One document matched: draft-legg-xed-protocols-03.txt
Differences from draft-legg-xed-protocols-02.txt
INTERNET-DRAFT S. Legg
draft-legg-xed-protocols-03.txt eB2Bcom
Intended Category: Standards Track D. Prager
November 15, 2005
The XML Enabled Directory: Protocols
Copyright (C) The Internet Society (2005).
Status of this Memo
By submitting this Internet-draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
By submitting this Internet-draft, I accept the provisions of
Section 3 of BCP 78.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Technical discussion of this document should take place on the XED
developers mailing list <xeddev@eb2bcom.com>. Please send editorial
comments directly to the editor <steven.legg@eb2bcom.com>. Further
information is available on the XED website: www.xmled.info.
This Internet-Draft expires on 15 May 2006.
Abstract
This document defines semantically equivalent Extensible Markup
Language (XML) renditions of the Lightweight Directory Access
Legg & Prager Expires 15 May 2006 [Page 1]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
Protocol (LDAP) and X.500 directory protocols for use by the XML
Enabled Directory (XED).
Legg & Prager Expires 15 May 2006 [Page 2]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Uniform LDAP Specification . . . . . . . . . . . . . . . . . . 5
3.1. Remediation of AttributeValue. . . . . . . . . . . . . . 6
3.2. Remediation of AssertionValue. . . . . . . . . . . . . . 6
3.3. Remediation of AttributeDescription. . . . . . . . . . . 7
3.4. Remediation of LDAPString. . . . . . . . . . . . . . . . 7
3.5. Importation of Pre-existing Definitions. . . . . . . . . 8
3.6. Remediation of Controls. . . . . . . . . . . . . . . . . 8
3.7. Remediation of Extended Operations . . . . . . . . . . . 10
3.8. Other Changes. . . . . . . . . . . . . . . . . . . . . . 13
4. XLDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.1. XLDAP Over TCP/IP. . . . . . . . . . . . . . . . . . . . 15
4.2. XLDAP Over SOAP 1.1. . . . . . . . . . . . . . . . . . . 16
4.3. Relationship to DSMLv2 . . . . . . . . . . . . . . . . . 17
5. XIDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
6. Security Considerations. . . . . . . . . . . . . . . . . . . . 19
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20
8. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 20
Appendix A. ASN.1 for Uniform LDAP . . . . . . . . . . . . . . . . 20
Appendix B. Supporting Definitions for Uniform LDAP. . . . . . . . 27
Appendix C. ASN.1 for XED Protocol Elements. . . . . . . . . . . . 28
Appendix D. ASN.X for Uniform LDAP . . . . . . . . . . . . . . . . 29
Appendix E. ASN.X for Supporting Definitions . . . . . . . . . . . 51
Appendix F. ASN.X for XED Protocol Elements. . . . . . . . . . . . 53
Appendix G. XML Schema for Uniform LDAP. . . . . . . . . . . . . . 54
Appendix H. XML Schema for XED Protocol Elements . . . . . . . . . 68
Normative References . . . . . . . . . . . . . . . . . . . . . . . 70
Informative References . . . . . . . . . . . . . . . . . . . . . . 72
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 73
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 73
1. Introduction
This document defines semantically equivalent Extensible Markup
Language (XML) [XML10][XML11] renditions of the Lightweight Directory
Access Protocol (LDAP) [LDAP] and X.500 [X.500] directory protocols
for use by the XML Enabled Directory (XED) [XED].
The Internet Directly Mapped (IDM) protocol [X.519] permits X.500
protocol operations to be exchanged between directory agents using
TCP/IP [TCP] with minimal encapsulation, bypassing (and dispensing
with) the ROSE, ACSE, Presentation, Session and Transport layers of
the Open Systems Interconnection (OSI) model [OSI].
Protocol operations in the IDM protocol are encoded according to the
Legg & Prager Expires 15 May 2006 [Page 3]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
Basic Encoding Rules (BER) [X.690] of Abstract Syntax Notation One
(ASN.1) [X.680]. Section 5 defines a new exclusively XML-based
protocol, the XML Internet Directly Mapped (XIDM) protocol, which
differs from the IDM protocol only in that the protocol operations
are encoded using the Robust XML Encoding Rules (RXER) [RXER] instead
of BER.
Whilst the IDM protocol is amenable to a simple substitution of the
encoding rules to create a uniformly XML formatted protocol
operation, LDAP is not, due to discontinuities in the encoding, i.e.,
places where transfer syntax transitions occur (typically from BER to
LDAP-specific [SYNTAX] and back to BER). The discontinuities are the
result of directory data being conveyed as the content of ASN.1
OCTET STRINGs. A straight application of RXER to an LDAP operation
would inconveniently force attribute values, among other things, to
be represented as hexadecimal strings.
Section 3 describes a transformation of the LDAP ASN.1 specification
[PROT] that creates a new specification without the discontinuities
called Uniform LDAP. Essentially, the bland OCTET STRING [X.680]
containers for directory data items in LDAP are replaced by the open
types [X.681] and specific types used by X.500.
The XML Lightweight Directory Access Protocol (XLDAP) defined in
Section 4 is the result of applying RXER to instances of the message
data types of Uniform LDAP. Section 4 also defines two transports
for Uniform LDAP messages. Apart from the change in syntax, XLDAP is
semantically equivalent to LDAP.
Since the XED protocols are algorithmically generated from the LDAP
and X.500 specifications, all future extensions to LDAP and X.500
automatically acquire a XED protocol representation.
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED" and "MAY" in this document are
to be interpreted as described in BCP 14, RFC 2119 [BCP14]. The key
word "OPTIONAL" is exclusively used with its ASN.1 meaning.
This document makes use of definitions from the XML Information Set
(Infoset) [ISET]. In particular, information item property names are
presented per the Infoset, e.g., [local name]. In the sections that
follow, the term "element" shall be taken to mean an Infoset element
information item.
Throughout this document the term "attribute" is taken to mean a
directory attribute.
Legg & Prager Expires 15 May 2006 [Page 4]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
3. Uniform LDAP Specification
The OCTET STRING fields in the LDAP specification each serve one of
two purposes; to contain the encodings of directory data values of
differing data types (e.g., attribute values, assertion values,
control values), and to contain an LDAP-specific string encoding of a
data value of a fixed data type (e.g., attribute type, distinguished
name).
In both cases the encoding of the directory data values is
disconnected from the encoding of the surrounding protocol message
(the transfer syntax of the directory data values and the transfer
syntax of the surrounding protocol message are typically quite
different) and the relationships that determine which data type to
use (e.g., the data type of an attribute value is determined by its
associated attribute type) are not specified in a way that is machine
processable. As a consequence, off-the-shelf ASN.1 tools are unable
to treat directory data in protocol messages as anything other than
raw octets.
This defect is addressed by transforming the LDAP specification into
a form, called the Uniform LDAP specification, which faciliates the
uniform encoding of protocol message and directory data in a single
syntax (e.g., XML). This is done by replacing the OCTET STRING
fields in the LDAP specification, as detailed in the subsections that
follow.
OCTET STRINGs that contain directory data values of fixed data types
are replaced by the associated fixed data type.
OCTET STRINGs that contain directory data values of differing data
types are replaced by open types. Open types permit the directory
data values to be seamlessly encoded in the same syntax as the
surrounding protocol message. Furthermore, ASN.1 table constraints
[X.682] can be applied so that the actual data type of a value of an
open type can be determined programmatically.
Derivative works of the original LDAP specification can also be
remediated for use by XED by making the same transformations. The
final result of applying these transformations is the
XED-Uniform-LDAP ASN.1 module presented in Appendix A. Supporting
definitions for Uniform LDAP are presented in Appendix B.
The equivalent Abstract Syntax Notation X (ASN.X) representation of
the Uniform LDAP specification is presented in Appendix D. The
equivalent ASN.X representation of the supporting definitions is
presented in Appendix E. A compatible XML Schema [XSD0] translation
[CXSD] of the Uniform LDAP specification is presented in Appendix G.
Legg & Prager Expires 15 May 2006 [Page 5]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
Since Uniform LDAP protocol messages and the directory data they
contain are encoded in the same syntax throughout, LDAP transfer
encoding options [XFER] are ignored if present.
3.1. Remediation of AttributeValue
The definition of AttributeValue is removed and each reference to
AttributeValue is replaced with the following, where
<AttributeDescription> is replaced with the identifier of the
preceding component of the AttributeDescription ASN.1 type:
ATTRIBUTE.&Type
({SupportedAttributes}{@<AttributeDescription>.type})
In addition, the reference to AttributeDescription in that preceding
component is replaced with:
SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
ATTRIBUTE.&id equates to the OBJECT IDENTIFIER of an attribute type.
ATTRIBUTE.&Type is an open type. The constraint on ATTRIBUTE.&Type
restricts the ASN.1 type in the open type to be the syntax of the
attribute indicated by ATTRIBUTE.&id. ATTRIBUTE and
SupportedAttributes are defined in X.501 [X.501].
3.2. Remediation of AssertionValue
The definition of MatchingRuleId is removed and the definition of
MatchingRuleAssertion is replaced with the following definition:
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MATCHING-RULE.&id OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] MATCHING-RULE.&AssertionType,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
MATCHING-RULE.&id equates to the OBJECT IDENTIFIER of a matching
rule. MATCHING-RULE.&AssertionType is an open type. The
relationship between the value of the matchingRule component, the
value of the type component and the ASN.1 type in the open type
(i.e., the syntax of the assertion value) is not expressible in ASN.1
constraint notation. The relationship defined by LDAP applies
[PROT]. MATCHING-RULE is defined in X.501 [X.501].
The definition of AssertionValue is removed and each remaining
Legg & Prager Expires 15 May 2006 [Page 6]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
reference to AssertionValue is replaced with the following, where
<AttributeDescription> is replaced with the identifier of the
preceding component of the AttributeDescription ASN.1 type:
ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@<AttributeDescription>.type})
In addition, the reference to AttributeDescription in that preceding
component is replaced with:
SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
ATTRIBUTE.&equality-match.&AssertionType is an open type. The
constraint on ATTRIBUTE.&equality-match.&AssertionType restricts the
ASN.1 type in the open type to be the syntax of the equality matching
rule of the attribute indicated by ATTRIBUTE.&id.
3.3. Remediation of AttributeDescription
To maintain consistency in the structure of attribute descriptions
throughout the Uniform LDAP specification the definition of
AttributeDescription is replaced with the following definition:
AttributeDescription ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
The attribute type in an LDAP AttributeDescription is represented as
the OBJECT IDENTIFIER of that attribute type in the type component of
a Uniform LDAP AttributeDescription. Each attribute option in an
LDAP AttributeDescription is represented as a separate UTF8String
value in a Uniform LDAP AttributeDescription. The semi-colons that
separate attribute options in an LDAP AttributeDescription are not
present in any of the UTF8String values.
3.4. Remediation of LDAPString
Some directory constructs have ASN.1 types but are represented in
LDAP messages as a UTF-8 character string encoding wrapped in an
OCTET STRING, i.e., LDAPString. Uniform LDAP replaces these uses of
LDAPString with the underlying ASN.1 type.
The definition of LDAPOID is replaced with the following definition:
Legg & Prager Expires 15 May 2006 [Page 7]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
LDAPOID ::= OBJECT IDENTIFIER
The definition of LDAPDN is replaced with the following definition:
LDAPDN ::= DistinguishedName
This change aligns the encoding of distinguished names in the
protocol messages with the RXER encoding of attribute values of
attributes with the DN syntax [SYNTAX].
The definition of RelativeLDAPDN is replaced with the following
definition:
RelativeLDAPDN ::= RelativeDistinguishedName
DistinguishedName and RelativeDistinguishedName are defined in X.501
[X.501].
The remaining uses of LDAPString are represented naturally as UTF-8
character strings, therefore the definition of LDAPString is replaced
with the following definition:
LDAPString ::= UTF8String
3.5. Importation of Pre-existing Definitions
ATTRIBUTE, MATCHING-RULE, RelativeDistinguishedName,
DistinguishedName and SupportedAttributes need to be imported from
the X.500 InformationFramework module, therefore the following import
statement is added to the Uniform LDAP specification following the
BEGIN keyword:
IMPORTS
ATTRIBUTE,
MATCHING-RULE
RelativeDistinguishedName,
DistinguishedName,
SupportedAttributes
FROM InformationFramework
{ joint-iso-itu-t ds(5) module(1)
informationFramework(1) 4 }
3.6. Remediation of Controls
LDAP controls contain an OCTET STRING control value whose content is
determined by an associated control type. The control type is an
OBJECT IDENTIFIER represented as a string in LDAP. The data type of
the control value is typically specified as an ASN.1 type, though
Legg & Prager Expires 15 May 2006 [Page 8]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
this is not a requirement of LDAP.
Controls have no counterpart in X.500 therefore the CONTROL
information object class is defined in this document to allow
specific control types to be programmatically linked to specific
control value data types.
CONTROL ::= CLASS {
&type OBJECT IDENTIFIER,
&RequestValue OPTIONAL,
&ResponseValue OPTIONAL
}
SupportedControls CONTROL ::= { ... }
The &type field of a CONTROL object specifies the OBJECT IDENTIFIER
identifying the control (the control type).
The &RequestValue field of a CONTROL object specifies an ASN.1 type
describing the data type of the control value for that control in an
LDAP request message. If the control value is required to be absent
in a request then the &RequestValue field is absent.
The &ResponseValue field of a CONTROL object specifies an ASN.1 type
describing the data type of the control value for that control in an
LDAP response message. If the control value is required to be absent
in a response then the &RequestValue field is absent.
If the data type of a control value is not an ASN.1 type, and cannot
be represented as an ASN.1 type definition [RXEREI], then the data
type of the control value is taken to be OCTET STRING. A mechanism
for representing an XML Schema named type [XSD0], a RELAX NG named
pattern [RNG] or a DTD element type declaration [XML10][XML11] as an
ASN.1 type definition is specified elsewhere [RXEREI].
If a control uses different OBJECT IDENTIFIERs in the request and
response then it is necessarily represented by two CONTROL objects.
Definitions of CONTROL objects for controls already defined is out of
scope for this document, however such objects can be readily
synthesized from the specification of a control.
The extensible SupportedControls information object set notionally
contains CONTROL objects for all the controls known to an
implementation.
SupportedControls CONTROL ::= { ... }
Legg & Prager Expires 15 May 2006 [Page 9]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
In order to allow automated determination of the control value data
type from the control type the definition of the Control ASN.1 type
in LDAP is replaced with the following definition in Uniform LDAP:
Control ::= SEQUENCE {
controlType CONTROL.&type({SupportedControls}),
criticality BOOLEAN DEFAULT FALSE,
controlValue CHOICE {
request [0] CONTROL.&RequestValue
({SupportedControls}{@controlType}),
response [1] CONTROL.&ResponseValue
({SupportedControls}{@controlType})
} OPTIONAL }
3.7. Remediation of Extended Operations
LDAP extended operation requests contain an OCTET STRING request
value whose content is determined by an associated request name. The
request name type is an OBJECT IDENTIFIER represented as a string in
LDAP. LDAP extended operation responses and intermediate responses
contain an OCTET STRING response value whose content is determined by
an associated response name. The response name type is an
OBJECT IDENTIFIER represented as a string in LDAP. The data type of
the request or response value is typically specified as an ASN.1
type, though this is not a requirement of LDAP.
Extended operations and intermediate responses have no counterpart in
X.500 therefore the LDAP-EXTENDED-REQUEST, LDAP-EXTENDED-RESPONSE and
LDAP-INTERMEDIATE-RESPONSE information object classes are defined in
this document to allow specific request names to be programmatically
linked to specific request value data types, and to allow specific
response names to be programmatically linked to specific response
value data types.
LDAP-EXTENDED-REQUEST ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
LDAP-EXTENDED-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
LDAP-INTERMEDIATE-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
Legg & Prager Expires 15 May 2006 [Page 10]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
The &name field of an LDAP-EXTENDED-REQUEST object specifies the
OBJECT IDENTIFIER identifying the extended operation request.
The &Value field of an LDAP-EXTENDED-REQUEST object specifies an
ASN.1 type describing the data type of the request value for that
request. If the request value is required to be absent in a request
then the &Value field is absent.
The &name field of an LDAP-EXTENDED-RESPONSE object specifies the
OBJECT IDENTIFIER identifying the extended operation response.
The &Value field of an LDAP-EXTENDED-RESPONSE object specifies an
ASN.1 type describing the data type of the response value for that
response. If the response value is required to be absent in a
response then the &Value field is absent.
The &name field of an LDAP-INTERMEDIATE-RESPONSE object specifies the
OBJECT IDENTIFIER identifying the intermediate response.
The &Value field of an LDAP-INTERMEDIATE-RESPONSE object specifies an
ASN.1 type describing the data type of the response value for that
intermediate response. If the response value is required to be
absent in an intermediate response then the &Value field is absent.
If the data type of a request or response value is not an ASN.1 type,
and cannot be represented as an ASN.1 type definition [RXEREI], then
the data type of the value is taken to be OCTET STRING. A mechanism
for representing an XML Schema named type [XSD0], a RELAX NG named
pattern [RNG] or a DTD element type declaration [XML10][XML11] as an
ASN.1 type definition is specified elsewhere [RXEREI].
Definitions of LDAP-EXTENDED-REQUEST, LDAP-EXTENDED-RESPONSE and
LDAP-INTERMEDIATE-RESPONSE objects for extended operations and
intermediate responses already defined is out of scope for this
document, however such objects can be readily synthesized from the
specification of an extended operation or intermediate response.
The extensible SupportedRequests information object set notionally
contains LDAP-EXTENDED-REQUEST objects for all the extended operation
requests known to an implementation. The extensible
SupportedResponses information object set notionally contains
LDAP-EXTENDED-RESPONSE objects for all the extended operation
responses known to an implementation. The extensible
SupportedIntermediateResponses information object set notionally
contains LDAP-INTERMEDIATE-RESPONSE objects for all the intermediate
responses known to an implementation.
SupportedRequests LDAP-EXTENDED-REQUEST ::= { ... }
Legg & Prager Expires 15 May 2006 [Page 11]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
SupportedResponses LDAP-EXTENDED-RESPONSE ::= { ... }
SupportedIntermediateResponses
LDAP-INTERMEDIATE-RESPONSE ::= { ... }
In order to allow automated determination of the request value data
type from the request name in an extended operation the definition of
the ExtendedRequest ASN.1 type in LDAP is replaced with the following
definition in Uniform LDAP:
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAP-EXTENDED-REQUEST.&name
({SupportedRequests}),
requestValue [1] LDAP-EXTENDED-REQUEST.&Value
({SupportedRequests}{@requestName})
OPTIONAL }
In order to allow automated determination of the response value data
type from the response name in an extended operation the definition
of the ExtendedResponse ASN.1 type is replaced with the following
definition:
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAP-EXTENDED-RESPONSE.&name
({SupportedResponses}) OPTIONAL,
responseValue [11] LDAP-EXTENDED-RESPONSE.&Value
({SupportedResponses}{@responseName})
OPTIONAL }
In order to allow automated determination of the response value data
type from the response name in an intermediate response the
definition of the IntermediateResponse ASN.1 type is replaced with
the following definition:
IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] LDAP-INTERMEDIATE-RESPONSE.&name
({SupportedIntermediateResponses})
OPTIONAL,
responseValue [1] LDAP-INTERMEDIATE-RESPONSE.&Value
({SupportedIntermediateResponses}
{@responseName}) OPTIONAL }
The CONTROL, LDAP-EXTENDED-REQUEST, LDAP-EXTENDED-RESPONSE and
LDAP-INTERMEDIATE-RESPONSE information object classes and the
SupportedControls, SupportedRequests, SupportedResponses and
SupportedIntermediateResponses information object sets need to be
imported from the XED-LDAP-Extensibility module, therefore the
Legg & Prager Expires 15 May 2006 [Page 12]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
following notation is appended to the import statement for
Uniform LDAP:
CONTROL,
LDAP-EXTENDED-REQUEST,
LDAP-EXTENDED-RESPONSE,
LDAP-INTERMEDIATE-RESPONSE,
SupportedControls,
SupportedRequests,
SupportedResponses,
SupportedIntermediateResponses
FROM XED-LDAP-Extensibility
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) ldap-ext(3) }
;
3.8. Other Changes
The Absolute True and False Filters extension to LDAP [FILTER]
effectively removes the SIZE constraint on the "and" and "or"
components of the LDAP Filter ASN.1 type. These two SIZE constraints
are removed in the Uniform LDAP specification.
4. XLDAP
A protocol message of the XML Lightweight Directory Access Protocol
(XLDAP) is the RXER encoding of a value of the ldapMessage top level
NamedType from the XED-Protocols ASN.1 module presented in Appendix C
(which is the RXER encoding of an abstract value of the LDAPMessage
type from the XED-Uniform-LDAP module encapsulated in an element with
the [local name] "LDAPMessage" and the [namespace name]
"http://xmled.info/ns/XED"), exchanged over either of the transports
defined in Sections 4.1 and 4.2.
ASIDE: The specification for RXER [RXER] introduces the notion of
an ASN.1 NamedType having a value that can be encoded.
ASIDE: Each top level NamedType in the XED-Protocols module is
subject to a TYPE-AS-VERSION encoding instruction [RXEREI] which
means that the attributes of the root element of the encoding of
an XLDAP protocol message should contain an xsi:type attribute
with the qualified name of the LDAPMessage ASN.1 type from the
XED-Uniform-LDAP module as its value. This qualified name will
have the namespace name "http://xmled.info/ns/XED/1/Uniform-LDAP"
and local part "LDAPMessage". It is intended that future editions
of XED will use the same qualified name for the protocol message
element, but that the value of the xsi:type attribute will
Legg & Prager Expires 15 May 2006 [Page 13]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
reference the qualified name of the LDAPMessage ASN.1 type (or its
successor) in that future edition's version of the
XED-Uniform-LDAP module. Any future version of the
XED-Uniform-LDAP module is expected to use a different target
namespace. An RXER decoder using the first edition specification
would ignore the xsi:type attribute, and simply apply the ASN.1
extensibility rules, if it receives an encoding from a later
edition. Implementations using compatible XML Schema translations
of this and subsequent revisions of the XED-Uniform-LDAP ASN.1
module would use the value of the xsi:type attribute to select the
appropriate version for validation purposes.
The equivalent ASN.X representation of the XED-Protocols module is
provided in Appendix F and a compatible XML Schema translation [CXSD]
of the XED-Protocols module is provided in Appendix H.
This first edition of the XLDAP specification is semantically
equivalent to LDAP version 3, therefore the version field of an XLDAP
BindRequest message SHOULD be set to 3.
Implementations of XLDAP MUST support "XLDAP Over TCP/IP" and MAY
support "XLDAP Over SOAP 1.1".
Example
This is an example of an XLDAP search operation.
<xed:LDAPMessage
xmlns:xed="http://xmled.info/ns/XED"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:uldap="http://xmled.info/ns/XED/1/Uniform-LDAP"
xsi:type="uldap:LDAPMessage">
<messageID> 0 </messageID>
<protocolOp>
<searchRequest>
<baseObject> <!-- DistinguishedName -->
<!-- Equivalent LDAPDN is dc=example,dc=com -->
<item> <!-- RelativeDistinguishedName -->
<item> <!-- AttributeTypeAndDistinguishedValue -->
<type> 0.9.2342.19200300.100.1.25 <!-- dc --> </type>
<value>com</value>
</item>
</item>
<item>
<item>
<type> 0.9.2342.19200300.100.1.25 <!-- dc --> </type>
<value>example</value>
</item>
Legg & Prager Expires 15 May 2006 [Page 14]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</item>
</baseObject>
<scope>wholeSubtree</scope>
<derefAliases>derefInSearching</derefAliases>
<sizeLimit>100</sizeLimit>
<timeLimit>5</timeLimit>
<typesOnly>false</typesOnly>
<filter>
<and>
<filter> <!-- objectClass = person -->
<equalityMatch>
<attributeDesc>
<type> 2.5.4.0 <!-- objectClass --> </type>
</attributeDesc>
<assertionValue> 2.5.6.6 <!-- person --> </assertionValue>
</equalityMatch>
</filter>
<filter> <!-- surname = Smith -->
<equalityMatch>
<attributeDesc>
<type> 2.5.4.4 <!-- surname --> </type>
</attributeDesc>
<assertionValue>Smith</assertionValue>
</equalityMatch>
</filter>
</and>
</filter>
<attributes> <!-- all attributes --> </attributes>
</searchRequest>
</protocolOp>
</xed:LDAPMessage>
4.1. XLDAP Over TCP/IP
This section defines a simple mapping of XLDAP protocol messages onto
TCP/IP [TCP]. It is the same as the mapping onto TCP/IP used by the
IDM protocol.
An XLDAP protocol message is encoded as an XML document with the
protocol message element as its root element. The octets of the XML
document are partitioned into one or more fragments. Each fragment
is placed in a segment to be sent over the TCP/IP connection. Each
segment has a header followed by the octets of the fragment. The
number and size of the fragments resulting from the partitioning of
the encoding of the protocol message are at the discretion of the
sender and carry no significance. All fragments of a particular
protocol message MUST be sent (in order) before another protocol
message is sent.
Legg & Prager Expires 15 May 2006 [Page 15]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
The format for a segment is as follows:
+-----------+-----------+-------------------+-------------------+
| version | final | length | data |
| (1 octet) | (1 octet) | (4 octets) | (length octets) |
+-----------+-----------+-------------------+-------------------+
The version field indicates the version of the mapping onto TCP/IP.
The version described in this document is indicated by the value 1.
All segments on a TCP/IP connection SHALL have the same value for the
version.
The final field SHALL be 1 if the data field contains the final or
only fragment of the encoding of the XLDAP protocol message,
otherwise the final field SHALL be 0.
The length field indicates the size of the data field in number of
octets. It is sent in network byte order as a 32 bit unsigned
integer with more significant octets preceding less significant
octets. The minimum permitted value of length is 1.
The data field holds the next fragment of the XLDAP protocol message
being sent, or the entire encoding of the XLDAP protocol message if
it is being sent as one fragment.
Being relatively short, the entire XLDAP protocol message will
typically be sent in one segment.
4.2. XLDAP Over SOAP 1.1
This section defines a binding of XLDAP to SOAP version 1.1 [SOAP]
using the HTTP binding.
The value of the SOAPAction HTTP request header field SHALL be
"http://xmled.info/ns/XED".
No SOAP headers are defined for XLDAP over SOAP 1.1.
XLDAP protocol messages can be categorized as either Uniform LDAP
requests or Uniform LDAP responses.
A Uniform LDAP request is mapped onto a SOAP request message. The
SOAP Body element SHALL contain the protocol message element as its
only child element.
A Uniform LDAP response other than a search response is mapped onto a
SOAP response message. The SOAP Body element SHALL contain the
protocol message element as its only child element.
Legg & Prager Expires 15 May 2006 [Page 16]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
The result of a Uniform LDAP search is a sequence of one or more
protocol messages, each containing a value of SearchResultEntry,
SearchResultReference or, for the final message, SearchResultDone.
The result of a Uniform LDAP search is mapped onto a SOAP response
message where the SOAP Body element contains each of the protocol
message elements making up the search result, i.e., the multiple
response messages for a search are concatenated into a single SOAP
response.
Directory processing errors are reported as Uniform LDAP responses.
SOAP processing errors are reported using the SOAP Fault element.
4.3. Relationship to DSMLv2
The Directory Services Markup Language v2.0 (DSMLv2) [DSML] is an
alternative protocol for accessing an LDAP or X.500 directory.
Attribute values are represented in DSMLv2 as simple content, either
a UTF-8 string (the usual LDAP-specific ad-hoc string encoding), a
base64 [MIME] string or a URI. An attribute value in XML format must
either have its markup escaped with XML character references or CDATA
sections, or else must be placed in a separate URI-referenced
document from which the client needs to fetch the value later.
Attribute values with structure (e.g., schema descriptions) are
normally represented as LDAP-specific string encodings instead of a
more useful markup format. In XLDAP, attribute values with non-
trivial syntaxes, including new attribute syntaxes whose data type is
defined in terms of an XML Schema, a RELAX NG grammar or a DTD, are
naturally represented as markup in the protocol. No escaping or
other indirection is required.
Control values and the request and response values of extended
operations are typically represented in DSMLv2 as the base64
encodings of the BER encodings of the values. In XLDAP the control
values and the request and response values of extended operations are
all directly represented as markup.
5. XIDM
The mapping of the X.500 protocols into XIDM is identical to the
mapping of these protocols into IDM [X.519]. The ASN.1 data types of
XIDM Protocol Data Units (PDUs) are exactly those of the IDM PDUs
[X.519]. The difference between XIDM and IDM is in the choice of
transfer syntax (RXER instead of BER).
Each XIDM PDU is the RXER encoding of a value of one of the top level
NamedType definitions [RXEREI] from the XED-Protocols ASN.1 module
presented in Appendix C.
Legg & Prager Expires 15 May 2006 [Page 17]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
ASIDE: The specification for RXER [RXER] introduces the notion of
an ASN.1 NamedType having a value that can be encoded.
The RXER encoding is then mapped to TCP/IP [TCP] in the manner
prescribed in X.519 [X.519] for the encodings of IDM PDUs (which is
the same as the mapping defined in Section 4.1 for "XLDAP Over
TCP/IP").
The mapping of the Directory Access Protocol (DAP) onto XIDM is
called the XML Directory Access Protocol over TCP/IP (X-DAP-IP). An
X-DAP-IP operation is the RXER encoding of a value of the dap-idm-pdu
top level NamedType from the XED-Protocols module (which is the RXER
encoding of an abstract value of the DAP-IDM-PDUs ASN.1 type
encapsulated in an element with the [local name] "DAP-IDM-PDU" and
the [namespace name] "http://xmled.info/ns/XED").
The mapping of the Directory System Protocol (DSP) onto XIDM is
called the XML Directory System Protocol over TCP/IP (X-DSP-IP). An
X-DSP-IP operation is the RXER encoding of a value of the dsp-idm-pdu
top level NamedType from the XED-Protocols module (which is the RXER
encoding of an abstract value of the DSP-IDM-PDUs ASN.1 type
encapsulated in an element with the [local name] "DSP-IDM-PDU" and
the [namespace name] "http://xmled.info/ns/XED").
The mapping of the Directory Information Shadowing Protocol (DISP)
onto XIDM is called the XML Directory Information Shadowing Protocol
over TCP/IP (X-DISP-IP). An X-DISP-IP operation is the RXER encoding
of a value of the disp-idm-pdu top level NamedType from the
XED-Protocols module (which is the RXER encoding of an abstract value
of the DISP-IDM-PDUs ASN.1 type encapsulated in an element with the
[local name] "DISP-IDM-PDU" and the [namespace name]
"http://xmled.info/ns/XED").
The mapping of the Directory Operational Binding Protocol (DOP) onto
XIDM is called the XML Directory Operational Binding Protocol over
TCP/IP (X-DOP-IP). An X-DOP-IP operation is the RXER encoding of a
value of the dop-idm-pdu top level NamedType from the XED-Protocols
module (which is the RXER encoding of an abstract value of the
DOP-IDM-PDUs ASN.1 type encapsulated in an element with the
[local name] "DOP-IDM-PDU" and the [namespace name]
"http://xmled.info/ns/XED").
ASIDE: Each top level NamedType in the XED-Protocols module is
subject to a TYPE-AS-VERSION encoding instruction [RXEREI] which
means that the attributes of the root element of the encoding of
an XIDM PDU should contain an xsi:type attribute with the
qualified name of the ASN.1 type of the IDM PDU as its value.
This qualified name will have the namespace name
Legg & Prager Expires 15 May 2006 [Page 18]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
"http://xmled.info/ns/X.500/4/DirectoryIDMProtocols" (the target
namespace allocated to [XEDNS] the DirectoryIDMProtocols module
[X.519] from the fourth edition of X.500) and local part
DAP-IDM-PDUs, DSP-IDM-PDUs, DISP-IDM-PDUs or DOP-IDM-PDUs as
appropriate. It is intended that the qualified names of the XIDM
root elements will remain unchanged in any revision of the
XED-Protocols module that references a future edition of the
DirectoryIDMProtocols module. However, the value of the xsi:type
attribute on the these elements would instead reference the
qualified name of the specific IDM PDU ASN.1 type (or its
successor) in the future edition of the DirectoryIDMProtocols
module. The ASN.1 modules of any future edition of X.500 are
expected to be allocated different target namespaces. An RXER
decoder using the fourth edition X.500 specification would ignore
the xsi:type attribute, and simply apply the ASN.1 extensibility
rules, if it receives an encoding from a later edition.
Implementations using compatible XML Schema translations of the
fourth and subsequent editions of the X.500 ASN.1 modules would
use the value of the xsi:type attribute to select the appropriate
version for validation purposes.
The DirectoryIDMProtocols module first appears in the fourth
edition of X.500.
The equivalent ASN.X representation of the XED-Protocols module is
provided in Appendix F and a compatible XML Schema translation [CXSD]
of the XED-Protocols module is provided in Appendix H.
Since the IDM protocol does not itself support any form of
negotiation of the transfer syntax, communication end points for the
XIDM protocol must be distinct, with different ports and/or different
IP addresses. XIDM end point address formats are for further study.
6. Security Considerations
Since XLDAP is derived from LDAP the security considerations that
apply to LDAP apply equally to XLDAP.
XLDAP encodes all attribute values using RXER, which does not
necessarily enable an original BER encoding of an attribute value to
be recovered. Such recovery is needed for the verification of
digital signatures. XLDAP MUST NOT be used by applications requiring
such recovery.
When interpreting security-sensitive fields, and in particular fields
used to grant or deny access, implementations MUST ensure that any
comparisons are done on the underlying abstract value, regardless of
the particular encoding used.
Legg & Prager Expires 15 May 2006 [Page 19]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
7. Acknowledgements
This document and the technology it describes are a product of a
joint research project between Adacel Technologies Limited and Deakin
University on leveraging existing directory technology to produce an
XML-based directory service.
8. IANA Considerations
This document has no actions for IANA.
Appendix A. ASN.1 for Uniform LDAP
The ASN.1 module in this appendix is the result of applying the
transformation described in this document to the original LDAP ASN.1
specification.
This appendix is normative.
XED-Uniform-LDAP
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) uniform-ldap(2) }
-- Copyright (C) The Internet Society (2005). This version of
-- this ASN.1 module is part of RFC XXXX; see the RFC itself
-- for full legal notices.
DEFINITIONS
IMPLICIT TAGS
EXTENSIBILITY IMPLIED ::=
BEGIN
IMPORTS
ATTRIBUTE,
MATCHING-RULE,
RelativeDistinguishedName,
DistinguishedName,
SupportedAttributes
FROM InformationFramework
{ joint-iso-itu-t ds(5) module(1)
informationFramework(1) 4 }
CONTROL,
LDAP-EXTENDED-REQUEST,
LDAP-EXTENDED-RESPONSE,
LDAP-INTERMEDIATE-RESPONSE,
SupportedControls,
Legg & Prager Expires 15 May 2006 [Page 20]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
SupportedRequests,
SupportedResponses,
SupportedIntermediateResponses
FROM XED-LDAP-Extensibility
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) ldap-ext(3) }
;
LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
...,
intermediateResponse IntermediateResponse },
controls [0] Controls OPTIONAL }
MessageID ::= INTEGER (0 .. maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
LDAPString ::= UTF8String
LDAPOID ::= OBJECT IDENTIFIER
LDAPDN ::= DistinguishedName
RelativeLDAPDN ::= RelativeDistinguishedName
Legg & Prager Expires 15 May 2006 [Page 21]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
AttributeDescription ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
AttributeValueAssertion ::= SEQUENCE {
attributeDesc SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
assertionValue ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@attributeDesc.type}) }
PartialAttribute ::= SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
vals SET OF value ATTRIBUTE.&Type
({SupportedAttributes}{@type.type}) }
Attribute ::= PartialAttribute(WITH COMPONENTS {
...,
vals (SIZE(1..MAX))})
LDAPResult ::= SEQUENCE {
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongerAuthRequired (8),
-- 9 reserved --
referral (10),
adminLimitExceeded (11),
unavailableCriticalExtension (12),
confidentialityRequired (13),
saslBindInProgress (14),
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
Legg & Prager Expires 15 May 2006 [Page 22]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
-- 22-31 unused --
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
-- 35 reserved for undefined isLeaf --
aliasDereferencingProblem (36),
-- 37-47 unused --
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
-- 55-63 unused --
namingViolation (64),
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
-- 70 reserved for CLDAP --
affectsMultipleDSAs (71),
-- 72-79 unused --
other (80),
... },
matchedDN LDAPDN,
diagnosticMessage LDAPString,
referral [3] Referral OPTIONAL }
Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
URI ::= LDAPString -- limited to characters permitted in
-- URIs
Controls ::= SEQUENCE OF control Control
Control ::= SEQUENCE {
controlType CONTROL.&type({SupportedControls}),
criticality BOOLEAN DEFAULT FALSE,
controlValue CHOICE {
request [0] CONTROL.&RequestValue
({SupportedControls}{@controlType}),
response [1] CONTROL.&ResponseValue
({SupportedControls}{@controlType})
} OPTIONAL }
BindRequest ::= [APPLICATION 0] SEQUENCE {
Legg & Prager Expires 15 May 2006 [Page 23]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
version INTEGER (1 .. 127),
name LDAPDN,
authentication AuthenticationChoice }
AuthenticationChoice ::= CHOICE {
simple [0] OCTET STRING,
-- 1 and 2 reserved
sasl [3] SaslCredentials,
... }
SaslCredentials ::= SEQUENCE {
mechanism LDAPString,
credentials OCTET STRING OPTIONAL }
BindResponse ::= [APPLICATION 1] SEQUENCE {
COMPONENTS OF LDAPResult,
serverSaslCreds [7] OCTET STRING OPTIONAL }
UnbindRequest ::= [APPLICATION 2] NULL
SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2),
... },
derefAliases ENUMERATED {
neverDerefAliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
derefAlways (3) },
sizeLimit INTEGER (0 .. maxInt),
timeLimit INTEGER (0 .. maxInt),
typesOnly BOOLEAN,
filter Filter,
attributes AttributeSelection }
AttributeSelection ::= SEQUENCE OF selector AttributeDescription
Filter ::= CHOICE {
and [0] SET OF filter Filter,
or [1] SET OF filter Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
Legg & Prager Expires 15 May 2006 [Page 24]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
present [7] AttributeDescription,
approxMatch [8] AttributeValueAssertion,
extensibleMatch [9] MatchingRuleAssertion,
... }
SubstringFilter ::= SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
initial [0] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}),
-- can occur at most once
any [1] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}),
final [2] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}) }
-- can occur at most once
}
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MATCHING-RULE.&id OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] MATCHING-RULE.&AssertionType,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList }
PartialAttributeList ::= SEQUENCE OF
partialAttribute PartialAttribute
SearchResultReference ::= [APPLICATION 19] SEQUENCE
SIZE (1..MAX) OF uri URI
SearchResultDone ::= [APPLICATION 5] LDAPResult
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
object LDAPDN,
changes SEQUENCE OF change SEQUENCE {
operation ENUMERATED {
add (0),
delete (1),
replace (2),
... },
modification PartialAttribute } }
Legg & Prager Expires 15 May 2006 [Page 25]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
ModifyResponse ::= [APPLICATION 7] LDAPResult
AddRequest ::= [APPLICATION 8] SEQUENCE {
entry LDAPDN,
attributes AttributeList }
AttributeList ::= SEQUENCE OF attribute Attribute
AddResponse ::= [APPLICATION 9] LDAPResult
DelRequest ::= [APPLICATION 10] LDAPDN
DelResponse ::= [APPLICATION 11] LDAPResult
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
entry LDAPDN,
newrdn RelativeLDAPDN,
deleteoldrdn BOOLEAN,
newSuperior [0] LDAPDN OPTIONAL }
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
CompareRequest ::= [APPLICATION 14] SEQUENCE {
entry LDAPDN,
ava AttributeValueAssertion }
CompareResponse ::= [APPLICATION 15] LDAPResult
AbandonRequest ::= [APPLICATION 16] MessageID
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAP-EXTENDED-REQUEST.&name
({SupportedRequests}),
requestValue [1] LDAP-EXTENDED-REQUEST.&Value
({SupportedRequests}{@requestName})
OPTIONAL }
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAP-EXTENDED-RESPONSE.&name
({SupportedResponses}) OPTIONAL,
responseValue [11] LDAP-EXTENDED-RESPONSE.&Value
({SupportedResponses}{@responseName})
OPTIONAL }
IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] LDAP-INTERMEDIATE-RESPONSE.&name
({SupportedIntermediateResponses})
Legg & Prager Expires 15 May 2006 [Page 26]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
OPTIONAL,
responseValue [1] LDAP-INTERMEDIATE-RESPONSE.&Value
({SupportedIntermediateResponses}
{@responseName}) OPTIONAL }
ENCODING-CONTROL RXER
SCHEMA-IDENTITY "http://xmled.info/id/XED/1/Uniform-LDAP"
TARGET-NAMESPACE "http://xmled.info/ns/XED/1/Uniform-LDAP"
END
The object identifier for the XED-Uniform-LDAP module has been
assigned for use in this specification by xmled.org, under an arc
assigned to xmled.org by IANA.
Appendix B. Supporting Definitions for Uniform LDAP
This appendix is normative.
XED-LDAP-Extensibility
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) ldap-ext(3) }
-- Copyright (C) The Internet Society (2005). This version of
-- this ASN.1 module is part of RFC XXXX; see the RFC itself
-- for full legal notices.
DEFINITIONS
AUTOMATIC TAGS EXTENSIBILITY IMPLIED ::= BEGIN
CONTROL ::= CLASS {
&type OBJECT IDENTIFIER,
&RequestValue OPTIONAL,
&ResponseValue OPTIONAL
}
SupportedControls CONTROL ::= { ... }
LDAP-EXTENDED-REQUEST ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
SupportedRequests LDAP-EXTENDED-REQUEST ::= { ... }
LDAP-EXTENDED-RESPONSE ::= CLASS {
Legg & Prager Expires 15 May 2006 [Page 27]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
SupportedResponses LDAP-EXTENDED-RESPONSE ::= { ... }
LDAP-INTERMEDIATE-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
SupportedIntermediateResponses
LDAP-INTERMEDIATE-RESPONSE ::= { ... }
ENCODING-CONTROL RXER
SCHEMA-IDENTITY "http://xmled.info/id/XED/1/LDAP-Extensibility"
TARGET-NAMESPACE "http://xmled.info/ns/XED/1/LDAP-Extensibility"
END
The object identifier for the XED-LDAP-Extensibility module has been
assigned for use in this specification by xmled.org, under an arc
assigned to xmled.org by IANA.
Appendix C. ASN.1 for XED Protocol Elements
This appendix is normative.
XED-Protocols
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) protocols(4) }
-- Copyright (C) The Internet Society (2005). This version of
-- this ASN.1 module is part of RFC XXXX; see the RFC itself
-- for full legal notices.
DEFINITIONS
RXER INSTRUCTIONS
AUTOMATIC TAGS
EXTENSIBILITY IMPLIED ::= BEGIN
IMPORTS
LDAPMessage
FROM XED-Uniform-LDAP
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
Legg & Prager Expires 15 May 2006 [Page 28]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
xmled(21472) ds(5) module(1) uniform-ldap(2) }
DAP-IDM-PDUs,
DSP-IDM-PDUs,
DISP-IDM-PDUs,
DOP-IDM-PDUs
FROM DirectoryIDMProtocols
{ joint-iso-itu-t(2) ds(5) module(1)
directoryIDMProtocols(31) 4}
;
null NULL ::= NULL
-- an ASN.1 module must have at least one assignment
ENCODING-CONTROL RXER
SCHEMA-IDENTITY "http://xmled.info/id/XED/1/Protocols"
TARGET-NAMESPACE "http://xmled.info/ns/XED"
COMPONENT ldapMessage [NAME AS "LDAPMessage"]
[TYPE-AS-VERSION]
LDAPMessage
COMPONENT dap-idm-pdu [NAME AS "DAP-IDM-PDU"]
[TYPE-AS-VERSION]
DAP-IDM-PDUs
COMPONENT dsp-idm-pdu [NAME AS "DSP-IDM-PDU"]
[TYPE-AS-VERSION]
DSP-IDM-PDUs
COMPONENT disp-idm-pdu [NAME AS "DISP-IDM-PDU"]
[TYPE-AS-VERSION]
DISP-IDM-PDUs
COMPONENT dop-idm-pdu [NAME AS "DOP-IDM-PDU"]
[TYPE-AS-VERSION]
DOP-IDM-PDUs
END
The object identifier for the XED-Protocols module has been assigned
for use in this specification by xmled.org, under an arc assigned to
xmled.org by IANA.
Appendix D. ASN.X for Uniform LDAP
This appendix contains the ASN.X [ASN.X] translation of the
XED-Uniform-LDAP module.
Legg & Prager Expires 15 May 2006 [Page 29]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
This appendix is non-normative.
<?xml version="1.0"?>
<asn1:module
xmlns:asn1="http://xmled.info/ns/ASN.1"
xmlns:if="http://xmled.info/ns/X.500/4/InformationFramework"
xmlns:ext="http://xmled.info/ns/XED/1/LDAP-Extensibility"
name="XED-Uniform-LDAP"
identifier="1.3.6.1.4.1.21472.5.1.2"
schemaIdentity="http://xmled.info/id/XED/1/Uniform-LDAP"
xmlns:xldap="http://xmled.info/ns/XED/1/Uniform-LDAP"
targetNamespace="http://xmled.info/ns/XED/1/Uniform-LDAP"
tagDefault="implicit"
extensibilityImplied="true">
<annotation>
Copyright (C) The Internet Society 2005. This version of
this ASN.X module is part of RFC XXXX; see the RFC itself
for full legal notices.
</annotation>
<import
name="InformationFramework"
identifier="2.5.1.1.4"
schemaIdentity=
"http://xmled.info/id/X.500/4/InformationFramework"
namespace="http://xmled.info/ns/X.500/4/InformationFramework"/>
<import
name="XED-LDAP-Extensibility"
identifier="1.3.6.1.4.1.21472.5.1.3"
schemaIdentity="http://xmled.info/id/XED/1/LDAP-Extensibility"
namespace="http://xmled.info/ns/XED/1/LDAP-Extensibility"/>
<namedType name="LDAPMessage">
<type>
<sequence>
<element name="messageID" type="xldap:MessageID"/>
<element name="protocolOp">
<type>
<choice>
<element name="bindRequest" type="xldap:BindRequest"/>
<element name="bindResponse" type="xldap:BindResponse"/>
<element name="unbindRequest" type="xldap:UnbindRequest"/>
<element name="searchRequest" type="xldap:SearchRequest"/>
<element name="searchResEntry"
type="xldap:SearchResultEntry"/>
<element name="searchResDone" type="xldap:SearchResultDone"/>
Legg & Prager Expires 15 May 2006 [Page 30]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<element name="searchResRef"
type="xldap:SearchResultReference"/>
<element name="modifyRequest" type="xldap:ModifyRequest"/>
<element name="modifyResponse" type="xldap:ModifyResponse"/>
<element name="addRequest" type="xldap:AddRequest"/>
<element name="addResponse" type="xldap:AddResponse"/>
<element name="delRequest" type="xldap:DelRequest"/>
<element name="delResponse" type="xldap:DelResponse"/>
<element name="modDNRequest" type="xldap:ModifyDNRequest"/>
<element name="modDNResponse" type="xldap:ModifyDNResponse"/>
<element name="compareRequest" type="xldap:CompareRequest"/>
<element name="compareResponse" type="xldap:CompareResponse"/>
<element name="abandonRequest" type="xldap:AbandonRequest"/>
<element name="extendedReq" type="xldap:ExtendedRequest"/>
<element name="extendedResp" type="xldap:ExtendedResponse"/>
<element name="intermediateResponse"
type="xldap:IntermediateResponse"/>
</choice>
</type>
</element>
<optional>
<element name="controls">
<type>
<tagged number="0" type="xldap:Controls"/>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="MessageID">
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literalValue="0"/>
<maxInclusive value="xldap:maxInt"/>
</range>
</constrained>
</type>
</namedType>
<namedValue name="maxInt" type="asn1:INTEGER"
literalValue="2147483647"/>
<namedType name="LDAPString" type="asn1:UTF8String"/>
<namedType name="LDAPOID" type="asn1:OBJECT-IDENTIFIER"/>
Legg & Prager Expires 15 May 2006 [Page 31]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<namedType name="LDAPDN" type="if:DistinguishedName"/>
<namedType name="RelativeLDAPDN"
type="if:RelativeDistinguishedName"/>
<namedType name="AttributeDescription">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="AttributeValueAssertion">
<type>
<sequence>
<element name="attributeDesc">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
Legg & Prager Expires 15 May 2006 [Page 32]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="assertionValue">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>attributeDesc/type</restrictBy>
</table>
</constrained>
</type>
</element>
</sequence>
</type>
</namedType>
<namedType name="PartialAttribute">
<type>
<sequence>
<element name="type">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
Legg & Prager Expires 15 May 2006 [Page 33]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="vals">
<type>
<setOf>
<element name="value">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="Type"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</element>
</setOf>
</type>
</element>
</sequence>
</type>
</namedType>
<namedType name="Attribute">
<type>
<constrained type="xldap:PartialAttribute">
<withComponents partial="true">
<element name="vals">
<size>
<range>
<minInclusive literalValue="1"/>
</range>
</size>
</element>
</withComponents>
</constrained>
</type>
</namedType>
<namedType name="LDAPResult">
<type>
Legg & Prager Expires 15 May 2006 [Page 34]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<sequence>
<element name="resultCode">
<type>
<enumerated>
<enumeration name="success" number="0"/>
<enumeration name="operationsError" number="1"/>
<enumeration name="protocolError" number="2"/>
<enumeration name="timeLimitExceeded" number="3"/>
<enumeration name="sizeLimitExceeded" number="4"/>
<enumeration name="compareFalse" number="5"/>
<enumeration name="compareTrue" number="6"/>
<enumeration name="authMethodNotSupported" number="7"/>
<enumeration name="strongerAuthRequired" number="8"/>
<enumeration name="referral" number="10"/>
<enumeration name="adminLimitExceeded" number="11"/>
<enumeration name="unavailableCriticalExtension" number="12"/>
<enumeration name="confidentialityRequired" number="13"/>
<enumeration name="saslBindInProgress" number="14"/>
<enumeration name="noSuchAttribute" number="16"/>
<enumeration name="undefinedAttributeType" number="17"/>
<enumeration name="inappropriateMatching" number="18"/>
<enumeration name="constraintViolation" number="19"/>
<enumeration name="attributeOrValueExists" number="20"/>
<enumeration name="invalidAttributeSyntax" number="21"/>
<enumeration name="noSuchObject" number="32"/>
<enumeration name="aliasProblem" number="33"/>
<enumeration name="invalidDNSyntax" number="34"/>
<enumeration name="aliasDereferencingProblem" number="36"/>
<enumeration name="inappropriateAuthentication" number="48"/>
<enumeration name="invalidCredentials" number="49"/>
<enumeration name="insufficientAccessRights" number="50"/>
<enumeration name="busy" number="51"/>
<enumeration name="unavailable" number="52"/>
<enumeration name="unwillingToPerform" number="53"/>
<enumeration name="loopDetect" number="54"/>
<enumeration name="namingViolation" number="64"/>
<enumeration name="objectClassViolation" number="65"/>
<enumeration name="notAllowedOnNonLeaf" number="66"/>
<enumeration name="notAllowedOnRDN" number="67"/>
<enumeration name="entryAlreadyExists" number="68"/>
<enumeration name="objectClassModsProhibited" number="69"/>
<enumeration name="affectsMultipleDSAs" number="71"/>
<enumeration name="other" number="80"/>
</enumerated>
</type>
</element>
<element name="matchedDN" type="xldap:LDAPDN"/>
<element name="diagnosticMessage" type="xldap:LDAPString"/>
Legg & Prager Expires 15 May 2006 [Page 35]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<optional>
<element name="referral">
<type>
<tagged number="3" type="xldap:Referral"/>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="Referral">
<type>
<sequenceOf minSize="1">
<element name="uri" type="xldap:URI"/>
</sequenceOf>
</type>
</namedType>
<namedType name="URI" type="xldap:LDAPString"/>
<namedType name="Controls">
<type>
<sequenceOf>
<element name="control" type="xldap:Control"/>
</sequenceOf>
</type>
</namedType>
<namedType name="Control">
<type>
<sequence>
<element name="controlType">
<type>
<constrained>
<type>
<fromClass class="ext:CONTROL" fieldName="type"/>
</type>
<table objectSet="ext:SupportedControls"/>
</constrained>
</type>
</element>
<optional>
<element name="criticality" type="asn1:BOOLEAN"/>
<default literalValue="false"/>
</optional>
<optional>
<element name="controlValue">
Legg & Prager Expires 15 May 2006 [Page 36]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<type>
<choice>
<element name="request">
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="ext:CONTROL"
fieldName="RequestValue"/>
</type>
<table objectSet="ext:SupportedControls">
<restrictBy>controlType</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="response">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="ext:CONTROL"
fieldName="ResponseValue"/>
</type>
<table objectSet="ext:SupportedControls">
<restrictBy>controlType</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</choice>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="BindRequest">
<type>
<tagged tagClass="application" number="0">
<type>
Legg & Prager Expires 15 May 2006 [Page 37]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<sequence>
<element name="version">
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literalValue="1"/>
<maxInclusive literalValue="127"/>
</range>
</constrained>
</type>
</element>
<element name="name" type="xldap:LDAPDN"/>
<element name="authentication"
type="xldap:AuthenticationChoice"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="AuthenticationChoice">
<type>
<choice>
<element name="simple">
<type>
<tagged number="0" type="asn1:OCTET-STRING"/>
</type>
</element>
<element name="sasl">
<type>
<tagged number="3" type="xldap:SaslCredentials"/>
</type>
</element>
</choice>
</type>
</namedType>
<namedType name="SaslCredentials">
<type>
<sequence>
<element name="mechanism" type="xldap:LDAPString"/>
<optional>
<element name="credentials" type="asn1:OCTET-STRING"/>
</optional>
</sequence>
</type>
</namedType>
Legg & Prager Expires 15 May 2006 [Page 38]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<namedType name="BindResponse">
<type>
<tagged tagClass="application" number="1">
<type>
<sequence>
<componentsOf type="xldap:LDAPResult"/>
<optional>
<element name="serverSaslCreds">
<type>
<tagged number="7" type="asn1:OCTET-STRING"/>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="UnbindRequest">
<type>
<tagged tagClass="application" number="2" type="asn1:NULL"/>
</type>
</namedType>
<namedType name="SearchRequest">
<type>
<tagged tagClass="application" number="3">
<type>
<sequence>
<element name="baseObject" type="xldap:LDAPDN"/>
<element name="scope">
<type>
<enumerated>
<enumeration name="baseObject" number="0"/>
<enumeration name="singleLevel" number="1"/>
<enumeration name="wholeSubtree" number="2"/>
</enumerated>
</type>
</element>
<element name="derefAliases">
<type>
<enumerated>
<enumeration name="neverDerefAliases" number="0"/>
<enumeration name="derefInSearching" number="1"/>
<enumeration name="derefFindingBaseObj" number="2"/>
<enumeration name="derefAlways" number="3"/>
</enumerated>
Legg & Prager Expires 15 May 2006 [Page 39]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</type>
</element>
<element name="sizeLimit">
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literalValue="0"/>
<maxInclusive value="xldap:maxInt"/>
</range>
</constrained>
</type>
</element>
<element name="timeLimit">
<type>
<constrained type="asn1:INTEGER">
<range>
<minInclusive literalValue="0"/>
<maxInclusive value="xldap:maxInt"/>
</range>
</constrained>
</type>
</element>
<element name="typesOnly" type="asn1:BOOLEAN"/>
<element name="filter" type="xldap:Filter"/>
<element name="attributes" type="xldap:AttributeSelection"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="AttributeSelection">
<type>
<sequenceOf>
<element name="selector" type="xldap:AttributeDescription"/>
</sequenceOf>
</type>
</namedType>
<namedType name="Filter">
<type>
<choice>
<element name="and">
<type>
<tagged number="0">
<type>
<setOf>
<element name="filter" type="xldap:Filter"/>
Legg & Prager Expires 15 May 2006 [Page 40]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</setOf>
</type>
</tagged>
</type>
</element>
<element name="or">
<type>
<tagged number="1">
<type>
<setOf>
<element name="filter" type="xldap:Filter"/>
</setOf>
</type>
</tagged>
</type>
</element>
<element name="not">
<type>
<tagged number="2" type="xldap:Filter"/>
</type>
</element>
<element name="equalityMatch">
<type>
<tagged number="3" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="substrings">
<type>
<tagged number="4" type="xldap:SubstringFilter"/>
</type>
</element>
<element name="greaterOrEqual">
<type>
<tagged number="5" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="lessOrEqual">
<type>
<tagged number="6" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="present">
<type>
<tagged number="7" type="xldap:AttributeDescription"/>
</type>
</element>
<element name="approxMatch">
<type>
Legg & Prager Expires 15 May 2006 [Page 41]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<tagged number="8" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="extensibleMatch">
<type>
<tagged number="9" type="xldap:MatchingRuleAssertion"/>
</type>
</element>
</choice>
</type>
</namedType>
<namedType name="SubstringFilter">
<type>
<sequence>
<element name="type">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asn1:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="substrings">
<type>
<sequenceOf minSize="1">
<element name="substring">
<type>
<choice>
<element name="initial">
<type>
Legg & Prager Expires 15 May 2006 [Page 42]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="any">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="final">
<type>
<tagged number="2">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
Legg & Prager Expires 15 May 2006 [Page 43]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</element>
</choice>
</type>
</element>
</sequenceOf>
</type>
</element>
</sequence>
</type>
</namedType>
<namedType name="MatchingRuleAssertion">
<type>
<sequence>
<optional>
<element name="matchingRule">
<type>
<tagged number="1">
<type>
<fromClass class="if:MATCHING-RULE" fieldName="id"/>
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="type">
<type>
<tagged number="2" type="xldap:AttributeDescription"/>
</type>
</element>
</optional>
<element name="matchValue">
<type>
<tagged number="3">
<type>
<fromClass class="if:MATCHING-RULE"
fieldName="AssertionType"/>
</type>
</tagged>
</type>
</element>
<optional>
<element name="dnAttributes">
<type>
<tagged number="4" type="asn1:BOOLEAN"/>
</type>
</element>
Legg & Prager Expires 15 May 2006 [Page 44]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<default literalValue="false"/>
</optional>
</sequence>
</type>
</namedType>
<namedType name="SearchResultEntry">
<type>
<tagged tagClass="application" number="4">
<type>
<sequence>
<element name="objectName" type="xldap:LDAPDN"/>
<element name="attributes" type="xldap:PartialAttributeList"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="PartialAttributeList">
<type>
<sequenceOf>
<element name="partialAttribute" type="xldap:PartialAttribute"/>
</sequenceOf>
</type>
</namedType>
<namedType name="SearchResultReference">
<type>
<tagged tagClass="application" number="19">
<type>
<sequenceOf minSize="1">
<element name="uri" type="xldap:URI"/>
</sequenceOf>
</type>
</tagged>
</type>
</namedType>
<namedType name="SearchResultDone">
<type>
<tagged tagClass="application" number="5"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="ModifyRequest">
<type>
Legg & Prager Expires 15 May 2006 [Page 45]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<tagged tagClass="application" number="6">
<type>
<sequence>
<element name="object" type="xldap:LDAPDN"/>
<element name="changes">
<type>
<sequenceOf>
<element name="change">
<type>
<sequence>
<element name="operation">
<type>
<enumerated>
<enumeration name="add" number="0"/>
<enumeration name="delete" number="1"/>
<enumeration name="replace" number="2"/>
</enumerated>
</type>
</element>
<element name="modification"
type="xldap:PartialAttribute"/>
</sequence>
</type>
</element>
</sequenceOf>
</type>
</element>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ModifyResponse">
<type>
<tagged tagClass="application" number="7"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="AddRequest">
<type>
<tagged tagClass="application" number="8">
<type>
<sequence>
<element name="entry" type="xldap:LDAPDN"/>
<element name="attributes" type="xldap:AttributeList"/>
</sequence>
Legg & Prager Expires 15 May 2006 [Page 46]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</type>
</tagged>
</type>
</namedType>
<namedType name="AttributeList">
<type>
<sequenceOf>
<element name="attribute" type="xldap:Attribute"/>
</sequenceOf>
</type>
</namedType>
<namedType name="AddResponse">
<type>
<tagged tagClass="application" number="9"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="DelRequest">
<type>
<tagged tagClass="application" number="10" type="xldap:LDAPDN"/>
</type>
</namedType>
<namedType name="DelResponse">
<type>
<tagged tagClass="application" number="11"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="ModifyDNRequest">
<type>
<tagged tagClass="application" number="12">
<type>
<sequence>
<element name="entry" type="xldap:LDAPDN"/>
<element name="newrdn" type="xldap:RelativeLDAPDN"/>
<element name="deleteoldrdn" type="asn1:BOOLEAN"/>
<optional>
<element name="newSuperior">
<type>
<tagged number="0" type="xldap:LDAPDN"/>
</type>
</element>
</optional>
Legg & Prager Expires 15 May 2006 [Page 47]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ModifyDNResponse">
<type>
<tagged tagClass="application" number="13"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="CompareRequest">
<type>
<tagged tagClass="application" number="14">
<type>
<sequence>
<element name="entry" type="xldap:LDAPDN"/>
<element name="ava" type="xldap:AttributeValueAssertion"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="CompareResponse">
<type>
<tagged tagClass="application" number="15"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="AbandonRequest">
<type>
<tagged tagClass="application" number="16"
type="xldap:MessageID"/>
</type>
</namedType>
<namedType name="ExtendedRequest">
<type>
<tagged tagClass="application" number="23">
<type>
<sequence>
<element name="requestName">
<type>
<tagged number="0">
Legg & Prager Expires 15 May 2006 [Page 48]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<type>
<constrained>
<type>
<fromClass class="ext:LDAP-EXTENDED-REQUEST"
fieldName="name"/>
</type>
<table objectSet="ext:SupportedRequests"/>
</constrained>
</type>
</tagged>
</type>
</element>
<optional>
<element name="requestValue">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="ext:LDAP-EXTENDED-REQUEST"
fieldName="Value"/>
</type>
<table objectSet="ext:SupportedRequests">
<restrictBy>requestName</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ExtendedResponse">
<type>
<tagged tagClass="application" number="24">
<type>
<sequence>
<componentsOf type="xldap:LDAPResult"/>
<optional>
<element name="responseName">
<type>
<tagged number="10">
<type>
Legg & Prager Expires 15 May 2006 [Page 49]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<constrained>
<type>
<fromClass class="ext:LDAP-EXTENDED-RESPONSE"
fieldName="name"/>
</type>
<table objectSet="ext:SupportedResponses"/>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="responseValue">
<type>
<tagged number="11">
<type>
<constrained>
<type>
<fromClass class="ext:LDAP-EXTENDED-RESPONSE"
fieldName="Value"/>
</type>
<table objectSet="ext:SupportedResponses">
<restrictBy>responseName</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="IntermediateResponse">
<type>
<tagged tagClass="application" number="25">
<type>
<sequence>
<optional>
<element name="responseName">
<type>
<tagged number="0">
<type>
<constrained>
Legg & Prager Expires 15 May 2006 [Page 50]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<type>
<fromClass class="ext:LDAP-INTERMEDIATE-RESPONSE"
fieldName="name"/>
</type>
<table objectSet="ext:SupportedIntermediateResponses"/>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="responseValue">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="ext:LDAP-INTERMEDIATE-RESPONSE"
fieldName="Value"/>
</type>
<table objectSet="ext:SupportedIntermediateResponses">
<restrictBy>responseName</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
</asn1:module>
Appendix E. ASN.X for Supporting Definitions
This appendix contains the ASN.X [ASN.X] translation of the
XED-LDAP-Extensibility module.
This appendix is non-normative.
<?xml version="1.0"?>
<asn1:module
xmlns:asn1="http://xmled.info/ns/ASN.1"
Legg & Prager Expires 15 May 2006 [Page 51]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
name="XED-LDAP-Extensibility"
identifier="1.3.6.1.4.1.21472.5.1.3"
schemaIdentity="http://xmled.info/id/XED/1/LDAP-Extensibility"
xmlns:ext="http://xmled.info/ns/XED/1/LDAP-Extensibility"
targetNamespace="http://xmled.info/ns/XED/1/LDAP-Extensibility"
extensibilityImplied="true">
<annotation>
Copyright (C) The Internet Society 2005. This version of
this ASN.X module is part of RFC XXXX; see the RFC itself
for full legal notices.
</annotation>
<namedClass name="CONTROL">
<class>
<valueField name="type" type="asn1:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="RequestValue"/>
</optional>
<optional>
<typeField name="ResponseValue"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedControls" class="ext:CONTROL">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
<namedClass name="LDAP-EXTENDED-REQUEST">
<class>
<valueField name="name" type="asn1:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedRequests"
class="ext:LDAP-EXTENDED-REQUEST">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
<namedClass name="LDAP-EXTENDED-RESPONSE">
Legg & Prager Expires 15 May 2006 [Page 52]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<class>
<valueField name="name" type="asn1:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedResponses"
class="ext:LDAP-EXTENDED-RESPONSE">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
<namedClass name="LDAP-INTERMEDIATE-RESPONSE">
<class>
<valueField name="name" type="asn1:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedIntermediateResponses"
class="ext:LDAP-INTERMEDIATE-RESPONSE">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
</asn1:module>
Appendix F. ASN.X for XED Protocol Elements
This appendix contains the ASN.X [ASN.X] translation of the
XED-Protocols module.
This appendix is non-normative.
<?xml version="1.0"?>
<asn1:module
xmlns:asn1="http://xmled.info/ns/ASN.1"
xmlns:xldap="http://xmled.info/ns/XED/1/Uniform-LDAP"
xmlns:idmp="http://xmled.info/ns/X.500/4/DirectoryIDMProtocols"
name="XED-Protocols"
identifier="1.3.6.1.4.1.21472.5.1.4"
schemaIdentity="http://xmled.info/id/XED/1/Protocols"
Legg & Prager Expires 15 May 2006 [Page 53]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
targetNamespace="http://xmled.info/ns/XED"
extensibilityImplied="true">
<annotation>
Copyright (C) The Internet Society 2005. This version of
this ASN.X module is part of RFC XXXX; see the RFC itself
for full legal notices.
</annotation>
<import name="XED-Uniform-LDAP"
identifier="1.3.6.1.4.1.21472.5.1.2"
schemaIdentity="http://xmled.info/id/XED/1/Uniform-LDAP"
namespace="http://xmled.info/ns/XED/1/Uniform-LDAP"/>
<import
name="DirectoryIDMProtocols"
identifier="5.1.31.4"
schemaIdentity=
"http://xmled.info/id/X.500/4/DirectoryIDMProtocols"
namespace="http://xmled.info/ns/X.500/4/DirectoryIDMProtocols"/>
<namedValue name="null" type="asn1:NULL" literalValue=""/>
<element name="LDAPMessage" identifier="ldapMessage"
typeAsVersion="true" type="xldap:LDAPMessage"/>
<element name="DAP-IDM-PDU" identifier="dap-idm-pdu"
typeAsVersion="true" type="idmp:DAP-IDM-PDUs"/>
<element name="DSP-IDM-PDU" identifier="dsp-idm-pdu"
typeAsVersion="true" type="idmp:DSP-IDM-PDUs"/>
<element name="DISP-IDM-PDU" identifier="disp-idm-pdu"
typeAsVersion="true" type="idmp:DISP-IDM-PDUs"/>
<element name="DOP-IDM-PDU" identifier="dop-idm-pdu"
typeAsVersion="true" type="idmp:DOP-IDM-PDUs"/>
</asn1:module>
Appendix G. XML Schema for Uniform LDAP
This appendix contains a compatible XML Schema translation [CXSD] of
the XED-Uniform-LDAP module. The XML Schema translation of the
XED-LDAP-Extensibility module contains no XML Schema definitions.
This appendix is non-normative.
Legg & Prager Expires 15 May 2006 [Page 54]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<?xml version="1.0"?>
<xsd:schema
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:asn1="http://xmled.info/ns/ASN.1"
xmlns:if="http://xmled.info/ns/X.500/4/InformationFramework"
xmlns:xldap="http://xmled.info/ns/XED/1/Uniform-LDAP"
targetNamespace="http://xmled.info/ns/XED/1/Uniform-LDAP"
blockDefault="#all">
<xsd:annotation>
<xsd:documentation>
Copyright (C) The Internet Society (2005). This version of
this XML Schema is part of RFC XXXX; see the RFC itself
for full legal notices.
</xsd:documentation>
</xsd:annotation>
<xsd:import namespace="http://xmled.info/ns/ASN.1"/>
<xsd:import
namespace="http://xmled.info/ns/X.500/4/InformationFramework"/>
<xsd:complexType name="LDAPMessage">
<xsd:sequence>
<xsd:element name="messageID" type="xldap:MessageID"/>
<xsd:element name="protocolOp">
<xsd:complexType>
<xsd:choice>
<xsd:element name="bindRequest" type="xldap:BindRequest"/>
<xsd:element name="bindResponse" type="xldap:BindResponse"/>
<xsd:element name="unbindRequest" type="xldap:UnbindRequest"/>
<xsd:element name="searchRequest" type="xldap:SearchRequest"/>
<xsd:element name="searchResEntry"
type="xldap:SearchResultEntry"/>
<xsd:element name="searchResDone"
type="xldap:SearchResultDone"/>
<xsd:element name="searchResRef"
type="xldap:SearchResultReference"/>
<xsd:element name="modifyRequest" type="xldap:ModifyRequest"/>
<xsd:element name="modifyResponse"
type="xldap:ModifyResponse"/>
<xsd:element name="addRequest" type="xldap:AddRequest"/>
<xsd:element name="addResponse" type="xldap:AddResponse"/>
<xsd:element name="delRequest" type="xldap:DelRequest"/>
<xsd:element name="delResponse" type="xldap:DelResponse"/>
<xsd:element name="modDNRequest" type="xldap:ModifyDNRequest"/>
<xsd:element name="modDNResponse"
type="xldap:ModifyDNResponse"/>
Legg & Prager Expires 15 May 2006 [Page 55]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:element name="compareRequest"
type="xldap:CompareRequest"/>
<xsd:element name="compareResponse"
type="xldap:CompareResponse"/>
<xsd:element name="abandonRequest"
type="xldap:AbandonRequest"/>
<xsd:element name="extendedReq" type="xldap:ExtendedRequest"/>
<xsd:element name="extendedResp"
type="xldap:ExtendedResponse"/>
<xsd:element name="intermediateResponse"
type="xldap:IntermediateResponse"/>
</xsd:choice>
</xsd:complexType>
</xsd:element>
<xsd:element name="controls" minOccurs="0" type="xldap:Controls"/>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="MessageID">
<xsd:restriction base="asn1:INTEGER"/>
</xsd:simpleType>
<xsd:simpleType name="LDAPString">
<xsd:restriction base="asn1:UTF8String"/>
</xsd:simpleType>
<xsd:simpleType name="LDAPOID">
<xsd:restriction base="asn1:OBJECT-IDENTIFIER"/>
</xsd:simpleType>
<xsd:complexType name="LDAPDN">
<xsd:complexContent>
<xsd:extension base="if:DistinguishedName"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="RelativeLDAPDN">
<xsd:complexContent>
<xsd:extension base="if:RelativeDistinguishedName"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="AttributeDescription">
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
Legg & Prager Expires 15 May 2006 [Page 56]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:element name="option" maxOccurs="unbounded"
type="asn1:UTF8String"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AttributeValueAssertion">
<xsd:sequence>
<xsd:element name="attributeDesc">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" maxOccurs="unbounded"
type="asn1:UTF8String"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="assertionValue" type="xsd:anyType"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="PartialAttribute">
<xsd:sequence>
<xsd:element name="type">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" maxOccurs="unbounded"
type="asn1:UTF8String"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="vals">
<xsd:complexType>
Legg & Prager Expires 15 May 2006 [Page 57]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:sequence>
<xsd:element name="value" minOccurs="0" maxOccurs="unbounded"
type="xsd:anyType"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Attribute">
<xsd:complexContent>
<xsd:extension base="xldap:PartialAttribute"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="LDAPResult">
<xsd:sequence>
<xsd:element name="resultCode">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="success"/>
<xsd:enumeration value="operationsError"/>
<xsd:enumeration value="protocolError"/>
<xsd:enumeration value="timeLimitExceeded"/>
<xsd:enumeration value="sizeLimitExceeded"/>
<xsd:enumeration value="compareFalse"/>
<xsd:enumeration value="compareTrue"/>
<xsd:enumeration value="authMethodNotSupported"/>
<xsd:enumeration value="strongerAuthRequired"/>
<xsd:enumeration value="referral"/>
<xsd:enumeration value="adminLimitExceeded"/>
<xsd:enumeration value="unavailableCriticalExtension"/>
<xsd:enumeration value="confidentialityRequired"/>
<xsd:enumeration value="saslBindInProgress"/>
<xsd:enumeration value="noSuchAttribute"/>
<xsd:enumeration value="undefinedAttributeType"/>
<xsd:enumeration value="inappropriateMatching"/>
<xsd:enumeration value="constraintViolation"/>
<xsd:enumeration value="attributeOrValueExists"/>
<xsd:enumeration value="invalidAttributeSyntax"/>
<xsd:enumeration value="noSuchObject"/>
<xsd:enumeration value="aliasProblem"/>
<xsd:enumeration value="invalidDNSyntax"/>
<xsd:enumeration value="aliasDereferencingProblem"/>
<xsd:enumeration value="inappropriateAuthentication"/>
<xsd:enumeration value="invalidCredentials"/>
<xsd:enumeration value="insufficientAccessRights"/>
<xsd:enumeration value="busy"/>
Legg & Prager Expires 15 May 2006 [Page 58]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:enumeration value="unavailable"/>
<xsd:enumeration value="unwillingToPerform"/>
<xsd:enumeration value="loopDetect"/>
<xsd:enumeration value="namingViolation"/>
<xsd:enumeration value="objectClassViolation"/>
<xsd:enumeration value="notAllowedOnNonLeaf"/>
<xsd:enumeration value="notAllowedOnRDN"/>
<xsd:enumeration value="entryAlreadyExists"/>
<xsd:enumeration value="objectClassModsProhibited"/>
<xsd:enumeration value="affectsMultipleDSAs"/>
<xsd:enumeration value="other"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="matchedDN" type="xldap:LDAPDN"/>
<xsd:element name="diagnosticMessage" type="xldap:LDAPString"/>
<xsd:element name="referral" minOccurs="0" type="xldap:Referral"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Referral">
<xsd:sequence>
<xsd:element name="uri" maxOccurs="unbounded" type="xldap:URI"/>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="URI">
<xsd:restriction base="xldap:LDAPString"/>
</xsd:simpleType>
<xsd:complexType name="Controls">
<xsd:sequence>
<xsd:element name="control" minOccurs="0" maxOccurs="unbounded"
type="xldap:Control"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Control">
<xsd:sequence>
<xsd:element name="controlType" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="criticality" minOccurs="0"
type="asn1:BOOLEAN"/>
<xsd:element name="controlValue" minOccurs="0">
<xsd:complexType>
<xsd:choice>
<xsd:element name="request" type="xsd:anyType"/>
<xsd:element name="response" type="xsd:anyType"/>
</xsd:choice>
Legg & Prager Expires 15 May 2006 [Page 59]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BindRequest">
<xsd:sequence>
<xsd:element name="version" type="asn1:INTEGER"/>
<xsd:element name="name" type="xldap:LDAPDN"/>
<xsd:element name="authentication"
type="xldap:AuthenticationChoice"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AuthenticationChoice">
<xsd:choice>
<xsd:element name="simple" type="asn1:OCTET-STRING"/>
<xsd:element name="sasl" type="xldap:SaslCredentials"/>
</xsd:choice>
</xsd:complexType>
<xsd:complexType name="SaslCredentials">
<xsd:sequence>
<xsd:element name="mechanism" type="xldap:LDAPString"/>
<xsd:element name="credentials" minOccurs="0"
type="asn1:OCTET-STRING"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BindResponse">
<xsd:sequence>
<xsd:element name="resultCode">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="success"/>
<xsd:enumeration value="operationsError"/>
<xsd:enumeration value="protocolError"/>
<xsd:enumeration value="timeLimitExceeded"/>
<xsd:enumeration value="sizeLimitExceeded"/>
<xsd:enumeration value="compareFalse"/>
<xsd:enumeration value="compareTrue"/>
<xsd:enumeration value="authMethodNotSupported"/>
<xsd:enumeration value="strongerAuthRequired"/>
<xsd:enumeration value="referral"/>
<xsd:enumeration value="adminLimitExceeded"/>
<xsd:enumeration value="unavailableCriticalExtension"/>
<xsd:enumeration value="confidentialityRequired"/>
<xsd:enumeration value="saslBindInProgress"/>
Legg & Prager Expires 15 May 2006 [Page 60]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:enumeration value="noSuchAttribute"/>
<xsd:enumeration value="undefinedAttributeType"/>
<xsd:enumeration value="inappropriateMatching"/>
<xsd:enumeration value="constraintViolation"/>
<xsd:enumeration value="attributeOrValueExists"/>
<xsd:enumeration value="invalidAttributeSyntax"/>
<xsd:enumeration value="noSuchObject"/>
<xsd:enumeration value="aliasProblem"/>
<xsd:enumeration value="invalidDNSyntax"/>
<xsd:enumeration value="aliasDereferencingProblem"/>
<xsd:enumeration value="inappropriateAuthentication"/>
<xsd:enumeration value="invalidCredentials"/>
<xsd:enumeration value="insufficientAccessRights"/>
<xsd:enumeration value="busy"/>
<xsd:enumeration value="unavailable"/>
<xsd:enumeration value="unwillingToPerform"/>
<xsd:enumeration value="loopDetect"/>
<xsd:enumeration value="namingViolation"/>
<xsd:enumeration value="objectClassViolation"/>
<xsd:enumeration value="notAllowedOnNonLeaf"/>
<xsd:enumeration value="notAllowedOnRDN"/>
<xsd:enumeration value="entryAlreadyExists"/>
<xsd:enumeration value="objectClassModsProhibited"/>
<xsd:enumeration value="affectsMultipleDSAs"/>
<xsd:enumeration value="other"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="matchedDN" type="xldap:LDAPDN"/>
<xsd:element name="diagnosticMessage" type="xldap:LDAPString"/>
<xsd:element name="referral" minOccurs="0" type="xldap:Referral"/>
<xsd:element name="serverSaslCreds" minOccurs="0"
type="asn1:OCTET-STRING"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="UnbindRequest">
<xsd:complexContent>
<xsd:extension base="asn1:NULL"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="SearchRequest">
<xsd:sequence>
<xsd:element name="baseObject" type="xldap:LDAPDN"/>
<xsd:element name="scope">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
Legg & Prager Expires 15 May 2006 [Page 61]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:enumeration value="baseObject"/>
<xsd:enumeration value="singleLevel"/>
<xsd:enumeration value="wholeSubtree"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="derefAliases">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="neverDerefAliases"/>
<xsd:enumeration value="derefInSearching"/>
<xsd:enumeration value="derefFindingBaseObj"/>
<xsd:enumeration value="derefAlways"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="sizeLimit" type="asn1:INTEGER"/>
<xsd:element name="timeLimit" type="asn1:INTEGER"/>
<xsd:element name="typesOnly" type="asn1:BOOLEAN"/>
<xsd:element name="filter" type="xldap:Filter"/>
<xsd:element name="attributes" type="xldap:AttributeSelection"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AttributeSelection">
<xsd:sequence>
<xsd:element name="selector" minOccurs="0" maxOccurs="unbounded"
type="xldap:AttributeDescription"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Filter">
<xsd:choice>
<xsd:element name="and">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="filter" minOccurs="0"
maxOccurs="unbounded" type="xldap:Filter"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="or">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="filter" minOccurs="0"
maxOccurs="unbounded" type="xldap:Filter"/>
</xsd:sequence>
</xsd:complexType>
Legg & Prager Expires 15 May 2006 [Page 62]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</xsd:element>
<xsd:element name="not" type="xldap:Filter"/>
<xsd:element name="equalityMatch"
type="xldap:AttributeValueAssertion"/>
<xsd:element name="substrings" type="xldap:SubstringFilter"/>
<xsd:element name="greaterOrEqual"
type="xldap:AttributeValueAssertion"/>
<xsd:element name="lessOrEqual"
type="xldap:AttributeValueAssertion"/>
<xsd:element name="present" type="xldap:AttributeDescription"/>
<xsd:element name="approxMatch"
type="xldap:AttributeValueAssertion"/>
<xsd:element name="extensibleMatch"
type="xldap:MatchingRuleAssertion"/>
</xsd:choice>
</xsd:complexType>
<xsd:complexType name="SubstringFilter">
<xsd:sequence>
<xsd:element name="type">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="type" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="options" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="option" maxOccurs="unbounded"
type="asn1:UTF8String"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="substrings">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="substring" maxOccurs="unbounded">
<xsd:complexType>
<xsd:choice>
<xsd:element name="initial" type="xsd:anyType"/>
<xsd:element name="any" type="xsd:anyType"/>
<xsd:element name="final" type="xsd:anyType"/>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
Legg & Prager Expires 15 May 2006 [Page 63]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="MatchingRuleAssertion">
<xsd:sequence>
<xsd:element name="matchingRule" minOccurs="0"
type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="type" minOccurs="0"
type="xldap:AttributeDescription"/>
<xsd:element name="matchValue" type="xsd:anyType"/>
<xsd:element name="dnAttributes" minOccurs="0"
type="asn1:BOOLEAN"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="SearchResultEntry">
<xsd:sequence>
<xsd:element name="objectName" type="xldap:LDAPDN"/>
<xsd:element name="attributes" type="xldap:PartialAttributeList"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="PartialAttributeList">
<xsd:sequence>
<xsd:element name="partialAttribute" minOccurs="0"
maxOccurs="unbounded" type="xldap:PartialAttribute"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="SearchResultReference">
<xsd:sequence>
<xsd:element name="uri" maxOccurs="unbounded" type="xldap:URI"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="SearchResultDone">
<xsd:complexContent>
<xsd:extension base="xldap:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="ModifyRequest">
<xsd:sequence>
<xsd:element name="object" type="xldap:LDAPDN"/>
<xsd:element name="changes">
<xsd:complexType>
<xsd:sequence>
Legg & Prager Expires 15 May 2006 [Page 64]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:element name="change" minOccurs="0"
maxOccurs="unbounded">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="operation">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="add"/>
<xsd:enumeration value="delete"/>
<xsd:enumeration value="replace"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="modification"
type="xldap:PartialAttribute"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ModifyResponse">
<xsd:complexContent>
<xsd:extension base="xldap:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="AddRequest">
<xsd:sequence>
<xsd:element name="entry" type="xldap:LDAPDN"/>
<xsd:element name="attributes" type="xldap:AttributeList"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AttributeList">
<xsd:sequence>
<xsd:element name="attribute" minOccurs="0"
maxOccurs="unbounded" type="xldap:Attribute"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AddResponse">
<xsd:complexContent>
<xsd:extension base="xldap:LDAPResult"/>
</xsd:complexContent>
Legg & Prager Expires 15 May 2006 [Page 65]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
</xsd:complexType>
<xsd:complexType name="DelRequest">
<xsd:complexContent>
<xsd:extension base="xldap:LDAPDN"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="DelResponse">
<xsd:complexContent>
<xsd:extension base="xldap:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="ModifyDNRequest">
<xsd:sequence>
<xsd:element name="entry" type="xldap:LDAPDN"/>
<xsd:element name="newrdn" type="xldap:RelativeLDAPDN"/>
<xsd:element name="deleteoldrdn" type="asn1:BOOLEAN"/>
<xsd:element name="newSuperior" minOccurs="0"
type="xldap:LDAPDN"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ModifyDNResponse">
<xsd:complexContent>
<xsd:extension base="xldap:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:complexType name="CompareRequest">
<xsd:sequence>
<xsd:element name="entry" type="xldap:LDAPDN"/>
<xsd:element name="ava" type="xldap:AttributeValueAssertion"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="CompareResponse">
<xsd:complexContent>
<xsd:extension base="xldap:LDAPResult"/>
</xsd:complexContent>
</xsd:complexType>
<xsd:simpleType name="AbandonRequest">
<xsd:restriction base="xldap:MessageID"/>
</xsd:simpleType>
<xsd:complexType name="ExtendedRequest">
Legg & Prager Expires 15 May 2006 [Page 66]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:sequence>
<xsd:element name="requestName" type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="requestValue" minOccurs="0"
type="xsd:anyType"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="ExtendedResponse">
<xsd:sequence>
<xsd:element name="resultCode">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="success"/>
<xsd:enumeration value="operationsError"/>
<xsd:enumeration value="protocolError"/>
<xsd:enumeration value="timeLimitExceeded"/>
<xsd:enumeration value="sizeLimitExceeded"/>
<xsd:enumeration value="compareFalse"/>
<xsd:enumeration value="compareTrue"/>
<xsd:enumeration value="authMethodNotSupported"/>
<xsd:enumeration value="strongerAuthRequired"/>
<xsd:enumeration value="referral"/>
<xsd:enumeration value="adminLimitExceeded"/>
<xsd:enumeration value="unavailableCriticalExtension"/>
<xsd:enumeration value="confidentialityRequired"/>
<xsd:enumeration value="saslBindInProgress"/>
<xsd:enumeration value="noSuchAttribute"/>
<xsd:enumeration value="undefinedAttributeType"/>
<xsd:enumeration value="inappropriateMatching"/>
<xsd:enumeration value="constraintViolation"/>
<xsd:enumeration value="attributeOrValueExists"/>
<xsd:enumeration value="invalidAttributeSyntax"/>
<xsd:enumeration value="noSuchObject"/>
<xsd:enumeration value="aliasProblem"/>
<xsd:enumeration value="invalidDNSyntax"/>
<xsd:enumeration value="aliasDereferencingProblem"/>
<xsd:enumeration value="inappropriateAuthentication"/>
<xsd:enumeration value="invalidCredentials"/>
<xsd:enumeration value="insufficientAccessRights"/>
<xsd:enumeration value="busy"/>
<xsd:enumeration value="unavailable"/>
<xsd:enumeration value="unwillingToPerform"/>
<xsd:enumeration value="loopDetect"/>
<xsd:enumeration value="namingViolation"/>
<xsd:enumeration value="objectClassViolation"/>
<xsd:enumeration value="notAllowedOnNonLeaf"/>
<xsd:enumeration value="notAllowedOnRDN"/>
<xsd:enumeration value="entryAlreadyExists"/>
Legg & Prager Expires 15 May 2006 [Page 67]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
<xsd:enumeration value="objectClassModsProhibited"/>
<xsd:enumeration value="affectsMultipleDSAs"/>
<xsd:enumeration value="other"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="matchedDN" type="xldap:LDAPDN"/>
<xsd:element name="diagnosticMessage" type="xldap:LDAPString"/>
<xsd:element name="referral" minOccurs="0" type="xldap:Referral"/>
<xsd:element name="responseName" minOccurs="0"
type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="responseValue" minOccurs="0"
type="xsd:anyType"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="IntermediateResponse">
<xsd:sequence>
<xsd:element name="responseName" minOccurs="0"
type="asn1:OBJECT-IDENTIFIER"/>
<xsd:element name="responseValue" minOccurs="0"
type="xsd:anyType"/>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
Appendix H. XML Schema for XED Protocol Elements
This appendix contains a compatible XML Schema translation [CXSD] of
the XED-Protocols module.
This appendix is non-normative.
<?xml version="1.0"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://xmled.info/ns/XED"
blockDefault="#all">
<xsd:annotation>
<xsd:documentation>
Copyright (C) The Internet Society (2005). This version of
this XML Schema is part of RFC XXXX; see the RFC itself
for full legal notices.
Explanatory text in this schema assumes the following
namespace declarations:
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Legg & Prager Expires 15 May 2006 [Page 68]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
xmlns:xldap="http://xmled.info/ns/XED/1/Uniform-LDAP"
xmlns:idmp="http://xmled.info/ns/X.500/4/DirectoryIDMProtocols"
</xsd:documentation>
</xsd:annotation>
<xsd:element name="LDAPMessage" type="xsd:anyType">
<xsd:annotation>
<xsd:documentation>
The type of this element is not intended to be unrestricted in
practice, but rather it is intended to be a choice between
the LDAPMessage ASN.1 type defined by this first edition of the
XED specification (i.e., xldap:LDAPMessage) and the corresponding
ASN.1 types defined by future editions of the XED specification.
For this edition of XED, instances of this element should always
carry an xsi:type attribute referencing the LDAPMessage type
(i.e., xsi:type="xldap:LDAPMessage" ).
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="DAP-IDM-PDU" type="xsd:anyType">
<xsd:annotation>
<xsd:documentation>
The type of this element is not intended to be unrestricted in
practice, but rather it is intended to be a choice between the
DAP-IDM-PDUs ASN.1 type defined by the fourth edition of X.500
(i.e., idmp:DAP-IDM-PDUs) and the corresponding ASN.1 types
defined by future editions of X.500.
For this edition of XED, instances of this element should always
carry an xsi:type attribute referencing the DAP-IDM-PDUs type
(i.e., xsi:type="idmp:DAP-IDM-PDUs" ).
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="DSP-IDM-PDU" type="xsd:anyType">
<xsd:annotation>
<xsd:documentation>
The type of this element is not intended to be unrestricted in
practice, but rather it is intended to be a choice between the
DSP-IDM-PDUs ASN.1 type defined by the fourth edition of X.500
(i.e., idmp:DSP-IDM-PDUs) and the corresponding ASN.1 type
defined by future editions of X.500.
For this edition of XED, instances of this element should always
carry an xsi:type attribute referencing the DSP-IDM-PDUs type
Legg & Prager Expires 15 May 2006 [Page 69]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
(i.e., xsi:type="idmp:DSP-IDM-PDUs" ).
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="DISP-IDM-PDU" type="xsd:anyType">
<xsd:annotation>
<xsd:documentation>
The type of this element is not intended to be unrestricted in
practice, but rather it is intended to be a choice between the
DISP-IDM-PDUs ASN.1 type defined by the fourth edition of X.500
(i.e., idmp:DISP-IDM-PDUs) and the corresponding ASN.1 type
defined by future editions of X.500.
For this edition of XED, instances of this element should always
carry an xsi:type attribute referencing the DISP-IDM-PDUs type
(i.e., xsi:type="idmp:DISP-IDM-PDUs" ).
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="DOP-IDM-PDU" type="xsd:anyType">
<xsd:annotation>
<xsd:documentation>
The type of this element is not intended to be unrestricted in
practice, but rather it is intended to be a choice between the
DOP-IDM-PDUs ASN.1 type defined by the fourth edition of X.500
(i.e., idmp:DOP-IDM-PDUs) and the corresponding ASN.1 type
defined by future editions of X.500.
For this edition of XED, instances of this element should always
carry an xsi:type attribute referencing the DOP-IDM-PDUs type
(i.e., xsi:type="idmp:DOP-IDM-PDUs" ).
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:schema>
Normative References
[TCP] Postel, J., "TRANSMISSION CONTROL PROTOCOL", RFC 793,
September 1981.
[BCP14] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[LDAP] Zeilenga, K., "Lightweight Directory Access Protocol
Legg & Prager Expires 15 May 2006 [Page 70]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
(LDAP): Technical Specification Road Map",
draft-ietf-ldapbis-roadmap-xx.txt, a work in progress,
June 2004.
[PROT] Sermersheim, J., "LDAP: The Protocol",
draft-ietf-ldapbis-protocol-xx.txt, a work in progress,
May 2005.
[XED] Legg, S. and D. Prager, "The XML Enabled Directory",
draft-legg-xed-roadmap-xx.txt, a work in progress,
February 2005.
[RXER] Legg, S. and D. Prager, "Robust XML Encoding Rules (RXER)
for Abstract Syntax Notation One (ASN.1)",
draft-legg-xed-rxer-xx.txt, a work in progress, October
2005.
[RXEREI] Legg, S., "Encoding Instructions for the Robust XML
Encoding Rules (RXER)", draft-legg-xed-rxer-ei-xx.txt, a
work in progress, October 2005.
[XEDNS] Legg, S., "The XML Enabled Directory: Amended Modules"
draft-legg-xed-amend-xx.txt, a work in progress, to be
published.
[XFER] Legg, S., "Lightweight Directory Access Protocol (LDAP):
Transfer Encoding Options",
draft-legg-ldap-transfer-xx.txt, a work in progress,
December 2003.
[FILTER] Zeilenga, K., "LDAP Absolute True and False Filters",
draft-zeilenga-ldap-t-f-xx.txt, a work in progress,
February 2005.
[X.500] ITU-T Recommendation X.500 (02/01) | ISO/IEC 9594-1:2001,
Information technology - Open Systems Interconnection -
The Directory: Overview of concepts, models and services
[X.501] ITU-T Recommendation X.501 (02/01) | ISO/IEC 9594-2:2001,
Information technology - Open Systems Interconnection -
The Directory: Models
[X.519] ITU-T Recommendation X.519 (02/01) | ISO/IEC 9594-5:2001,
Information technology - Open Systems Interconnection -
The Directory: Protocol specifications
[X.680] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1,
Information technology - Abstract Syntax Notation One
Legg & Prager Expires 15 May 2006 [Page 71]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
(ASN.1): Specification of basic notation.
[X.681] ITU-T Recommendation X.681 (07/02) | ISO/IEC 8824-2,
Information technology - Abstract Syntax Notation One
(ASN.1): Information object specification.
[X.682] ITU-T Recommendation X.682 (07/02) | ISO/IEC 8824-3,
Information technology - Abstract Syntax Notation One
(ASN.1): Constraint specification.
[XML10] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E. and
F. Yergeau, "Extensible Markup Language (XML) 1.0 (Third
Edition)", W3C Recommendation,
http://www.w3.org/TR/2004/REC-xml-20040204, February 2004.
[XML11] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E.,
Yergeau, F., and J. Cowan, "Extensible Markup Language
(XML) 1.1", W3C Recommendation,
http://www.w3.org/TR/2004/REC-xml11-20040204, February
2004.
[ISET] Cowan, J. and R. Tobin, "XML Information Set (Second
Edition)", W3C Recommendation,
http://www.w3.org/TR/2004/REC-xml-infoset-20040204,
February 2004.
[SOAP] Box, D., et al, "Simple Object Access Protocol (SOAP)
1.1", W3C Note, http://www.w3.org/TR/2000/NOTE-
SOAP-20000508, May 2000.
Informative References
[MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[SYNTAX] Legg, S. and K. Dally, "Lightweight Directory Access
Protocol (LDAP): Syntaxes and Matching Rules",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress,
June 2005.
[ASN.X] Legg, S., "Abstract Syntax Notation X (ASN.X)",
draft-legg-xed-asd-xx.txt, a work in progress, November
2005.
[CXSD] Legg, S. and D. Prager, "Translation of ASN.1
Specifications into XML Schema",
draft-legg-xed-xsd-xx.txt, a work in progress, to be
Legg & Prager Expires 15 May 2006 [Page 72]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
published.
[CRNG] Legg, S. and D. Prager, "Translation of ASN.1
Specifications into RELAX NG", draft-legg-xed-rng-xx.txt,
a work in progress, to be published.
[OSI] ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994,
Information technology - Open Systems Interconnection -
Basic Reference Model: The Basic Model.
[X.690] ITU-T Recommendation X.690 (07/02) | ISO/IEC 8825-1,
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules
(DER).
[XSD0] Fallside, D., "XML Schema Part 0: Primer", W3C
Recommendation, http://www.w3.org/TR/2001/REC-
xmlschema-0-20010502, May 2001.
[RNG] Clark, J. and M. Makoto, "RELAX NG Tutorial", OASIS
Committee Specification, http://www.oasis-
open.org/committees/relax-ng/tutorial-20011203.html,
December 2001.
[DSML] "Directory Services Markup Language v2.0", OASIS Standard,
http://www.oasis-open.org/committees/dsml/docs/DSMLv2.doc,
December 2001.
Authors' Addresses
Dr. Steven Legg
eB2Bcom
Suite 3, Woodhouse Corporate Centre
935 Station Street
Box Hill North, Victoria 3129
AUSTRALIA
Phone: +61 3 9896 7830
Fax: +61 3 9896 7801
EMail: steven.legg@eb2bcom.com
Dr. Daniel Prager
EMail: dan@layabout.net
Full Copyright Statement
Legg & Prager Expires 15 May 2006 [Page 73]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Changes in Draft 01
A simple TCP/IP transport for XLDAP has been defined. The new
transport uses the TCP/IP framing of IDM and is analogous to the way
LDAP is mapped to TCP/IP.
A section comparing XLDAP to DSMLv2 has been added.
The ASN.1, ASN.1 Schema (ASN.X) and XML Schema in the appendices has
been revised to take account of the latest draft for the LDAP
Legg & Prager Expires 15 May 2006 [Page 74]
INTERNET-DRAFT The XML Enabled Directory: Protocols November 15, 2005
protocol (draft-ietf-ldapbis-protocol-17.txt).
Changes in Draft 02
The Directory XML Encoding Rules (DXER) have been renamed to the
Robust XML Encoding Rules (RXER).
The ASN.1, ASN.1 Schema (ASN.X) and XML Schema in the appendices has
been revised to take account of the latest draft for the LDAP
protocol (draft-ietf-ldapbis-protocol-24.txt). The
LDAP-INTERMEDIATE-RESPONSE information object class has been added to
account for the new IntermediateResponse LDAP message type.
The effect of Absolute True and False Filters for LDAP has been
incorporated into the Uniform LDAP specification.
The qualified names of the root elements of XED protocol messages
have been changed so as to be independent of the specific version of
X.500 or Uniform LDAP an implementation is using. This change makes
it easier for a subsequent edition of the XED specification, or a
subsequent edition of X.500, to be backward compatible with this
version of XED. Appendix H has been added as an alternative
description of the root elements.
The namespace names defined by this document have been shortened.
The XED-Uniform-LDAP module has been assigned an object identifier.
Changes in Draft 03
ASN.1 Schema has been renamed to Abstract Syntax Notation X (ASN.X)
and the <asn1:schema> element has been renamed to <asn1:module>.
The strongAuthRequired result code has been changed to
strongerAuthRequired to match the same change in the latest draft for
the LDAP protocol (draft-ietf-ldapbis-protocol-32.txt).
The encodings of the root elements of XED protocol messages have been
formalized with RXER encoding instructions in the XED-Protocols ASN.1
module added as Appendix C. An ASN.X translation of the
XED-Protocols module has been added as Appendix F. Appendix H is now
the XML Schema translation of the XED-Protocols module.
Legg & Prager Expires 15 May 2006 [Page 75]
| PAFTECH AB 2003-2026 | 2026-04-24 05:44:30 |