . 52 132 942 I: Content-Type: application/beep+xml 943 I: 944 I: 945 I: 946 I: 947 I: END 948 L: MSG 0 1 . 264 128 949 L: Content-Type: application/beep+xml 950 L: 951 L: 952 L: 953 L: 954 L: END 956 refer to different messages sent on channel zero. 958 3. Transport Security 960 When a BEEP session is established, plaintext transfer, without 961 privacy, is provided. Accordingly, transport security in BEEP is 962 achieved using an initial tuning profile. 964 This document defines one profile: 966 o the TLS transport security profile, based on TLS version one[3]. 968 Other profiles may be defined and deployed on a bilateral basis. 969 Note that because of their intimate relationship with the tranpsort 970 service, a given transport security profile tends to be relevant to 971 a single transort mapping (c.f., Section 2.5). 973 When a channel associated with transport security begins the 974 underlying negotiation process, all channels (including channel 975 zero) are closed on the BEEP session. Accordingly, upon completion 976 of the negotiation process, regardless of its outcome, a new 977 greeting is issued by both BEEP peers. (If the negotiation process 978 fails, then either BEEP peer may instead terminate the session, and 979 it is recommended that a diagnostic entry be logged.) 981 A BEEP peer may choose to issue different greetings based on whether 982 privacy is in use, e.g., 984 L: 985 I: 986 L: RPY 0 0 . 0 122 987 L: Content-Type: application/beep+xml 988 L: 989 L: 990 L: 991 L: 992 L: END 993 I: RPY 0 0 . 0 52 994 I: Content-Type: application/beep+xml 995 I: 996 I: 997 I: END 998 I: MSG 0 1 . 52 170 999 I: Content-Type: application/beep+xml 1000 I: 1001 I: 1002 I: 1003 I: ]]> 1004 I: 1005 I: 1006 I: END 1007 L: RPY 0 1 . 122 133 1008 L: Content-Type: application/beep+xml 1009 L: 1010 L: 1011 L: ]]> 1012 L: 1013 L: END 1015 ... successful transport security negotiation ... 1017 L: RPY 0 0 . 0 264 1018 L: Content-Type: application/beep+xml 1019 L: 1020 L: 1021 L: 1023 L: 1024 L: 1025 L: 1026 L: END 1027 I: RPY 0 0 . 0 52 1028 I: Content-Type: application/beep+xml 1029 I: 1030 I: 1031 I: END 1033 Of course, not all BEEP peers need be as single-minded: 1035 L: 1036 I: 1037 L: RPY 0 0 . 0 323 1038 L: Content-Type: application/beep+xml 1039 L: 1040 L: 1041 L: 1043 L: 1044 L: 1045 L: 1046 L: 1047 L: END 1048 I: RPY 0 0 . 0 52 1049 I: Content-Type: application/beep+xml 1050 I: 1051 I: 1052 I: END 1053 I: MSG 0 1 . 52 170 1054 I: Content-Type: application/beep+xml 1055 I: 1057 I: 1058 I: 1059 I: ]]> 1060 I: 1061 I: 1062 I: END 1063 L: RPY 0 1 . 323 133 1064 L: Content-Type: application/beep+xml 1065 L: 1066 L: 1067 L: ]]> 1068 L: 1069 L: END 1071 ... failed transport security negotiation ... 1073 L: RPY 0 0 . 0 323 1074 L: Content-Type: application/beep+xml 1075 L: 1076 L: 1077 L: 1079 L: 1080 L: 1081 L: 1082 L: 1083 L: END 1084 I: RPY 0 0 . 0 52 1085 I: Content-Type: application/beep+xml 1086 I: 1087 I: 1088 I: END 1090 3.1 The TLS Transport Security Profile 1092 Section 6.2 contains the registration for this profile. 1094 3.1.1 Profile Identification and Initialization 1096 The TLS transport security profile is identified as: 1098 http://xml.resource.org/profiles/TLS 1100 in the BEEP "profile" element during channel creation. 1102 During channel creation, the corresponding "profile" element in the 1103 BEEP "start" element may contain a "ready" element. If channel 1104 creation is successful, then before sending the corresponding reply, 1105 the BEEP peer processes the "ready" element and includes the 1106 resulting response in the reply, e.g., 1108 C: MSG 0 1 . 52 170 1109 C: Content-Type: application/beep+xml 1110 C: 1111 C: 1112 C: 1113 C: ]]> 1114 C: 1115 C: 1116 C: END 1117 S: RPY 0 1 . 122 133 1118 S: Content-Type: application/beep+xml 1119 S: 1120 S: 1121 S: ]]> 1122 S: 1123 S: END 1125 Note that it is possible for the channel to be created, but for the 1126 encapsulated operation to fail, e.g., 1128 C: MSG 0 1 . 52 185 1129 C: Content-Type: application/beep+xml 1130 C: 1131 C: 1132 C: 1133 C: ]]> 1134 C: 1135 C: 1136 C: END 1137 S: RPY 0 1 . 122 205 1138 S: Content-Type: application/beep+xml 1139 S: 1140 S: 1141 S: version attribute 1142 S: poorly formed in <ready> element]]> 1143 S: 1144 S: END 1146 In this case, a positive reply is sent (as channel creation 1147 succeeded), but the encapsulated response contains an indication as 1148 to why the operation failed. 1150 3.1.2 Message Syntax 1152 Section 7.2 defines the messages that are used in the TLS transport 1153 security profile. 1155 3.1.3 Message Semantics 1157 3.1.3.1 The Ready Message 1159 The "ready" element has an optional "version" attribute and no 1160 content: 1162 o the "version" element defines the earliest version of TLS 1163 acceptable for use. 1165 When a BEEP peer sends the "ready" element, it must not send any 1166 further traffic on any channel until a corresponding reply is 1167 received; similarly, before processing a "ready" element, the 1168 receiving BEEP peer waits until any pending replies have been 1169 generated and sent. 1171 3.1.3.2 The Proceed Message 1173 The "proceed" element has no attributes and no content. It is sent 1174 as a reply to the "ready" element. When a BEEP peer receives the 1175 "ready" element, it begins the underlying negotiation process for 1176 transport security. 1178 4. User Authentication 1180 When a BEEP session is established, anonymous access, without trace 1181 information, is provided. Accordingly, user authentication in BEEP 1182 is achieved using an initial tuning profile. 1184 This document defines a family of profiles based on SASL mechanisms: 1186 o each mechanism in the IANA SASL registry[15] has an associated 1187 profile. 1189 Other profiles may be defined and deployed on a bilateral basis. 1191 Whenever a successful authentication occurs, on any channel, the 1192 authenticated identity is updated for all existing and future 1193 channels on the BEEP session; further, no additional attempts at 1194 authentication are allowed. 1196 Note that regardless of transport security and user authentication, 1197 authorization is an internal matter for each BEEP peer. As such, 1198 each peer may choose to restrict the operations it allows based on 1199 the authentication credentials provided (i.e., unauthorized 1200 operations might be rejected with error code 530). 1202 4.1 The SASL Family of Profiles 1204 Section 6.3 contains the registration for this profile. 1206 Note that SASL may provide both user authentication and transport 1207 security. Once transport security is successfully negotiated for a 1208 BEEP session, then a SASL security layer must not be negotiated; 1209 similarly, once any SASL negotiation is successful, a transport 1210 security profile must not begin its underlying negotiation process. 1212 Section 4 of the SASL specification[4] requires the following 1213 information be supplied by a protocol definition: 1215 service name: "beep" 1217 initiation sequence: Creating a channel using a BEEP profile 1218 corresponding to a SASL mechanism starts the exchange. An 1219 optional parameter corresponding to the "initial response" sent 1220 by the client is carried within a "blob" element during channel 1221 creation. 1223 exchange sequence: "Challenges" and "responses" are carried in 1224 exchanges of the "blob" element. The "status" attribute of the 1225 "blob" element is used both by a server indicating a successful 1226 completion of the exchange, and a client aborting the exchange, 1227 The server indicates failure of the exchange by sending an 1228 "error" element. 1230 security layer negotiation: When a security layer starts 1231 negotiation, all channels (including channel zero) are closed on 1232 the BEEP session. Accordingly, upon completion of the negotiation 1233 process, regardless of its outcome, a new greeting is issued by 1234 both BEEP peers. 1236 If a security layer is successfully negotiated, it takes effect 1237 immediately following the message that concludes the server's 1238 successful completion reply. 1240 use of the authorization identity: This is made available to all 1241 channels for the duration of the BEEP session. 1243 4.1.1 Profile Identification and Initialization 1245 Each SASL mechanism registered with the IANA is identified as: 1247 http://xml.resource.org/profiles/sasl/MECHANISM 1249 where "MECHANISM" is the token assigned to that mechanism by the 1250 IANA. 1252 Note that during channel creation, a BEEP peer may provide multiple 1253 profiles to the remote peer, e.g., 1255 C: MSG 0 1 . 52 209 1256 C: Content-Type: application/beep+xml 1257 C: 1258 C: 1259 C: 1261 C: 1262 C: 1263 C: END 1264 S: RPY 0 1 . 264 99 1265 S: Content-Type: application/beep+xml 1266 S: 1267 S: 1268 S: END 1270 During channel creation, the corresponding "profile" element in the 1271 BEEP "start" element may contain a "blob" element. Note that it is 1272 possible for the channel to be created, but for the encapsulated 1273 operation to fail, e.g., 1275 C: MSG 0 1 . 52 195 1276 C: Content-Type: application/beep+xml 1277 C: 1278 C: 1279 C: 1280 C: AGJsb2NrbWFzdGVy]]> 1281 C: 1282 C: 1283 C: END 1284 S: RPY 0 1 . 264 190 1285 S: Content-Type: application/beep+xml 1286 S: 1287 S: 1288 S: authentication mechanism is 1289 S: too weak]]> 1290 S: 1291 S: END 1293 In this case, a positive reply is sent (as channel creation 1294 succeeded), but the encapsulated response contains an indication as 1295 to why the operation failed. 1297 Otherwise, the server sends a challenge (or signifies success), e.g., 1299 C: MSG 0 1 . 52 195 1300 C: Content-Type: application/beep+xml 1301 C: 1302 C: 1303 C: 1304 C: AGJsb2NrbWFzdGVy]]> 1305 C: 1306 C: 1307 C: END 1308 S: RPY 0 1 . 264 183 1309 S: Content-Type: application/beep+xml 1310 S: 1311 S: 1312 S: b3RwLXNoYTEgOTk5NyBwaXh5bWlzYXM4NTgwNSBleHQ= 1313 ]]> 1314 S: 1315 S: END 1317 Note that this example implies that the "blob" element in the 1318 server's reply appears on two lines -- this is an artifact of the 1319 presentation; in fact, only one line is used. 1321 If a challenge is received, then the client responds and awaits 1322 another reply, e.g., 1324 C: MSG 1 0 . 0 97 1325 C: Content-Type: application/beep+xml 1326 C: 1327 C: d29yZDpmZXJuIGhhbmcgYnJvdyBib25nIGhlcmQgdG9n 1328 C: END 1329 S: RPY 1 0 . 0 66 1330 S: Content-Type: application/beep+xml 1331 S: 1332 S: 1333 S: END 1335 Of course, the client could abort the authentication process by 1336 sending "" instead. 1338 Alternatively, the server might reject the response with an error: 1339 e.g., 1341 C: MSG 1 0 . 0 97 1342 C: Content-Type: application/beep+xml 1343 C: 1344 C: d29yZDpmZXJuIGhhbmcgYnJvdyBib25nIGhlcmQgdG9n 1345 C: END 1346 S: ERR 1 1 . 0 60 1347 S: Content-Type: application/beep+xml 1348 S: 1349 S: 1350 S: END 1352 Finally, depending on the SASL mechanism, an initialization element 1353 may be exchanged unidirectionally during channel creation, e.g., 1355 C: MSG 0 1 . 52 145 1356 C: Content-Type: application/beep+xml 1357 C: 1358 C: 1359 C: 1361 C: 1362 C: END 1363 S: RPY 0 1 . 264 197 1364 S: Content-Type: application/beep+xml 1365 S: 1366 S: 1367 S: PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1 1368 jaS5uZXQ+]]> 1369 S: 1370 S: END 1372 Note that this example implies that the "blob" element in the 1373 server's reply appears on two lines -- this is an artifact of the 1374 presentation; in fact, only one line is used. 1376 4.1.2 Message Syntax 1378 Section 7.3 defines the messages that are used for each profile in 1379 the SASL family. 1381 Note that because many SASL mechanisms exchange binary data, the 1382 content of the "blob" element is always a base64-encoded string. 1384 4.1.3 Message Semantics 1386 The "blob" element has an optional "status" attribute, and arbitrary 1387 octets as its content: 1389 o the "status" attribute, if present, takes one of three values: 1391 abort: used by a client to indicate that it is aborting the 1392 authentication process; 1394 complete: used by a server to indicate that the exchange is 1395 complete and successful; or, 1397 continue: used by either a client or server, otherwise. 1399 Finally, note that SASL's EXTERNAL mechanism works with an "external 1400 authentication" service, which is provided by one of: 1402 o a transport security profile, capable of providing authentication 1403 information (e.g., Section 3.1), being active on the connection; 1405 o a network service, capable of providing strong authentication 1406 (e.g., IPSec[12]), underlying the connection; or, 1408 o a locally-defined security service. 1410 For authentication to succeed, two conditions must hold: 1412 o an external authentication service must be active; and, 1414 o if present, the authentication identity must be consistent with 1415 the credentials provided by the external authentication service 1416 (if the authentication identity is empty, then an authorization 1417 identity is automatically derived from the credentials provided 1418 by the external authentication service). 1420 5. Registration Templates 1422 5.1 Profile Registration Template 1424 When a profile is registered, the following information is supplied: 1426 Profile Identification: specify a URI[10] that authoritatively 1427 identifies this profile. 1429 Message Exchanged during Channel Creation: specify the datatypes 1430 that may be exchanged during channel creation. 1432 Messages starting one-to-one exchanges: specify the datatypes that 1433 may be present when an exchange starts. 1435 Messages in positive replies: specify the datatypes that may be 1436 present in a positive reply. 1438 Messages in negative replies: specify the datatypes that may be 1439 present in a negative reply. 1441 Messages in one-to-many exchanges: specify the datatypes that may be 1442 present in a one-to-many exchange. 1444 Message Syntax: specify the syntax of the datatypes exchanged by the 1445 profile. 1447 Message Semantics: specify the semantics of the datatypes exchanged 1448 by the profile. 1450 Contact Information: specify the postal and electronic contact 1451 information for the author of the profile. 1453 5.2 Feature Registration Template 1455 When a feature for the channel management profile is registered, the 1456 following information is supplied: 1458 Feature Identification: specify a string that identifies this 1459 feature. Unless the feature is registered with the IANA, the 1460 feature's identification MUST start with "x-". 1462 Feature Semantics: specify the semantics of the feature. 1464 Contact Information: specify the postal and electronic contact 1465 information for the author of the feature. 1467 6. Initial Registrations 1469 6.1 Registration: BEEP Channel Management 1471 Profile Identification: not applicable 1473 Messages exchanged during Channel Creation: not applicable 1475 Messages starting one-to-one exchanges: "start" or "close" 1477 Messages in positive replies: "greeting", "profile", or "ok" 1479 Messages in negative replies: "error" 1481 Messages in one-to-many exchanges: none 1483 Message Syntax: c.f., Section 7.1 1485 Message Semantics: c.f., Section 2.3.1 1487 Contact Information: c.f., the "Author's Address" section of this 1488 memo 1490 6.2 Registration: TLS Transport Security Profile 1492 Profile Identification: http://xml.resource.org/profiles/TLS 1494 Messages exchanged during Channel Creation: "ready" 1496 Messages starting one-to-one exchanges: "ready" 1498 Messages in positive replies: "proceed" 1500 Messages in negative replies: "error" 1502 Messages in one-to-many exchanges: none 1504 Message Syntax: c.f., Section 7.2 1506 Message Semantics: c.f., Section 3.1.3 1508 Contact Information: c.f., the "Author's Address" section of this 1509 memo 1511 6.3 Registration: SASL Family of Profiles 1513 Profile Identification: 1514 http://xml.resource.org/profiles/sasl/MECHANISM, where 1515 "MECHANISM" is a token registered with the IANA[16] 1517 Messages exchanged during Channel Creation: "blob" 1519 Messages starting one-to-one exchanges: "blob" 1521 Messages in positive replies: "blob" 1523 Messages in negative replies: "error" 1525 Messages in one-to-many exchanges: none 1527 Message Syntax: c.f., Section 7.3 1529 Message Semantics: c.f., Section 4.1.3 1531 Contact Information: c.f., the "Author's Address" section of this 1532 memo 1534 6.4 Registration: application/beep+xml 1536 MIME media type name: application 1538 MIME subtype name: beep+xml 1540 Required parameters: none 1542 Optional parameters: charset (defaults to "UTF-8"[13]) 1544 Encoding considerations: This media type may contain binary content; 1545 accordingly, when used over a transport that does not permit 1546 binary transfer, an appropriate encoding must be applied 1548 Security considerations: none, per se; however, any BEEP profile 1549 which uses this media type must describe its relevant security 1550 considerations 1552 Interoperability considerations: n/a 1554 Published specification: This media type is a proper subset of the 1555 the XML 1.0 specification[2]. Two restrictions are made. 1557 First, no entity references other than the five predefined 1558 general entities references ("&", "<", ">", "'", 1559 and """) and numeric entity references may be present. 1561 Second, neither the "XML" declaration (e.g., ) nor the "DOCTYPE" declaration (e.g., ) may be 1563 present. (Accordingly, if another character set other than UTF-8 1564 is desired, then the "charset" parameter must be present.) 1566 All other XML 1.0 instructions (e.g., CDATA blocks, processing 1567 instructions, and so on) are allowed. 1569 Applications which use this media type: any BEEP profile wishing to 1570 make use of this XML 1.0 subset 1572 Additional Information: none 1574 Contact for further information: c.f., the "Author's Address" 1575 section of this memo 1577 Intended usage: limited use 1579 Author/Change controller: the IESG 1581 7. DTDs 1583 7.1 BEEP Channel Management DTD 1585 1595 1619 1620 1621 1622 1623 1624 1625 1637 1638 1642 1643 1647 1648 1649 1653 1654 1659 1661 1662 1666 7.2 TLS Transport Security Profile DTD 1668 1678 1686 1687 1690 1692 7.3 SASL Family of Profiles DTD 1694 1704 1712 1713 1719 8. Reply Codes 1721 code meaning 1722 ==== ======= 1723 421 service not available 1725 450 requested action not taken 1726 (e.g., lock already in use) 1728 451 requested action aborted 1729 (e.g., local error in processing) 1731 454 temporary authentication failure 1733 500 general syntax error 1734 (e.g., poorly-formed XML) 1736 501 syntax error in parameters 1737 (e.g., non-valid XML) 1739 504 parameter not implemented 1741 530 authentication required 1743 534 authentication mechanism insufficient 1744 (e.g., too weak, sequence exhausted, etc.) 1746 535 authentication failure 1748 537 action not authorized for user 1750 538 authentication mechanism requires encryption 1752 550 requested action not taken 1753 (e.g., no requested profiles are acceptable) 1755 553 parameter invalid 1757 554 transaction failed 1758 (e.g., policy violation) 1760 9. Security Considerations 1762 The BEEP framing mechanism, per se, provides no protection against 1763 attack; however, judicious use of initial tuning profiles provides 1764 varying degrees of assurance: 1766 1. If one of the profiles from the SASL family is used, refer to 1767 [4]'s Section 9 for a discussion of security considerations. 1769 2. If the TLS transport security profile is used (or if a SASL 1770 security layer is negotiated), then: 1772 1. A man-in-the-middle may remove the security-related profiles 1773 from the BEEP greeting or generate a negative reply to the 1774 "ready" element of the TLS transport security profile. A 1775 BEEP peer may be configurable to refuse to proceed without 1776 an acceptable level of privacy. 1778 2. A man-in-the-middle may cause a down-negotiation to the 1779 weakest cipher suite available. A BEEP peer should be 1780 configurable to refuse weak cipher suites. 1782 3. A man-in-the-middle may modify any protocol exchanges prior 1783 to a successful negotiation. Upon completing the 1784 negotiation, a BEEP peer must discard previously cached 1785 information about the BEEP session. 1787 As different TLS ciphersuites provide varying levels of 1788 security, administrators should carefully choose which 1789 ciphersuites are provisioned. 1791 As BEEP is peer-to-peer in nature, before performing any task 1792 associated with a message, each channel should apply the appropriate 1793 access control based on the authenticated identity and privacy level 1794 associated with the BEEP session. 1796 References 1798 [1] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1799 Extensions (MIME) Part One: Format of Internet Message 1800 Bodies", RFC 2045, November 1996. 1802 [2] World Wide Web Consortium, "Extensible Markup Language (XML) 1803 1.0", W3C XML, February 1998, 1804 . 1806 [3] Dierks, T., Allen, C., Treese, W., Karlton, P. L., Freier, A. 1807 O. and P. C. Kocher, "The TLS Protocol Version 1.0", RFC 2246, 1808 January 1999. 1810 [4] Myers, J.G., "Simple Authentication and Security Layer 1811 (SASL)", RFC 2222, October 1997. 1813 [5] Rose, M.T., "Mapping the BEEP Framework onto TCP", 1814 draft-ietf-beep-tcpmapping-04 (work in progress), October 2000. 1816 [6] Postel, J., "Transmission Control Protocol", RFC 793, STD 7, 1817 Sep 1981. 1819 [7] Crocker, D. H. and P. Overell, "Augmented BNF for Syntax 1820 Specifications: ABNF", RFC 2234, November 1997. 1822 [8] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, 1823 August 1996. 1825 [9] Alvestrand, H., "Tags for the Identification of Languages", 1826 RFC 1766, March 1995. 1828 [10] Berners-Lee, T., Fielding, R.T. and L. Masinter, "Uniform 1829 Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1830 1998. 1832 [11] Newman, C., "The One-Time-Password SASL Mechanism", RFC 2444, 1833 October 1998. 1835 [12] Kent, S. and R. Atkinson, "Security Architecture for the 1836 Internet Protocol", RFC 2401, November 1998. 1838 [13] Yergeau, F., "UTF-8, a transformation format of ISO 10646", 1839 RFC 2279, January 1998. 1841 [14] Linn, J., "Generic Security Service Application Program 1842 Interface, Version 2", RFC 2078, January 1997. 1844 [15] 1846 [16] 1847 Author's Address 1849 Marshall T. Rose 1850 Invisible Worlds, Inc. 1851 1179 North McDowell Boulevard 1852 Petaluma, CA 94954-6559 1853 US 1855 Phone: +1 707 789 3700 1856 EMail: mrose@invisible.net 1857 URI: http://invisible.net/ 1859 Appendix A. Acknowledgements 1861 The author gratefully acknowledges the contributions of: David 1862 Clark, Dave Crocker, Steve Deering, Wesley Michael Eddy, Huston 1863 Franklin, Marco Gazzetta, Danny Goodman, Steve Harris, Robert 1864 Herriot, Ken Hirsch, Greg Hudson, Ben Laurie, Carl Malamud, Michael 1865 Mealling, Keith McCloghrie, Paul Mockapetris, RL 'Bob' Morgan, Frank 1866 Morton, Darren New, Chris Newman, Joe Touch, Paul Vixie, Gabe 1867 Wachob, Daniel Woods, and, James Woodyatt. In particular, Dave 1868 Crocker provided helpful suggestions on the nature of segmentation 1869 in the framing mechanism. 1871 Appendix B. IANA Considerations 1873 The IANA registers "beep" as a GSSAPI[14] service name, as specified 1874 in Section 4.1. 1876 The IANA maintains a list of: 1878 o BEEP profiles, c.f., Section 5.1; and, 1880 o features for the channel management profile, c.f., Section 5.2. 1882 The IANA makes the registrations specified in Section 6.2 and 1883 Section 6.3. It is recommended that the IANA register these profiles 1884 using the IANA as a URI-prefix, and populate those URIs with the 1885 respective profile registrations. 1887 Full Copyright Statement 1889 Copyright (C) The Internet Society (2000). All Rights Reserved. 1891 This document and translations of it may be copied and furnished to 1892 others, and derivative works that comment on or otherwise explain it 1893 or assist in its implementation may be prepared, copied, published 1894 and distributed, in whole or in part, without restriction of any 1895 kind, provided that the above copyright notice and this paragraph 1896 are included on all such copies and derivative works. However, this 1897 document itself may not be modified in any way, such as by removing 1898 the copyright notice or references to the Internet Society or other 1899 Internet organizations, except as needed for the purpose of 1900 developing Internet standards in which case the procedures for 1901 copyrights defined in the Internet Standards process must be 1902 followed, or as required to translate it into languages other than 1903 English. 1905 The limited permissions granted above are perpetual and will not be 1906 revoked by the Internet Society or its successors or assigns. 1908 This document and the information contained herein is provided on an 1909 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1910 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1911 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1912 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1913 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1915 Acknowledgement 1917 Funding for the RFC editor function is currently provided by the 1918 Internet Society.