One document matched: draft-legg-xed-protocols-05.txt
Differences from draft-legg-xed-protocols-04.txt
INTERNET-DRAFT S. Legg
draft-legg-xed-protocols-05.txt eB2Bcom
Intended Category: Experimental D. Prager
August 30, 2007
The XML-Enabled Directory: Protocols
Copyright (C) The IETF Trust (2007).
Status of This Memo
By submitting this Internet-draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Technical discussion of this document should take place on the XED
developers mailing list <xeddev@eb2bcom.com>. Please send editorial
comments directly to the editor <steven.legg@eb2bcom.com>. Further
information is available on the XED website: www.xmled.info.
This Internet-Draft expires on 29 February 2008.
Abstract
This document defines semantically equivalent Extensible Markup
Language (XML) renditions of the Lightweight Directory Access
Protocol (LDAP) and X.500 directory protocols for use by the XML-
Enabled Directory (XED).
Legg & Prager Expires 29 February 2008 [Page 1]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
Table of Contents
1. Introduction ....................................................2
2. Conventions .....................................................3
3. Uniform LDAP Specification ......................................3
3.1. Remediation of AttributeValue ..............................4
3.2. Remediation of AssertionValue ..............................5
3.3. Remediation of AttributeDescription ........................6
3.4. Remediation of LDAPString ..................................6
3.5. Importation of Pre-existing Definitions ....................7
3.6. Remediation of Controls ....................................7
3.7. Remediation of Extended Operations .........................9
3.8. Other Changes .............................................11
4. XLDAP ..........................................................12
4.1. XLDAP Over TCP/IP .........................................14
4.2. XLDAP Over SOAP 1.1 .......................................15
4.3. Relationship to DSMLv2 ....................................15
5. XIDM ...........................................................16
6. Changes to X.500 ASN.1 Modules .................................16
6.1. DirectoryString Revision ..................................16
6.2. Facilitating Translations .................................16
7. Security Considerations ........................................18
8. Acknowledgements ...............................................18
9. IANA Considerations ............................................18
10. References ....................................................18
10.1. Normative References .....................................18
10.2. Informative References ...................................20
Appendix A. ASN.1 for Uniform LDAP ................................21
Appendix B. ASN.1 for XED Protocol Elements .......................29
Appendix C. ASN.X for Uniform LDAP ................................30
Appendix D. ASN.X for XED Protocol Elements .......................54
1. Introduction
This document defines semantically equivalent Extensible Markup
Language (XML) [XML10][XML11] renditions of the Lightweight Directory
Access Protocol (LDAP) [LDAP] and X.500 [X.500] directory protocols
for use by the XML-Enabled Directory (XED) [XED].
The Internet Directly Mapped (IDM) protocol [X.519] permits X.500
protocol operations to be exchanged between directory agents using
TCP/IP [TCP] with minimal encapsulation, bypassing (and dispensing
with) the ROSE, ACSE, Presentation, Session, and Transport layers of
the Open Systems Interconnection (OSI) model [OSI].
Protocol operations in the IDM protocol are encoded according to the
Basic Encoding Rules (BER) [X.690] of Abstract Syntax Notation One
(ASN.1) [X.680]. Section 5 defines a new exclusively XML-based
Legg & Prager Expires 29 February 2008 [Page 2]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
protocol, the XML Internet Directly Mapped (XIDM) protocol, which
differs from the IDM protocol only in that the protocol operations
are encoded using the Robust XML Encoding Rules (RXER) [RXER] instead
of BER.
Whilst the IDM protocol is amenable to a simple substitution of the
encoding rules to create a uniformly XML-formatted protocol
operation, LDAP is not, due to discontinuities in the encoding, i.e.,
places where transfer syntax transitions occur (typically from BER to
LDAP-specific [SYNTAX] and back to BER). The discontinuities are the
result of directory data being conveyed as the content of ASN.1
OCTET STRINGs. A straight application of RXER to an LDAP operation
would inconveniently force attribute values, among other things, to
be represented as hexadecimal strings.
Section 3 describes a transformation of the LDAP ASN.1 specification
[PROT] that creates a new specification without the discontinuities
called Uniform LDAP. Essentially, the bland OCTET STRING [X.680]
containers for directory data items in LDAP are replaced by the open
types [X.681] and specific types used by X.500.
The XML Lightweight Directory Access Protocol (XLDAP) defined in
Section 4 is the result of applying RXER to instances of the message
data types of Uniform LDAP. Section 4 also defines two transports
for Uniform LDAP messages. Apart from the change in transfer syntax,
XLDAP is semantically equivalent to LDAP.
Since the XED protocols are algorithmically generated from the LDAP
and X.500 specifications, all future extensions to LDAP and X.500
automatically acquire a XED protocol representation.
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", and "MAY" in this document are
to be interpreted as described in BCP 14, RFC 2119 [BCP14]. The key
word "OPTIONAL" is exclusively used with its ASN.1 meaning.
This document makes use of definitions from the XML Information Set
(Infoset) [INFOSET]. In particular, information item property names
follow the Infoset convention of being shown in square brackets,
e.g., [local name]. Literal values of Infoset properties are
enclosed in double quotes; however, the double quotes are not part of
the property values. In the sections that follow, the term "element"
shall be taken to mean an Infoset element information item.
Throughout this document the term "attribute" is taken to mean a
directory attribute, unless it is qualified as an XML attribute.
Legg & Prager Expires 29 February 2008 [Page 3]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
3. Uniform LDAP Specification
The OCTET STRING fields in the LDAP specification each serve one of
two purposes; to contain the encodings of directory data values of
differing data types (e.g., attribute values, assertion values,
control values), and to contain an LDAP-specific string encoding of a
data value of a fixed data type (e.g., attribute type, distinguished
name).
In both cases the encoding of the directory data values is
disconnected from the encoding of the surrounding protocol message
(the transfer syntax of the directory data values and the transfer
syntax of the surrounding protocol message are typically quite
different) and the relationships that determine which data type to
use (e.g., the data type of an attribute value is determined by its
associated attribute type) are not specified in a way that is
machine-processable. As a consequence, off-the-shelf ASN.1 tools are
unable to treat directory data in protocol messages as anything other
than raw octets.
This defect is addressed by transforming the LDAP specification into
a form, called the Uniform LDAP specification, which faciliates the
uniform encoding of protocol message and directory data in a single
transfer syntax (e.g., XML). This is done by replacing the
OCTET STRING fields in the LDAP specification, as detailed in the
subsections that follow.
OCTET STRINGs that contain directory data values of fixed data types
are replaced by the associated fixed data type.
OCTET STRINGs that contain directory data values of varying data
types are replaced by open types. Open types permit the directory
data values to be seamlessly encoded in the same transfer syntax as
the surrounding protocol message. Furthermore, ASN.1 table
constraints [X.682] can be applied so that the actual data type of a
value of an open type can be determined programmatically.
Derivative works of the original LDAP specification can also be
remediated for use by XED by making the same transformations. The
final result of applying these transformations is the
XED-Uniform-LDAP ASN.1 module presented in Appendix A. The
equivalent Abstract Syntax Notation X (ASN.X)[ASN.X] representation
of the Uniform LDAP specification is presented in Appendix C.
Since Uniform LDAP protocol messages and the directory data they
contain are encoded in the same transfer syntax throughout, LDAP
transfer encoding options [TRANSFER] are ignored if present.
Legg & Prager Expires 29 February 2008 [Page 4]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
3.1. Remediation of AttributeValue
The definition of AttributeValue is removed and each reference to
AttributeValue is replaced with the following, where
<AttributeDescription> is replaced with the identifier of the
preceding component of the AttributeDescription ASN.1 type:
ATTRIBUTE.&Type
({SupportedAttributes}{@<AttributeDescription>.type})
In addition, the reference to AttributeDescription in that preceding
component is replaced with:
SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
ATTRIBUTE.&id equates to the OBJECT IDENTIFIER of an attribute type.
ATTRIBUTE.&Type is an open type. The constraint on ATTRIBUTE.&Type
restricts the ASN.1 type in the open type to be the attribute syntax
of the attribute indicated by ATTRIBUTE.&id. ATTRIBUTE and
SupportedAttributes are defined in X.501 [X.501].
3.2. Remediation of AssertionValue
The definition of MatchingRuleId is removed, and the definition of
MatchingRuleAssertion is replaced with the following definition:
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MATCHING-RULE.&id OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] MATCHING-RULE.&AssertionType,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
MATCHING-RULE.&id equates to the OBJECT IDENTIFIER of a matching
rule. MATCHING-RULE.&AssertionType is an open type. The
relationship between the value of the matchingRule component, the
value of the type component, and the ASN.1 type in the open type
(i.e., the syntax of the assertion value) is not expressible in ASN.1
constraint notation. The relationship defined by LDAP applies
[PROT]. MATCHING-RULE is defined in X.501 [X.501].
The definition of AssertionValue is removed, and each remaining
reference to AssertionValue is replaced with the following, where
<AttributeDescription> is replaced with the identifier of the
preceding component of the AttributeDescription ASN.1 type:
Legg & Prager Expires 29 February 2008 [Page 5]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@<AttributeDescription>.type})
In addition, the reference to AttributeDescription in that preceding
component is replaced with:
SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
ATTRIBUTE.&equality-match.&AssertionType is an open type. The
constraint on ATTRIBUTE.&equality-match.&AssertionType restricts the
ASN.1 type in the open type to be the syntax of the equality matching
rule of the attribute indicated by ATTRIBUTE.&id.
3.3. Remediation of AttributeDescription
To maintain consistency in the structure of attribute descriptions
throughout the Uniform LDAP specification, the definition of
AttributeDescription is replaced with the following definition:
AttributeDescription ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
The attribute type in an LDAP AttributeDescription is represented as
the OBJECT IDENTIFIER of that attribute type in the type component of
a Uniform LDAP AttributeDescription. Each attribute option in an
LDAP AttributeDescription is represented as a separate UTF8String
value in a Uniform LDAP AttributeDescription. The semi-colons that
separate attribute options in an LDAP AttributeDescription are not
present in any of the UTF8String values.
3.4. Remediation of LDAPString
Some directory constructs have ASN.1 types but are represented in
LDAP messages as a UTF-8 character string encoding wrapped in an
OCTET STRING, i.e., LDAPString. Uniform LDAP replaces these uses of
LDAPString with the underlying ASN.1 type.
The definition of LDAPOID is replaced with the following definition:
LDAPOID ::= OBJECT IDENTIFIER
The definition of LDAPDN is replaced with the following definition:
Legg & Prager Expires 29 February 2008 [Page 6]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
LDAPDN ::= DistinguishedName
This change aligns the encoding of distinguished names in the
protocol messages with the RXER encoding of attribute values of
attributes with the DN syntax [SYNTAX].
The definition of RelativeLDAPDN is replaced with the following
definition:
RelativeLDAPDN ::= RelativeDistinguishedName
DistinguishedName and RelativeDistinguishedName are defined in X.501
[X.501].
The remaining uses of LDAPString are represented naturally as UTF-8
character strings, therefore the definition of LDAPString is replaced
with the following definition:
LDAPString ::= UTF8String
3.5. Importation of Pre-existing Definitions
ATTRIBUTE, MATCHING-RULE, RelativeDistinguishedName,
DistinguishedName, and SupportedAttributes need to be imported from
the X.500 InformationFramework module, therefore the following import
statement is added to the Uniform LDAP specification following the
BEGIN keyword:
IMPORTS
ATTRIBUTE,
MATCHING-RULE
RelativeDistinguishedName,
DistinguishedName,
SupportedAttributes
FROM InformationFramework
{ joint-iso-itu-t ds(5) module(1)
informationFramework(1) 4 }
;
3.6. Remediation of Controls
LDAP controls contain an OCTET STRING control value whose content is
determined by an associated control type. The control type is an
OBJECT IDENTIFIER represented as a string in LDAP. The data type of
the control value is typically specified as an ASN.1 type, though
this is not a requirement of LDAP.
Controls have no counterpart in X.500, therefore the CONTROL
Legg & Prager Expires 29 February 2008 [Page 7]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
information object class is defined in this document to allow
specific control types to be programmatically linked to specific
control value data types.
CONTROL ::= CLASS {
&type OBJECT IDENTIFIER,
&RequestValue OPTIONAL,
&ResponseValue OPTIONAL
}
The &type field of a CONTROL object specifies the OBJECT IDENTIFIER
identifying the control (the control type).
The &RequestValue field of a CONTROL object specifies an ASN.1 type
describing the data type of the control value for that control in an
LDAP request message. If the control value is required to be absent
in a request, then the &RequestValue field is absent.
The &ResponseValue field of a CONTROL object specifies an ASN.1 type
describing the data type of the control value for that control in an
LDAP response message. If the control value is required to be absent
in a response, then the &RequestValue field is absent.
If the data type of a control value is not an ASN.1 type, and is not
a data type that can be referenced by an RXER encoding instruction
[RXEREI] applied to the Markup type [RXER], then the data type of the
control value is taken to be OCTET STRING.
If a control uses different OBJECT IDENTIFIERs in the request and
response, then it is necessarily represented by two CONTROL objects.
Definitions of CONTROL objects for controls already defined is out of
scope for this document; however, such objects can be readily
synthesized from the specification of a control.
The extensible SupportedControls information object set notionally
contains CONTROL objects for all the controls known to an
implementation.
SupportedControls CONTROL ::= { ... }
In order to allow automated determination of the control value data
type from the control type, the definition of the Control ASN.1 type
in LDAP is replaced with the following definition in Uniform LDAP:
Control ::= SEQUENCE {
controlType CONTROL.&type({SupportedControls}),
criticality BOOLEAN DEFAULT FALSE,
Legg & Prager Expires 29 February 2008 [Page 8]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
controlValue CHOICE {
request [0] CONTROL.&RequestValue
({SupportedControls}{@controlType}),
response [1] CONTROL.&ResponseValue
({SupportedControls}{@controlType})
} OPTIONAL }
3.7. Remediation of Extended Operations
LDAP extended operation requests contain an OCTET STRING request
value whose content is determined by an associated request name. The
request name type is an OBJECT IDENTIFIER represented as a string in
LDAP. LDAP extended operation responses and intermediate responses
contain an OCTET STRING response value whose content is determined by
an associated response name. The response name type is an
OBJECT IDENTIFIER represented as a string in LDAP. The data type of
the request or response value is typically specified as an ASN.1
type, though this is not a requirement of LDAP.
Extended operations and intermediate responses have no counterpart in
X.500, therefore the LDAP-EXTENDED-REQUEST, LDAP-EXTENDED-RESPONSE,
and LDAP-INTERMEDIATE-RESPONSE information object classes are defined
in this document to allow specific request names to be
programmatically linked to specific request value data types, and to
allow specific response names to be programmatically linked to
specific response value data types.
LDAP-EXTENDED-REQUEST ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
LDAP-EXTENDED-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
LDAP-INTERMEDIATE-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
The &name field of an LDAP-EXTENDED-REQUEST object specifies the
OBJECT IDENTIFIER identifying the extended operation request.
The &Value field of an LDAP-EXTENDED-REQUEST object specifies an
ASN.1 type describing the data type of the request value for that
request. If the request value is required to be absent in a request,
Legg & Prager Expires 29 February 2008 [Page 9]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
then the &Value field is absent.
The &name field of an LDAP-EXTENDED-RESPONSE object specifies the
OBJECT IDENTIFIER identifying the extended operation response.
The &Value field of an LDAP-EXTENDED-RESPONSE object specifies an
ASN.1 type describing the data type of the response value for that
response. If the response value is required to be absent in a
response, then the &Value field is absent.
The &name field of an LDAP-INTERMEDIATE-RESPONSE object specifies the
OBJECT IDENTIFIER identifying the intermediate response.
The &Value field of an LDAP-INTERMEDIATE-RESPONSE object specifies an
ASN.1 type describing the data type of the response value for that
intermediate response. If the response value is required to be
absent in an intermediate response, then the &Value field is absent.
If the data type of a request or response value is not an ASN.1 type,
and is not a data type that can be referenced by an RXER encoding
instruction [RXEREI] applied to the Markup type [RXER], then the data
type of the value is taken to be OCTET STRING.
Definitions of LDAP-EXTENDED-REQUEST, LDAP-EXTENDED-RESPONSE, and
LDAP-INTERMEDIATE-RESPONSE objects for extended operations and
intermediate responses already defined is out of scope for this
document; however, such objects can be readily synthesized from the
specification of an extended operation or intermediate response.
The extensible SupportedRequests information object set notionally
contains LDAP-EXTENDED-REQUEST objects for all the extended operation
requests known to an implementation. The extensible
SupportedResponses information object set notionally contains
LDAP-EXTENDED-RESPONSE objects for all the extended operation
responses known to an implementation. The extensible
SupportedIntermediateResponses information object set notionally
contains LDAP-INTERMEDIATE-RESPONSE objects for all the intermediate
responses known to an implementation.
SupportedRequests LDAP-EXTENDED-REQUEST ::= { ... }
SupportedResponses LDAP-EXTENDED-RESPONSE ::= { ... }
SupportedIntermediateResponses
LDAP-INTERMEDIATE-RESPONSE ::= { ... }
In order to allow automated determination of the request value data
type from the request name in an extended operation, the definition
Legg & Prager Expires 29 February 2008 [Page 10]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
of the ExtendedRequest ASN.1 type in LDAP is replaced with the
following definition in Uniform LDAP:
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAP-EXTENDED-REQUEST.&name
({SupportedRequests}),
requestValue [1] LDAP-EXTENDED-REQUEST.&Value
({SupportedRequests}{@requestName})
OPTIONAL }
In order to allow automated determination of the response value data
type from the response name in an extended operation, the definition
of the ExtendedResponse ASN.1 type is replaced with the following
definition:
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAP-EXTENDED-RESPONSE.&name
({SupportedResponses}) OPTIONAL,
responseValue [11] LDAP-EXTENDED-RESPONSE.&Value
({SupportedResponses}{@responseName})
OPTIONAL }
In order to allow automated determination of the response value data
type from the response name in an intermediate response, the
definition of the IntermediateResponse ASN.1 type is replaced with
the following definition:
IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] LDAP-INTERMEDIATE-RESPONSE.&name
({SupportedIntermediateResponses})
OPTIONAL,
responseValue [1] LDAP-INTERMEDIATE-RESPONSE.&Value
({SupportedIntermediateResponses}
{@responseName}) OPTIONAL }
The definitions for the CONTROL, LDAP-EXTENDED-REQUEST,
LDAP-EXTENDED-RESPONSE, and LDAP-INTERMEDIATE-RESPONSE information
object classes and the SupportedControls, SupportedRequests,
SupportedResponses, and SupportedIntermediateResponses information
object sets are added to the end of the Uniform LDAP specification.
3.8. Other Changes
The Absolute True and False Filters extension to LDAP [FILTER]
effectively removes the SIZE constraint on the "and" and "or"
components of the LDAP Filter ASN.1 type. These two SIZE constraints
are removed in the Uniform LDAP specification.
Legg & Prager Expires 29 February 2008 [Page 11]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
4. XLDAP
A protocol message of the XML Lightweight Directory Access Protocol
(XLDAP) is the RXER encoding of a value of the ldapMessage top-level
NamedType from the XED-Protocols ASN.1 module presented in Appendix B
(which is the RXER encoding of an abstract value of the LDAPMessage
type from the XED-Uniform-LDAP module encapsulated in an element with
the [local name] "LDAPMessage", and the [namespace name]
"urn:ietf:params:xml:ns:xed"), exchanged over either of the
transports defined in Sections 4.1 and 4.2.
Aside: The specification for RXER [RXER] introduces the notion of
an ASN.1 NamedType having a value that can be encoded.
Aside: Each top-level NamedType in the XED-Protocols module is
subject to a TYPE-AS-VERSION encoding instruction [RXEREI], which
means that the XML attributes of the root element of the encoding
of an XLDAP protocol message should contain an xsi:type XML
attribute with a value that is a qualified name for the expanded
name [XMLNS10] of the LDAPMessage ASN.1 type from the
XED-Uniform-LDAP module. This expanded name will have the
namespace name "urn:ietf:params:xml:ns:xed-uldap", and the local
name "LDAPMessage". It is intended that future editions of XED
will use the same expanded name for the protocol message element,
but that the value of the xsi:type XML attribute will be a
qualified name for the expanded name of the LDAPMessage ASN.1 type
(or its successor) in that future edition's version of the
XED-Uniform-LDAP module. Any future version of the
XED-Uniform-LDAP module is expected to use a different target
namespace. An RXER decoder using the first edition specification
would ignore the xsi:type XML attribute, and simply apply the
ASN.1 extensibility rules, if it receives an encoding from a later
edition. Implementations using compatible XML Schema translations
of this and subsequent revisions of the XED-Uniform-LDAP ASN.1
module would use the value of the xsi:type XML attribute to select
the appropriate version for validation purposes.
The equivalent ASN.X representation of the XED-Protocols module is
provided in Appendix D.
This first edition of the XLDAP specification is semantically
equivalent to LDAP version 3, therefore the version field of an XLDAP
BindRequest message SHOULD be set to 3.
Implementations of XLDAP MUST support "XLDAP Over TCP/IP", and MAY
support "XLDAP Over SOAP 1.1".
Example
Legg & Prager Expires 29 February 2008 [Page 12]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
This is an example of an XLDAP search operation.
<xed:LDAPMessage
xmlns:xed="urn:ietf:params:xml:ns:xed"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xldap="urn:ietf:params:xml:ns:xed-uldap"
xsi:type="xldap:LDAPMessage">
<messageID> 0 </messageID>
<protocolOp>
<searchRequest>
<baseObject> <!-- DistinguishedName -->
<!-- Equivalent LDAPDN is dc=example,dc=com -->
<item> <!-- RelativeDistinguishedName -->
<item> <!-- AttributeTypeAndDistinguishedValue -->
<type> 0.9.2342.19200300.100.1.25 <!-- dc --> </type>
<value>com</value>
</item>
</item>
<item>
<item>
<type> 0.9.2342.19200300.100.1.25 <!-- dc --> </type>
<value>example</value>
</item>
</item>
</baseObject>
<scope>wholeSubtree</scope>
<derefAliases>derefInSearching</derefAliases>
<sizeLimit>100</sizeLimit>
<timeLimit>5</timeLimit>
<typesOnly>false</typesOnly>
<filter>
<and>
<filter> <!-- objectClass = person -->
<equalityMatch>
<attributeDesc>
<type> 2.5.4.0 <!-- objectClass --> </type>
</attributeDesc>
<assertionValue> 2.5.6.6 <!-- person --> </assertionValue>
</equalityMatch>
</filter>
<filter> <!-- surname = Smith -->
<equalityMatch>
<attributeDesc>
<type> 2.5.4.4 <!-- surname --> </type>
</attributeDesc>
<assertionValue>Smith</assertionValue>
</equalityMatch>
</filter>
Legg & Prager Expires 29 February 2008 [Page 13]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</and>
</filter>
<attributes> <!-- all attributes --> </attributes>
</searchRequest>
</protocolOp>
</xed:LDAPMessage>
4.1. XLDAP Over TCP/IP
This section defines a simple mapping of XLDAP protocol messages onto
TCP/IP [TCP]. It is the same as the mapping onto TCP/IP used by the
IDM protocol.
An XLDAP protocol message is encoded as an XML document with the
protocol message element as its root element. The octets of the XML
document are partitioned into one or more fragments. Each fragment
is placed in a segment to be sent over the TCP/IP connection. Each
segment has a header followed by the octets of the fragment. The
number and size of the fragments resulting from the partitioning of
the encoding of the protocol message are at the discretion of the
sender and carry no significance. All fragments of a particular
protocol message MUST be sent (in order) before another protocol
message is sent.
The format for a segment is as follows:
+-----------+-----------+-------------------+-------------------+
| version | final | length | data |
| (1 octet) | (1 octet) | (4 octets) | (length octets) |
+-----------+-----------+-------------------+-------------------+
The version field indicates the version of the mapping onto TCP/IP.
The version described in this document is indicated by the value 1.
All segments on a TCP/IP connection SHALL have the same value for the
version.
The final field SHALL be 1 if the data field contains the final or
only fragment of the encoding of the XLDAP protocol message,
otherwise the final field SHALL be 0.
The length field indicates the size of the data field in number of
octets. It is sent in network byte order as a 32 bit unsigned
integer with more significant octets preceding less significant
octets. The minimum permitted value of length is 1.
The data field holds the next fragment of the XLDAP protocol message
being sent, or the entire encoding of the XLDAP protocol message if
it is being sent as one fragment.
Legg & Prager Expires 29 February 2008 [Page 14]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
Being relatively short, the entire XLDAP protocol message will
typically be sent in one segment.
4.2. XLDAP Over SOAP 1.1
This section defines a binding of XLDAP to SOAP version 1.1 [SOAP]
using the HTTP binding.
The value of the SOAPAction HTTP request header field SHALL be
"urn:ietf:params:xml:ns:xed".
No SOAP headers are defined for XLDAP over SOAP 1.1.
XLDAP protocol messages can be categorized as either Uniform LDAP
requests or Uniform LDAP responses.
A Uniform LDAP request is mapped onto a SOAP request message. The
SOAP Body element SHALL contain the protocol message element as its
only child element.
A Uniform LDAP response other than a search response is mapped onto a
SOAP response message. The SOAP Body element SHALL contain the
protocol message element as its only child element.
The result of a Uniform LDAP search is a sequence of one or more
protocol messages, each containing a value of SearchResultEntry,
SearchResultReference or, for the final message, SearchResultDone.
The result of a Uniform LDAP search is mapped onto a SOAP response
message where the SOAP Body element contains each of the protocol
message elements making up the search result, i.e., the multiple
response messages for a search are concatenated into a single SOAP
response.
Directory processing errors are reported as Uniform LDAP responses.
SOAP processing errors are reported using the SOAP Fault element.
4.3. Relationship to DSMLv2
The Directory Services Markup Language v2.0 (DSMLv2) [DSML] is an
alternative protocol for accessing an LDAP or X.500 directory.
Attribute values are represented in DSMLv2 as simple content, either
a UTF-8 string (the usual LDAP-specific ad-hoc string encoding), a
base64 [MIME] string or a URI [URI]. An attribute value in XML
format must either have its markup escaped with XML character
references or CDATA sections, or else must be placed in a separate
URI-referenced document from which the client needs to fetch the
value later. Attribute values with structure (e.g., schema
Legg & Prager Expires 29 February 2008 [Page 15]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
descriptions) are normally represented as LDAP-specific string
encodings instead of a more useful markup format. In XLDAP,
attribute values with non-trivial syntaxes, including new attribute
syntaxes whose data type is defined in terms of an XML Schema, a
RELAX NG grammar or a DTD, are naturally represented as markup in the
protocol. No escaping or other indirection is required.
Control values and the request and response values of extended
operations are typically represented in DSMLv2 as the base64
encodings of the BER encodings of the values. In XLDAP, the control
values and the request and response values of extended operations are
all directly represented as markup.
5. XIDM
The mapping of the X.500 protocols into XIDM is identical to the
mapping of these protocols into IDM [X.519]. The ASN.1 data types of
XIDM Protocol Data Units (PDUs) are exactly those of the IDM PDUs
[X.519]. The difference between XIDM and IDM is in the choice of
transfer syntax (RXER instead of BER).
Each XIDM PDU is the RXER encoding of a value of one of the top-level
NamedType definitions [RXEREI] from the XED-Protocols ASN.1 module
presented in Appendix B.
Aside: The specification for RXER [RXER] introduces the notion of
an ASN.1 NamedType having a value that can be encoded.
The RXER encoding is then mapped to TCP/IP [TCP] in the manner
prescribed in X.519 [X.519] for the encodings of IDM PDUs (which is
the same as the mapping defined in Section 4.1 for "XLDAP Over
TCP/IP").
The mapping of the Directory Access Protocol (DAP) onto XIDM is
called the XML Directory Access Protocol over TCP/IP (X-DAP-IP). An
X-DAP-IP operation is the RXER encoding of a value of the dap-idm-pdu
top-level NamedType from the XED-Protocols module (which is the RXER
encoding of an abstract value of the DAP-IDM-PDUs ASN.1 type
encapsulated in an element with the [local name] "DAP-IDM-PDU", and
the [namespace name] "urn:ietf:params:xml:ns:xed").
The mapping of the Directory System Protocol (DSP) onto XIDM is
called the XML Directory System Protocol over TCP/IP (X-DSP-IP). An
X-DSP-IP operation is the RXER encoding of a value of the dsp-idm-pdu
top-level NamedType from the XED-Protocols module (which is the RXER
encoding of an abstract value of the DSP-IDM-PDUs ASN.1 type
encapsulated in an element with the [local name] "DSP-IDM-PDU", and
the [namespace name] "urn:ietf:params:xml:ns:xed").
Legg & Prager Expires 29 February 2008 [Page 16]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
The mapping of the Directory Information Shadowing Protocol (DISP)
onto XIDM is called the XML Directory Information Shadowing Protocol
over TCP/IP (X-DISP-IP). An X-DISP-IP operation is the RXER encoding
of a value of the disp-idm-pdu top-level NamedType from the
XED-Protocols module (which is the RXER encoding of an abstract value
of the DISP-IDM-PDUs ASN.1 type encapsulated in an element with the
[local name] "DISP-IDM-PDU", and the [namespace name]
"urn:ietf:params:xml:ns:xed").
The mapping of the Directory Operational Binding Protocol (DOP) onto
XIDM is called the XML Directory Operational Binding Protocol over
TCP/IP (X-DOP-IP). An X-DOP-IP operation is the RXER encoding of a
value of the dop-idm-pdu top-level NamedType from the XED-Protocols
module (which is the RXER encoding of an abstract value of the
DOP-IDM-PDUs ASN.1 type encapsulated in an element with the
[local name] "DOP-IDM-PDU", and the [namespace name]
"urn:ietf:params:xml:ns:xed").
Aside: Each top-level NamedType in the XED-Protocols module is
subject to a TYPE-AS-VERSION encoding instruction [RXEREI], which
means that the XML attributes of the root element of the encoding
of an XIDM PDU should contain an xsi:type XML attribute with a
value that is a qualified name for the expanded name of the ASN.1
type of the IDM PDU. This expanded name will have the local name
DAP-IDM-PDUs, DSP-IDM-PDUs, DISP-IDM-PDUs, or DOP-IDM-PDUs, as
appropriate. If Section 6.2 is followed, then the namespace name
for the expanded name will be
"http://xmled.info/ns/X.500/4/DirectoryIDMProtocols" or
"http://xmled.info/ns/X.500/5/DirectoryIDMProtocols" (the target
namespaces Section 6.2 allocates to the DirectoryIDMProtocols
module [X.519-4][X.519] from the fourth and fifth edition of
X.500, respectively). It is intended that the expanded names of
the XIDM root elements will remain unchanged in any revision of
the XED-Protocols module that references a future edition of the
DirectoryIDMProtocols module. However, the value of the xsi:type
XML attribute on these elements will be a qualified name for the
expanded name of the specific IDM PDU ASN.1 type (or its
successor) in the future edition of the DirectoryIDMProtocols
module. The ASN.1 modules of any future edition of X.500 are
expected to be allocated different target namespaces. An RXER
decoder using the fourth edition X.500 specification would ignore
the xsi:type XML attribute, and simply apply the ASN.1
extensibility rules, if it receives an encoding from a later
edition. Implementations using compatible XML Schema translations
of the fourth, fifth, and subsequent editions of the X.500 ASN.1
modules would use the value of the xsi:type XML attribute to
select the appropriate version for validation purposes.
Legg & Prager Expires 29 February 2008 [Page 17]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
The DirectoryIDMProtocols module first appears in the fourth
edition of X.500.
The equivalent ASN.X representation of the XED-Protocols module is
provided in Appendix D.
Since the IDM protocol does not itself support any form of
negotiation of the transfer syntax, communication end points for the
XIDM protocol must be distinct, with different ports and/or different
IP addresses. XIDM end point address formats are for further study.
6. Changes to X.500 ASN.1 Modules
6.1. DirectoryString Revision
The DirectoryString parameterized type is used extensively throughout
X.500 and exists to provide a choice of different character
encodings. Since LDAP always encodes DirectoryString values as UTF-8
character strings, and since an RXER encoding uses only one character
encoding (typically UTF-8), the choice offered by the DirectoryString
type is anachronistic and largely irrelevant. The RXER encoding of
an ASN.1 CHOICE type ordinarily produces element content, i.e., a
child element. An RXER UNION encoding instruction is added to the
DirectoryString type in order to produce a simpler representation for
its values. This encoding instruction causes values to appear as
simple character data instead of as element content.
Formally, XED implementations MUST add this encoding instruction:
[RXER:UNION PRECEDENCE printableString uTF8String]
immediately after the "::=" in the definition of the DirectoryString
type in the third and every subsequent edition of the
SelectedAttributeTypes ASN.1 module of X.520 [X.520-3] [X.520-4]
[X.520-5].
For example, this is how the DirectoryString definition would appear
in the third, fourth, and fifth editions (also incorporating the
amendment required by RFC 4792 [GSEREI]):
DirectoryString{INTEGER:maxSize} ::=
[RXER:UNION PRECEDENCE printableString uTF8String]
[GSER:CHOICE-OF-STRINGS PRECEDENCE printableString uTF8String]
CHOICE {
teletexString TeletexString(SIZE (1..maxSize)),
printableString PrintableString(SIZE (1..maxSize)),
universalString UniversalString(SIZE (1..maxSize)),
bmpString BMPString(SIZE (1..maxSize)),
Legg & Prager Expires 29 February 2008 [Page 18]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
uTF8String UTF8String(SIZE (1..maxSize))
}
The uTF8String alternative did not appear in the second edition of
the SelectedAttributeTypes ASN.1 module of X.520 [X.520-2]. For
compatibility, XED implementations using the second edition of X.520
MUST add this encoding instruction:
[RXER:UNION PRECEDENCE printableString]
immediately after the "::=" in the definition of the DirectoryString
type.
For example, this is how the DirectoryString definition would appear
in the second edition (also incorporating the amendment required by
RFC 4792 [GSEREI]):
DirectoryString{INTEGER:maxSize} ::=
[RXER:UNION PRECEDENCE printableString]
[GSER:CHOICE-OF-STRINGS PRECEDENCE printableString]
CHOICE {
teletexString TeletexString(SIZE (1..maxSize)),
printableString PrintableString(SIZE (1..maxSize)),
universalString UniversalString(SIZE (1..maxSize))
}
6.2. Facilitating Translations
This section is non-normative.
The X.500 ASN.1 modules do not specify target namespaces, which makes
a translation into ASN.X more verbose, and impedes a translation into
XML Schema. This section suggests a particular amendment that XED
implementations may make to each X.500 module in order to facilitate
such translations and to promote consistent translations.
Specifically, an encoding control section for RXER [RXEREI] with a
SCHEMA-IDENTITY encoding instruction and a TARGET-NAMESPACE encoding
instruction is added to each X.500 ASN.1 module. The URI for the
SCHEMA-IDENTITY encoding instruction is the concatenation of the
string "http://xmled.info/id/X.500/", the number of the X.500 edition
(i.e., 2, 3, 4 or 5), a forward slash, and the modulereference (i.e.,
name) of the module. The URI for the TARGET-NAMESPACE encoding
instruction is constructed in the same way except that "/ns" replaces
"/id".
As an example, the RXER encoding control section for the
InformationFramework module in the fifth edition of X.500 would look
like this:
Legg & Prager Expires 29 February 2008 [Page 19]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
ENCODING-CONTROL RXER
SCHEMA-IDENTITY
"http://xmled.info/id/X.500/5/InformationFramework"
TARGET-NAMESPACE
"http://xmled.info/ns/X.500/5/InformationFramework"
Note that a XED implementation that makes these changes will
interwork with one that does not, and will interwork with an
implementation that chooses different URIs.
If at some time in the future the X.500 specifications are updated to
include RXER encoding control sections in their module definitions,
then the URIs defined there should be used in preference to those
defined here.
7. Security Considerations
Since XLDAP is derived from LDAP, the security considerations that
apply to LDAP apply equally to XLDAP.
XLDAP encodes all attribute values using RXER, which does not
necessarily enable an original BER encoding of an attribute value to
be recovered. Such recovery is needed for the verification of
digital signatures. XLDAP MUST NOT be used by applications requiring
such recovery.
When interpreting security-sensitive fields, and in particular fields
used to grant or deny access, implementations MUST ensure that any
comparisons are done on the underlying abstract value, regardless of
the particular encoding used.
8. Acknowledgements
The technology described in this document is the product of a
research project begun jointly by Adacel Technologies Limited and
Deakin University, and subsequently refined and completed by eB2Bcom.
9. IANA Considerations
The Internet Assigned Numbers Authority (IANA) is requested to
register two new XML namespaces in accordance with RFC 3688 [XMLREG].
URI: urn:ietf:params:xml:ns:xed
URI: urn:ietf:params:xml:ns:xed-uldap
Registrant Contact: Steven Legg <steven.legg@eb2bcom.com>
Legg & Prager Expires 29 February 2008 [Page 20]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
XML: None
10. References
10.1. Normative References
[TCP] Postel, J., "TRANSMISSION CONTROL PROTOCOL", RFC 793,
September 1981.
[BCP14] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[XMLREG] Mealling, M., "The IETF XML Registry", RFC 3688, January
2004.
[URI] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", STD 66, RFC
3986, January 2005.
[LDAP] Zeilenga, K., Ed., "Lightweight Directory Access Protocol
(LDAP): Technical Specification Road Map", RFC 4510, June
2006.
[PROT] Sermersheim, J., Ed., "Lightweight Directory Access
Protocol (LDAP): The Protocol", RFC 4511, June 2006.
[FILTER] Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP) Absolute True and False Filters", RFC 4526, June
2006.
[GSEREI] Legg, S., "Encoding Instructions for the Generic String
Encoding Rules (GSER)", RFC 4792, January 2007.
[RXER] Legg, S. and D. Prager, "Robust XML Encoding Rules (RXER)
for Abstract Syntax Notation One (ASN.1)", RFC 4910, July
2007.
[RXEREI] Legg, S., "Encoding Instructions for the Robust XML
Encoding Rules (RXER)", RFC 4911, July 2007.
[TRANSFER] Legg, S., "Lightweight Directory Access Protocol (LDAP):
Transfer Encoding Options",
draft-legg-ldap-transfer-xx.txt, a work in progress,
August 2006.
[XED] Legg, S. and D. Prager, "The XML-Enabled Directory",
draft-legg-xed-roadmap-xx.txt, a work in progress, August
2007.
Legg & Prager Expires 29 February 2008 [Page 21]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
[X.500] ITU-T Recommendation X.500 (08/05) | ISO/IEC 9594-1:2005,
Information technology - Open Systems Interconnection -
The Directory: Overview of concepts, models and services.
[X.501] ITU-T Recommendation X.501 (08/05) | ISO/IEC 9594-2:2005,
Information technology - Open Systems Interconnection -
The Directory: Models.
[X.519-4] ITU-T Recommendation X.519 (02/01) | ISO/IEC 9594-5:2001,
Information technology - Open Systems Interconnection -
The Directory: Protocol specifications.
[X.519] ITU-T Recommendation X.519 (08/05) | ISO/IEC 9594-5:2005,
Information technology - Open Systems Interconnection -
The Directory: Protocol specifications.
[X.520-2] ITU-T Recommendation X.520 (1993) | ISO/IEC 9594-6:1994,
Information Technology - Open Systems Interconnection -
The Directory: Selected attribute types.
[X.520-3] ITU-T Recommendation X.520 (08/97) | ISO/IEC 9594-6:1998,
Information Technology - Open Systems Interconnection -
The Directory: Selected attribute types.
[X.520-4] ITU-T Recommendation X.520 (02/01) | ISO/IEC 9594-6:2001,
Information technology - Open Systems Interconnection -
The Directory: Selected attribute types.
[X.520-5] ITU-T Recommendation X.520 (08/05) | ISO/IEC 9594-6:2005,
Information technology - Open Systems Interconnection -
The Directory: Selected attribute types.
[X.680] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1,
Information technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation.
[X.681] ITU-T Recommendation X.681 (07/02) | ISO/IEC 8824-2,
Information technology - Abstract Syntax Notation One
(ASN.1): Information object specification.
[X.682] ITU-T Recommendation X.682 (07/02) | ISO/IEC 8824-3,
Information technology - Abstract Syntax Notation One
(ASN.1): Constraint specification.
[XML10] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E. and
F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fourth
Edition)", W3C Recommendation,
http://www.w3.org/TR/2006/REC-xml-20060816, August 2006.
Legg & Prager Expires 29 February 2008 [Page 22]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
[XML11] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E.,
Yergeau, F., and J. Cowan, "Extensible Markup Language
(XML) 1.1 (Second Edition)", W3C Recommendation,
http://www.w3.org/TR/2006/REC-xml11-20060816, August 2006.
[XMLNS10] Bray, T., Hollander, D., Layman, A. and R. Tobin,
"Namespaces in XML 1.0 (Second Edition)", W3C
Recommendation,
http://www.w3.org/TR/2006/REC-xml-names-20060816, August
2006.
[INFOSET] Cowan, J. and R. Tobin, "XML Information Set (Second
Edition)", W3C Recommendation,
http://www.w3.org/TR/2004/REC-xml-infoset-20040204,
February 2004.
[SOAP] Box, D., Ehnebuske, D., Kakivaya, G., Layman, A.,
Mendelsohn, N., Nielson, H., Thatte, S. and D. Winer,
"Simple Object Access Protocol (SOAP) 1.1", W3C Note,
http://www.w3.org/TR/2000/NOTE-SOAP-20000508, May 2000.
10.2. Informative References
[MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[SYNTAX] Legg, S., Ed., "Lightweight Directory Access Protocol
(LDAP): Syntaxes and Matching Rules", RFC 4517, June 2006.
[ASN.X] Legg, S., "Abstract Syntax Notation X (ASN.X)", RFC 4912,
July 2007.
[OSI] ITU-T Recommendation X.200 (1994) | ISO/IEC 7498-1:1994,
Information technology - Open Systems Interconnection -
Basic Reference Model: The Basic Model.
[X.690] ITU-T Recommendation X.690 (07/02) | ISO/IEC 8825-1,
Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules
(DER).
[DSML] "Directory Services Markup Language v2.0", OASIS Standard,
http://www.oasis-open.org/committees/dsml/docs/DSMLv2.doc,
December 2001.
Appendix A. ASN.1 for Uniform LDAP
Legg & Prager Expires 29 February 2008 [Page 23]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
The ASN.1 module in this appendix is the result of applying the
transformation described in this document to the original LDAP ASN.1
specification.
This appendix is normative.
XED-Uniform-LDAP
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) uniform-ldap(2) }
-- Copyright (C) The IETF Trust (2007). This version of
-- this ASN.1 module is part of RFC XXXX; see the RFC itself
-- for full legal notices.
--
-- Regarding this ASN.1 module or any portion of it, the authors
-- make no guarantees and are not responsible for any damage
-- resulting from its use. The authors grant irrevocable permission
-- to anyone to use, modify, and distribute it in any way that does
-- not diminish the rights of anyone else to use, modify, and
-- distribute it, provided that redistributed derivative works do
-- not contain misleading author or version information.
-- Derivative works need not be licensed under similar terms.
DEFINITIONS
IMPLICIT TAGS
EXTENSIBILITY IMPLIED ::=
BEGIN
IMPORTS
ATTRIBUTE,
MATCHING-RULE,
RelativeDistinguishedName,
DistinguishedName,
SupportedAttributes
FROM InformationFramework
{ joint-iso-itu-t ds(5) module(1)
informationFramework(1) 5 }
;
LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
Legg & Prager Expires 29 February 2008 [Page 24]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
...,
intermediateResponse IntermediateResponse },
controls [0] Controls OPTIONAL }
MessageID ::= INTEGER (0 .. maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
LDAPString ::= UTF8String
LDAPOID ::= OBJECT IDENTIFIER
LDAPDN ::= DistinguishedName
RelativeLDAPDN ::= RelativeDistinguishedName
AttributeDescription ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL }
AttributeValueAssertion ::= SEQUENCE {
attributeDesc SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
assertionValue ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@attributeDesc.type}) }
PartialAttribute ::= SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
Legg & Prager Expires 29 February 2008 [Page 25]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
vals SET OF value ATTRIBUTE.&Type
({SupportedAttributes}{@type.type}) }
Attribute ::= PartialAttribute(WITH COMPONENTS {
...,
vals (SIZE(1..MAX))})
LDAPResult ::= SEQUENCE {
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongerAuthRequired (8),
-- 9 reserved --
referral (10),
adminLimitExceeded (11),
unavailableCriticalExtension (12),
confidentialityRequired (13),
saslBindInProgress (14),
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
-- 22-31 unused --
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
-- 35 reserved for undefined isLeaf --
aliasDereferencingProblem (36),
-- 37-47 unused --
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
-- 55-63 unused --
namingViolation (64),
Legg & Prager Expires 29 February 2008 [Page 26]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
-- 70 reserved for CLDAP --
affectsMultipleDSAs (71),
-- 72-79 unused --
other (80),
... },
matchedDN LDAPDN,
diagnosticMessage LDAPString,
referral [3] Referral OPTIONAL }
Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
URI ::= LDAPString -- limited to characters permitted in
-- URIs
Controls ::= SEQUENCE OF control Control
Control ::= SEQUENCE {
controlType CONTROL.&type({SupportedControls}),
criticality BOOLEAN DEFAULT FALSE,
controlValue CHOICE {
request [0] CONTROL.&RequestValue
({SupportedControls}{@controlType}),
response [1] CONTROL.&ResponseValue
({SupportedControls}{@controlType})
} OPTIONAL }
BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER (1 .. 127),
name LDAPDN,
authentication AuthenticationChoice }
AuthenticationChoice ::= CHOICE {
simple [0] OCTET STRING,
-- 1 and 2 reserved
sasl [3] SaslCredentials,
... }
SaslCredentials ::= SEQUENCE {
mechanism LDAPString,
credentials OCTET STRING OPTIONAL }
BindResponse ::= [APPLICATION 1] SEQUENCE {
COMPONENTS OF LDAPResult,
Legg & Prager Expires 29 February 2008 [Page 27]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
serverSaslCreds [7] OCTET STRING OPTIONAL }
UnbindRequest ::= [APPLICATION 2] NULL
SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2),
... },
derefAliases ENUMERATED {
neverDerefAliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
derefAlways (3) },
sizeLimit INTEGER (0 .. maxInt),
timeLimit INTEGER (0 .. maxInt),
typesOnly BOOLEAN,
filter Filter,
attributes AttributeSelection }
AttributeSelection ::= SEQUENCE OF selector AttributeDescription
Filter ::= CHOICE {
and [0] SET OF filter Filter,
or [1] SET OF filter Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeDescription,
approxMatch [8] AttributeValueAssertion,
extensibleMatch [9] MatchingRuleAssertion,
... }
SubstringFilter ::= SEQUENCE {
type SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
options SEQUENCE SIZE (1..MAX) OF
option UTF8String OPTIONAL },
substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
initial [0] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}),
-- can occur at most once
any [1] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}),
Legg & Prager Expires 29 February 2008 [Page 28]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
final [2] ATTRIBUTE.&equality-match.&AssertionType
({SupportedAttributes}{@type.type}) }
-- can occur at most once
}
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MATCHING-RULE.&id OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] MATCHING-RULE.&AssertionType,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList }
PartialAttributeList ::= SEQUENCE OF
partialAttribute PartialAttribute
SearchResultReference ::= [APPLICATION 19] SEQUENCE
SIZE (1..MAX) OF uri URI
SearchResultDone ::= [APPLICATION 5] LDAPResult
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
object LDAPDN,
changes SEQUENCE OF change SEQUENCE {
operation ENUMERATED {
add (0),
delete (1),
replace (2),
... },
modification PartialAttribute } }
ModifyResponse ::= [APPLICATION 7] LDAPResult
AddRequest ::= [APPLICATION 8] SEQUENCE {
entry LDAPDN,
attributes AttributeList }
AttributeList ::= SEQUENCE OF attribute Attribute
AddResponse ::= [APPLICATION 9] LDAPResult
DelRequest ::= [APPLICATION 10] LDAPDN
DelResponse ::= [APPLICATION 11] LDAPResult
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
Legg & Prager Expires 29 February 2008 [Page 29]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
entry LDAPDN,
newrdn RelativeLDAPDN,
deleteoldrdn BOOLEAN,
newSuperior [0] LDAPDN OPTIONAL }
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
CompareRequest ::= [APPLICATION 14] SEQUENCE {
entry LDAPDN,
ava AttributeValueAssertion }
CompareResponse ::= [APPLICATION 15] LDAPResult
AbandonRequest ::= [APPLICATION 16] MessageID
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAP-EXTENDED-REQUEST.&name
({SupportedRequests}),
requestValue [1] LDAP-EXTENDED-REQUEST.&Value
({SupportedRequests}{@requestName})
OPTIONAL }
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAP-EXTENDED-RESPONSE.&name
({SupportedResponses}) OPTIONAL,
responseValue [11] LDAP-EXTENDED-RESPONSE.&Value
({SupportedResponses}{@responseName})
OPTIONAL }
IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] LDAP-INTERMEDIATE-RESPONSE.&name
({SupportedIntermediateResponses})
OPTIONAL,
responseValue [1] LDAP-INTERMEDIATE-RESPONSE.&Value
({SupportedIntermediateResponses}
{@responseName}) OPTIONAL }
CONTROL ::= CLASS {
&type OBJECT IDENTIFIER,
&RequestValue OPTIONAL,
&ResponseValue OPTIONAL
}
SupportedControls CONTROL ::= { ... }
LDAP-EXTENDED-REQUEST ::= CLASS {
&name OBJECT IDENTIFIER,
Legg & Prager Expires 29 February 2008 [Page 30]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
&Value OPTIONAL
}
SupportedRequests LDAP-EXTENDED-REQUEST ::= { ... }
LDAP-EXTENDED-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
SupportedResponses LDAP-EXTENDED-RESPONSE ::= { ... }
LDAP-INTERMEDIATE-RESPONSE ::= CLASS {
&name OBJECT IDENTIFIER,
&Value OPTIONAL
}
SupportedIntermediateResponses
LDAP-INTERMEDIATE-RESPONSE ::= { ... }
ENCODING-CONTROL RXER
SCHEMA-IDENTITY "urn:oid:1.3.6.1.4.1.21472.5.1.2"
TARGET-NAMESPACE "urn:ietf:params:xml:ns:xed-uldap"
PREFIX "xldap"
END
The object identifier for the XED-Uniform-LDAP module has been
assigned for use in this specification by xmled.org, under an arc
assigned to xmled.org by IANA.
Appendix B. ASN.1 for XED Protocol Elements
This appendix is normative.
XED-Protocols
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) protocols(4) }
-- Copyright (C) The IETF Trust (2007). This version of
-- this ASN.1 module is part of RFC XXXX; see the RFC itself
-- for full legal notices.
--
-- Regarding this ASN.1 module or any portion of it, the authors
-- make no guarantees and are not responsible for any damage
-- resulting from its use. The authors grant irrevocable permission
Legg & Prager Expires 29 February 2008 [Page 31]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
-- to anyone to use, modify, and distribute it in any way that does
-- not diminish the rights of anyone else to use, modify, and
-- distribute it, provided that redistributed derivative works do
-- not contain misleading author or version information.
-- Derivative works need not be licensed under similar terms.
DEFINITIONS
RXER INSTRUCTIONS
AUTOMATIC TAGS
EXTENSIBILITY IMPLIED ::= BEGIN
IMPORTS
LDAPMessage
FROM XED-Uniform-LDAP
{ iso(1) identified-organization(3) dod(6)
internet(1) private(4) enterprise(1)
xmled(21472) ds(5) module(1) uniform-ldap(2) }
DAP-IDM-PDUs,
DSP-IDM-PDUs,
DISP-IDM-PDUs,
DOP-IDM-PDUs
FROM DirectoryIDMProtocols
{ joint-iso-itu-t(2) ds(5) module(1)
directoryIDMProtocols(31) 5 }
;
null NULL ::= NULL
-- an ASN.1 module must have at least one assignment
ENCODING-CONTROL RXER
SCHEMA-IDENTITY "urn:oid:1.3.6.1.4.1.21472.5.1.4"
TARGET-NAMESPACE "urn:ietf:params:xml:ns:xed" PREFIX "xed"
COMPONENT ldapMessage [NAME "LDAPMessage"]
[TYPE-AS-VERSION]
LDAPMessage
COMPONENT dap-idm-pdu [NAME "DAP-IDM-PDU"]
[TYPE-AS-VERSION]
DAP-IDM-PDUs
COMPONENT dsp-idm-pdu [NAME "DSP-IDM-PDU"]
[TYPE-AS-VERSION]
DSP-IDM-PDUs
COMPONENT disp-idm-pdu [NAME "DISP-IDM-PDU"]
[TYPE-AS-VERSION]
Legg & Prager Expires 29 February 2008 [Page 32]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
DISP-IDM-PDUs
COMPONENT dop-idm-pdu [NAME "DOP-IDM-PDU"]
[TYPE-AS-VERSION]
DOP-IDM-PDUs
END
The object identifier for the XED-Protocols module has been assigned
for use in this specification by xmled.org, under an arc assigned to
xmled.org by IANA.
Appendix C. ASN.X for Uniform LDAP
This appendix is non-normative.
This appendix contains the ASN.X [ASN.X] translation of the
XED-Uniform-LDAP module.
<?xml version="1.0"?>
<asnx:module
xmlns:asnx="urn:ietf:params:xml:ns:asnx"
xmlns:xldap="urn:ietf:params:xml:ns:xed-uldap"
xmlns:if="http://xmled.info/ns/X.500/5/InformationFramework"
name="XED-Uniform-LDAP"
identifier="1.3.6.1.4.1.21472.5.1.2"
schemaIdentity="urn:oid:1.3.6.1.4.1.21472.5.1.2"
targetNamespace="urn:ietf:params:xml:ns:xed-uldap"
targetPrefix="xldap"
tagDefault="implicit"
extensibilityImplied="true">
<annotation>
Copyright (C) The IETF Trust (2007). This version of
this ASN.X module is part of RFC XXXX; see the RFC itself
for full legal notices.
Regarding this ASN.X module or any portion of it, the authors
make no guarantees and are not responsible for any damage
resulting from its use. The authors grant irrevocable permission
to anyone to use, modify, and distribute it in any way that does
not diminish the rights of anyone else to use, modify, and
distribute it, provided that redistributed derivative works do
not contain misleading author or version information.
Derivative works need not be licensed under similar terms.
</annotation>
<import name="InformationFramework"
Legg & Prager Expires 29 February 2008 [Page 33]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
identifier="2.5.1.1.5"
schemaIdentity=
"http://xmled.info/id/X.500/5/InformationFramework"
namespace=
"http://xmled.info/ns/X.500/5/InformationFramework"/>
<namedType name="LDAPMessage">
<type>
<sequence>
<element name="messageID" type="xldap:MessageID"/>
<element name="protocolOp">
<type>
<choice>
<element name="bindRequest" type="xldap:BindRequest"/>
<element name="bindResponse" type="xldap:BindResponse"/>
<element name="unbindRequest" type="xldap:UnbindRequest"/>
<element name="searchRequest" type="xldap:SearchRequest"/>
<element name="searchResEntry"
type="xldap:SearchResultEntry"/>
<element name="searchResDone" type="xldap:SearchResultDone"/>
<element name="searchResRef"
type="xldap:SearchResultReference"/>
<element name="modifyRequest" type="xldap:ModifyRequest"/>
<element name="modifyResponse" type="xldap:ModifyResponse"/>
<element name="addRequest" type="xldap:AddRequest"/>
<element name="addResponse" type="xldap:AddResponse"/>
<element name="delRequest" type="xldap:DelRequest"/>
<element name="delResponse" type="xldap:DelResponse"/>
<element name="modDNRequest" type="xldap:ModifyDNRequest"/>
<element name="modDNResponse" type="xldap:ModifyDNResponse"/>
<element name="compareRequest" type="xldap:CompareRequest"/>
<element name="compareResponse" type="xldap:CompareResponse"/>
<element name="abandonRequest" type="xldap:AbandonRequest"/>
<element name="extendedReq" type="xldap:ExtendedRequest"/>
<element name="extendedResp" type="xldap:ExtendedResponse"/>
<extension>
<element name="intermediateResponse"
type="xldap:IntermediateResponse"/>
</extension>
</choice>
</type>
</element>
<optional>
<element name="controls">
<type>
<tagged number="0" type="xldap:Controls"/>
</type>
</element>
Legg & Prager Expires 29 February 2008 [Page 34]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</optional>
</sequence>
</type>
</namedType>
<namedType name="MessageID">
<type>
<constrained type="asnx:INTEGER">
<range>
<minInclusive literalValue="0"/>
<maxInclusive value="xldap:maxInt"/>
</range>
</constrained>
</type>
</namedType>
<namedValue name="maxInt" type="asnx:INTEGER"
literalValue="2147483647">
<annotation> (2^^31 - 1) </annotation>
</namedValue>
<namedType name="LDAPString" type="asnx:UTF8String"/>
<namedType name="LDAPOID" type="asnx:OBJECT-IDENTIFIER"/>
<namedType name="LDAPDN" type="if:DistinguishedName"/>
<namedType name="RelativeLDAPDN"
type="if:RelativeDistinguishedName"/>
<namedType name="AttributeDescription">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asnx:UTF8String"/>
Legg & Prager Expires 29 February 2008 [Page 35]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="AttributeValueAssertion">
<type>
<sequence>
<element name="attributeDesc">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asnx:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="assertionValue">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>attributeDesc/type</restrictBy>
</table>
</constrained>
</type>
Legg & Prager Expires 29 February 2008 [Page 36]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</element>
</sequence>
</type>
</namedType>
<namedType name="PartialAttribute">
<type>
<sequence>
<element name="type">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asnx:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="vals">
<type>
<setOf>
<element name="value">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="Type"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</element>
Legg & Prager Expires 29 February 2008 [Page 37]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</setOf>
</type>
</element>
</sequence>
</type>
</namedType>
<namedType name="Attribute">
<type>
<constrained type="xldap:PartialAttribute">
<withComponents partial="true">
<element name="vals">
<size>
<range>
<minInclusive literalValue="1"/>
</range>
</size>
</element>
</withComponents>
</constrained>
</type>
</namedType>
<namedType name="LDAPResult">
<type>
<sequence>
<element name="resultCode">
<type>
<enumerated>
<enumeration name="success" number="0"/>
<enumeration name="operationsError" number="1"/>
<enumeration name="protocolError" number="2"/>
<enumeration name="timeLimitExceeded" number="3"/>
<enumeration name="sizeLimitExceeded" number="4"/>
<enumeration name="compareFalse" number="5"/>
<enumeration name="compareTrue" number="6"/>
<enumeration name="authMethodNotSupported" number="7"/>
<enumeration name="strongerAuthRequired" number="8"/>
<!-- 9 reserved -->
<enumeration name="referral" number="10"/>
<enumeration name="adminLimitExceeded" number="11"/>
<enumeration name="unavailableCriticalExtension" number="12"/>
<enumeration name="confidentialityRequired" number="13"/>
<enumeration name="saslBindInProgress" number="14"/>
<enumeration name="noSuchAttribute" number="16"/>
<enumeration name="undefinedAttributeType" number="17"/>
<enumeration name="inappropriateMatching" number="18"/>
<enumeration name="constraintViolation" number="19"/>
Legg & Prager Expires 29 February 2008 [Page 38]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<enumeration name="attributeOrValueExists" number="20"/>
<enumeration name="invalidAttributeSyntax" number="21"/>
<!-- 22-31 unused -->
<enumeration name="noSuchObject" number="32"/>
<enumeration name="aliasProblem" number="33"/>
<enumeration name="invalidDNSyntax" number="34"/>
<!-- 35 reserved for undefined isLeaf -->
<enumeration name="aliasDereferencingProblem" number="36"/>
<!-- 37-47 unused -->
<enumeration name="inappropriateAuthentication" number="48"/>
<enumeration name="invalidCredentials" number="49"/>
<enumeration name="insufficientAccessRights" number="50"/>
<enumeration name="busy" number="51"/>
<enumeration name="unavailable" number="52"/>
<enumeration name="unwillingToPerform" number="53"/>
<enumeration name="loopDetect" number="54"/>
<!-- 55-63 unused -->
<enumeration name="namingViolation" number="64"/>
<enumeration name="objectClassViolation" number="65"/>
<enumeration name="notAllowedOnNonLeaf" number="66"/>
<enumeration name="notAllowedOnRDN" number="67"/>
<enumeration name="entryAlreadyExists" number="68"/>
<enumeration name="objectClassModsProhibited" number="69"/>
<!-- 70 reserved for CLDAP -->
<enumeration name="affectsMultipleDSAs" number="71"/>
<!-- 72-79 unused -->
<enumeration name="other" number="80"/>
<extension/>
</enumerated>
</type>
</element>
<element name="matchedDN" type="xldap:LDAPDN"/>
<element name="diagnosticMessage" type="xldap:LDAPString"/>
<optional>
<element name="referral">
<type>
<tagged number="3" type="xldap:Referral"/>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="Referral">
<type>
<sequenceOf minSize="1">
<element name="uri" type="xldap:URI"/>
Legg & Prager Expires 29 February 2008 [Page 39]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</sequenceOf>
</type>
</namedType>
<namedType name="URI" type="xldap:LDAPString">
<annotation>
limited to characters permitted in URIs
</annotation>
</namedType>
<namedType name="Controls">
<type>
<sequenceOf>
<element name="control" type="xldap:Control"/>
</sequenceOf>
</type>
</namedType>
<namedType name="Control">
<type>
<sequence>
<element name="controlType">
<type>
<constrained>
<type>
<fromClass class="xldap:CONTROL" fieldName="type"/>
</type>
<table objectSet="xldap:SupportedControls"/>
</constrained>
</type>
</element>
<optional>
<element name="criticality" type="asnx:BOOLEAN"/>
<default literalValue="false"/>
</optional>
<optional>
<element name="controlValue">
<type>
<choice>
<element name="request">
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="xldap:CONTROL"
fieldName="RequestValue"/>
</type>
Legg & Prager Expires 29 February 2008 [Page 40]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<table objectSet="xldap:SupportedControls">
<restrictBy>controlType</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="response">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="xldap:CONTROL"
fieldName="ResponseValue"/>
</type>
<table objectSet="xldap:SupportedControls">
<restrictBy>controlType</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</choice>
</type>
</element>
</optional>
</sequence>
</type>
</namedType>
<namedType name="BindRequest">
<type>
<tagged tagClass="application" number="0">
<type>
<sequence>
<element name="version">
<type>
<constrained type="asnx:INTEGER">
<range>
<minInclusive literalValue="1"/>
<maxInclusive literalValue="127"/>
</range>
</constrained>
</type>
</element>
Legg & Prager Expires 29 February 2008 [Page 41]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<element name="name" type="xldap:LDAPDN"/>
<element name="authentication"
type="xldap:AuthenticationChoice"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="AuthenticationChoice">
<type>
<choice>
<element name="simple">
<type>
<tagged number="0" type="asnx:OCTET-STRING"/>
</type>
</element>
<!-- 1 and 2 reserved -->
<element name="sasl">
<type>
<tagged number="3" type="xldap:SaslCredentials"/>
</type>
</element>
<extension/>
</choice>
</type>
</namedType>
<namedType name="SaslCredentials">
<type>
<sequence>
<element name="mechanism" type="xldap:LDAPString"/>
<optional>
<element name="credentials" type="asnx:OCTET-STRING"/>
</optional>
</sequence>
</type>
</namedType>
<namedType name="BindResponse">
<type>
<tagged tagClass="application" number="1">
<type>
<sequence>
<componentsOf type="xldap:LDAPResult"/>
<optional>
<element name="serverSaslCreds">
<type>
Legg & Prager Expires 29 February 2008 [Page 42]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<tagged number="7" type="asnx:OCTET-STRING"/>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="UnbindRequest">
<type>
<tagged tagClass="application" number="2" type="asnx:NULL"/>
</type>
</namedType>
<namedType name="SearchRequest">
<type>
<tagged tagClass="application" number="3">
<type>
<sequence>
<element name="baseObject" type="xldap:LDAPDN"/>
<element name="scope">
<type>
<enumerated>
<enumeration name="baseObject" number="0"/>
<enumeration name="singleLevel" number="1"/>
<enumeration name="wholeSubtree" number="2"/>
<extension/>
</enumerated>
</type>
</element>
<element name="derefAliases">
<type>
<enumerated>
<enumeration name="neverDerefAliases" number="0"/>
<enumeration name="derefInSearching" number="1"/>
<enumeration name="derefFindingBaseObj" number="2"/>
<enumeration name="derefAlways" number="3"/>
</enumerated>
</type>
</element>
<element name="sizeLimit">
<type>
<constrained type="asnx:INTEGER">
<range>
<minInclusive literalValue="0"/>
<maxInclusive value="xldap:maxInt"/>
Legg & Prager Expires 29 February 2008 [Page 43]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</range>
</constrained>
</type>
</element>
<element name="timeLimit">
<type>
<constrained type="asnx:INTEGER">
<range>
<minInclusive literalValue="0"/>
<maxInclusive value="xldap:maxInt"/>
</range>
</constrained>
</type>
</element>
<element name="typesOnly" type="asnx:BOOLEAN"/>
<element name="filter" type="xldap:Filter"/>
<element name="attributes" type="xldap:AttributeSelection"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="AttributeSelection">
<type>
<sequenceOf>
<element name="selector" type="xldap:AttributeDescription"/>
</sequenceOf>
</type>
</namedType>
<namedType name="Filter">
<type>
<choice>
<element name="and">
<type>
<tagged number="0">
<type>
<setOf>
<element name="filter" type="xldap:Filter"/>
</setOf>
</type>
</tagged>
</type>
</element>
<element name="or">
<type>
<tagged number="1">
Legg & Prager Expires 29 February 2008 [Page 44]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<type>
<setOf>
<element name="filter" type="xldap:Filter"/>
</setOf>
</type>
</tagged>
</type>
</element>
<element name="not">
<type>
<tagged number="2" type="xldap:Filter"/>
</type>
</element>
<element name="equalityMatch">
<type>
<tagged number="3" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="substrings">
<type>
<tagged number="4" type="xldap:SubstringFilter"/>
</type>
</element>
<element name="greaterOrEqual">
<type>
<tagged number="5" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="lessOrEqual">
<type>
<tagged number="6" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="present">
<type>
<tagged number="7" type="xldap:AttributeDescription"/>
</type>
</element>
<element name="approxMatch">
<type>
<tagged number="8" type="xldap:AttributeValueAssertion"/>
</type>
</element>
<element name="extensibleMatch">
<type>
<tagged number="9" type="xldap:MatchingRuleAssertion"/>
</type>
</element>
Legg & Prager Expires 29 February 2008 [Page 45]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<extension/>
</choice>
</type>
</namedType>
<namedType name="SubstringFilter">
<type>
<sequence>
<element name="type">
<type>
<sequence>
<element name="type">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE" fieldName="id"/>
</type>
<table objectSet="if:SupportedAttributes"/>
</constrained>
</type>
</element>
<optional>
<element name="options">
<type>
<sequenceOf minSize="1">
<element name="option" type="asnx:UTF8String"/>
</sequenceOf>
</type>
</element>
</optional>
</sequence>
</type>
</element>
<element name="substrings">
<type>
<sequenceOf minSize="1">
<element name="substring">
<type>
<choice>
<element name="initial">
<annotation> can occur at most once </annotation>
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
Legg & Prager Expires 29 February 2008 [Page 46]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="any">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
<element name="final">
<annotation> can occur at most once </annotation>
<type>
<tagged number="2">
<type>
<constrained>
<type>
<fromClass class="if:ATTRIBUTE"
fieldName="equality-match/AssertionType"/>
</type>
<table objectSet="if:SupportedAttributes">
<restrictBy>type/type</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</choice>
</type>
</element>
</sequenceOf>
Legg & Prager Expires 29 February 2008 [Page 47]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</type>
</element>
</sequence>
</type>
</namedType>
<namedType name="MatchingRuleAssertion">
<type>
<sequence>
<optional>
<element name="matchingRule">
<type>
<tagged number="1">
<type>
<fromClass class="if:MATCHING-RULE" fieldName="id"/>
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="type">
<type>
<tagged number="2" type="xldap:AttributeDescription"/>
</type>
</element>
</optional>
<element name="matchValue">
<type>
<tagged number="3">
<type>
<fromClass class="if:MATCHING-RULE"
fieldName="AssertionType"/>
</type>
</tagged>
</type>
</element>
<optional>
<element name="dnAttributes">
<type>
<tagged number="4" type="asnx:BOOLEAN"/>
</type>
</element>
<default literalValue="false"/>
</optional>
</sequence>
</type>
</namedType>
Legg & Prager Expires 29 February 2008 [Page 48]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<namedType name="SearchResultEntry">
<type>
<tagged tagClass="application" number="4">
<type>
<sequence>
<element name="objectName" type="xldap:LDAPDN"/>
<element name="attributes" type="xldap:PartialAttributeList"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="PartialAttributeList">
<type>
<sequenceOf>
<element name="partialAttribute" type="xldap:PartialAttribute"/>
</sequenceOf>
</type>
</namedType>
<namedType name="SearchResultReference">
<type>
<tagged tagClass="application" number="19">
<type>
<sequenceOf minSize="1">
<element name="uri" type="xldap:URI"/>
</sequenceOf>
</type>
</tagged>
</type>
</namedType>
<namedType name="SearchResultDone">
<type>
<tagged tagClass="application" number="5"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="ModifyRequest">
<type>
<tagged tagClass="application" number="6">
<type>
<sequence>
<element name="object" type="xldap:LDAPDN"/>
<element name="changes">
<type>
Legg & Prager Expires 29 February 2008 [Page 49]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<sequenceOf>
<element name="change">
<type>
<sequence>
<element name="operation">
<type>
<enumerated>
<enumeration name="add" number="0"/>
<enumeration name="delete" number="1"/>
<enumeration name="replace" number="2"/>
<extension/>
</enumerated>
</type>
</element>
<element name="modification"
type="xldap:PartialAttribute"/>
</sequence>
</type>
</element>
</sequenceOf>
</type>
</element>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ModifyResponse">
<type>
<tagged tagClass="application" number="7"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="AddRequest">
<type>
<tagged tagClass="application" number="8">
<type>
<sequence>
<element name="entry" type="xldap:LDAPDN"/>
<element name="attributes" type="xldap:AttributeList"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
Legg & Prager Expires 29 February 2008 [Page 50]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<namedType name="AttributeList">
<type>
<sequenceOf>
<element name="attribute" type="xldap:Attribute"/>
</sequenceOf>
</type>
</namedType>
<namedType name="AddResponse">
<type>
<tagged tagClass="application" number="9"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="DelRequest">
<type>
<tagged tagClass="application" number="10" type="xldap:LDAPDN"/>
</type>
</namedType>
<namedType name="DelResponse">
<type>
<tagged tagClass="application" number="11"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="ModifyDNRequest">
<type>
<tagged tagClass="application" number="12">
<type>
<sequence>
<element name="entry" type="xldap:LDAPDN"/>
<element name="newrdn" type="xldap:RelativeLDAPDN"/>
<element name="deleteoldrdn" type="asnx:BOOLEAN"/>
<optional>
<element name="newSuperior">
<type>
<tagged number="0" type="xldap:LDAPDN"/>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
Legg & Prager Expires 29 February 2008 [Page 51]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<namedType name="ModifyDNResponse">
<type>
<tagged tagClass="application" number="13"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="CompareRequest">
<type>
<tagged tagClass="application" number="14">
<type>
<sequence>
<element name="entry" type="xldap:LDAPDN"/>
<element name="ava" type="xldap:AttributeValueAssertion"/>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="CompareResponse">
<type>
<tagged tagClass="application" number="15"
type="xldap:LDAPResult"/>
</type>
</namedType>
<namedType name="AbandonRequest">
<type>
<tagged tagClass="application" number="16"
type="xldap:MessageID"/>
</type>
</namedType>
<namedType name="ExtendedRequest">
<type>
<tagged tagClass="application" number="23">
<type>
<sequence>
<element name="requestName">
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="xldap:LDAP-EXTENDED-REQUEST"
fieldName="name"/>
</type>
Legg & Prager Expires 29 February 2008 [Page 52]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<table objectSet="xldap:SupportedRequests"/>
</constrained>
</type>
</tagged>
</type>
</element>
<optional>
<element name="requestValue">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="xldap:LDAP-EXTENDED-REQUEST"
fieldName="Value"/>
</type>
<table objectSet="xldap:SupportedRequests">
<restrictBy>requestName</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="ExtendedResponse">
<type>
<tagged tagClass="application" number="24">
<type>
<sequence>
<componentsOf type="xldap:LDAPResult"/>
<optional>
<element name="responseName">
<type>
<tagged number="10">
<type>
<constrained>
<type>
<fromClass class="xldap:LDAP-EXTENDED-RESPONSE"
fieldName="name"/>
</type>
<table objectSet="xldap:SupportedResponses"/>
Legg & Prager Expires 29 February 2008 [Page 53]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="responseValue">
<type>
<tagged number="11">
<type>
<constrained>
<type>
<fromClass class="xldap:LDAP-EXTENDED-RESPONSE"
fieldName="Value"/>
</type>
<table objectSet="xldap:SupportedResponses">
<restrictBy>responseName</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedType name="IntermediateResponse">
<type>
<tagged tagClass="application" number="25">
<type>
<sequence>
<optional>
<element name="responseName">
<type>
<tagged number="0">
<type>
<constrained>
<type>
<fromClass class="xldap:LDAP-INTERMEDIATE-RESPONSE"
fieldName="name"/>
</type>
<table objectSet="xldap:SupportedIntermediateResponses"/>
</constrained>
Legg & Prager Expires 29 February 2008 [Page 54]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</type>
</tagged>
</type>
</element>
</optional>
<optional>
<element name="responseValue">
<type>
<tagged number="1">
<type>
<constrained>
<type>
<fromClass class="xldap:LDAP-INTERMEDIATE-RESPONSE"
fieldName="Value"/>
</type>
<table objectSet="xldap:SupportedIntermediateResponses">
<restrictBy>responseName</restrictBy>
</table>
</constrained>
</type>
</tagged>
</type>
</element>
</optional>
</sequence>
</type>
</tagged>
</type>
</namedType>
<namedClass name="CONTROL">
<class>
<valueField name="type" type="asnx:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="RequestValue"/>
</optional>
<optional>
<typeField name="ResponseValue"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedControls" class="xldap:CONTROL">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
Legg & Prager Expires 29 February 2008 [Page 55]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<namedClass name="LDAP-EXTENDED-REQUEST">
<class>
<valueField name="name" type="asnx:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedRequests"
class="xldap:LDAP-EXTENDED-REQUEST">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
<namedClass name="LDAP-EXTENDED-RESPONSE">
<class>
<valueField name="name" type="asnx:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedResponses"
class="xldap:LDAP-EXTENDED-RESPONSE">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
<namedClass name="LDAP-INTERMEDIATE-RESPONSE">
<class>
<valueField name="name" type="asnx:OBJECT-IDENTIFIER"/>
<optional>
<typeField name="Value"/>
</optional>
</class>
</namedClass>
<namedObjectSet name="SupportedIntermediateResponses"
class="xldap:LDAP-INTERMEDIATE-RESPONSE">
<objectSet>
<extension/>
</objectSet>
</namedObjectSet>
Legg & Prager Expires 29 February 2008 [Page 56]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
</asnx:module>
Appendix D. ASN.X for XED Protocol Elements
This appendix is non-normative.
This appendix contains the ASN.X [ASN.X] translation of the
XED-Protocols module.
<?xml version="1.0"?>
<asnx:module
xmlns:asnx="urn:ietf:params:xml:ns:asnx"
xmlns:xed="urn:ietf:params:xml:ns:xed"
xmlns:xldap="urn:ietf:params:xml:ns:xed-uldap"
xmlns:idmp="http://xmled.info/ns/X.500/5/DirectoryIDMProtocols"
name="XED-Protocols"
identifier="1.3.6.1.4.1.21472.5.1.4"
schemaIdentity="urn:oid:1.3.6.1.4.1.21472.5.1.4"
targetNamespace="urn:ietf:params:xml:ns:xed"
targetPrefix="xed"
extensibilityImplied="true">
<annotation>
Copyright (C) The IETF Trust (2007). This version of
this ASN.X module is part of RFC XXXX; see the RFC itself
for full legal notices.
Regarding this ASN.X module or any portion of it, the authors
make no guarantees and are not responsible for any damage
resulting from its use. The authors grant irrevocable permission
to anyone to use, modify, and distribute it in any way that does
not diminish the rights of anyone else to use, modify, and
distribute it, provided that redistributed derivative works do
not contain misleading author or version information.
Derivative works need not be licensed under similar terms.
</annotation>
<import name="XED-Uniform-LDAP"
identifier="1.3.6.1.4.1.21472.5.1.2"
schemaIdentity="urn:oid:1.3.6.1.4.1.21472.5.1.2"
namespace="urn:ietf:params:xml:ns:xed-uldap"/>
<import name="DirectoryIDMProtocols"
identifier="5.1.31.5"
schemaIdentity=
"http://xmled.info/id/X.500/5/DirectoryIDMProtocols"
namespace=
"http://xmled.info/ns/X.500/5/DirectoryIDMProtocols"/>
Legg & Prager Expires 29 February 2008 [Page 57]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
<namedValue name="null" type="asnx:NULL" literalValue="">
<annotation>
an ASN.1 module must have at least one assignment
</annotation>
</namedValue>
<element name="LDAPMessage" identifier="ldapMessage"
typeAsVersion="true" type="xldap:LDAPMessage"/>
<element name="DAP-IDM-PDU" identifier="dap-idm-pdu"
typeAsVersion="true" type="idmp:DAP-IDM-PDUs"/>
<element name="DSP-IDM-PDU" identifier="dsp-idm-pdu"
typeAsVersion="true" type="idmp:DSP-IDM-PDUs"/>
<element name="DISP-IDM-PDU" identifier="disp-idm-pdu"
typeAsVersion="true" type="idmp:DISP-IDM-PDUs"/>
<element name="DOP-IDM-PDU" identifier="dop-idm-pdu"
typeAsVersion="true" type="idmp:DOP-IDM-PDUs"/>
</asnx:module>
Authors' Addresses
Dr. Steven Legg
eB2Bcom
Suite 1, 85-87 Charles Street
Kew, Victoria 3103
AUSTRALIA
Phone: +61 3 9851 8630
Fax: +61 3 9851 8601
EMail: steven.legg@eb2bcom.com
Dr. Daniel Prager
EMail: dap@austhink.com
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
Legg & Prager Expires 29 February 2008 [Page 58]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Note to the RFC Editor: the remainder of this document is to be removed
before final publication.
Changes in Draft 01
A simple TCP/IP transport for XLDAP has been defined. The new
transport uses the TCP/IP framing of IDM and is analogous to the way
LDAP is mapped to TCP/IP.
A section comparing XLDAP to DSMLv2 has been added.
The ASN.1, ASN.1 Schema (ASN.X) and XML Schema in the appendices has
been revised to take account of the latest draft for the LDAP
protocol (draft-ietf-ldapbis-protocol-17.txt).
Changes in Draft 02
Legg & Prager Expires 29 February 2008 [Page 59]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
The Directory XML Encoding Rules (DXER) have been renamed to the
Robust XML Encoding Rules (RXER).
The ASN.1, ASN.1 Schema (ASN.X) and XML Schema in the appendices has
been revised to take account of the latest draft for the LDAP
protocol (draft-ietf-ldapbis-protocol-24.txt). The
LDAP-INTERMEDIATE-RESPONSE information object class has been added to
account for the new IntermediateResponse LDAP message type.
The effect of Absolute True and False Filters for LDAP has been
incorporated into the Uniform LDAP specification.
The qualified names of the root elements of XED protocol messages
have been changed so as to be independent of the specific version of
X.500 or Uniform LDAP an implementation is using. This change makes
it easier for a subsequent edition of the XED specification, or a
subsequent edition of X.500, to be backward compatible with this
version of XED. Appendix H has been added as an alternative
description of the root elements.
The namespace names defined by this document have been shortened.
The XED-Uniform-LDAP module has been assigned an object identifier.
Changes in Draft 03
ASN.1 Schema has been renamed to Abstract Syntax Notation X (ASN.X)
and the <asnx:schema> element has been renamed to <asnx:module>.
The strongAuthRequired result code has been changed to
strongerAuthRequired to match the same change in the latest draft for
the LDAP protocol (draft-ietf-ldapbis-protocol-32.txt).
The encodings of the root elements of XED protocol messages have been
formalized with RXER encoding instructions in the XED-Protocols ASN.1
module added as Appendix C. An ASN.X translation of the
XED-Protocols module has been added as Appendix F. Appendix H is now
the XML Schema translation of the XED-Protocols module.
Changes in Draft 04
Appendices G and H, XML Schema translations of the XED-Uniform-LDAP
and XED-Protocols modules, have been removed.
The XED-LDAP-Extensibility module has been merged into the
XED-Uniform-LDAP module.
The URLs for the namespaces of the XED-Protocols and XED-Uniform-LDAP
Legg & Prager Expires 29 February 2008 [Page 60]
INTERNET-DRAFT The XML-Enabled Directory: Protocols August 30, 2007
modules have been replaced. Permanent URNs will be requested from
IANA.
Changes in Draft 05
This specification has been downgraded from an intended category of
Proposed Standard to Experimental because the RXER and ASN.X
specifications on which it depends are in the Experimental category.
The application of the RXER UNION encoding instruction to the
DirectoryString ASN.1 type has been described.
Target namespaces allocated to the X.500 ASN.1 modules have been
described.
Legg & Prager Expires 29 February 2008 [Page 61]
| PAFTECH AB 2003-2026 | 2026-04-24 05:44:32 |