Network Working Group V. Giralt Internet-Draft Univ. Malaga Intended status: Standards Track R. McDuff Expires: April 20, 2010 Univ. Queensland October 17, 2009 Definition of a Uniform Resource Name (URN) Namespace for the Schema for Academia (SCHAC) draft-giralt-schac-ns-02 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 20, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Giralt & McDuff Expires April 20, 2010 [Page 1] Internet-Draft SCHAC URN Namespace October 2009 Abstract This document describes a Uniform Resource Name (URN) namespace for the Schema for Academia (SCHAC). This namespace is for naming persistent resources defined by the SCHAC international activity participants, their working groups and other designated subordinates. The namespace main use will be the creation of controlled vocabulary values for attributes in the SCHAC schema. This values will be associated to particular instances of persons or objects belonging to any of the SCHAC object classes. Giralt & McDuff Expires April 20, 2010 [Page 2] Internet-Draft SCHAC URN Namespace October 2009 Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[1]. Giralt & McDuff Expires April 20, 2010 [Page 3] Internet-Draft SCHAC URN Namespace October 2009 1. Introduction The SCHAC international activity was born inside the TF-EMC2 middleware task force of the Trans European Research and Education Network Association. The initial aim of SCHAC was to harmonise the disjoint person schemas of the participating countries in order to have a common way for expressing data about persons, exchanged between educational organizations. SCHAC, as other person schemas, is designed to ease the sharing of information about a given individual between parties, mostly, but not limited to, educational and research institutions. The main aims of this sharing are: to provide resources to individuals and to allow said individuals to move, virtually and physically, between such institutions. Thus, the SCHAC schema was defined with input from all participants' national person schemas[4]. SCHAC does not supplant other person schemas such as organizationalPerson [5], inetOrgPerson [6] or eduPerson [7], it extends those where needed for the purposes of Higher Education outside the United States. This characteristic has made SCHAC, originally an European effort, useful for groups outside Europe. Giralt & McDuff Expires April 20, 2010 [Page 4] Internet-Draft SCHAC URN Namespace October 2009 2. Specification Template Namespace ID: schac Registration Information: Registration Version Number 1 Registration Date: 2008-11-07 Registrant of the namespace: European Committee for Academic Middleware TERENA ATTN: Licia Florio Singel Amsterdam The Netherlands Email: florio@terena.org Phone: Contact: Victoriano Giralt Affiliation: University of Malaga Central ICT Services Blvd. Louis Pasteur, 33 Campus de Teatinos 29071 Malaga Spain Email: victoriano@uma.es Phone: +34 95 213 2366 Syntactic structure: The Namespace Specific Strings (NSS) of all URNs assigned by SCHAC will conform to the syntax defined in section 2.2 of RFC 2141, "URN Syntax"[8]. In addition, all SCHAC URN NSSs will consist of a left-to-right series of tokens delimited by colons. The left- to-right sequence of colon-delimited tokens corresponds to descending nodes in a tree. To the right of the lowest naming authority node, there may be zero, one, or more levels of hierarchical naming nodes terminating in a rightmost leaf node. Giralt & McDuff Expires April 20, 2010 [Page 5] Internet-Draft SCHAC URN Namespace October 2009 See the section below entitled "Identifier assignment" for more on the semantics of NSSs. This syntax convention is captured in the following normative ABNF rules for SCHAC NSSs (see RFC 5234[2]): SCHAC-NSS = 1*(subStChar) 0*(":" 1*(subStChar)) subStChar = trans / "%" HEXDIG HEXDIG trans = ALPHA / DIGIT / other / reserved other = "(" / ")" / "+" / "," / "-" / "." / "=" / "@" / ";" / "$" / "_" / "!" / "*" / "'" reserved = "/" / "?" / "#" The exclusion of the colon from the list of "other" characters means that the colon can only occur as a delimiter between string tokens. Note that this ABNF rule set guarantees that any valid SCHAC NSS is also a valid RFC 2141 NSS. Relevant ancillary documentation: None. Identifier uniqueness: It is the responsibility of TERENA to guarantee uniqueness of the names of immediately subordinate naming authorities. Each lower- level naming authority in turn inherits the responsibility of guaranteeing uniqueness of names in their branch of the naming tree. Identifier persistence: TERENA bears ultimate responsibility for maintaining the usability of SCHAC URNs over time. This responsibility may be delegated to subordinate naming authorities per the discussion in the section below on identifier assignment. That section provides a mechanism for the delegation to be revoked in the case a subordinate naming authority ceases to function. Giralt & McDuff Expires April 20, 2010 [Page 6] Internet-Draft SCHAC URN Namespace October 2009 Identifier assignment: TERENA will create an initial series of immediately subordinate naming authorities, and will define a process for adding to that list of authorities. Each country with a representative in SCHAC will be invited to designate a naming authority. Country specific namespaces based on the country Internet TLD [9] will be assigned then to the designated authority. The subordinated namespaces int and eu will remain under TERENA authority, controlled by the SCHAC activity members, for entities of global international or European interest. There is also the possibility of granting subordinate namespaces to multi-country organizations, in this case the organizational Internet FQDN will be used as prefix. As an example, an European level interest entity would be any value related to information used in the Higher Education European Space, or the so called Bologna process. Such entities will belong in the eu subordinate namespace. Global international entities could encompass values related to the Grid comunity or values useful both for some European and Australian universities. Such entities would belong in the int subordinate namespace. Examples of multicountry organizations include TERENA itself or an association like EPI (educationalpolicy.org) that has members from Australia, Canada and the US. URNs intended for values of SCHAC attributes will include the attribute name immediately after the NSS prefix, before any geographical namespace delegation, such that any string can convey information about the attribute for which it is a value. For example, values for schacUserStatus, will be of the from: urn:schac:UserStatus:int urn:schac:UserStatus:au or urn:schac:UserStatus:terena.org Automated registry publication mechanisms will be provided if at all possible, based on the work on distributed URN registries done by the TF-EMC2 task force members. Institutions and communities affiliated with SCHAC participants may request that they be granted subordinate naming authority status. Uniqueness of these namespaces under country authority will be based on the requestor's Internet FQDN. This Giralt & McDuff Expires April 20, 2010 [Page 7] Internet-Draft SCHAC URN Namespace October 2009 subordination procedure SHOULD be carried along the delegation chain, i.e., all entities that receive a delegated namespace MUST have a valid FQDN and MUST publish an Internet accessible URN value registry, if at all possible based on the URN registry mechanisms designed by the TF-EMC2 task force members. On at least an annual basis, TERENA will contact the liaisons or directors of each immediately subordinate naming authority. If there is no response, or if the respondent indicates that they wish to relinquish naming authority, the authority over that branch of the tree reverts to TERENA. This process will be enforced recursively by each naming authority on its subordinates. This process guarantees that responsibility for each branch of the tree will lapse for less than one year, at worst, before being reclaimed by a superior authority. Lexical equivalence of two SCHAC namespace specific strings (NSSs) is defined below as an exact, case-sensitive string match. TERENA will assign names of immediately subordinate naming authorities in lowercase only. This forestalls the registration of two SCHAC- subordinate naming authorities whose names differ only in case. Attribute names will use the same mixed case format as in the schema definition. Identifier resolution: TERENA will maintain a registry of all SCHAC assigned URN values, both final and for delegation, on its Web site: https://www.terena.org/urn Delegation entries will have a pointer to the registry of the subordinate naming authority. This SHOULD recurse down the delegation tree, but registries for several delegated namespaces MAY be maintained by a single naming authority. All registries MUST publish their URNs over an HTTPS link. Registries SHOULD consider the user interface implications of their choice of CA, taking into account issues like browser alerts and blind trust. Lexical equivalence: Lexical equivalence of two SCHAC Namespace Specific Strings (NSSs) is defined as an exact, case-sensitive string match. Giralt & McDuff Expires April 20, 2010 [Page 8] Internet-Draft SCHAC URN Namespace October 2009 Conformance with URN syntax: All SCHAC NSSs fully conform to RFC 2141 syntax rules for NSSs. Validation mechanism: As specified in the "Identifier resolution" section above, TERENA will maintain an index of all SCHAC assigned URNs on its Web site https://www.terena.org/urn. Presence in that registry or in any subordinate one implies that a given URN is valid. Delegated naming authorities MUST guarantee that values are valid in their assigned spaces. Scope: Global. Giralt & McDuff Expires April 20, 2010 [Page 9] Internet-Draft SCHAC URN Namespace October 2009 3. Security Considerations There are no additional security considerations beyond those normally associated with the use and resolution of URNs in general. In order to guarantee the validity and origin of SCHAC-NSS URN values, they MUST be published over HTTPS links. Giralt & McDuff Expires April 20, 2010 [Page 10] Internet-Draft SCHAC URN Namespace October 2009 4. Namespace Considerations Registration of an Namespace Identifier (NID) specific to SCHAC is reasonable given the following considerations: SCHAC would like to assign URNs to some very fine-grained objects. This does not seem to be the primary intended use of the XMLORG namespace (RFC 3120) [10], or the more tightly controlled OASIS namespace (RFC 3121) [11]. SCHAC seeks naming autonomy. SCHAC is not a member of OASIS, so becoming a subordinate naming authority under the OASIS URN space is not an option. There is the MACE namespace but the SCHAC development is done outside MACE activity scope and thus the attributes and values do not belong into the MACE namespace. Using the MACE namespace requires the SCHAC namespace to be placed under one of the SCHAC participants namespace, which hinders its global scope. SCHAC will want to assign URNs to non-XML objects as well. That is another reason that XMLORG may not be an appropriate higher- level naming authority for SCHAC. Some of the already defined SCHAC attribute values have been assigned URNs under the urn:mace:terena.org namespace. These values will enter a deprecation cycle, with clear indication of them being replaced by values under the new namespace once it is assigned. Anyhow, RFC 3406 [3] (which replaced RFC 2611) includes an explicit statement that two or more URNs may point to the same resource. Giralt & McDuff Expires April 20, 2010 [Page 11] Internet-Draft SCHAC URN Namespace October 2009 5. Community Considerations The assignment and use of identifiers within the namespace are open, and the related rule is established by the SCHAC activity members. Registration agencies (the next level naming authorities) will be the National Research and Education Networks and established organizational cross-border organizations that participate in SCHAC. It is expected that the majority of the European NRENs, their constituencies, participants in the Australian Access Federation and some other international activities make use of the SCHAC namespace. After the establishment of the SCHAC namespace, TERENA will, as soon as practical, establish a registry service (analogously to other distributed pan-European services, like eduroam, PerfSONAR, etc.) for the namespace clients. Giralt & McDuff Expires April 20, 2010 [Page 12] Internet-Draft SCHAC URN Namespace October 2009 6. IANA Considerations In accordance with BCP 66 [3], IANA is asked to register the Formal URN Namespace 'schac' in the Registry of URN Namespaces, using the registration template presented in Section 2 of this document. Giralt & McDuff Expires April 20, 2010 [Page 13] Internet-Draft SCHAC URN Namespace October 2009 7. Acknowledgments SCHAC is the result of the TERENA TF-EMC2 task force and many others that have contributed ideas to the development of the schema. This document has been discussed on the URN-NID list, with the special help of Alfred Hoenes who has thoroughly reviewed the documents and helped us correct errors and suggested clarifications to the text. Giralt & McDuff Expires April 20, 2010 [Page 14] Internet-Draft SCHAC URN Namespace October 2009 8. References 8.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [3] Daigle, L., van Gulik, D., Iannella, R., and P. Faltstrom, "Uniform Resource Names (URN) Namespace Definition Mechanisms", BCP 66, RFC 3406, October 2002. 8.2. Informative References [4] TERENA TF-EMC2, "SCHAC activity web site". [5] Sciberras, A., "Lightweight Directory Access Protocol (LDAP): Schema for User Applications", RFC 4519, June 2006. [6] Smith, M., "Definition of the inetOrgPerson LDAP Object Class", RFC 2798, April 2000. [7] MACE-Dir, "eduPerson Object Class Specification", December 2007. [8] Moats, R., "URN Syntax", RFC 2141, May 1997. [9] IANA, "Country TLDs". [10] Best, K. and N. Walsh, "A URN Namespace for XML.org", RFC 3120, June 2001. [11] Best, K. and N. Walsh, "A URN Namespace for OASIS", RFC 3121, June 2001. Giralt & McDuff Expires April 20, 2010 [Page 15] Internet-Draft SCHAC URN Namespace October 2009 Authors' Addresses Victoriano Giralt M.D. University of Malaga Avd. Cervantes, 2 Malaga, Malaga E-29071 Spain Phone: +34-95-213-2366 Email: victoriano@uma.es URI: http://www.uma.es/ Dr. Rodney McDuff The University of Queensland Email: r.mcduff@uq.edu.au URI: http://www.uq.edu.au/ Giralt & McDuff Expires April 20, 2010 [Page 16]