1 2 3 4 5Network Working Group J. Sermersheim 6Internet-Draft Novell, Inc 7Expires: August 5, 2005 H. Chu 8 Symas Corp. 9 February 2005 10 11 12 The LDAP Change Sequence Number 13 draft-sermersheim-ldap-csn-02.txt 14 15Status of this Memo 16 17 By submitting this Internet-Draft, each author represents that any 18 applicable patent or other IPR claims of which he or she is aware 19 have been or will be disclosed, and any of which he or she becomes 20 aware will be disclosed, in accordance with Section 6 of BCP 79. 21 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF), its areas, and its working groups. Note that 24 other groups may also distribute working documents as Internet- 25 Drafts. 26 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 31 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt. 34 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 37 38 This Internet-Draft will expire on August 5, 2005. 39 40Copyright Notice 41 42 Copyright (C) The Internet Society (2005). 43 44Abstract 45 46 This document defines a syntax schema element for the Lightweight 47 Directory Access Protocol (LDAP) which is used to hold a Change 48 Sequence Number (CSN). In general, a change sequence number 49 represents the place and time that a directory entity was changed. 50 It may be used by various attributes for various LDAP replication, 51 and synchronization applications. 52 53 54 55 56Sermersheim & Chu Expires August 5, 2005 [Page 1] 57 58Internet-Draft LDAP CSN February 2005 59 60 61Discussion Forum 62 63 Technical discussion of this document will take place on the IETF 64 LDAP Extensions mailing list <ldapext@ietf.org>. Please send 65 editorial comments directly to the author(s). 66 67 68Table of Contents 69 70 1. Introduction . . . . . . . . . . . . . . . . . . . . . 3 71 2. Conventions . . . . . . . . . . . . . . . . . . . . . 4 72 3. Syntaxes . . . . . . . . . . . . . . . . . . . . . . . 5 73 3.1. ChangeSequenceNumber Syntax . . . . . . . . . . . . . 5 74 3.2. UTF8String . . . . . . . . . . . . . . . . . . . . . . 6 75 4. Matching Rules . . . . . . . . . . . . . . . . . . . . 7 76 4.1. changeSequenceNumberMatch Matching Rule . . . . . . . 7 77 4.2. utf8CodePointMatch Matching Rule . . . . . . . . . . . 7 78 4.3. changeSequenceNumberOrderingMatch Matching Rule . . . 7 79 4.4. utf8CodePointOrderingMatch Matching Rule . . . . . . . 8 80 5. Attributes . . . . . . . . . . . . . . . . . . . . . . 9 81 5.1. entryCSN Attribute . . . . . . . . . . . . . . . . . . 9 82 6. Security Considerations . . . . . . . . . . . . . . . 10 83 7. Normative References . . . . . . . . . . . . . . . . . 10 84 Appendix A. IANA Considerations . . . . . . . . . . . . . . . . . 11 85 A.1. LDAP Object Identifier Registrations . . . . . . . . . 11 86 A.2. LDAP Descriptor Registrations . . . . . . . . . . . . 11 87 Authors' Addresses . . . . . . . . . . . . . . . . . . 15 88 Intellectual Property and Copyright Statements . . . . 16 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112Sermersheim & Chu Expires August 5, 2005 [Page 2] 113 114Internet-Draft LDAP CSN February 2005 115 116 1171. Introduction 118 119 A number of technologies have been documented, implemented and 120 experimented with which in one way or another seek to replicate, or 121 synchronize directory data. A common need among these technologies 122 is to determine which of two copies of an element represents the 123 latest or most authoritative data. Part of meeting this need 124 involves associating a change sequence number to an element copy at 125 the time of an update to that element. When replication or 126 synchronization occurs, the change sequence numbers associated with 127 directory elements can be used to decide which element's data will be 128 copied to the other element(s). 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168Sermersheim & Chu Expires August 5, 2005 [Page 3] 169 170Internet-Draft LDAP CSN February 2005 171 172 1732. Conventions 174 175 Imperative keywords defined in [RFC2119] are used in this document, 176 and carry the meanings described there. 177 178 The General Considerations of [I-D.ietf-ldapbis-syntaxes] apply to 179 the syntax definition in this document. 180 181 The terms "directory element" and "element" refer to data held in a 182 directory and may apply to an attribute value, attribute, entry, or 183 any other identifiable directory entity. 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224Sermersheim & Chu Expires August 5, 2005 [Page 4] 225 226Internet-Draft LDAP CSN February 2005 227 228 2293. Syntaxes 230 2313.1. ChangeSequenceNumber Syntax 232 233 A value of the ChangeSequenceNumber syntax is the time of a change 234 along with a replicaID which represents the Directory System Agent 235 (DSA) holding the element when it was changed. There are also two 236 sequence numbers used to disambiguate directory entities that are 237 changed at the same time and place. 238 239 The Abstract Syntax Notation One (ASN.1)[X680] type corresponding to 240 this syntax is defined as follows: 241 242 ChangeSequenceNumber ::= SEQUENCE { 243 244 time GeneralizedTime, 245 246 timeCount INTEGER (0 .. MaxInt), 247 248 replicaID UTF8String, 249 250 changeCount INTEGER (0 .. MaxInt)} 251 252 MaxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- 253 254 GeneralizedTime is defined in [X680]. Local time without a 255 differential SHALL NOT be used. 256 257 UTF8String is defined below. 258 259 The LDAP-specific encoding of a value of this syntax is the Generic 260 String Encoding Rules (GSER)[RFC3641] encoding of the ASN.1 type. 261 262 Example: 263 264 { time "196701160315-0700", 265 266 timeCount 0, 267 268 replicaID "DSA666", 269 270 changeCount 1 } 271 272 The following is an LDAP syntax description [RFC2252] suitable for 273 publication in the subschema. 274 275 ( IANA-ASSIGNED-OID.1 DESC 'ChangeSequenceNumber' ) 276 277 278 279 280Sermersheim & Chu Expires August 5, 2005 [Page 5] 281 282Internet-Draft LDAP CSN February 2005 283 284 2853.2. UTF8String 286 287 The UTF8String syntax is used to express a string of characters from 288 the [ISO.10646-1.1993] character set (a superset of [Unicode]), 289 encoded following the [UTF-8] algorithm. Note that Unicode 290 characters U+0000 through U+007F are the same as ASCII 0 through 127, 291 respectively, and have the same single octet UTF-8 encoding. Other 292 Unicode characters have a multiple octet UTF-8 encoding. 293 294 UTF8String::= OCTET STRING -- UTF-8 encoded, 295 296 -- [ISO10646] characters 297 298 The LDAP-specific encoding of a value of this syntax are the UTF-8 299 encoded characters themselves. 300 301 The following is an LDAP syntax description [RFC2252] suitable for 302 publication in the subschema. 303 304 ( IANA-ASSIGNED-OID.2 DESC 'UTF8String' ) 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336Sermersheim & Chu Expires August 5, 2005 [Page 6] 337 338Internet-Draft LDAP CSN February 2005 339 340 3414. Matching Rules 342 3434.1. changeSequenceNumberMatch Matching Rule 344 345 The changeSequenceNumberMatch rule compares an assertion value of the 346 ChangeSequenceNumber syntax to a value of a syntax (e.g the 347 ChangeSequenceNumber syntax) whose corresponding ASN.1 type is 348 ChangeSequenceNumber. 349 350 The rule evaluates to TRUE if and only if each of the components of 351 the two values evaluate to TRUE using the following rules: 352 353 o The time component uses generalizedTimeMatch. 354 355 o The timeCount and changeCount components use integerMatch. 356 357 o The replicaID component uses utf8CodePointMatch. 358 359 The following is a LDAP matching rule description [RFC2252] suitable 360 for publication in the subschema. 361 362 ( IANA-ASSIGNED-OID.3 NAME changeSequenceNumberMatch SYNTAX IANA- 363 ASSIGNED-OID.1 ) 364 3654.2. utf8CodePointMatch Matching Rule 366 367 The utf8CodePointMatch rule compares an assertion value of the 368 UTF8String syntax to a value of a syntax (e.g the UTF8String syntax) 369 whose corresponding ASN.1 type is UTF8String. The rule evaluates to 370 TRUE if and only if the code points [Unicode] of each of the 371 characters is equal. 372 373 The following is a LDAP matching rule description [RFC2252] suitable 374 for publication in the subschema. 375 376 ( IANA-ASSIGNED-OID.4 NAME utf8CodePointMatch SYNTAX IANA-ASSIGNED- 377 OID.2 ) 378 3794.3. changeSequenceNumberOrderingMatch Matching Rule 380 381 The changeSequenceNumberOrderingMatch rule compares the 382 ChangeSequenceNumber ordering of an assertion value of the 383 ChangeSequenceNumber syntax to a value of a syntax (e.g the 384 ChangeSequenceNumber syntax) whose corresponding ASN.1 type is 385 ChangeSequenceNumber. 386 387 When evaluating ChangeSequenceNumber values for ordering, the 388 components are evaluated in this order: time, timeCount, replicaID, 389 390 391 392Sermersheim & Chu Expires August 5, 2005 [Page 7] 393 394Internet-Draft LDAP CSN February 2005 395 396 397 changeCount. If a component evaluates to TRUE using the appropriate 398 ordering matching rule specified below, then the rule evaluates to 399 TRUE. Otherwise if the component evaluates to TRUE using the 400 equality matching rule specified below, the next component is 401 evaluated. Otherwise the changeSequenceNumberOrderingMatch rule 402 evaluates to FALSE or Undefined as appropriate. 403 404 o The time components of the two values are evaluated for ordering 405 using GeneralizedTimeOrderingMatch, and evaluated for equality 406 using GeneralizedTimeMatch. 407 408 o The timeCount and changeCount components of the two values are 409 evaluated for ordering using integerOrderingMatch, and evaluated 410 for equality using integerMatch. 411 412 o The replicaID components of the two values are evaluated for 413 ordering using utf8CodePointOrderingMatch and evaluated for 414 equality using utf8CodePointMatch. 415 416 The following is a LDAP matching rule description [RFC2252] suitable 417 for publication in the subschema. 418 419 ( IANA-ASSIGNED-OID.5 NAME changeSequenceNumberOrderingMatch SYNTAX 420 SYNTAX IANA-ASSIGNED-OID.1 ) 421 4224.4. utf8CodePointOrderingMatch Matching Rule 423 424 The utf8CodePointOrderingMatch rule compares the ordering of an 425 assertion value of the UTF8String syntax to a stored value of a 426 syntax (e.g. the UTF8String syntax) whose corresponding ASN.1 type is 427 UTF8String. 428 429 The rule evaluates to TRUE if, and only if, in the code point 430 collation order, the stored value character string appears earlier 431 than the assertion value character string, i.e., the stored value is 432 "less than" the assertion value. 433 434 The following is a LDAP matching rule description [RFC2252] suitable 435 for publication in the subschema. 436 437 ( IANA-ASSIGNED-OID.6 NAME utf8CodePointOrderingMatch SYNTAX IANA- 438 ASSIGNED-OID.2 ) 439 440 441 442 443 444 445 446 447 448Sermersheim & Chu Expires August 5, 2005 [Page 8] 449 450Internet-Draft LDAP CSN February 2005 451 452 4535. Attributes 454 4555.1. entryCSN Attribute 456 457 The entryCSN operational attribute provides the CSN of the last 458 update applied to the entry. 459 460 The following is a LDAP attribute type description [RFC2252] suitable 461 for publication in the subschema. 462 463 ( IANA-ASSIGNED-OID.7 NAME entryCSN DESC 'CSN of the entry content' 464 EQUALITY changeSequenceNumberMatch ORDERING 465 changeSequenceNumberOrderingMatch SYNTAX IANA-ASSIGNED-OID.1 SINGLE- 466 VALUE NO-USER-MODIFICATION USAGE directoryOperation ) 467 468 Servers MAY assign a CSN to each entry upon its addition to the 469 directory and provide the entry's CSN as the value of the entryCSN 470 operational attribute. If the entryCSN attribute is assigned, the 471 attribute SHOULD be updated upon every update of the entry. 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504Sermersheim & Chu Expires August 5, 2005 [Page 9] 505 506Internet-Draft LDAP CSN February 2005 507 508 5096. Security Considerations 510 5117. Normative References 512 513 [I-D.ietf-ldapbis-syntaxes] 514 Legg, S., "Lightweight Directory Access Protocol (LDAP): 515 Syntaxes and Matching Rules", 516 draft-ietf-ldapbis-syntaxes-11 (work in progress), 517 June 2005. 518 519 [ISO.10646-1.1993] 520 International Organization for Standardization, 521 "Information Technology - Universal Multiple-octet coded 522 Character Set (UCS) - Part 1: Architecture and Basic 523 Multilingual Plane", ISO Standard 10646-1, May 1993. 524 525 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 526 Requirement Levels", BCP 14, RFC 2119, March 1997. 527 528 [RFC2252] Wahl, M., Coulbeck, A., Howes, T., and S. Kille, 529 "Lightweight Directory Access Protocol (v3): Attribute 530 Syntax Definitions", RFC 2252, December 1997. 531 532 [RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) 533 Considerations for the Lightweight Directory Access 534 Protocol (LDAP)", BCP 64, RFC 3383, September 2002. 535 536 [RFC3641] Legg, S., "Generic String Encoding Rules (GSER) for ASN.1 537 Types", RFC 3641, October 2003. 538 539 [UTF-8] International Organization for Standardization, 540 "Information Technology - Universal Multiple-octet coded 541 Character Set (UCS) - Amendment 2: UCS Transformation 542 Format 8 (UTF-8)", ISO Standard 10646-1 Addendum 2, 543 October 1996. 544 545 [Unicode] The Unicode Consortium, "The Unicode Standard", 2004. 546 547 [X680] International Telecommunications Union, "Abstract Syntax 548 Notation One (ASN.1): Specification of basic notation", 549 ITU-T Recommendation X.680, July 2002. 550 551 552 553 554 555 556 557 558 559 560Sermersheim & Chu Expires August 5, 2005 [Page 10] 561 562Internet-Draft LDAP CSN February 2005 563 564 565Appendix A. IANA Considerations 566 567 Registration of the following values is requested [RFC3383]. 568 569A.1. LDAP Object Identifier Registrations 570 571 It is requested that IANA register upon Standards Action an LDAP 572 Object Identifier in identifying the protocol elements defined in 573 this technical specification. The following registration template is 574 provided: 575 576 Subject: Request for LDAP OID Registration 577 578 Person & email address to contact for further information: 579 580 Jim Sermersheim 581 582 jimse@novell.com 583 584 Specification: RFCXXXX 585 586 Author/Change Controller: IESG 587 588 Comments: 589 590 Seven delegations will be made under the assigned OID: 591 592 IANA-ASSIGNED-OID.1 ChangeSequenceNumber: LDAP Syntax 593 594 IANA-ASSIGNED-OID.2 UTF8String: LDAP Syntax 595 596 IANA-ASSIGNED-OID.3 changeSequenceNumberMatch: LDAP Matching Rule 597 598 IANA-ASSIGNED-OID.4 utf8CodePointMatch: LDAP Matching Rule 599 600 IANA-ASSIGNED-OID.5 changeSequenceNumberOrderingMatch: LDAP 601 Matching Rule 602 603 IANA-ASSIGNED-OID.6 utf8CodePointOrderingMatch: LDAP Matching Rule 604 605 IANA-ASSIGNED-OID.7 entryCSN: LDAP Attribute Type 606 607A.2. LDAP Descriptor Registrations 608 609 It is requested that IANA register upon Standards Action the LDAP 610 descriptors described in this document. The following registration 611 templates are given: 612 613 614 615 616Sermersheim & Chu Expires August 5, 2005 [Page 11] 617 618Internet-Draft LDAP CSN February 2005 619 620 621 Subject: Request for LDAP Descriptor Registration 622 623 Descriptor (short name): ChangeSequenceNumber 624 625 Object Identifier: IANA-ASSIGNED-OID.1 626 627 Person & email address to contact for further information: 628 629 Jim Sermersheim 630 631 jimse@novell.com 632 633 Usage: other 634 635 Specification: RFCXXXX 636 637 Author/Change Controller: IESG 638 639 Comments: LDAP Syntax 640 641 Subject: Request for LDAP Descriptor Registration 642 643 Descriptor (short name): UTF8String 644 645 Object Identifier: IANA-ASSIGNED-OID.2 646 647 Person & email address to contact for further information: 648 649 Jim Sermersheim 650 651 jimse@novell.com 652 653 Usage: other 654 655 Specification: RFCXXXX 656 657 Author/Change Controller: IESG 658 659 Comments: LDAP Syntax 660 661 Subject: Request for LDAP Descriptor Registration 662 663 Descriptor (short name): changeSequenceNumberMatch 664 665 Object Identifier: IANA-ASSIGNED-OID.3 666 667 Person & email address to contact for further information: 668 669 670 671 672Sermersheim & Chu Expires August 5, 2005 [Page 12] 673 674Internet-Draft LDAP CSN February 2005 675 676 677 Jim Sermersheim 678 679 jimse@novell.com 680 681 Usage: other 682 683 Specification: RFCXXXX 684 685 Author/Change Controller: IESG 686 687 Comments: LDAP Matching Rule 688 689 Subject: Request for LDAP Descriptor Registration 690 691 Descriptor (short name): utf8CodePointMatch 692 693 Object Identifier: IANA-ASSIGNED-OID.4 694 695 Person & email address to contact for further information: 696 697 Jim Sermersheim 698 699 jimse@novell.com 700 701 Usage: other 702 703 Specification: RFCXXXX 704 705 Author/Change Controller: IESG 706 707 Comments: LDAP Matching Rule 708 709 Subject: Request for LDAP Descriptor Registration 710 711 Descriptor (short name): changeSequenceNumberOrderingMatch 712 713 Object Identifier: IANA-ASSIGNED-OID.5 714 715 Person & email address to contact for further information: 716 717 Jim Sermersheim 718 719 jimse@novell.com 720 721 Usage: other 722 723 Specification: RFCXXXX 724 725 726 727 728Sermersheim & Chu Expires August 5, 2005 [Page 13] 729 730Internet-Draft LDAP CSN February 2005 731 732 733 Author/Change Controller: IESG 734 735 Comments: LDAP Matching Rule 736 737 Subject: Request for LDAP Descriptor Registration 738 739 Descriptor (short name): utf8CodePointOrderingMatch 740 741 Object Identifier: IANA-ASSIGNED-OID.6 742 743 Person & email address to contact for further information: 744 745 Jim Sermersheim 746 747 jimse@novell.com 748 749 Usage: other 750 751 Specification: RFCXXXX 752 753 Author/Change Controller: IESG 754 755 Comments: LDAP Matching Rule 756 757 Subject: Request for LDAP Descriptor Registration 758 759 Descriptor (short name): entryCSN 760 761 Object Identifier: IANA-ASSIGNED-OID.7 762 763 Person & email address to contact for further information: 764 765 Jim Sermersheim 766 767 jimse@novell.com 768 769 Usage: Attribute Type 770 771 Specification: RFCXXXX 772 773 Author/Change Controller: IESG 774 775 Comments: LDAP Attribute Type 776 777 778 779 780 781 782 783 784Sermersheim & Chu Expires August 5, 2005 [Page 14] 785 786Internet-Draft LDAP CSN February 2005 787 788 789Authors' Addresses 790 791 Jim Sermersheim 792 Novell, Inc 793 1800 South Novell Place 794 Provo, Utah 84606 795 USA 796 797 Phone: +1 801 861-3088 798 Email: jimse@novell.com 799 800 801 Howard Chu 802 Symas Corp. 803 18740 Oxnard Street, Suite 313A 804 Tarzana, California 91356 805 USA 806 807 Phone: +1 818 757-7087 808 Email: hyc@symas.com 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840Sermersheim & Chu Expires August 5, 2005 [Page 15] 841 842Internet-Draft LDAP CSN February 2005 843 844 845Intellectual Property Statement 846 847 The IETF takes no position regarding the validity or scope of any 848 Intellectual Property Rights or other rights that might be claimed to 849 pertain to the implementation or use of the technology described in 850 this document or the extent to which any license under such rights 851 might or might not be available; nor does it represent that it has 852 made any independent effort to identify any such rights. Information 853 on the procedures with respect to rights in RFC documents can be 854 found in BCP 78 and BCP 79. 855 856 Copies of IPR disclosures made to the IETF Secretariat and any 857 assurances of licenses to be made available, or the result of an 858 attempt made to obtain a general license or permission for the use of 859 such proprietary rights by implementers or users of this 860 specification can be obtained from the IETF on-line IPR repository at 861 http://www.ietf.org/ipr. 862 863 The IETF invites any interested party to bring to its attention any 864 copyrights, patents or patent applications, or other proprietary 865 rights that may cover technology that may be required to implement 866 this standard. Please address the information to the IETF at 867 ietf-ipr@ietf.org. 868 869 870Disclaimer of Validity 871 872 This document and the information contained herein are provided on an 873 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 874 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 875 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 876 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 877 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 878 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 879 880 881Copyright Statement 882 883 Copyright (C) The Internet Society (2005). This document is subject 884 to the rights, licenses and restrictions contained in BCP 78, and 885 except as set forth therein, the authors retain all their rights. 886 887 888Acknowledgment 889 890 Funding for the RFC Editor function is currently provided by the 891 Internet Society. 892 893 894 895 896Sermersheim & Chu Expires August 5, 2005 [Page 16] 897 898 899