Network Working Group J. Sermersheim Internet-Draft Novell, Inc Expires: August 5, 2005 H. Chu Symas Corp. February 2005 The LDAP Change Sequence Number draft-sermersheim-ldap-csn-02.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 5, 2005. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document defines a syntax schema element for the Lightweight Directory Access Protocol (LDAP) which is used to hold a Change Sequence Number (CSN). In general, a change sequence number represents the place and time that a directory entity was changed. It may be used by various attributes for various LDAP replication, and synchronization applications. Sermersheim & Chu Expires August 5, 2005 [Page 1] Internet-Draft LDAP CSN February 2005 Discussion Forum Technical discussion of this document will take place on the IETF LDAP Extensions mailing list <ldapext@ietf.org>. Please send editorial comments directly to the author(s). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions . . . . . . . . . . . . . . . . . . . . . 4 3. Syntaxes . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. ChangeSequenceNumber Syntax . . . . . . . . . . . . . 5 3.2. UTF8String . . . . . . . . . . . . . . . . . . . . . . 6 4. Matching Rules . . . . . . . . . . . . . . . . . . . . 7 4.1. changeSequenceNumberMatch Matching Rule . . . . . . . 7 4.2. utf8CodePointMatch Matching Rule . . . . . . . . . . . 7 4.3. changeSequenceNumberOrderingMatch Matching Rule . . . 7 4.4. utf8CodePointOrderingMatch Matching Rule . . . . . . . 8 5. Attributes . . . . . . . . . . . . . . . . . . . . . . 9 5.1. entryCSN Attribute . . . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . 10 7. Normative References . . . . . . . . . . . . . . . . . 10 Appendix A. IANA Considerations . . . . . . . . . . . . . . . . . 11 A.1. LDAP Object Identifier Registrations . . . . . . . . . 11 A.2. LDAP Descriptor Registrations . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . 15 Intellectual Property and Copyright Statements . . . . 16 Sermersheim & Chu Expires August 5, 2005 [Page 2] Internet-Draft LDAP CSN February 2005 1. Introduction A number of technologies have been documented, implemented and experimented with which in one way or another seek to replicate, or synchronize directory data. A common need among these technologies is to determine which of two copies of an element represents the latest or most authoritative data. Part of meeting this need involves associating a change sequence number to an element copy at the time of an update to that element. When replication or synchronization occurs, the change sequence numbers associated with directory elements can be used to decide which element's data will be copied to the other element(s). Sermersheim & Chu Expires August 5, 2005 [Page 3] Internet-Draft LDAP CSN February 2005 2. Conventions Imperative keywords defined in [RFC2119] are used in this document, and carry the meanings described there. The General Considerations of [I-D.ietf-ldapbis-syntaxes] apply to the syntax definition in this document. The terms "directory element" and "element" refer to data held in a directory and may apply to an attribute value, attribute, entry, or any other identifiable directory entity. Sermersheim & Chu Expires August 5, 2005 [Page 4] Internet-Draft LDAP CSN February 2005 3. Syntaxes 3.1. ChangeSequenceNumber Syntax A value of the ChangeSequenceNumber syntax is the time of a change along with a replicaID which represents the Directory System Agent (DSA) holding the element when it was changed. There are also two sequence numbers used to disambiguate directory entities that are changed at the same time and place. The Abstract Syntax Notation One (ASN.1)[X680] type corresponding to this syntax is defined as follows: ChangeSequenceNumber ::= SEQUENCE { time GeneralizedTime, timeCount INTEGER (0 .. MaxInt), replicaID UTF8String, changeCount INTEGER (0 .. MaxInt)} MaxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- GeneralizedTime is defined in [X680]. Local time without a differential SHALL NOT be used. UTF8String is defined below. The LDAP-specific encoding of a value of this syntax is the Generic String Encoding Rules (GSER)[RFC3641] encoding of the ASN.1 type. Example: { time "196701160315-0700", timeCount 0, replicaID "DSA666", changeCount 1 } The following is an LDAP syntax description [RFC2252] suitable for publication in the subschema. ( IANA-ASSIGNED-OID.1 DESC 'ChangeSequenceNumber' ) Sermersheim & Chu Expires August 5, 2005 [Page 5] Internet-Draft LDAP CSN February 2005 3.2. UTF8String The UTF8String syntax is used to express a string of characters from the [ISO.10646-1.1993] character set (a superset of [Unicode]), encoded following the [UTF-8] algorithm. Note that Unicode characters U+0000 through U+007F are the same as ASCII 0 through 127, respectively, and have the same single octet UTF-8 encoding. Other Unicode characters have a multiple octet UTF-8 encoding. UTF8String::= OCTET STRING -- UTF-8 encoded, -- [ISO10646] characters The LDAP-specific encoding of a value of this syntax are the UTF-8 encoded characters themselves. The following is an LDAP syntax description [RFC2252] suitable for publication in the subschema. ( IANA-ASSIGNED-OID.2 DESC 'UTF8String' ) Sermersheim & Chu Expires August 5, 2005 [Page 6] Internet-Draft LDAP CSN February 2005 4. Matching Rules 4.1. changeSequenceNumberMatch Matching Rule The changeSequenceNumberMatch rule compares an assertion value of the ChangeSequenceNumber syntax to a value of a syntax (e.g the ChangeSequenceNumber syntax) whose corresponding ASN.1 type is ChangeSequenceNumber. The rule evaluates to TRUE if and only if each of the components of the two values evaluate to TRUE using the following rules: o The time component uses generalizedTimeMatch. o The timeCount and changeCount components use integerMatch. o The replicaID component uses utf8CodePointMatch. The following is a LDAP matching rule description [RFC2252] suitable for publication in the subschema. ( IANA-ASSIGNED-OID.3 NAME changeSequenceNumberMatch SYNTAX IANA- ASSIGNED-OID.1 ) 4.2. utf8CodePointMatch Matching Rule The utf8CodePointMatch rule compares an assertion value of the UTF8String syntax to a value of a syntax (e.g the UTF8String syntax) whose corresponding ASN.1 type is UTF8String. The rule evaluates to TRUE if and only if the code points [Unicode] of each of the characters is equal. The following is a LDAP matching rule description [RFC2252] suitable for publication in the subschema. ( IANA-ASSIGNED-OID.4 NAME utf8CodePointMatch SYNTAX IANA-ASSIGNED- OID.2 ) 4.3. changeSequenceNumberOrderingMatch Matching Rule The changeSequenceNumberOrderingMatch rule compares the ChangeSequenceNumber ordering of an assertion value of the ChangeSequenceNumber syntax to a value of a syntax (e.g the ChangeSequenceNumber syntax) whose corresponding ASN.1 type is ChangeSequenceNumber. When evaluating ChangeSequenceNumber values for ordering, the components are evaluated in this order: time, timeCount, replicaID, Sermersheim & Chu Expires August 5, 2005 [Page 7] Internet-Draft LDAP CSN February 2005 changeCount. If a component evaluates to TRUE using the appropriate ordering matching rule specified below, then the rule evaluates to TRUE. Otherwise if the component evaluates to TRUE using the equality matching rule specified below, the next component is evaluated. Otherwise the changeSequenceNumberOrderingMatch rule evaluates to FALSE or Undefined as appropriate. o The time components of the two values are evaluated for ordering using GeneralizedTimeOrderingMatch, and evaluated for equality using GeneralizedTimeMatch. o The timeCount and changeCount components of the two values are evaluated for ordering using integerOrderingMatch, and evaluated for equality using integerMatch. o The replicaID components of the two values are evaluated for ordering using utf8CodePointOrderingMatch and evaluated for equality using utf8CodePointMatch. The following is a LDAP matching rule description [RFC2252] suitable for publication in the subschema. ( IANA-ASSIGNED-OID.5 NAME changeSequenceNumberOrderingMatch SYNTAX SYNTAX IANA-ASSIGNED-OID.1 ) 4.4. utf8CodePointOrderingMatch Matching Rule The utf8CodePointOrderingMatch rule compares the ordering of an assertion value of the UTF8String syntax to a stored value of a syntax (e.g. the UTF8String syntax) whose corresponding ASN.1 type is UTF8String. The rule evaluates to TRUE if, and only if, in the code point collation order, the stored value character string appears earlier than the assertion value character string, i.e., the stored value is "less than" the assertion value. The following is a LDAP matching rule description [RFC2252] suitable for publication in the subschema. ( IANA-ASSIGNED-OID.6 NAME utf8CodePointOrderingMatch SYNTAX IANA- ASSIGNED-OID.2 ) Sermersheim & Chu Expires August 5, 2005 [Page 8] Internet-Draft LDAP CSN February 2005 5. Attributes 5.1. entryCSN Attribute The entryCSN operational attribute provides the CSN of the last update applied to the entry. The following is a LDAP attribute type description [RFC2252] suitable for publication in the subschema. ( IANA-ASSIGNED-OID.7 NAME entryCSN DESC 'CSN of the entry content' EQUALITY changeSequenceNumberMatch ORDERING changeSequenceNumberOrderingMatch SYNTAX IANA-ASSIGNED-OID.1 SINGLE- VALUE NO-USER-MODIFICATION USAGE directoryOperation ) Servers MAY assign a CSN to each entry upon its addition to the directory and provide the entry's CSN as the value of the entryCSN operational attribute. If the entryCSN attribute is assigned, the attribute SHOULD be updated upon every update of the entry. Sermersheim & Chu Expires August 5, 2005 [Page 9] Internet-Draft LDAP CSN February 2005 6. Security Considerations 7. Normative References [I-D.ietf-ldapbis-syntaxes] Legg, S., "Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules", draft-ietf-ldapbis-syntaxes-11 (work in progress), June 2005. [ISO.10646-1.1993] International Organization for Standardization, "Information Technology - Universal Multiple-octet coded Character Set (UCS) - Part 1: Architecture and Basic Multilingual Plane", ISO Standard 10646-1, May 1993. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2252] Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997. [RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 3383, September 2002. [RFC3641] Legg, S., "Generic String Encoding Rules (GSER) for ASN.1 Types", RFC 3641, October 2003. [UTF-8] International Organization for Standardization, "Information Technology - Universal Multiple-octet coded Character Set (UCS) - Amendment 2: UCS Transformation Format 8 (UTF-8)", ISO Standard 10646-1 Addendum 2, October 1996. [Unicode] The Unicode Consortium, "The Unicode Standard", 2004. [X680] International Telecommunications Union, "Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, July 2002. Sermersheim & Chu Expires August 5, 2005 [Page 10] Internet-Draft LDAP CSN February 2005 Appendix A. IANA Considerations Registration of the following values is requested [RFC3383]. A.1. LDAP Object Identifier Registrations It is requested that IANA register upon Standards Action an LDAP Object Identifier in identifying the protocol elements defined in this technical specification. The following registration template is provided: Subject: Request for LDAP OID Registration Person & email address to contact for further information: Jim Sermersheim jimse@novell.com Specification: RFCXXXX Author/Change Controller: IESG Comments: Seven delegations will be made under the assigned OID: IANA-ASSIGNED-OID.1 ChangeSequenceNumber: LDAP Syntax IANA-ASSIGNED-OID.2 UTF8String: LDAP Syntax IANA-ASSIGNED-OID.3 changeSequenceNumberMatch: LDAP Matching Rule IANA-ASSIGNED-OID.4 utf8CodePointMatch: LDAP Matching Rule IANA-ASSIGNED-OID.5 changeSequenceNumberOrderingMatch: LDAP Matching Rule IANA-ASSIGNED-OID.6 utf8CodePointOrderingMatch: LDAP Matching Rule IANA-ASSIGNED-OID.7 entryCSN: LDAP Attribute Type A.2. LDAP Descriptor Registrations It is requested that IANA register upon Standards Action the LDAP descriptors described in this document. The following registration templates are given: Sermersheim & Chu Expires August 5, 2005 [Page 11] Internet-Draft LDAP CSN February 2005 Subject: Request for LDAP Descriptor Registration Descriptor (short name): ChangeSequenceNumber Object Identifier: IANA-ASSIGNED-OID.1 Person & email address to contact for further information: Jim Sermersheim jimse@novell.com Usage: other Specification: RFCXXXX Author/Change Controller: IESG Comments: LDAP Syntax Subject: Request for LDAP Descriptor Registration Descriptor (short name): UTF8String Object Identifier: IANA-ASSIGNED-OID.2 Person & email address to contact for further information: Jim Sermersheim jimse@novell.com Usage: other Specification: RFCXXXX Author/Change Controller: IESG Comments: LDAP Syntax Subject: Request for LDAP Descriptor Registration Descriptor (short name): changeSequenceNumberMatch Object Identifier: IANA-ASSIGNED-OID.3 Person & email address to contact for further information: Sermersheim & Chu Expires August 5, 2005 [Page 12] Internet-Draft LDAP CSN February 2005 Jim Sermersheim jimse@novell.com Usage: other Specification: RFCXXXX Author/Change Controller: IESG Comments: LDAP Matching Rule Subject: Request for LDAP Descriptor Registration Descriptor (short name): utf8CodePointMatch Object Identifier: IANA-ASSIGNED-OID.4 Person & email address to contact for further information: Jim Sermersheim jimse@novell.com Usage: other Specification: RFCXXXX Author/Change Controller: IESG Comments: LDAP Matching Rule Subject: Request for LDAP Descriptor Registration Descriptor (short name): changeSequenceNumberOrderingMatch Object Identifier: IANA-ASSIGNED-OID.5 Person & email address to contact for further information: Jim Sermersheim jimse@novell.com Usage: other Specification: RFCXXXX Sermersheim & Chu Expires August 5, 2005 [Page 13] Internet-Draft LDAP CSN February 2005 Author/Change Controller: IESG Comments: LDAP Matching Rule Subject: Request for LDAP Descriptor Registration Descriptor (short name): utf8CodePointOrderingMatch Object Identifier: IANA-ASSIGNED-OID.6 Person & email address to contact for further information: Jim Sermersheim jimse@novell.com Usage: other Specification: RFCXXXX Author/Change Controller: IESG Comments: LDAP Matching Rule Subject: Request for LDAP Descriptor Registration Descriptor (short name): entryCSN Object Identifier: IANA-ASSIGNED-OID.7 Person & email address to contact for further information: Jim Sermersheim jimse@novell.com Usage: Attribute Type Specification: RFCXXXX Author/Change Controller: IESG Comments: LDAP Attribute Type Sermersheim & Chu Expires August 5, 2005 [Page 14] Internet-Draft LDAP CSN February 2005 Authors' Addresses Jim Sermersheim Novell, Inc 1800 South Novell Place Provo, Utah 84606 USA Phone: +1 801 861-3088 Email: jimse@novell.com Howard Chu Symas Corp. 18740 Oxnard Street, Suite 313A Tarzana, California 91356 USA Phone: +1 818 757-7087 Email: hyc@symas.com Sermersheim & Chu Expires August 5, 2005 [Page 15] Internet-Draft LDAP CSN February 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Sermersheim & Chu Expires August 5, 2005 [Page 16]