7 INTERNET-DRAFT Kurt D. Zeilenga
8 Intended Category: Standard Track OpenLDAP Foundation
9 Expires in six months 18 July 2005
13 The LDAP entryUUID operational attribute
14 <draft-zeilenga-ldap-uuid-06.txt>
20 This document is intended to be, after appropriate review and
21 revision, submitted to the RFC Editor as an Standard Track document.
22 Distribution of this memo is unlimited. Technical discussion of this
23 document will take place on the IETF LDAP Extensions mailing list
24 <ldapext@ietf.org>. Please send editorial comments directly to the
25 author <Kurt@OpenLDAP.org>.
27 By submitting this Internet-Draft, each author represents that any
28 applicable patent or other IPR claims of which he or she is aware have
29 been or will be disclosed, and any of which he or she becomes aware
30 will be disclosed, in accordance with Section 6 of BCP 79.
32 Internet-Drafts are working documents of the Internet Engineering Task
33 Force (IETF), its areas, and its working groups. Note that other
34 groups may also distribute working documents as Internet-Drafts.
36 Internet-Drafts are draft documents valid for a maximum of six months
37 and may be updated, replaced, or obsoleted by other documents at any
38 time. It is inappropriate to use Internet-Drafts as reference material
39 or to cite them other than as "work in progress."
41 The list of current Internet-Drafts can be accessed at
42 http://www.ietf.org/1id-abstracts.html
44 The list of Internet-Draft Shadow Directories can be accessed at
45 http://www.ietf.org/shadow.html
48 Copyright (C) The Internet Society (2005). All Rights Reserved.
50 Please see the Full Copyright section near the end of this document
58 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 1]
60 INTERNET-DRAFT LDAP entryUUID 18 July 2005
63 This document describes the LDAP/X.500 'entryUUID' operational
64 attribute and associated matching rules and syntax. The attribute
65 holds a server-assigned Universally Unique Identifier (UUID) for the
66 object. Directory clients may use this attribute to distinguish
67 objects identified by a distinguished name or to locate an object
71 1. Background and Intended Use
73 In X.500 Directory Services [X.501], such as those accessible using
74 the Lightweight Directory Access Protocol (LDAP) [Roadmap], an object
75 is identified by its distinguished name (DN). However, DNs are not
76 stable identifiers. That is, a new object may be identified by a DN
77 which previously identified another (now renamed or deleted) object.
79 A Universally Unique Identifier (UUID) is "an identifier unique across
80 both space and time, with respect to the space of all UUIDs"
81 [UUIDURN]. UUIDs are used in a wide range of systems.
83 This document describes the 'entryUUID' operational attribute which
84 holds the UUID assigned to the object by the server. Clients may use
85 this attribute to distinguish objects identified by a particular
86 distinguished name or to locate a particular object after renaming.
88 This document defines the UUID syntax, the 'uuidMatch' and
89 'uuidOrderingMatch' matching rules, and the 'entryUUID' attribute
92 Schema definitions are provided using LDAP description formats
93 [Models]. Definitions provided here are formatted (line wrapped) for
96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
98 document are to be interpreted as described in BCP 14 [RFC2119].
101 2. UUID Schema Elements
105 A Universally Unique Identifier (UUID) [UUIDURN] is a 16-octet
106 (128-bit) value which identifies an object. The ASN.1 [X.680] type
107 UUID is defined to represent UUIDs as follows:
109 UUID ::= OCTET STRING (SIZE(16))
110 -- constrained to an UUID [UUIDURN]
114 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 2]
116 INTERNET-DRAFT LDAP entryUUID 18 July 2005
119 In LDAP, UUID values are encoded using the [ASCII] character string
120 representation described in [UUIDURN]. For example,
121 "597ae2f6-16a6-1027-98f4-d28b5365dc14".
123 The following is a LDAP syntax description suitable for publication in
124 subschema subentries.
126 ( IANA-ASSIGNED-OID.1 DESC 'UUID' )
129 2.2 'uuidMatch' Matching Rule
131 The 'uuidMatch' matching rule compares an asserted UUID with a stored
132 UUID for equality. Its semantics are same as the 'octetStringMatch'
133 [X.520][Syntaxes] matching rule. The rule differs from
134 'octetStringMatch' in that the assertion value is encoded using the
135 UUID string representation instead of the normal OCTET STRING string
138 The following is a LDAP matching rule description suitable for
139 publication in subschema subentries.
141 ( IANA-ASSIGNED-OID.2 NAME 'uuidMatch'
142 SYNTAX IANA-ASSIGNED-OID.1 )
145 2.3 'uuidOrderingMatch' Matching Rule
147 The 'uuidOrderingMatch' matching rule compares an asserted UUID
148 with a stored UUID for ordering. Its semantics are the same as the
149 'octetStringOrderingMatch' [X.520][Syntaxes] matching rule. The
150 rule differs from 'octetStringOrderingMatch' in that the assertion
151 value is encoded using the UUID string representation instead of
152 the normal OCTET STRING string representation.
154 The following is a LDAP matching rule description suitable for
155 publication in subschema subentries.
157 ( IANA-ASSIGNED-OID.3 NAME 'uuidOrderingMatch'
158 SYNTAX IANA-ASSIGNED-OID.1 )
160 It is noted that not all UUID variants have a defined ordering and,
161 even where so, servers are not obligated to assign UUIDs in any
162 particular order. This matching rule is provided for completeness.
165 2.4. 'entryUUID' attribute
170 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 3]
172 INTERNET-DRAFT LDAP entryUUID 18 July 2005
175 The 'entryUUID' operational attribute provides the Universally Unique
176 Identifier (UUID) assigned to the entry.
178 The following is a LDAP attribute type description suitable for
179 publication in subschema subentries.
181 ( IANA-ASSIGNED-OID.4 NAME 'entryUUID'
182 DESC 'UUID of the entry'
184 ORDERING uuidOrderingMatch
185 SYNTAX IANA-ASSIGNED-OID.1
188 USAGE directoryOperation )
190 Servers SHALL generate and assign a new UUID to each entry upon its
191 addition to the directory and provide that UUID as the value of the
192 'entryUUID' operational attribute. An entry's UUID is immutable.
194 UUID are to be generated in accordance with Section 4 of [UUIDURN].
195 In particular, servers MUST ensure that each generated UUID is unique
199 3. Security Considerations
201 An entry's relative distinguish name (RDN) is composed from attribute
202 values of the entry, values which are commonly descriptive of the
203 object the entry represents. While deployers are encouraged to use
204 naming attributes whose values are widely disclosable [LDAPDN],
205 entries are often named using information which cannot be disclosed to
206 all parties. As UUIDs do not contain any descriptive information of
207 the object they identify, UUIDs may be used to identify a particular
208 entry without disclosure of its contents.
210 General UUID security considerations [UUIDURN] apply.
212 General LDAP security considerations [RFC3377] apply.
215 4. IANA Considerations
217 It is requested that IANA register upon Standards Action the LDAP
218 values specified in this document.
221 4.1. Object Identifier Registration
226 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 4]
228 INTERNET-DRAFT LDAP entryUUID 18 July 2005
231 Subject: Request for LDAP OID Registration
232 Person & email address to contact for further information:
233 Kurt Zeilenga <kurt@OpenLDAP.org>
234 Specification: RFC XXXX
235 Author/Change Controller: IESG
237 Identifies the UUID schema elements
240 4.2. UUID Syntax Registration
242 Subject: Request for LDAP Syntax Registration
243 Object Identifier: IANA-ASSIGNED-OID.1
245 Person & email address to contact for further information:
246 Kurt Zeilenga <kurt@OpenLDAP.org>
247 Specification: RFC XXXX
248 Author/Change Controller: IESG
250 Identifies the UUID syntax
253 4.3. 'uuidMatch' Descriptor Registration
255 Subject: Request for LDAP Descriptor Registration
256 Descriptor (short name): uuidMatch
257 Object Identifier: IANA-ASSIGNED-OID.2
258 Person & email address to contact for further information:
259 Kurt Zeilenga <kurt@OpenLDAP.org>
261 Specification: RFC XXXX
262 Author/Change Controller: IESG
265 4.3. 'uuidOrderingMatch' Descriptor Registration
267 Subject: Request for LDAP Descriptor Registration
268 Descriptor (short name): uuidOrderingMatch
269 Object Identifier: IANA-ASSIGNED-OID.3
270 Person & email address to contact for further information:
271 Kurt Zeilenga <kurt@OpenLDAP.org>
273 Specification: RFC XXXX
274 Author/Change Controller: IESG
277 5.4. 'entryUUID' Descriptor Registration
282 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 5]
284 INTERNET-DRAFT LDAP entryUUID 18 July 2005
287 It is requested that IANA register upon Standards Action the LDAP
288 'entryUUID' descriptor.
290 Subject: Request for LDAP Descriptor Registration
291 Descriptor (short name): entryUUID
292 Object Identifier: IANA-ASSIGNED-OID.4
293 Person & email address to contact for further information:
294 Kurt Zeilenga <kurt@OpenLDAP.org>
295 Usage: Attribute Type
296 Specification: RFC XXXX
297 Author/Change Controller: IESG
302 This document is based upon discussions in the LDAP Update and
303 Duplication Protocols (LDUP) WG. Members of the LDAP Directorate
312 Email: Kurt@OpenLDAP.org
317 [[Note to the RFC Editor: please replace the citation tags used in
318 referencing Internet-Drafts with tags of the form RFCnnnn where
322 8.1. Normative References
324 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
325 Requirement Levels", BCP 14 (also RFC 2119), March 1997.
327 [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
328 Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
331 [UUIDURN] Leach, P, M. Mealling, R. Salz, "A UUID URN Namespace",
334 [Models] Zeilenga, K. (editor), "LDAP: Directory Information
338 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 6]
340 INTERNET-DRAFT LDAP entryUUID 18 July 2005
343 Models", draft-ietf-ldapbis-models-xx.txt, a work in
346 [Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
347 draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
349 [ASCII] Coded Character Set--7-bit American Standard Code for
350 Information Interchange, ANSI X3.4-1986.
352 [X.501] International Telecommunication Union -
353 Telecommunication Standardization Sector, "The Directory
354 -- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
356 [X.520] International Telecommunication Union -
357 Telecommunication Standardization Sector, "The
358 Directory: Selected Attribute Types", X.520(1993) (also
359 ISO/IEC 9594-6:1994).
361 [X.680] International Telecommunication Union -
362 Telecommunication Standardization Sector, "Abstract
363 Syntax Notation One (ASN.1) - Specification of Basic
364 Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
368 8.2. Informative References
370 [LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
371 Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a
374 [BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
375 draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
379 Intellectual Property Rights
381 The IETF takes no position regarding the validity or scope of any
382 Intellectual Property Rights or other rights that might be claimed to
383 pertain to the implementation or use of the technology described in
384 this document or the extent to which any license under such rights
385 might or might not be available; nor does it represent that it has
386 made any independent effort to identify any such rights. Information
387 on the procedures with respect to rights in RFC documents can be found
388 in BCP 78 and BCP 79.
390 Copies of IPR disclosures made to the IETF Secretariat and any
394 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 7]
396 INTERNET-DRAFT LDAP entryUUID 18 July 2005
399 assurances of licenses to be made available, or the result of an
400 attempt made to obtain a general license or permission for the use of
401 such proprietary rights by implementers or users of this specification
402 can be obtained from the IETF on-line IPR repository at
403 http://www.ietf.org/ipr.
405 The IETF invites any interested party to bring to its attention any
406 copyrights, patents or patent applications, or other proprietary
407 rights that may cover technology that may be required to implement
408 this standard. Please address the information to the IETF at
415 Copyright (C) The Internet Society (2005).
417 This document is subject to the rights, licenses and restrictions
418 contained in BCP 78, and except as set forth therein, the authors
419 retain all their rights.
421 This document and the information contained herein are provided on an
422 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
423 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
424 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
425 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
426 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
427 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
450 Zeilenga draft-zeilenga-ldap-uuid-06 [Page 8]