Internet DRAFT - draft-furuseth-ldap-untypedobject

draft-furuseth-ldap-untypedobject









INTERNET-DRAFT                                      Hallvard B. Furuseth
Intended Category: Informational                      University of Oslo
Expires: December 2006                                         L. Howard
                                                           PADL Software
                                                         Alexey Melnikov
                                                           Isode Limited
                                                               June 2006


          Structural object class 'namedObject' for LDAP/X.500
               <draft-furuseth-ldap-untypedobject-02.txt>


Status of this Memo

   This document is intended to be published as an Informational RFC.
   Distribution of this memo is unlimited.  Technical discussions of
   this document are held on the LDAP Extension mailinglist
   <ldapext@ietf.org>.  Please send editorial comments directly to the
   author <h.b.furuseth@usit.uio.no>.

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html


Abstract

   This document defines an 'namedObject' structural object class for
   the Lightweight Directory Access Protocol (LDAP) and X.500.  This is
   useful for entries with no natural choice of structural object class,



Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 1]





INTERNET-DRAFT      LDAP object class 'untypedObject'          June 2006


   e.g. if an entry must exist even though its contents are
   uninteresting.

















































Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 2]





INTERNET-DRAFT      LDAP object class 'untypedObject'          June 2006


1. Introduction

   An entry in a Lightweight Directory Access Protocol (LDAP) [LDAPV3]
   or [X.500] directory must have a structural object class, such as
   'person' or 'country'.  However, an entry may lack a natural choice
   of structural object class.  For example, the desired structure of a
   directory tree might require an entry to exist for grouping purposes
   even though it describes no real-world object.  This document defines
   an 'namedObject' structural object class for this use.

   As 'namedObject' structural object class doesn't have any mandatory
   attributes, it can also be used in combination with arbitrary
   auxiliary object classes.  For example, the posixGroup object class
   [LDAP-NIS] is an auxiliary object class that may be used to overlay
   POSIX group identification on an existing group of distinguished
   names.  In this case, it is suggested that the groupOfUniqueNames
   object class be used as a structural object class. However, this may
   sometimes be inappropriate: that groupOfUniqueNames requires at least
   one member may make it impossible to migrate existing group
   information. [LDAP-NIS] could define a specific structural object
   class for this case (say, structuralPosixGroup), but this would
   unnecessarily add to the proliferation of redundant schema.


2. Object class definition

   namedObject is defined as follows.  The definition uses the BNF form
   of ObjectClassDescription from [MODEL], but with lines folded for
   readability.

      ( IANA-ASSIGNED-OID NAME 'namedObject'
        DESC 'Entry of no particular type [RFC XXXX]'
        SUP top STRUCTURAL
        MAY ( cn $ o $ ou $ l $ c $ st $ street $
              description $ owner $ seeAlso ) )

   <<Reuse Luke's OID: 1.3.6.1.4.1.5322.13.1.1?>>

   The attribute types are defined in [SCHEMA].

   The name of an entry with this object class will normally be a cn,
   but attributes o through street are allowed as well in case the entry
   name relates to the name of something else.  Of these, only the one
   used for naming is intended to be used in the entry.  Use of the
   others may be an indication that the entry should have a more
   descriptive object class instead of or in addition to this one.





Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 3]





INTERNET-DRAFT      LDAP object class 'untypedObject'          June 2006


3. Example

   In a directory with entries named as follows, the entries with RDNs
   cn=people etc. can use namedObject:

                  uid=john,cn=people,dc=example,dc=com
         uid=john,cn=users,cn=system,dc=example,dc=com
      cn=www,cn=filegroups,cn=system,dc=example,dc=com


4. Security Considerations

   Attributes of directory entries are used to provide descriptive
   information about the real-world objects they represent, which can be
   people, organizations or devices.  Most countries have privacy laws
   regarding the publication of information about people.

   <<TBD>>


5. IANA Considerations

   It is requested that the Internet Assigned Numbers Authority (IANA)
   register the following upon Expert Review:

      Subject: Request for LDAP OID Registration
      Person & email address to contact for further information:
         Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
      Specification: RFC XXXX
      Author/Change Controller: IESG
      Comments:
         OID of structural object class 'namedObject'.

      Subject: Request for LDAP Descriptor Registration
      Descriptor (short name): namedObject
      Object Identifier: IANA-ASSIGNED-OID
      Person & email address to contact for further information:
         Luke Howard <lukeh@padl.com>
      Usage: Object class
      Specification: RFC XXXX
      Author/Change Controller: IESG
      Comments:
         Structural object class for entries of no particular type.

   [Editor: Here and in Section 2, replace IANA-ASSIGNED-OID with the
   assigned OID and XXXX with the RFC number assigned this document.]





Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 4]





INTERNET-DRAFT      LDAP object class 'untypedObject'          June 2006


6. References

6.1. Normative References

   [MODEL]    Zeilenga, K., "Lightweight Directory Access Protocol
              (LDAP): Directory Information Models", RFC 4512,
              June 2006.

   [SCHEMA]  Sciberras, A., "Lightweight Directory Access Protocol
              (LDAP): Schema for User Applications", RFC 4519,
              June 2006.

6.2. Informative References

   [LDAP-NIS] Howard, L., "An Approach for Using LDAP as a Network
              Information Service", RFC 2307, March 1998.

              [Note to the RFC editor: 2307bis gets approved as RFC
              before this document, relace the reference above:
              L. Howard, M. Ansari, "An Approach for Using LDAP as
              a Network Information Service".
              ]

   [LDAPV3]  Zeilenga, K., "Lightweight Directory Access Protocol
             (LDAP): Technical Specification Road Map", RFC 4510,
             June 2006.

   [STRING-DN] Zeilenga, K., "Lightweight Directory Access Protocol
               (LDAP): String Representation of Distinguished Names",
               RFC 4514, June 2006.

   [X.500]    The Directory, ITU-T Recommendations X.500-X.525, 1993.


7. Author's Address

   Hallvard B. Furuseth
   USIT, University of Oslo
   Pb. 1059 - Blindern
   0316 Oslo
   Norway

   E-mail: h.b.furuseth@usit.uio.no
   Phone:  +47-22 85 28 13


   Luke Howard
   PADL Software Pty. Ltd.



Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 5]





INTERNET-DRAFT      LDAP object class 'untypedObject'          June 2006


   PO Box 59
   Central Park Vic 3145
   Australia

   EMail: lukeh@padl.com


   Alexey Melnikov
   Isode Limited
   5 Castle Business Village
   36 Station Road
   Hampton, Middlesex
   TW12 2BX, United Kingdom

   Email: Alexey.Melnikov@isode.com
   URI:   http://www.melnikov.ca/


8. Acknowledgments

   Authors would like to thank Kurt Zeilenga for comments and
   corrections.





























Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 6]





INTERNET-DRAFT      LDAP object class 'untypedObject'          June 2006


Appendix A: Notes on choices made for the object class

   (This section will be deleted in the final RFC.)

   The c through uid attributes (for naming of entries) match the table
   of naming attributes in [STRING-DN] (UTF-8 String Representation of
   Distinguished Names), in case the entry's RDN needs to match the RDN
   of something else.

   The description, owner and seeAlso attributes seem good to offer for
   "nothing in particular"-kind of entries, since such entries might not
   contain anything else which indicates what they are for and who is
   responsible for them.


Appendix B: Issues for consideration

   (This section will be deleted in the final RFC.)

   Is the name of this object class properly reflects its purpose?

   Is the choice of naming attributes good?





























Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 7]





INTERNET-DRAFT      LDAP object class 'untypedObject'          June 2006


Disclaimer of validity

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.


Full Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.







Furuseth        draft-furuseth-ldap-untypedobject-02.txtFORMFEED[Page 8]