idnits 2.17.1 draft-ietf-ldapext-matchedval-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 180 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The "Author's Address" (or "Authors' Addresses") section title is misspelled. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (20 August 1999) is 9016 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1777 (ref. '1') (Obsoleted by RFC 3494) ** Obsolete normative reference: RFC 2251 (ref. '2') (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (ref. '3') (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) -- Possible downref: Non-RFC (?) normative reference: ref. '4' Summary: 6 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet-Draft D.W.Chadwick 2 LDAPExt WG University of Salford 3 Intended Category: Standards Track 4 Expires: 20 February 2000 20 August 1999 6 Returning Matched Values with LDAPv3 7 9 STATUS OF THIS MEMO 11 This document is an Internet-Draft and is in full conformance with 12 all the provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that other 16 groups may also distribute working documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet-Drafts as reference 21 material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt. 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 This Internet-Draft expires on 20 February 2000. Comments and 30 suggestions on this document are encouraged. Comments on this 31 document should be sent to the LDAPExt working group discussion list: 32 ietf-ldapext@netscape.com 33 or directly to the author. 35 ABSTRACT 37 This document describes a control for the Lightweight Directory 38 Access Protocol v3 that is used to return a subset of attribute 39 values from an entry, specifically, only those values that 40 contributed to the search filter evaluating to TRUE. 42 1. Introduction 44 When reading an attribute from an entry using LDAP v2 [1] or LDAPv3 45 [2], it is normally only possible to read either the attribute type, 46 or the attribute type and all its values. It is not possible to 47 selectively read just a few of the attribute values. If an attribute 48 holds many values, for example, the userCertificate attribute, or the 49 subschema publishing operational attributes objectClasses and 50 attributeTypes [3], then it may be desirable for the user to be able 51 to selectively retrieve a subset of the values, specifically, those 52 attributes that match the selection criteria as specified by the user 53 in the filter. This Internet Draft specifies an LDAPv3 control to 54 enable a user to do just that i.e. return only those values that 55 matched (i.e. returned TRUE to) one or more filter items. 57 The control has been described in such as way as to be compatible 58 with the matchedValuesOnly boolean of the X.500 DAP [4] Search 59 argument. 61 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 62 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 63 document are to be interpreted as described in RFC 2119 [5]. 65 2. The matchedValuesOnly Control 67 The matchedValuesOnly control MAY be critical or non-critical as 68 determined by the user. It is only applicable to the Search 69 operation, and SHALL be ignored by the server if it is present on any 70 other LDAP operation (even if marked critical on such operations). 72 The object identifier for this control is 1.2.826.0.1.3344810.2.2 74 The value for this control is a BOOLEAN. An absent value implies 75 FALSE. 77 The effects of this control on the Search operation are as follows. 79 i) Every attribute value that evaluates TRUE against one or more 80 filter items, excluding the ignored filter items (see below), 81 is logically marked by the server as contributing to the filter 82 matching. 83 ii) If the user requests that the contributing attribute types and 84 their values are returned in the Search result (by placing the 85 attribute type in the AttributeDescriptionList, and by setting 86 the typesOnly BOOLEAN to FALSE), then only the attribute values 87 marked as contributing are returned, whilst the other values of 88 the same attribute (if there are any) are not returned. 89 iii) Attributes that are to be returned to the user, and that have 90 no values marked as contributing, have all their values 91 returned to the user. 92 iv) Attributes that have values marked as contributing, but which 93 are not asked to be returned to the user, are not returned and 94 the marking is of no practical value. 96 Certain filters are ignored for the purposes of marking the attribute 97 values as contributing. These are: 99 the present filter, since this filter does not test against any 100 attribute values; 101 the equalityMatch filter, since if the user is able to specify 102 the complete attribute value exactly, then there is very little 103 to be gained from having only this value returned; 104 any negated filter, since this would have the effect of marking 105 all the attribute values except the one(s) that matched the 106 non-negated filter. 108 Note 1. The inclusion of equalityMatch in the list above maintains 109 compatibility with the X.500 standard. 110 Note 2. If the equality matching rule does not require the entire 111 attribute value to be presented by the user, then there is something 112 to be gained from asking for this value only to be returned in its 113 entirety. This can be achieved by using the extensibleMatch filter 114 and using the equality matching rule as the matching rule. 116 3. Security Considerations 118 This Internet Draft does not discuss security issues at all. 119 Attribute values SHALL only be returned if the access controls 120 applied by the LDAP server allow them to be returned, and in this 121 respect the effect of the matchedValuesOnly control is of no 122 consequence. 124 4 Copyright 126 Copyright (C) The Internet Society (date). All Rights Reserved. 128 This document and translations of it may be copied and furnished to 129 others, and derivative works that comment on or otherwise explain it 130 or assist in its implementation may be prepared, copied, published 131 and distributed, in whole or in part, without restriction of any 132 kind, provided that the above copyright notice and this paragraph are 133 included on all such copies and derivative works. However, this 134 document itself may not be modified in any way, such as by removing 135 the copyright notice or references to the Internet Society or other 136 Internet organizations, except as needed for the purpose of 137 developing Internet standards in which case the procedures for 138 copyrights defined in the Internet Standards process must be 139 followed, or as required to translate it into languages other than 140 English. 142 The limited permissions granted above are perpetual and will not be 143 revoked by the Internet Society or its successors or assigns. 145 This document and the information contained herein is provided on an 146 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 147 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 148 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 149 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 150 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 152 5. References 154 [1] Yeong, W., Howes, T., and Kille, S. "Lightweight Directory Access 155 Protocol", RFC 1777, March 1995. 156 [2] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 157 Protocol (v3)", Dec. 1997, RFC 2251 158 [3] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight Directory 159 Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, Dec 160 1997 161 [4] ITU-T Rec. X.511, "The Directory: Abstract Service Definition", 162 1993. 163 [5] S.Bradner. "Key words for use in RFCs to Indicate Requirement 164 Levels", RFC 2119, March 1997. 166 6 Authors Address 168 David Chadwick 169 IS Institute 170 University of Salford 171 Salford 172 England 173 M5 4WT 175 Email: d.w.chadwick@salford.ac.uk 176 4