One document matched: draft-hunt-scim-directory-00.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
which is available here: http://xml.resource.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!-- One method to get references from the online citation libraries.
There has to be one entity for each item to be referenced.
An alternate method (rfc include) is described in the references. -->
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC2629 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2629.xml">
<!ENTITY RFC3552 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3552.xml">
<!ENTITY I-D.narten-iana-considerations-rfc2434bis SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.narten-iana-considerations-rfc2434bis.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
(Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="info" docName="draft-hunt-scim-directory-00" ipr="trust200902">
<!-- category values: std, bcp, info, exp, and historic
ipr values: full3667, noModification3667, noDerivatives3667
you can add the attributes updates="NNNN" and obsoletes="NNNN"
they will automatically be output with "(if approved)" -->
<!-- ***** FRONT MATTER ***** -->
<front>
<!-- The abbreviated title is used in the page header - it is only necessary if the
full title is longer than 39 characters -->
<title abbrev="SCIM Directory">SCIM Directory Services</title>
<!-- add 'role="editor"' below for the editors if appropriate -->
<!-- Another author who claims to be an editor -->
<author fullname="Phil Hunt" initials="P." role="editor" surname="Hunt">
<organization>Oracle Corporation</organization>
<address>
<postal>
<street/>
<!-- Reorder these if your country does things differently -->
<city>Vancouver</city>
<country>CA</country>
</postal>
<email>phil.hunt@yahoo.com</email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<date month="September" year="2012"/>
<!-- If the month and year are both specified and are the current ones, xml2rfc will fill
in the current day for you. If only the current year is specified, xml2rfc will fill
in the current day and month for you. If the year is not the current one, it is
necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the
purpose of calculating the expiry date). With drafts it is normally sufficient to
specify just the year. -->
<!-- Meta-data Declarations -->
<area>Apps</area>
<workgroup>Network Working Group</workgroup>
<!-- WG name at the upperleft corner of the doc,
IETF is fine for individual submissions.
If this element is not present, the default is "Network Working Group",
which is used by the RFC Editor as a nod to the history of the IETF. -->
<keyword>SCIM</keyword>
<keyword>Directory</keyword>
<keyword>LDAP</keyword>
<keyword>LDAPv3</keyword>
<!-- Keywords will be incorporated into HTML output
files in a meta tag but they have no effect on text or nroff
output. If you submit your draft to the RFC Editor, the
keywords will be used for the search engine. -->
<abstract>
<t>This document describes a directory server that implements the SCIM
protocol and schema [, its capabilities and access control model], and
optional support for LDAPv3 protocol. This specification extends SCIM
from provisioning to a general purpose access protocol in support of
data management applications (e.g. self-service systems) and RESTful
clients that need read/write access to a directory on the Internet,
between domains, or within a cloud.</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>SCIM is a protocol<xref target="I-D.scim-api"/> and schema<xref
target="I-D.scim-core-schema"/> designed for provisioning applications
and repositories. SCIM was intended to be implemented by applications to
enable a common standard protocol for provisioning. This document
describes a SCIM Directory, a general purpose RESTful server that can be
used by applications as a repository for shared identity information.
Specifically, this document reframes the concepts of a directory server
as expressed in <xref target="RFC2251"/>, and describes how a "SCIM
Directory" may simultaneously support LDAPv3 protocol.</t>
<t>For a directory servers supporting both SCIM and LDAPv3, the document
describes how SCIM schema, in particular complex attributes is mapped to
the LDAPv3 Data Model. The dual-protocol objective of this specification
enables eased migration to RESTful Identity Services and avoids the need
to run parallel SCIM and LDAPv3 server infrastructures.</t>
<t>This document will describe the following components:<list
style="symbols">
<t>Data model for a SCIM Directory</t>
<t>The basic feature set of a SCIM Directory.</t>
<t>The access control requirements for a SCIM Directory[TBD].</t>
<t>[OPTIONAL] support for LDAPv3 clients accessing a directory
implementing the SCIM Data Model</t>
</list></t>
<t>[TBD: Directory replication. Access control - data layer vs. http
layer]</t>
<section title="Applications and Directories">
<t>For the purpose of this document, two different types of SCIM
Provider (or server) are implied: being "application providers" and
"directory providers". Whereas an "application" implements the SCIM
API and Core Schema specifications, a "directory" has further
requirements detailed in this document.</t>
</section>
<section title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119">RFC 2119</xref>.</t>
</section>
</section>
<section anchor="MODELS" title="Data Models">
<t>This specification bases the SCIM data model upon that of the SCIM
Core Schema specification<xref target="I-D.scim-core-schema"/>. It
further extends and defines how an LDAP Model can be applied within a
SCIM Directory in order to provide dual protocol (LDAPv3 and SCIM)
support.</t>
<section anchor="SCIM_MODEL" title="SCIM Model">
<t>The SCIM Protocol defines a schema suitable for exchange using JSON
data objects exchanged over a REST API. SCIM Core Schema provides
minimal core schema for representing resources such as users and
groups encompassing common attributes used by cloud providers,
PortableContacts, and LDAP directory services. Further and most
importantly, SCIM Core Schema provides an extension model upon which
more resource types may be defined.</t>
<section title="Object Model">
<t>A SCIM Directory stores objects based on an extension model where
objects of different types extend a parent object type to create
specialized objects such as Users and Groups. As defined in the SCIM
Core Schema, all objects are extensions of the SCIM Resource
object.</t>
<figure align="center" anchor="object_hierarchy">
<preamble>SCIM Object Hierarchy</preamble>
<artwork align="center">
+----------+*id,meta
------------->| Resource |<----------
/ |__________| \
/ ^ \
/ | *externalId \
+-----------+-----------+ +--------+---------+ +-----+----+
| ServiceProviderConfig | | CoreResource | | Schema |
|_______________________| |__________________| |__________|
^ ^
| |
+--+---+ +---+---+
| User | | Group |
|______| |_______|
^
|
+--------+--------+
| Enterprise User |
|_________________|</artwork>
</figure>
<t>The root "Resource" object defines a couple of attributes to
track object identifier ("id") and meta-data associated with the
object ("meta"). 3 main objects descend from the "Resouce" object
type: ServiceProviderConfig, CoreResource, and Schema.
ServiceProviderConfig and Schema are typically used for discovery,
providing information about the server and contain no user or group
information. CoreResource is the parent object for most entities in
a SCIM Directory (e.g. Users and Groups). SCIM Core Schema defines 2
main objects: Users and Groups, and defines EnterpriseUser which is
an extension of the User object.</t>
<t>For examples of SCIM objects (e.g. Users and Groups) see the SCIM
Core Schema specification <xref target="I-D.scim-core-schema"/>.</t>
<t>[TBD add additional resources or entities (e.g. Organizations,
OUs, Roles) defined in a SCIM Directory if any]</t>
</section>
<section title="Attributes">
<t>SCIM defines that Resources contain a collection of attributes
identified by one or more object types (or schemas) (e.g. User and
EnterpriseUser). Each SCIM Resource is identified and addressed by a
unique object identifier or 'id'. The value of the id is always
issued by the Service Provider and is a stable, non-reassignable
identifier.</t>
<t>Each SCIM resource supports one or more SCIM attributes. SCIM
Attribute types consist of:<list style="symbols">
<t>String - A sequence of characters.</t>
<t>Boolean - A literal "true" or "false".</t>
<t>Decimal - A real number with at least one digit to the left
and right of a period.</t>
<t>Integer - A decimal number with no fractional digits</t>
<t>Binary - A base64Binary encoded value.</t>
<t>Complex - A singular or multi-valued attribute whose value is
a composition of one or more simple attributes.</t>
</list></t>
<t>A SCIM directory supports multi-valued attributes which are
unordered lists of attributes. Each attribute MAY contain
sub-attributes (including complex attributes). Multi-valued
attributes contain the following normative sub-attributes as defined
in SCIM Core Schema <xref target="I-D.scim-core-schema">section
3.2</xref>: type, primary, display, operation, value.</t>
<t/>
</section>
<section title="Directory SCIM Schema Extensions">
<t>[Attribute extensions for for IDM Apps (e.g. self service) to do
password management and password policy functions. --> Note: not
password sync as in provisioning context]</t>
<t>[New Resource a "Credential" - used to hold passwords, X509
certs, etc. Could be defined as sub entity of Users -> e.g.
/Users/cn=phil hunt,ou=idm,o=oracle.com/Credentials]</t>
</section>
</section>
<section anchor="LDAP_MODEL" title="LDAP Model">
<t>In order to leverage existing data, the SCIM LDAP Model's objective
is to represent data in a SCIM Directory as if it were in a LDAPv3
Directory as defined in <xref target="RFC2251"/> and in <xref
target="RFC2256"/> in order to provide backwards support for LDAPv3
clients and to avoid the need to develop parallel LDAPv3 & SCIM
infrastructure. Not all features from the SCIM Model are mapped to
LDAPv3.The specification provides LDAPv3 compatibility so that
existing LDAPv3 clients MAY not need to be updated.</t>
<section title="Syntax Support">
<t>While the SCIM Core Schema breaks attribute values into a simple
list of types, in many cases the underlying format for both SCIM and
LDAP is string data and binary data. In many cases, conversion of
the value itself is relatively straight forward. More complex
syntaxes such as PostalAddress (OID 1.3.6.1.4.1.1466.115.121.1.41)
may require more complex value translation.</t>
</section>
<section title="Object Classes">
<t>SCIM's Resource Object model works in a similar way to LDAP's
object class model. Where an analog mapping between SCIM and LDAP
exists, objectclasses SHOULD be mapped to the extent that server
schema configuration allows. For example, a SCIM User is mapped to
LDAP InetOrgPerson. Or in the case of Microsoft AD, a SCIM User is
mapped to an Active Directory User.</t>
<texttable anchor="object_mapping" title="Object Mapping">
<preamble>Mapping between LDAP Object Classes and SCIM
Objects</preamble>
<ttcol align="center">LDAP Class</ttcol>
<ttcol align="center">SCIM Object</ttcol>
<c>top</c>
<c>Resource</c>
<c>inetOrgPerson</c>
<c>User</c>
<c>groupOfUniqueNames</c>
<c>Group</c>
<c>organization</c>
<c>[TBD]</c>
<c>organizationalUnit</c>
<c>[TBD]</c>
</texttable>
<t>In cases where LDAPv3 objectclass definitions may be in conflict
with SCIM schema, the SCIM schema validation SHALL take precedence.
Objectclass enforcement for SCIM Directories supporting LDAP is
OPTIONAL.</t>
</section>
<section title="Attributes">
<section title="Attribute Type Mapping">
<t>LDAP has many more attribute types than SCIM does. The
following table lists a set of default syntax mappings between
SCIM and LDAP.</t>
<texttable anchor="attribute_mapping"
title="Attribute Type Mapping">
<preamble>Default Mapping between SCIM Types and LDAP
Syntax</preamble>
<ttcol align="center">SCIM Type</ttcol>
<ttcol align="center">LDAP Syntax</ttcol>
<c>String</c>
<c>IA5 String (case-sensitive)</c>
<c>Boolean</c>
<c>Boolean</c>
<c>Decimal</c>
<c>Numeric String</c>
<c>Integer</c>
<c>INTEGER</c>
<c>DateTime</c>
<c>Generalized Time</c>
<c>Binary (base64)</c>
<c>Binary (BER encoded)</c>
<c>Complex</c>
<c>Mapped by individual sub-attribute type.</c>
</texttable>
</section>
<section title="Complex Attributes">
<t>Complex attributes SHOULD be represented in LDAP in two
ways:<list style="numbers">
<t>The complex attribute MAY be mapped to a single LDAP
attribute using the "value" sub-attribute if present, OR by
using '$' delimited notation whereby sub-attributes are
concatenated into a single LDAP value.</t>
<t>A complex attribute is represented as a set of LDAP
attributes whereby each sub-attribute is referenced by
parent.subattribute name format using dotted (".") notation.
For example, an LDAP attribute name of address.street would
return the Street name sub-attribute value.</t>
</list></t>
<t/>
</section>
<section title="Multi-Valued Attributes">
<t>SCIM multi-valued attributes MAY be used to map to LDAPv3.
<list style="symbols">
<t>For multi-valued attribute that contain the sub-attribute
"value" (the attribute's significant value), the server SHOULD
map these values to a corresponding LDAP attribute value when
the LDAP attribute is multi-valued. </t>
<t>When the LDAP attribute is single-valued, then the SCIM
value tagged with the sub-attribute "primary" as "true", SHALL
be mapped.</t>
<t>When the LDAP attribute is single-valued, and when the scim
sub-attribute "primary" is not set, the first value in the
list SHALL be used. </t>
<t>If the SCIM attribute does not use the multi-valued
attribute sub-attribute standards, the values converted MAY be
a '$' delimited concatentation of all sub-attribute fields
into a single String per value.</t>
</list></t>
<t>LDAPv3 clients wishing to return a particular attribute value
MAY use LDAP "Attribute Description Options" (as described in
section 4.1.5 of <xref target="RFC2251"/>) to select a SCIM value
by SCIM type sub-attribute (e.g. home, work). For example, to
return the SCIM work value of "phoneNumbers", an LDAPv3 client
would request telephoneNumber;work as the attribute name. An
LDAPv3 client would request mail;home to request the home value of
SCIM emails attribute.</t>
</section>
<section title="Attribute Name Mapping">
<t>The LDAP Model should maintain a table which allows attributes
to be referenced by OID, or by LDAP attribute and defining which
SCIM Attribute is the equivalent.</t>
<t>The mapping MAY assume the following defaults:<list
style="numbers">
<t>If not defined in LDAP, a SCIM Attribute name SHOULD be
useable in LDAP providing there is no naming conflict. Where a
conflict exists, the existing LDAP mapping SHALL take
precedence over the default.</t>
<t>Each complex attribute subattribute SHOULD be useable in
LDAP by using the SCIM dotted notation (e.g.
address.street).</t>
<t>A complex attribute name (e.g. address) SHOULD be
accessible in LDAP. If a "value" sub-attribute is defined, the
value returned is the "value" sub-attribute (equivalent to
address.value). Otherwise, the value returned is a '$'
delimeted concatenation of all sub-attributes in the complex
attribute.</t>
</list></t>
<t>The following table provides a list of suggested mappings:</t>
<texttable anchor="attribute_name_mapping"
title="SCIM and LDAP Attribute Names">
<ttcol align="left">SCIM</ttcol>
<ttcol align="left">LDAP</ttcol>
<c>id</c>
<c>dn/distinguishedName</c>
<c>externalId</c>
<c>externalId*</c>
<c>userName</c>
<c>uid</c>
<c>name.formatted</c>
<c>cn</c>
<c>name.familyName</c>
<c>sn (surname)</c>
<c>name.givenName</c>
<c>givenName</c>
<c>name.middleName</c>
<c>initials</c>
<c>name.honorificPrefix</c>
<c>name.honorificPrefix*</c>
<c>name.honorificSuffix</c>
<c>generationQualifier</c>
<c>displayName</c>
<c>displayName</c>
<c>nickName</c>
<c>nickName*</c>
<c>profileUrl</c>
<c>labeledURI</c>
<c>employeeNumber</c>
<c>employeeNumber</c>
<c>userType</c>
<c>employeeType</c>
<c>title</c>
<c>title</c>
<c>manager</c>
<c>manager</c>
<c>preferredLanguage</c>
<c>preferredLanguage</c>
<c>locale</c>
<c>locale*</c>
<c>utcOffset</c>
<c>utcOffset*</c>
<c>costCenter</c>
<c>costCenter*</c>
<c>organization</c>
<c>o</c>
<c>division</c>
<c>ou/organizationalUnit</c>
<c>department</c>
<c>department* [check this]</c>
<c>emails.value (complex)</c>
<c>mail/rfc822address</c>
<c>phonenumber.value (complex)</c>
<c>telephoneNumber</c>
<c>im</c>
<c>im*</c>
<c>photo</c>
<c>jpegPhoto</c>
<c>address / address.formatted [difference?]</c>
<c>postalAddress</c>
<c>address.streetAddress</c>
<c>street</c>
<c>address.locality</c>
<c>l</c>
<c>region</c>
<c>[also defined as locality]</c>
<c>address.postalCode</c>
<c>postalCode</c>
<c>address.country</c>
<c>c</c>
<c>group</c>
<c>memberOf/isMemberOf* [check]</c>
<c>entitlements</c>
<c>entitlements*</c>
<c>roles</c>
<c>nsRoleDn / roles / organizationalRole[?]</c>
<c>x509Certificates</c>
<c>userCertificate</c>
<c>active</c>
<c>active*</c>
<postamble>Note: aliases separated by "/". * means not defined
in LDAP (extension to LDAP)</postamble>
</texttable>
</section>
</section>
<section title="LDAP Operations">
<t>All LDAP operations remain unchanged and MUST be implemented. As
all LDAP operations center around a Distinguished Name (DN), the DN
MAY be mapped to the SCIM "Id" field if distinguished names have
been used, or it MAY be mappped to externalId. [Should we force
mapping to id or some other field?]</t>
<t>The LDAP Bind operation which allows authentication information
to be exchanged with the server may need special consideration. The
SCIM server implementation MAY choose to pass this exchange through
to the authentication system supporting the HTTP Authentication
(securing SCIM RESTful access), or it may choose to implement
directly by mapping to SCIM attributes. [Not sure this matters. It
does not affect inter-op IMHO]</t>
</section>
<section title="LDAP Controls">
<t>LDAP Controls MAY be supported. [anything we need to cover
here?]</t>
</section>
</section>
</section>
<section title="Server Topology">
<t>A SCIM Directory while appearing to be a single logical server to a
client (e.g. through the use of a proxy), MAY be comprised of several
servers as supported by HTTP 1.1 and HTTP redirection <xref
target="RFC2616">RFC2616</xref>.</t>
<t>[Any issues for Proxy or Firewall/Routing servers?]</t>
</section>
<section title="SCIM API Support">
<t>The following OPTIONAL SCIM API components are REQUIRED [or SHOULD]
to be implemented in SCIM Directory implementations.<list
style="symbols">
<t>Filtering</t>
<t>Sorting</t>
<t>PATCH operation</t>
<t>BULK operation</t>
</list></t>
</section>
<section title="Authentication & Access Control">
<section title="Authentication">
<t>The SCIM protocol does not directly define authentication.
Authentication for SCIM Directory is based entirely on standard HTTP
1.1 authentication models. A SCIM Directory MAY be used as a
credential repository for public keys, and secrets, but the protocol
itself does not define authentication.</t>
<t>SCIM Directories SHOULD support OAuth2 <xref
target="I-D.ietf-oauth-v2"/> to support the authentication of client
applications accessing SCIM Directory resources on their own or on
behalf of an authorizing user.</t>
</section>
<section title="Access Control">
<t>[TBD]</t>
<t>The access control requirements for SCIM Directories are specified
by <xref target="RFC2820"/> and MUST be supported.</t>
<t>[TBD: OAuth2 additional requirements: scope, multiple security
contexts (client app and user)]</t>
<t>[TBD: Federated credentials: ACLs should be able to support
approved security contexts from credentials not bound to the local
directory]</t>
</section>
</section>
<!-- This PI places the pagebreak correctly (before the section title) in the text output. -->
<?rfc needLines="8" ?>
<!-- Possibly a 'Contributors' section ... -->
<section anchor="IANA" title="IANA Considerations">
<t>[TO BE DETERMINED]</t>
</section>
<section anchor="Security" title="Security Considerations">
<t>[TO BE DETERMINED]</t>
</section>
</middle>
<!-- *****BACK MATTER ***** -->
<back>
<!-- References split into informative and normative -->
<!-- There are 2 ways to insert reference entries from the citation libraries:
1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown)
2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here
(for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml")
Both are cited textually in the same manner: by using xref elements.
If you use the PI option, xml2rfc will, by default, try to find included files in the same
directory as the including file. You can also define the XML_LIBRARY environment variable
with a value containing a set of directories to search. These can be either in the local
filing system or remote ones accessed by http (http://domain/dir/... ).-->
<references title="Normative References">
<!--?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?-->
<?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-scim-api-01.xml'?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.draft-scim-core-schema-01.xml'?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2251.xml'?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2252.xml'?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2256.xml'?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2820.xml'?>
&RFC2119;
</references>
<references title="Informative References">
<!-- Here we use entities that we defined at the beginning. -->
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.2616.xml'?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-oauth-v2.xml' ?>
<?rfc include='http://xml.resource.org/public/rfc/bibxml/reference.RFC.4513.xml'?>
<!-- A reference written by by an organization not a person. -->
</references>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>The author would like to thank the members of the SCIM WG for input
to this document. Thanks to Chris Phillips, Kelly Grizzle, Trey Drake,
and Paul Madsen for contributions on LDAP vs. SCIM Attribute Naming.
Particular thanks to those that participated in the SCIM Directory
discussions at IETF Vancouver and more recently by email:<list
style="symbols">
<t>Bert Greevenbosch, Huawei</t>
<t>Alexey Melnikov, Isode</t>
<t>Prateek Mishra, Oracle</t>
<t>Chuck Mortimore, Salesforce.com</t>
<t>Tony Nadalin, Microsoft</t>
</list></t>
</section>
<!-- Change Log
v00 2006-03-15 EBD Initial version
v01 2006-04-03 EBD Moved PI location back to position 1 -
v3.1 of XMLmind is better with them at this location.
v02 2007-03-07 AH removed extraneous nested_list attribute,
other minor corrections
v03 2007-03-09 EBD Added comments on null IANA sections and fixed heading capitalization.
Modified comments around figure to reflect non-implementation of
figure indent control. Put in reference using anchor="DOMINATION".
Fixed up the date specification comments to reflect current truth.
v04 2007-03-09 AH Major changes: shortened discussion of PIs,
added discussion of rfc include.
v05 2007-03-10 EBD Added preamble to C program example to tell about ABNF and alternative
images. Removed meta-characters from comments (causes problems). -->
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 04:22:26 |