idnits 2.17.1 draft-ietf-ldapext-ldapv3-vlv-01.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-20) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 9 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 10 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 179 instances of weird spacing in the document. Is it really formatted ragged-right, rather than justified? ** There are 2 instances of too long lines in the document, the longest one being 1 character in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 14 has weird spacing: '...fts are worki...' == Line 15 has weird spacing: '...ments of the ...' == Line 16 has weird spacing: '...t other group...' == Line 20 has weird spacing: '...and may be ...' == Line 24 has weird spacing: '...atus of any ...' == (174 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (12 September 1998) is 9352 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'SSS' is mentioned on line 206, but not defined -- Looks like a reference, but probably isn't: '0' on line 214 -- Looks like a reference, but probably isn't: '1' on line 217 ** Obsolete normative reference: RFC 2251 (ref. 'LDAPv3') (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) -- No information found for draft-ietf-asid-ldapv3-simple-paged - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'SPaged' Summary: 12 errors (**), 0 flaws (~~), 11 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT David Boreham, Netscape 3 Chris Weider, Microsoft 4 ldapext Working Group 12 March, 1998 6 LDAP Extensions for Scrolling View Browsing of Search Results 8 draft-ietf-ldapext-ldapv3-vlv-01.txt 10 This document expires on 12 September 1998 12 1. Status of this Memo 14 This document is an Internet-Draft. Internet-Drafts are working docu- 15 ments of the Internet Engineering Task Force (IETF), its areas, and its 16 working groups. Note that other groups may also distribute working 17 documents as Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet- Drafts as reference material 22 or to cite them other than as ``work in progress.'' 24 To learn the current status of any Internet-Draft, please check the 25 ``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow 26 Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), 27 ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 29 2. Abstract 31 This document describes a Virtual List View control extension for the 32 LDAP Search operation. This control is designed to allow the ''virtual 33 list box'' feature, common in existing commercial e-mail address book 34 applications, to be supported efficiently by LDAP servers. LDAP servers' 35 inability to support this client feature is a significant impediment to 36 LDAP replacing proprietary protocols in commercial e-mail systems. 38 The control allows a client to specify that the server return, for a 39 given LDAP search with associated sort keys, a contiguous subset of the 40 search result set. This subset is specified in terms of offsets into the 41 ordered list, or in terms of a greater than or equal comparison value. 43 3. Background 45 A Virtual List is a graphical user interface technique employed where 46 ordered lists containing a large number of entries need to be displayed. 47 A window containing a small number of visible list entries is drawn. The 48 visible portion of the list may be relocated to different points within 50 RFC DRAFT March 1998 52 the list by means of user input. This input can be to a scroll bar 53 slider; from cursor keys; from page up/down keys; from alphanumeric keys 54 for "typedown". The user is given the impression that they may browse 55 the complete list at will, even though it may contain millions of 56 entries. It is the fact that the complete list contents are never 57 required at any one time that characterizes Virtual List View. Rather 58 than fetch the complete list from wherever it is stored (typically from 59 disk or a remote server), only that information which is required to 60 display the part of the list currently in view is fetched. The subject 61 of this document is the interaction between client and server required 62 to implement this functionality in the context of the results from a 63 sorted LDAP search request. 65 For example, suppose an e-mail address book application displays a list 66 view onto the list containing the names of all the holders of e-mail 67 accounts at a large university. The list is sorted alphabetically. 68 While there may be tens of thousands of entries in this list, the 69 address book list view displays only 20 such accounts at any one time. 70 The list has an accompanying scroll bar and text input window for type- 71 down. When first displayed, the list view shows the first 20 entries in 72 the list, and the scroll bar slider is positioned at the top of its 73 range. Should the user drag the slider to the bottom of its range, the 74 displayed contents of the list view should be updated to show the last 75 20 entries in the list. Similarly, if the slider is positioned somewhere 76 in the middle of its travel, the displayed contents of the list view 77 should be updated to contain the 20 entries located at that relative 78 position within the complete list. Starting from any display point, if 79 the user uses the cursor keys or clicks on the scroll bar to request 80 that the list be scrolled up or down by one entry, the displayed con- 81 tents should be updated to reflect this. Similarly the list should be 82 displayed correctly when the user requests a page scroll up or down. 83 Finally, when the user types characters in the type-down window, the 84 displayed contents of the list should "jump" or "seek" to the appropri- 85 ate point within the list. For example, if the user types "B", the 86 displayed list could center around the first user with a name beginning 87 with the letter "B". When this happens, the scroll bar slider should 88 also be updated to reflect the new relative location within the list. 90 This document defines a request control which extends the LDAP search 91 operation. Always used in conjunction with the server side sorting 92 control[SSS], this allows a client to retrieve selected portions of 93 large search result set in a fashion suitable for the implementation of 94 a virtual list view. 96 The key words "MUST", "SHOULD", and "MAY" used in this document are to 97 be interpreted as described in [Bradner97]. 99 RFC DRAFT March 1998 101 4. Client-Server Interaction 103 The Virtual List View control extends a regular LDAP Search operation 104 which must also include a server-side sorting control[SSS]. Rather than 105 returning the complete set of appropriate SearchResultEntry messages, 106 the server is instructed to return a contiguous subset of those entries, 107 taken from the sorted result set, centered around a particular target 108 entry. Henceforth, in the interests of brevity, the sorted search result 109 set will be referred to as "the list". 111 The sort control MAY contain any sort specification valid for the 112 server. The attributeType field in the first SortKeyList sequence ele- 113 ment has special significance for "typedown". 115 The desired target entry, and the number of entries to be returned both 116 before, and after, that target entry in the list, are determined by the 117 client's VirtualListViewRequest control. 119 When the server returns the set of entries to the client, it attaches a 120 VirtualListViewResponse control to the searchResultDone message. The 121 server returns in this control: its current estimate for the list con- 122 tent count, the location within the list corresponding to the target 123 entry, and any error codes. 125 The target entry is specified in the VirtualListViewRequest control by 126 one of two methods. The first method is for the client to indicate the 127 target entry's offset within the list. The second way is for the client 128 to supply an attribute assertion value. The value is compared against 129 the values of the attribute specified as the primary sort key in the 130 sort control attached to the search operation. The target entry is 131 first entry in the list with value greater than or equal to (in the pri- 132 mary sort order), the presented value. The order is determined by rules 133 defined in [SSS]. Selection of the target entry by this means is 134 designed to implement "typedown". Note that it is possible that no 135 entry satisfies these conditions, in which case there is no target 136 entry. This condition is indicated by the server returning the special 137 value contentCount + 1 in the target position field. 139 Because the server may not have an accurate estimate of the number of 140 entries in the list, and to take account of cases where the list size is 141 changing during the time the user browses the list, and because the 142 client needs a way to indicate specific list targets "beginning" and 143 "end", offsets within the list are transmitted between client and server 144 as ratios---offset to content count. The server sends its latest esti- 145 mate as to the number of entries in the list (content count) to the 146 client in every response control. The client sends its assumed value 147 for the content count in every request control. The server examines the 148 content count and offsets presented by the client and computes the 150 RFC DRAFT March 1998 152 corresponding offsets within the list, based on its own idea of the con- 153 tent count. 155 Si = Sc * (Ci / Cc) 157 Where: 158 Si is the actual list offset used by the server 159 Sc is the server's estimate for content count 160 Ci is the client's submitted offset 161 Cc is the client's submitted content count 162 The result is rounded to the nearest integer. 164 If the content count is stable, and the client returns to the server the 165 content count most recently received, Cc = Sc and the offsets transmit- 166 ted become the actual server list offsets. 168 The following special cases are allowed: a client sending a content 169 count of zero (Cc = 0) means "client has no idea what the content count 170 is, server MUST use its own content count estimate in place of the 171 client's". An offset value of one (Ci = 1) always means that the target 172 is the first entry in the list. Client specifying an offset which equals 173 the content count specified in the same request control (Ci = Cc) means 174 that the target is the last entry in the list. Ci may only equal zero 175 when Cc is also zero. This signifies the last entry in the list. 177 Because the server always returns contentCount and targetPosition, the 178 client can always determine which of the returned entries is the target 179 entry. Where the number of entries returned is the same as the number 180 requested, the client is able to identify the target by simple arith- 181 metic. Where the number of entries returned is not the same as the 182 number requested (because the requested range crosses the beginning or 183 end of the list, or both), the client must use the target position and 184 content count values returned by the server to identify the target 185 entry. For example, suppose that 10 entries before and 10 after the tar- 186 get were requested, but the server returns 13 entries, a content count 187 of 100 and a target position of 3. The client can determine that the 188 first entry must be entry number 1 in the list, therefore the 13 entries 189 returned are the first 13 entries in the list, and the target is the 190 third one. 192 5. The Controls 194 Support for the virtual list view extended operation is indicated by the 195 presence of the OID "2.16.840.1.113730.3.4.9" in the supportedExtensions 196 attribute of a server's root DSE. 198 RFC DRAFT March 1998 200 5.1. Request Control 202 This control is included in the searchRequest message as part of the 203 controls field of the LDAPMessage, as defined in Section 4.1.12 of 204 [LDAPv3]. The controlType is set to "2.16.840.1.113730.3.4.9". The cri- 205 ticality SHOULD be set to TRUE. If this control is included in a sear- 206 chRequest message, a Server Side Sorting request control [SSS] MUST also 207 be present in the message. The controlValue is an OCTET STRING whose 208 value is the BER-encoding of the following SEQUENCE: 210 VirtualListViewRequest ::= SEQUENCE { 211 beforeCount INTEGER (0 .. maxInt), 212 afterCount INTEGER (0 .. maxInt), 213 CHOICE { 214 byoffset [0] SEQUENCE { 215 offset INTEGER (0 .. maxInt), 216 contentCount INTEGER (0 .. maxInt) } 217 [1] greaterThanOrEqual assertionValue } 219 beforeCount indicates how many entries before the target entry the 220 client wants the server to send. afterCount indicates the number of 221 entries after the target entry the client wants the server to send. 222 offset and contentCount identify the target entry as detailed in section 223 4. greaterThanOrEqual is an attribute assertion value defined in 224 [LDAPv3]. If present, the value supplied in greaterThanOrEqual is used 225 to determine the target entry by comparison with the values of the 226 attribute specified as the primary sort key. The first list entry who's 227 value is no less than the supplied value is the target entry. 229 5.2. Response Control 231 This control is included in the searchResultDone message as part of the 232 controls field of the LDAPMessage, as defined in Section 4.1.12 of 233 [LDAPv3]. 235 The controlType is set to "2.16.840.1.113730.3.4.10". The criticality is 236 FALSE (MAY be absent). The controlValue is an OCTET STRING, whose value 237 is the BER encoding of a value of the following SEQUENCE: 239 VirtualListViewResponse ::= SEQUENCE { 240 targetPosition INTEGER (0 .. maxInt), 241 contentCount INTEGER (0 .. maxInt), 242 virtualListViewResult ENUMERATED { 243 success (0), 244 operatonsError (1), 245 unwillingToPerform (53), 246 insufficientAccessRights (50), 248 RFC DRAFT March 1998 250 busy (51), 251 timeLimitExceeded (3), 252 adminLimitExceeded (11), 253 sortControlMissing (60), 254 offsetRangeError (61), 255 other (80) } } 257 targetPosition gives the list offset for the target entry. contentCount 258 gives the server's estimate of the current number of entries in the 259 list. Together these give sufficient information for the client to 260 update a list box slider position to match the newly retrieved entries 261 and identify the target entry. The contentCount value returned SHOULD be 262 used in a subsequent virtualListViewRequest control. 264 If the server determines that the results of the search presented exceed 265 the range provided by the 32-bit offset values, it MUST return 266 offsetRangeError. 268 6. Protocol Example 270 Here we walk through the client-server interaction for a specific vir- 271 tual list view example: The task is to display a list of all 78564 peo- 272 ple in the US company "Ace Industry". This will be done by creating a 273 graphical user interface object to display the list contents, and by 274 repeatedly sending different versions of the same virtual list view 275 search request to the server. The list view displays 20 entries on the 276 screen at a time. 278 We form a search with baseDN "o=Ace Industry, c=us"; search scope sub- 279 tree; filter "objectClass=inetOrgPerson". We attach a server sort order 280 control to the search, specifying ascending sort on attribute "cn". To 281 this base search, we attach a virtual list view request control with 282 contents determined by the user activity and send the search to the 283 server. We display the results from each search in the list window and 284 update the slider position. 286 When the list view is first displayed, we want to initialize the con- 287 tents showing the beginning of the list. Therefore, we set beforeCount = 288 0, afterCount = 19, contentCount = 0, offset = 1 and send the request to 289 the server. The server duly returns the first 20 entries in the list, 290 plus the content count = 78564 and targetPosition = 1. We therefore 291 leave the scroll bar slider at its current location (the top of its 292 range). 294 Say that next the user drags the scroll bar slider down to the bottom of 295 its range. We now wish to display the last 20 entries in the list, so 296 we set beforeCount = 19, afterCount = 0, contentCount = 78564, offset = 297 78564 and send the request to the server. The server returns the last 20 299 RFC DRAFT March 1998 301 entries in the list, plus the content count = 78564 and targetPosition = 302 78564. 304 Next the user presses a page up key. Our page size is 20, so we set 305 beforeCount = 0, afterCount = 19, contentCount = 78564, offset = 306 78564-19-20 and send the request to the server. The server returns the 307 preceeding 20 entries in the list, plus the content count = 78564 and 308 targetPosition = 78524. 310 Now the user grabs the scroll bar slider and drags it to 68% of the way 311 down its travel. 68% of 78564 is 52424 so we set beforeCount = 9, after- 312 Count = 10, contentCount = 78564, offset = 52424 and send the request to 313 the server. The server returns the preceeding 20 entries in the list, 314 plus the content count = 78564 and targetPosition = 78524. 316 Lastly, the user types the letter "B". We set beforeCount = 9, after- 317 Count = 10 and greaterThanOrEqual = "B". The server finds the first 318 entry in the list not less than "B", let's say "Babs Jensen", and 319 returns the nine preceeding entries, the target entry, and the proceed- 320 ing 10 entries. The server returns content count = 78564 and targetPo- 321 sition = 5234 and so the client updates its scroll bar slider to 6.6% of 322 full scale. 324 7. Server Publication of Indexed VLV Searches 326 It is considered important that a client should be able to discover the 327 set of search and sort specifications for which a server is able to pro- 328 vide efficient (i.e. indexed) service. It is expected that this will be 329 accomplished via means similar to the mechanism by which clients can 330 already discover LDAPv3 server supported naming contexts, namely the 331 rootDSE. The schema employed for this publication mechanism is to be 332 determined. 334 8. Notes for Implementers 336 While the feature is expected to be generally useful for arbitrary 337 search and sort specifications, it is specifically designed for those 338 cases where the result set is very large. The intention is that this 339 feature be implemented efficiently by means of pre-computed indices per- 340 taining to a set of specific cases. For example, an offset relating to 341 "all the employees in the local organization, sorted by surname" would 342 be a common case. 344 The intention for client software is that the feature should fit easily 345 with the host platform's graphical user interface facilities for the 346 display of scrolling lists. Thus the task of the client implementers 347 should be one of reformatting up the requests for information received 348 from the list view code to match the format of the virtual list view 350 RFC DRAFT March 1998 352 request and response controls. 354 Client implementers should note that any offset value returned by the 355 server may be approximate. Do not design clients which fail to operate 356 correctly unless offsets are exact. 358 Server implementers are free to return status code unwillingToPerform 359 should their server be unable to service any particular VLV search. 360 This might be because the resolution of the search is computationally 361 infeasible, or because the excessive server resources would be required 362 to service the search. 364 Client implementers should note that this control is only defined on a 365 client interaction with a single server. If a server returns referrals 366 as a part of its response to the search request, the client is responsi- 367 ble for deciding when and how to apply this control to the referred-to 368 servers, and how to collate the results from multiple servers. 370 Search result entries are returned by the server according to the core 371 LDAPv3 protocol [LDAPv3]. However, the content of those entries may be 372 affected by access controls within the server. Consider the case where 373 access to some entries within the list is controlled such that the 374 client is not permitted to discover that they exist. In a simple search, 375 these entries would not be returned to the client. However, in servicing 376 a VLV search, a server implementation might be required to maintain a 377 different index for each potential client authentication identity. This 378 is in order that it may efficiently compute the responses to all 379 clients. This may present an intolerable burden on the server. Accord- 380 ingly, servers are permitted to return a minimal entry as a placeholder 381 for an entry which would otherwise, due to access control, be "invisi- 382 ble" to the client. This minimal entry contains only a distinguised 383 name. The distinguished name MAY be either that of the real entry, or a 384 "fake" one, designed to make the actual value obscure to the client. 386 9. Relationship to "Simple Paged Results" 388 These controls are designed to support the virtual list view, which has 389 proved hard to implement with the Simple Paged Results mechanism 390 [SPaged]. However, the controls described here support any operation 391 possible with the Simple Paged Results mechanism. The two mechanisms are 392 not complementary, rather one has a superset of the other's features. 393 One area where the mechanism presented here is not a strict superset of 394 the Simple Paged Results scheme is that here we require a sort order to 395 be specified. No such requirement is made for paged results. 397 RFC DRAFT March 1998 399 10. Security Considerations 401 Server implementers may wish to consider whether clients are able to 402 consume excessive server resources in requesting virtual list opera- 403 tions. Access control to the feature itself; configuration options lim- 404 iting the feature's use to certain predetermined search base DNs and 405 filters; throttling mechanisms designed to limit the ability for one 406 client to soak up server resources, may be appropriate. 408 Consideration should be given as to whether a client will be able to 409 retrieve the complete contents, or a significant subset of the complete 410 contents of the directory using this feature. This may be undesirable in 411 some circumstances and consequently it may be necessary to enforce some 412 access control. 414 Clients can, using this control, determine how many entries are con- 415 tained within a portion of the DIT. This may constitute a security 416 hazard. Again, access controls may be appropriate. 418 11. References 420 [LDAPv3] 421 Wahl, M, S. Kille and T. Howes, "Lightweight Directory Access Pro- 422 tocol (v3)", Internet Standard, December, 1997. Available as 423 RFC2251. 425 [SPaged] 426 Weider, C, A. Herron and T. Howes, "LDAP Control Extension for Sim- 427 ple Paged Results Manipulation", Internet Draft, March, 1998. 428 Available as draft-ietf-asid-ldapv3-simple-paged-02.txt. 430 [SSS]Wahl, M, A. Herron and T. Howes, "LDAP Control Extension for Server 431 Side Sorting of Search Results", Internet Draft, March, 1998. 432 Available as draft-ietf-asid-ldapv3-sorting-01.txt. 434 [Bradner97] 435 Bradner, Scott, "Key Words for use in RFCs to Indicate Requirement 436 Levels", Internet Draft, March, 1997. Available as RFC2119. 438 12. Author's Address 440 David Boreham 441 Netscape Communications Corp. 442 501 E. Middlefield Road 443 Mountain View, CA 94043, USA 444 dboreham@netscape.com 445 +1 650 937-5206 447 RFC DRAFT March 1998 449 Chris Weider 450 Microsoft Corp. 451 1 Microsoft Way 452 Redmond, WA 98052 453 +1 425 703-2947 454 cweider@microsoft.com 456 This document expires on 12 September 1998