idnits 2.17.1 draft-ietf-ldapext-ldapv3-vlv-03.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 9 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 10 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 192 instances of weird spacing in the document. Is it really formatted ragged-right, rather than justified? Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 15 has weird spacing: '...ormance with ...' == Line 16 has weird spacing: '...visions of Se...' == Line 17 has weird spacing: '...as, and its...' == Line 18 has weird spacing: '...working group...' == Line 22 has weird spacing: '...and may be ...' == (187 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (10 December 1999) is 8876 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'SSS' is mentioned on line 216, but not defined -- Looks like a reference, but probably isn't: '0' on line 224 -- Looks like a reference, but probably isn't: '1' on line 227 ** Obsolete normative reference: RFC 2251 (ref. 'LDAPv3') (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) -- No information found for draft-ietf-asid-ldapv3-simple-paged - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'SPaged' Summary: 9 errors (**), 0 flaws (~~), 11 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT David Boreham, Netscape 2 Jim Sermersheim, Novell 3 Anoop Anantha, Microsoft 4 Michael Armijo, Microsoft 5 ldapext Working Group 11 June, 1999 7 LDAP Extensions for Scrolling View Browsing of Search Results 9 draft-ietf-ldapext-ldapv3-vlv-03.txt 11 This document expires on 10 December 1999 13 1. Status of this Memo 15 This document is an Internet-Draft and is in full conformance with all 16 provisions of Section 10 of RFC2026. Internet-Drafts are working docu- 17 ments of the Internet Engineering Task Force (IETF), its areas, and its 18 working groups. Note that other groups may also distribute working 19 documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference material 24 or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 2. Abstract 34 This document describes a Virtual List View control extension for the 35 LDAP Search operation. This control is designed to allow the "virtual 36 list box" feature, common in existing commercial e-mail address book 37 applications, to be supported efficiently by LDAP servers. LDAP servers' 38 inability to support this client feature is a significant impediment to 39 LDAP replacing proprietary protocols in commercial e-mail systems. 41 The control allows a client to specify that the server return, for a 42 given LDAP search with associated sort keys, a contiguous subset of the 43 search result set. This subset is specified in terms of offsets into the 44 ordered list, or in terms of a greater than or equal comparison value. 46 RFC DRAFT March 1999 48 3. Background 50 A Virtual List is a graphical user interface technique employed where 51 ordered lists containing a large number of entries need to be displayed. 52 A window containing a small number of visible list entries is drawn. The 53 visible portion of the list may be relocated to different points within 54 the list by means of user input. This input can be to a scroll bar 55 slider; from cursor keys; from page up/down keys; from alphanumeric keys 56 for "typedown". The user is given the impression that they may browse 57 the complete list at will, even though it may contain millions of 58 entries. It is the fact that the complete list contents are never 59 required at any one time that characterizes Virtual List View. Rather 60 than fetch the complete list from wherever it is stored (typically from 61 disk or a remote server), only that information which is required to 62 display the part of the list currently in view is fetched. The subject 63 of this document is the interaction between client and server required 64 to implement this functionality in the context of the results from a 65 sorted LDAP search request. 67 For example, suppose an e-mail address book application displays a list 68 view onto the list containing the names of all the holders of e-mail 69 accounts at a large university. The list is sorted alphabetically. 70 While there may be tens of thousands of entries in this list, the 71 address book list view displays only 20 such accounts at any one time. 72 The list has an accompanying scroll bar and text input window for type- 73 down. When first displayed, the list view shows the first 20 entries in 74 the list, and the scroll bar slider is positioned at the top of its 75 range. Should the user drag the slider to the bottom of its range, the 76 displayed contents of the list view should be updated to show the last 77 20 entries in the list. Similarly, if the slider is positioned somewhere 78 in the middle of its travel, the displayed contents of the list view 79 should be updated to contain the 20 entries located at that relative 80 position within the complete list. Starting from any display point, if 81 the user uses the cursor keys or clicks on the scroll bar to request 82 that the list be scrolled up or down by one entry, the displayed con- 83 tents should be updated to reflect this. Similarly the list should be 84 displayed correctly when the user requests a page scroll up or down. 85 Finally, when the user types characters in the type-down window, the 86 displayed contents of the list should "jump" or "seek" to the appropri- 87 ate point within the list. For example, if the user types "B", the 88 displayed list could center around the first user with a name beginning 89 with the letter "B". When this happens, the scroll bar slider should 90 also be updated to reflect the new relative location within the list. 92 This document defines a request control which extends the LDAP search 93 operation. Always used in conjunction with the server side sorting 94 control[SSS], this allows a client to retrieve selected portions of 95 large search result set in a fashion suitable for the implementation of 97 RFC DRAFT March 1999 99 a virtual list view. 101 The key words "MUST", "SHOULD", and "MAY" used in this document are to 102 be interpreted as described in [Bradner97]. 104 4. Client-Server Interaction 106 The Virtual List View control extends a regular LDAP Search operation 107 which must also include a server-side sorting control[SSS]. Rather than 108 returning the complete set of appropriate SearchResultEntry messages, 109 the server is instructed to return a contiguous subset of those entries, 110 taken from the sorted result set, centered around a particular target 111 entry. Henceforth, in the interests of brevity, the sorted search result 112 set will be referred to as "the list". 114 The sort control MAY contain any sort specification valid for the 115 server. The attributeType field in the first SortKeyList sequence ele- 116 ment has special significance for "typedown". 118 The desired target entry, and the number of entries to be returned both 119 before, and after, that target entry in the list, are determined by the 120 client's VirtualListViewRequest control. 122 When the server returns the set of entries to the client, it attaches a 123 VirtualListViewResponse control to the searchResultDone message. The 124 server returns in this control: its current estimate for the list con- 125 tent count, the location within the list corresponding to the target 126 entry, and any error codes. 128 The target entry is specified in the VirtualListViewRequest control by 129 one of two methods. The first method is for the client to indicate the 130 target entry's offset within the list. The second way is for the client 131 to supply an attribute assertion value. The value is compared against 132 the values of the attribute specified as the primary sort key in the 133 sort control attached to the search operation. The target entry is 134 first entry in the list with value greater than or equal to (in the pri- 135 mary sort order), the presented value. The order is determined by rules 136 defined in [SSS]. Selection of the target entry by this means is 137 designed to implement "typedown". Note that it is possible that no 138 entry satisfies these conditions, in which case there is no target 139 entry. This condition is indicated by the server returning the special 140 value contentCount + 1 in the target position field. 142 Because the server may not have an accurate estimate of the number of 143 entries in the list, and to take account of cases where the list size is 144 changing during the time the user browses the list, and because the 145 client needs a way to indicate specific list targets "beginning" and 146 "end", offsets within the list are transmitted between client and server 148 RFC DRAFT March 1999 150 as ratios---offset to content count. The server sends its latest esti- 151 mate as to the number of entries in the list (content count) to the 152 client in every response control. The client sends its assumed value 153 for the content count in every request control. The server examines the 154 content count and offsets presented by the client and computes the 155 corresponding offsets within the list, based on its own idea of the con- 156 tent count. 158 Si = Sc * (Ci / Cc) 160 Where: 161 Si is the actual list offset used by the server 162 Sc is the server's estimate for content count 163 Ci is the client's submitted offset 164 Cc is the client's submitted content count 165 The result is rounded to the nearest integer. 167 If the content count is stable, and the client returns to the server the 168 content count most recently received, Cc = Sc and the offsets transmit- 169 ted become the actual server list offsets. 171 The following special cases are allowed: a client sending a content 172 count of zero (Cc = 0) means "client has no idea what the content count 173 is, server MUST use its own content count estimate in place of the 174 client's". An offset value of one (Ci = 1) always means that the target 175 is the first entry in the list. Client specifying an offset which equals 176 the content count specified in the same request control (Ci = Cc) means 177 that the target is the last entry in the list. Ci may only equal zero 178 when Cc is also zero. This signifies the last entry in the list. 180 Because the server always returns contentCount and targetPosition, the 181 client can always determine which of the returned entries is the target 182 entry. Where the number of entries returned is the same as the number 183 requested, the client is able to identify the target by simple arith- 184 metic. Where the number of entries returned is not the same as the 185 number requested (because the requested range crosses the beginning or 186 end of the list, or both), the client must use the target position and 187 content count values returned by the server to identify the target 188 entry. For example, suppose that 10 entries before and 10 after the tar- 189 get were requested, but the server returns 13 entries, a content count 190 of 100 and a target position of 3. The client can determine that the 191 first entry must be entry number 1 in the list, therefore the 13 entries 192 returned are the first 13 entries in the list, and the target is the 193 third one. 195 A server-generated context identifier MAY be returned to clients. A 196 client receiving a context identifier SHOULD return it unchanged in a 197 subsequent request which relates to the same list. The purpose of this 199 RFC DRAFT March 1999 201 interaction is to enhance the performance and effectiveness of servers 202 which employ approximate positioning. 204 5. The Controls 206 Support for the virtual list view extended operation is indicated by the 207 presence of the OID "2.16.840.1.113730.3.4.9" in the supportedControl 208 attribute of a server's root DSE. 210 5.1. Request Control 212 This control is included in the searchRequest message as part of the 213 controls field of the LDAPMessage, as defined in Section 4.1.12 of 214 [LDAPv3]. The controlType is set to "2.16.840.1.113730.3.4.9". The cri- 215 ticality SHOULD be set to TRUE. If this control is included in a sear- 216 chRequest message, a Server Side Sorting request control [SSS] MUST also 217 be present in the message. The controlValue is an OCTET STRING whose 218 value is the BER-encoding of the following SEQUENCE: 220 VirtualListViewRequest ::= SEQUENCE { 221 beforeCount INTEGER (0 .. maxInt), 222 afterCount INTEGER (0 .. maxInt), 223 CHOICE { 224 byoffset [0] SEQUENCE, { 225 offset INTEGER (0 .. maxInt), 226 contentCount INTEGER (0 .. maxInt) } 227 [1] greaterThanOrEqual assertionValue } 228 contextID OCTET STRING OPTIONAL } 230 beforeCount indicates how many entries before the target entry the 231 client wants the server to send. afterCount indicates the number of 232 entries after the target entry the client wants the server to send. 233 offset and contentCount identify the target entry as detailed in section 234 4. greaterThanOrEqual is an attribute assertion value defined in 235 [LDAPv3]. If present, the value supplied in greaterThanOrEqual is used 236 to determine the target entry by comparison with the values of the 237 attribute specified as the primary sort key. The first list entry who's 238 value is no less than (less than or equal to when the sort order is 239 reversed) the supplied value is the target entry. If present, the con- 240 textID field contains the value of the most recently received contextID 241 field from a VirtualListViewResponse control. 243 5.2. Response Control 245 This control is included in the searchResultDone message as part of the 246 controls field of the LDAPMessage, as defined in Section 4.1.12 of 247 [LDAPv3]. 249 RFC DRAFT March 1999 251 The controlType is set to "2.16.840.1.113730.3.4.10". The criticality is 252 FALSE (MAY be absent). The controlValue is an OCTET STRING, whose value 253 is the BER encoding of a value of the following SEQUENCE: 255 VirtualListViewResponse ::= SEQUENCE { 256 targetPosition INTEGER (0 .. maxInt), 257 contentCount INTEGER (0 .. maxInt), 258 virtualListViewResult ENUMERATED { 259 success (0), 260 operatonsError (1), 261 unwillingToPerform (53), 262 insufficientAccessRights (50), 263 busy (51), 264 timeLimitExceeded (3), 265 adminLimitExceeded (11), 266 sortControlMissing (60), 267 offsetRangeError (61), 268 other (80) }, 269 contextID OCTET STRING OPTIONAL } 271 targetPosition gives the list offset for the target entry. contentCount 272 gives the server's estimate of the current number of entries in the 273 list. Together these give sufficient information for the client to 274 update a list box slider position to match the newly retrieved entries 275 and identify the target entry. The contentCount value returned SHOULD be 276 used in a subsequent virtualListViewRequest control. contextID is a 277 server-defined octet string. If present, the contents of the contextID 278 field SHOULD be returned to the server by a client in a subsequent Vir- 279 tualListViewRequest control. 281 If the server determines that the results of the search presented exceed 282 the range provided by the 32-bit offset values, it MUST return 283 offsetRangeError. 285 6. Protocol Example 287 Here we walk through the client-server interaction for a specific vir- 288 tual list view example: The task is to display a list of all 78564 peo- 289 ple in the US company "Ace Industry". This will be done by creating a 290 graphical user interface object to display the list contents, and by 291 repeatedly sending different versions of the same virtual list view 292 search request to the server. The list view displays 20 entries on the 293 screen at a time. 295 We form a search with baseDN "o=Ace Industry, c=us"; search scope sub- 296 tree; filter "objectClass=inetOrgPerson". We attach a server sort order 297 control to the search, specifying ascending sort on attribute "cn". To 298 this base search, we attach a virtual list view request control with 300 RFC DRAFT March 1999 302 contents determined by the user activity and send the search to the 303 server. We display the results from each search in the list window and 304 update the slider position. 306 When the list view is first displayed, we want to initialize the con- 307 tents showing the beginning of the list. Therefore, we set beforeCount = 308 0, afterCount = 19, contentCount = 0, offset = 1 and send the request to 309 the server. The server duly returns the first 20 entries in the list, 310 plus the content count = 78564 and targetPosition = 1. We therefore 311 leave the scroll bar slider at its current location (the top of its 312 range). 314 Say that next the user drags the scroll bar slider down to the bottom of 315 its range. We now wish to display the last 20 entries in the list, so 316 we set beforeCount = 19, afterCount = 0, contentCount = 78564, offset = 317 78564 and send the request to the server. The server returns the last 20 318 entries in the list, plus the content count = 78564 and targetPosition = 319 78564. 321 Next the user presses a page up key. Our page size is 20, so we set 322 beforeCount = 0, afterCount = 19, contentCount = 78564, offset = 323 78564-19-20 and send the request to the server. The server returns the 324 preceeding 20 entries in the list, plus the content count = 78564 and 325 targetPosition = 78524. 327 Now the user grabs the scroll bar slider and drags it to 68% of the way 328 down its travel. 68% of 78564 is 52424 so we set beforeCount = 9, after- 329 Count = 10, contentCount = 78564, offset = 52424 and send the request to 330 the server. The server returns the preceeding 20 entries in the list, 331 plus the content count = 78564 and targetPosition = 78524. 333 Lastly, the user types the letter "B". We set beforeCount = 9, after- 334 Count = 10 and greaterThanOrEqual = "B". The server finds the first 335 entry in the list not less than "B", let's say "Babs Jensen", and 336 returns the nine preceeding entries, the target entry, and the proceed- 337 ing 10 entries. The server returns content count = 78564 and targetPo- 338 sition = 5234 and so the client updates its scroll bar slider to 6.6% of 339 full scale. 341 7. Server Publication of Indexed VLV Searches 343 It is considered important that a client should be able to discover the 344 set of search and sort specifications for which a server is able to pro- 345 vide efficient (i.e. indexed) service. It is expected that this will be 346 accomplished via means similar to the mechanism by which clients can 347 already discover LDAPv3 server supported naming contexts, namely the 348 rootDSE. 350 RFC DRAFT March 1999 352 8. Notes for Implementers 354 While the feature is expected to be generally useful for arbitrary 355 search and sort specifications, it is specifically designed for those 356 cases where the result set is very large. The intention is that this 357 feature be implemented efficiently by means of pre-computed indices per- 358 taining to a set of specific cases. For example, an offset relating to 359 "all the employees in the local organization, sorted by surname" would 360 be a common case. 362 The intention for client software is that the feature should fit easily 363 with the host platform's graphical user interface facilities for the 364 display of scrolling lists. Thus the task of the client implementers 365 should be one of reformatting up the requests for information received 366 from the list view code to match the format of the virtual list view 367 request and response controls. 369 Client implementers should note that any offset value returned by the 370 server may be approximate. Do not design clients which fail to operate 371 correctly unless offsets are exact. 373 Server implementers using indexing technology which features approximate 374 positioning should consider returning context identifiers to clients. 375 The use of a context identifier will allow the server to distinguish 376 between client requests which relate to different displayed lists on the 377 client. Consequently the server can decide more intelligently whether to 378 reposition an existing database cursor accurately to within a short dis- 379 tance of its current position, or to reposition to an approximate posi- 380 tion. Thus the client will see precise offsets for "short" repositioning 381 (e.g. paging up or down), but approximate offsets for a "long" reposi- 382 tion (e.g. a slider movement). 384 Server implementers are free to return status code unwillingToPerform 385 should their server be unable to service any particular VLV search. 386 This might be because the resolution of the search is computationally 387 infeasible, or because the excessive server resources would be required 388 to service the search. 390 Client implementers should note that this control is only defined on a 391 client interaction with a single server. If a server returns referrals 392 as a part of its response to the search request, the client is responsi- 393 ble for deciding when and how to apply this control to the referred-to 394 servers, and how to collate the results from multiple servers. 396 Search result entries are returned by the server according to the core 397 LDAPv3 protocol [LDAPv3]. However, the content of those entries may be 398 affected by access controls within the server. Consider the case where 399 access to some entries within the list is controlled such that the 401 RFC DRAFT March 1999 403 client is not permitted to discover that they exist. In a simple search, 404 these entries would not be returned to the client. However, in servicing 405 a VLV search, a server implementation might be required to maintain a 406 different index for each potential client authentication identity. This 407 is in order that it may efficiently compute the responses to all 408 clients. This may present an intolerable burden on the server. Accord- 409 ingly, servers are permitted to return a minimal entry as a placeholder 410 for an entry which would otherwise, due to access control, be "invisi- 411 ble" to the client. This minimal entry contains only a distinguised 412 name. The distinguished name MAY be either that of the real entry, or a 413 "fake" one, designed to make the actual value obscure to the client. 415 9. Relationship to "Simple Paged Results" 417 These controls are designed to support the virtual list view, which has 418 proved hard to implement with the Simple Paged Results mechanism 419 [SPaged]. However, the controls described here support any operation 420 possible with the Simple Paged Results mechanism. The two mechanisms are 421 not complementary, rather one has a superset of the other's features. 422 One area where the mechanism presented here is not a strict superset of 423 the Simple Paged Results scheme is that here we require a sort order to 424 be specified. No such requirement is made for paged results. 426 10. Security Considerations 428 Server implementers may wish to consider whether clients are able to 429 consume excessive server resources in requesting virtual list opera- 430 tions. Access control to the feature itself; configuration options lim- 431 iting the feature's use to certain predetermined search base DNs and 432 filters; throttling mechanisms designed to limit the ability for one 433 client to soak up server resources, may be appropriate. 435 Consideration should be given as to whether a client will be able to 436 retrieve the complete contents, or a significant subset of the complete 437 contents of the directory using this feature. This may be undesirable in 438 some circumstances and consequently it may be necessary to enforce some 439 access control. 441 Clients can, using this control, determine how many entries are con- 442 tained within a portion of the DIT. This may constitute a security 443 hazard. Again, access controls may be appropriate. 445 11. Acknowledgements 447 Chris Weider of Microsoft co-authored a previous version of this docu- 448 ment. 450 RFC DRAFT March 1999 452 12. References 454 [LDAPv3] 455 Wahl, M, S. Kille and T. Howes, "Lightweight Directory Access Pro- 456 tocol (v3)", Internet Standard, December, 1997. RFC2251. 458 [SPaged] 459 Weider, C, A. Herron and T. Howes, "LDAP Control Extension for Sim- 460 ple Paged Results Manipulation", Internet Draft, August, 1998. 461 Available as draft-ietf-asid-ldapv3-simple-paged-03.txt. 463 [SSS]Wahl, M, A. Herron and T. Howes, "LDAP Control Extension for Server 464 Side Sorting of Search Results", Internet Draft, April, 1999. 465 Available as draft-ietf-asid-ldapv3-sorting-02.txt. 467 [Bradner97] 468 Bradner, Scott, "Key Words for use in RFCs to Indicate Requirement 469 Levels", Internet Draft, March, 1997. Available as RFC2119. 471 13. Authors' Addresses 473 David Boreham 474 Netscape Communications Corp. 475 501 E. Middlefield Road 476 Mountain View, CA 94043, USA 477 +1 650 937-5206 478 dboreham@netscape.com 480 Jim Sermersheim 481 Novell 482 122 East 1700 South 483 Provo, Utah 84606, USA 484 jimse@novell.com 486 Anoop Anantha 487 Microsoft Corp. 488 1 Microsoft Way 489 Redmond, WA 98052, USA 490 +1 425 882-8080 491 anoopa@microsoft.com 493 Michael Armijo 494 Microsoft Corp. 495 1 Microsoft Way 496 Redmond, WA 98052, USA 497 +1 425 882-8080 498 micharm@microsoft.com This document expires on December 10, 1999