idnits 2.17.1 draft-stroeder-namedobject-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 7, 2013) is 4099 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-11) exists of draft-behera-ldap-password-policy-10 == Outdated reference: A later version (-01) exists of draft-howard-namedobject-00 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Stroeder 3 Internet-Draft January 7, 2013 4 Intended status: Informational 5 Expires: July 11, 2013 7 Lightweight Directory Access Protocol (LDAP): 8 Structural Object Classes for Named Objects 9 draft-stroeder-namedobject-01 11 Abstract 13 This document defines structural object classes that can be used when 14 no other structural object class seems suitable. Especially the 15 object classes will give the possibility to associate a common name 16 and a free-form description with the object. 18 Status of this Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on July 11, 2013. 35 Copyright Notice 37 Copyright (c) 2013 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Object Class Definitions . . . . . . . . . . . . . . . . . . . 3 54 2.1. 'namedObject' . . . . . . . . . . . . . . . . . . . . . . . 3 55 2.2. 'namedPolicy' . . . . . . . . . . . . . . . . . . . . . . . 4 56 3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 4 57 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 58 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 59 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 60 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 61 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 62 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 64 1. Introduction 66 Standards for LDAP directories often define additional schema 67 elements, especially auxiliary object classes that are intended to 68 hold various attributes needed by that standard. When adding entries 69 with such an auxiliary object class it is up to the directory 70 operator to choose an appropriate structural object class required to 71 add the entry. Often the structural object classes used were defined 72 for other purposes and thus seem too complex for this simple purpose. 74 Inspired by unfinished [I-D.howard-namedobject] this document defines 75 structural object classes, 'namedObject' and 'namedPolicy'. Only 76 attributes defined in [RFC4519] and [RFC4524] are used within these 77 simple object classes. Arbitrary auxiliary object classes may be 78 thus associated with entries which have such a structural object 79 class. 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in [RFC2119]. 85 This document is being discussed on the ldapext@ietf.org mailing 86 list. 88 2. Object Class Definitions 90 The object classes definitions in this section are using the 91 attributes 'cn' and 'description' defined in [RFC4519] and 92 'uniqueIdentifier' defined in [RFC4524]. 94 If the optional attribute 'uniqueIdentifier' contains a value it 95 SHOULD be used to form the RDN of the entry. Otherwise the 96 mandantory attribute 'cn' SHOULD be used to form the RDN of the entry 97 if there are no other appropriate naming attributes available. Other 98 attributes allowed by auxiliary classes also MAY be used for naming 99 purposes. 101 LDAP clients displaying a list of entries of these object classes 102 SHOULD use mandantory attribute 'cn' to display select lists, hyper- 103 links etc. 105 2.1. 'namedObject' 107 The 'namedObject' object class definition is the basis of an entry 108 that represents an arbitrary named object. The attribute 'cn' MUST 109 be added to the entry. The attributes 'uniqueIdentifier' and 110 'description' MAY be added to the entry. 112 ( 1.3.6.1.4.1.5427.1.389.6.20 113 NAME 'namedObject' 114 SUP top 115 STRUCTURAL 116 MUST cn 117 MAY ( uniqueIdentifier $ description ) ) 119 2.2. 'namedPolicy' 121 The 'namedPolicy' object class definition is sub-classed from 122 'namedObject'. It SHOULD only be used for entries which represents 123 an arbitrary policy. A typical example would be to use it along with 124 auxiliary object class 'pwdPolicy' defined in 125 [I-D.behera-ldap-password-policy]. 127 The rationale for an extra structural object class is to have the 128 possibility to associate a specific set of policy-related auxiliary 129 object classes without having to restrict the more general 130 'namedObject' class. 132 ( 1.3.6.1.4.1.5427.1.389.6.21 133 NAME 'namedPolicy' 134 SUP namedObject 135 STRUCTURAL ) 137 3. Acknowledgements 139 The 'namedObject' object class definition in this document supersedes 140 the specification of the 'namedObject' in [I-D.howard-namedobject] by 141 L. Howard. 143 4. IANA Considerations 145 The OID arc used for the object class defintions is: 146 iso(1) org(3) dod(6) internet(1) private(4) enter-prise(1) 147 stroeder.com(5427) public(1) ldap(389) objectClasses(6) 149 5. Security Considerations 151 The introduction of these object classes does not impact the security 152 of the Internet or a particular LDAP directory service. 154 Security considerations for LDAP in general are discussed in 155 documents comprising the technical specification [RFC4510]. 157 6. References 159 6.1. Normative References 161 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 162 Requirement Levels", BCP 14, RFC 2119, March 1997. 164 [RFC4510] Zeilenga, K., "Lightweight Directory Access Protocol 165 (LDAP): Technical Specification Road Map", RFC 4510, 166 June 2006. 168 [RFC4519] Sciberras, A., "Lightweight Directory Access Protocol 169 (LDAP): Schema for User Applications", RFC 4519, 170 June 2006. 172 [RFC4524] Zeilenga, K., "COSINE LDAP/X.500 Schema", RFC 4524, 173 June 2006. 175 6.2. Informative References 177 [I-D.behera-ldap-password-policy] 178 Sermersheim, J., Poitou, L., and H. Chu, "Password Policy 179 for LDAP Directories", 180 draft-behera-ldap-password-policy-10 (work in progress), 181 August 2009. 183 [I-D.howard-namedobject] 184 Howard, L., "A Structural Object Class for Arbitrary 185 Auxiliary Object Classes", draft-howard-namedobject-00 186 (work in progress), June 2002. 188 Author's Address 190 Michael Stroeder 191 Karlsruhe 192 Germany 194 Email: michael@stroeder.com 195 URI: http://www.stroeder.com