X660LDAP J. Coretta
Internet-Draft February 17, 2021
Intended status: Standards Track
Expires: August 17, 2021
Lightweight Directory Access Protocol (LDAP)
Procedures and Schema Definitions for the
Storage of X.660 Registration Information
draft-coretta-x660-ldap-04.txt
Abstract
This specification defines models and schema definitions facilitating
the storage of [X.660] registration data in a Lightweight Directory
Access Protocol Directory Information Tree.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 17, 2021.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Coretta Expires August 17, 2021 [Page 1]
Internet-Draft X.660 LDAP Schema and Models February 2021
Table of Contents
1. Introduction ....................................................3
1.1. Conventions ................................................4
1.2. Intended Audience ..........................................4
1.3. Limitations ................................................4
1.4. Acronyms Used ..............................................4
1.5. OIDs Allocated .............................................4
1.6. Well-Known OIDs ............................................5
2. Schema Definitions ..............................................5
2.1. Attribute Types ............................................5
2.1.1. 'arc' .................................................5
2.1.2. 'arcOID' ..............................................6
2.1.3. 'arcId' ...............................................6
2.1.4. 'arcSecId' ............................................6
2.1.5. 'arcAddlSecId' ........................................7
2.1.6. 'arcData' .............................................7
2.1.7. 'arcAuthorityContact' .................................7
2.1.8. 'arcSponsorContact' ...................................8
2.1.9. 'arcDefaultContact' ...................................8
2.1.10. 'arcTitle' ...........................................8
2.1.11. 'arcDescription' .....................................8
2.1.12. 'arcRegId' ...........................................9
2.1.13. 'arcCreateTimestamp' .................................9
2.1.14. 'arcModifyTimestamp' .................................9
2.1.15. 'arcRegAuthorityCommonName' .........................10
2.1.16. 'arcRegDefaultCommonName' ...........................10
2.1.17. 'arcRegSponsorCommonName' ...........................10
2.1.18. 'arcRegAuthorityCountry' ............................11
2.1.19. 'arcRegDefaultCountry' ..............................11
2.1.20. 'arcRegSponsorCountry' ..............................11
2.1.21. 'arcRegAuthorityEmail' ..............................12
2.1.22. 'arcRegDefaultEmail' ................................12
2.1.23. 'arcRegSponsorEmail' ................................12
2.1.24. 'arcRegAuthorityFax' ................................13
2.1.25. 'arcRegDefaultFax' ..................................13
2.1.26. 'arcRegSponsorFax' ..................................13
2.1.27. 'arcRegAuthorityFriendlyCountry' ....................14
2.1.28. 'arcRegDefaultFriendlyCountry' ......................14
2.1.29. 'arcRegSponsorFriendlyCountry' ......................14
2.1.30. 'arcRegAuthorityLocality' ...........................15
2.1.31. 'arcRegDefaultLocality' .............................15
2.1.32. 'arcRegSponsorLocality' .............................15
2.1.33. 'arcRegAuthorityMobile' .............................16
2.1.34. 'arcRegDefaultMobile' ...............................16
2.1.35. 'arcRegSponsorMobile' ...............................16
2.1.36. 'arcRegAuthorityOrg' ................................16
2.1.37. 'arcRegDefaultOrg' ..................................17
2.1.38. 'arcRegSponsorOrg' ..................................17
2.1.39. 'arcRegAuthorityPostOfficeBox' ......................17
2.1.40. 'arcRegDefaultPostOfficeBox' ........................18
2.1.41. 'arcRegSponsorPostOfficeBox' ........................18
Coretta Expires August 17, 2021 [Page 2]
Internet-Draft X.660 LDAP Schema and Models February 2021
2.1.42. 'arcRegAuthorityPostalAddress' ......................18
2.1.43. 'arcRegDefaultPostalAddress' ........................19
2.1.44. 'arcRegSponsorPostalAddress' ........................19
2.1.45. 'arcRegAuthorityPostalCode' .........................19
2.1.46. 'arcRegDefaultPostalCode' ...........................20
2.1.47. 'arcRegSponsorPostalCode' ...........................20
2.1.48. 'arcRegAuthorityState' ..............................20
2.1.49. 'arcRegDefaultState' ................................20
2.1.50. 'arcRegSponsorState' ................................21
2.1.51. 'arcRegAuthorityStreet' .............................21
2.1.52. 'arcRegDefaultStreet' ...............................21
2.1.53. 'arcRegSponsorStreet' ...............................22
2.1.54. 'arcRegAuthorityTelephone' ..........................22
2.1.55. 'arcRegDefaultTelephone' ............................22
2.1.56. 'arcRegSponsorTelephone' ............................23
2.1.57. 'arcRegAuthorityTitle' ..............................23
2.1.58. 'arcRegDefaultTitle' ................................23
2.1.59. 'arcRegSponsorTitle' ................................23
2.2. Object Classes ............................................24
2.2.1. 'x660RootArcEntry' ...................................24
2.2.2. 'x660ArcEntry' .......................................24
2.2.3. 'x660ContactEntry' ...................................25
3. Directory Models ...............................................25
3.1. Naming Context and Organization Entries ...................25
3.2. Two-Dimensional Model .....................................26
3.2.1. Requirements .......................................26
3.2.2. Distinguished Name Convention ......................26
3.2.3. Root Arc Entries ...................................27
3.3. Three-Dimensional Model ...................................28
3.3.1. Requirements .......................................28
3.3.2. Distinguished Name Convention ......................29
3.3.3. Root Arc Entries ...................................29
3.4. Arc Authority, Sponsorship and Default Contact Info .......30
3.4.1. Examples ...........................................30
3.4.1.1. Combined OID and Contact Entries ............30
3.4.1.2. Dedicated Contact Entries ...................31
4. References .....................................................32
4.1. Normative References ......................................32
5. IANA Considerations ............................................33
6. Security Considerations ........................................33
Author's Address ..................................................33
1. Introduction
This specification describes a means for storing [X.660] registration
and contextual data within an LDAP [RFC4510] implementation.
Coretta Expires August 17, 2021 [Page 3]
Internet-Draft X.660 LDAP Schema and Models February 2021
1.1. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as described
in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in
all capitals, as shown here.
1.2. Intended Audience
This specification is intended for use by any entity or individual in
need of a means for storing and serving [X.660] data, in whole or in
part.
1.3. Limitations
Some design decisions set forth in this document tend to favor a more
generalized implementation as opposed to a strict adherence to all of
the precepts defined in [X.660].
One obvious example of this relates to the lack of enforcement of the
use (or non-use) of Unicode values during attribute value assignment.
While Unicode values are supported where expected, this specification
provides no such enforcement.
1.4. Acronyms Used
This specification makes reference to several acronyms, each of which
are defined below.
DN Distinguished Name
RDN Relative Distinguished Name
DUA Directory User Agent (an LDAP client)
DIT Directory Information Tree
OID (ASN.1) Object Identifier
LDAP Lightweight Directory Access Protocol
ASN.1 Abstract Syntax Notation v1
1.5. OIDs Allocated
This specification provides a dedicated registered OID branch for all
LDAP schema elements as defined in Section 2.
- 1.3.6.1.4.1.56521 (author root)
- 1.3.6.1.4.1.56521.101 (specification OID)
- 1.3.6.1.4.1.56521.101.2 (schema OID)
- 1.3.6.1.4.1.56521.101.2.1 (attribute types OID)
- 1.3.6.1.4.1.56521.101.2.2 (object classes OID)
Coretta Expires August 17, 2021 [Page 4]
Internet-Draft X.660 LDAP Schema and Models February 2021
1.6. Well-Known OIDs
This specification makes use of well-known OIDs defined by other
parties or institutions. These OIDs are mentioned for example
purposes and schema configuration only.
- 1.3 (Identified-Organization, per Section A.4.2 of [X.660])
- 1.3.6 (dod, per Section 3.1 of [RFC1155])
- 1.3.6.1 (Internet OID, per Section 3.1 of [RFC1155])
- 1.3.6.1.4.1.1466.115.121.1.12 (Distinguished Name syntax and
matching rule, per Section 4.2.15 of [RFC4517])
- 1.3.6.1.4.1.1466.115.121.1.24 (Generalized Time syntax, per
Section 3.3.13 of [RFC4517])
- 1.3.6.1.4.1.1466.115.121.1.27 (Integer syntax, per Section 3.3.16
of [RFC4517])
- 1.3.6.1.4.1.1466.115.121.1.38 (OID syntax, per Section 3.3.26 of
[RFC4517])
- 1.3.6.1.4.1.1466.115.121.1.40 (Octet String syntax, per Section
3.3.25 of [RFC4517])
2. Schema Definitions
This section discusses the particulars of the LDAP schema definitions
made available through this specification.
These schema definitions described in this section are provided using
LDAP description formats [RFC4512]. These elements are line-wrapped
and indented for readability.
2.1. Attribute Types
The following subsections detail LDAP attribute types created for use
within implementations of this specification.
2.1.1. 'arc'
The 'arc' attribute type allows the storage of an unsigned integer
that is meant to represent the primary identifier for an arc
registration.
Coretta Expires August 17, 2021 [Page 5]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.1
NAME 'arc'
DESC 'A single unsigned integer value assigned to an X.660 arc
to represent its primary integer identifier'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
2.1.2. 'arcOID'
The 'arcOID' attribute type allows the storage of an arc's ASN.1
Object Identifier value [X.680] in dot-delimited form.
( 1.3.6.1.4.1.56521.101.2.1.2
NAME 'arcOID'
DESC 'Dotted ASN.1 Object Identifier for non-root X.660 arcs'
EQUALITY objectIdentifierMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
2.1.3. 'arcId'
The 'arcId' attribute type allows the storage of the primary
identifier Unicode value (non-numeric) [X.660] in an arc registration
entry.
This attribute type is derived from 'name', as defined in Section
2.18 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.3
NAME 'arcId'
DESC 'The primary non-numeric Unicode identifier for
an X.660 arc'
EQUALITY caseIgnoreMatch
SINGLE-VALUE
SUP name )
2.1.4. 'arcSecId'
The 'arcSecId' attribute type allows the storage of an arc
registration entry's non-Unicode, non-numeric secondary identifier
[X.660].
This attribute type is derived from 'name', as defined in Section
2.18 of [RFC4519].
Coretta Expires August 17, 2021 [Page 6]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.4
NAME 'arcSecId'
DESC 'The non-Unicode secondary identifier for an
X.660 arc'
EQUALITY caseIgnoreMatch
SINGLE-VALUE
SUP name )
2.1.5. 'arcAddlSecId'
The 'arcAddlSecId' attribute type allows the OPTIONAL storage of
one or more additional secondary identifiers [X.660] in an arc
registration entry.
This attribute type is derived from 'name', as defined in Section
2.18 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.5
NAME 'arcAddlSecId'
DESC 'The non-Unicode additional secondary identifier for an
X.660 arc'
EQUALITY caseIgnoreMatch
SUP name )
2.1.6. 'arcData'
The 'arcData' attribute type allows the OPTIONAL storage of octet
based values intended meant for extended documentation or notes in
an arc registration entry.
( 1.3.6.1.4.1.56521.101.2.1.6
NAME 'arcData'
DESC 'Extended information for an X.660 arc'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
2.1.7. 'arcAuthorityContact'
The 'arcAuthorityContact' attribute type allows a DN value that
references an entry containing arc registration authority contact
information.
( 1.3.6.1.4.1.56521.101.2.1.7
NAME 'arcAuthorityContact'
DESC 'LDAP Distinguished Name of an entry bearing authoritative
information for an X.660 arc'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
Coretta Expires August 17, 2021 [Page 7]
Internet-Draft X.660 LDAP Schema and Models February 2021
2.1.8. 'arcSponsorContact'
The 'arcSponsorContact' attribute type allows a DN value that
references an entry containing arc registration sponsorship contact
information.
( 1.3.6.1.4.1.56521.101.2.1.8
NAME 'arcSponsorContact'
DESC 'LDAP Distinguished Name of an entry bearing sponsorship
information for an X.660 arc'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2.1.9. 'arcDefaultContact'
The 'arcDefaultContact' attribute type allows a DN value that
references an entry containing default arc registration contact
information.
( 1.3.6.1.4.1.56521.101.2.1.9
NAME 'arcDefaultContact'
DESC 'LDAP Distinguished Name of an entry bearing generalized
contact information for an X.660 arc'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
2.1.10. 'arcTitle'
The 'arcTitle' attribute type allows for an official title to be set
for an arc registration entry.
This attribute type is derived from 'title', as defined in Section
2.38 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.10
NAME 'arcTitle'
DESC 'Title assigned to an X.660 arc'
SUP title )
2.1.11. 'arcDescription'
The 'arcDescription' attribute type allows for a short description of
an arc registration entry.
This attribute type is derived from 'description', as defined in
Section 2.5 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.11
NAME 'arcDescription'
DESC 'Short description of an X.660 arc'
SUP description )
Coretta Expires August 17, 2021 [Page 8]
Internet-Draft X.660 LDAP Schema and Models February 2021
2.1.12. 'arcRegId'
The 'arcRegId' attribute type is intended to allow the singular
assignment of a UUID or GUID to a contact, sponsor or authority
registration entry. When used, this value would act as an absolute
identifier for registration entries that may change in the future.
In larger, more complete implementations of this specification, it
is RECOMMENDED that this attribute type be the primary identifier
(or, RDN) for a registration entry that contains contact, sponsor
and/or authority information. This allows absolute and unambiguous
reference to any registration entry by DN.
( 1.3.6.1.4.1.56521.101.2.1.12
NAME 'arcRegId'
DESC 'GUID or UUID assigned to an X.660 arc registration entry'
SINGLE-VALUE
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
Please note the intended use of this attribute type SHOULD NOT be
confused with the act of numbering an arc using the numerical form
of a GUID or UUID value, such as:
2.25.483275873209587983492589328598493854833
Such an act can be achieved through standard use of the arc attribute
type (defined in Section 2.1.1) as it allows an integer value of
suitable size to accommodate such a value.
2.1.13. 'arcCreateTimestamp'
The 'arcCreateTimestamp' attribute type allows for the assignment of
a generalized timestamp indicating the date and time at which an arc
registration entry was created.
( 1.3.6.1.4.1.56521.101.2.1.13
NAME 'arcCreateTimestamp'
DESC 'Generalized timestamp for X.660 arc entry creation'
SINGLE-VALUE
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
2.1.14. 'arcModifyTimestamp'
The 'arcModifyTimestamp' attribute type allows for the assignment of
one or more generalized timestamps indicating the dates and times of
all applied updates to the arc registration entry.
Whether multiple dates, or only most recent date, are stored is
entirely up to the directory architect(s) involved.
Coretta Expires August 17, 2021 [Page 9]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.14
NAME 'arcModifyTimestamp'
DESC 'Generalized timestamps for X.660 arc entry modification'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
2.1.15. 'arcRegAuthorityCommonName'
The 'arcRegAuthorityCommonName' attribute type allows for a common
name to be assigned to an arc registration entry, meant to represent
the name of an authoritative contact, typically an individual.
This attribute type is derived from 'cn', as defined in Section 2.3
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.15
NAME 'arcRegAuthorityCommonName'
DESC 'Common Name for the authoritative contact name associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP cn )
2.1.16. 'arcRegDefaultCommonName'
The 'arcRegDefaultCommonName' attribute type allows for a common name
to be assigned to an arc registration entry, meant to represent the
name of a default contact, typically an individual.
This attribute type is derived from 'cn', as defined in Section 2.3
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.16
NAME 'arcRegDefaultCommonName'
DESC 'Common Name for the default contact name associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP cn )
2.1.17. 'arcRegSponsorCommonName'
The 'arcRegSponsorCommonName' attribute type allows for a common name
to be assigned to an arc registration entry, meant to represent the
name of a sponsorship contact, typically an individual.
This attribute type is derived from 'cn', as defined in Section 2.3
of [RFC4519].
Coretta Expires August 17, 2021 [Page 10]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.17
NAME 'arcRegSponsorCommonName'
DESC 'Common Name for the sponsorship contact name associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP cn )
2.1.18. 'arcRegAuthorityCountry'
The 'arcRegAuthorityCountry' attribute type allows for a country code
to be assigned to an arc registration entry, meant to represent the
country in which an authoritative contact resides.
This attribute type is derived from 'c', as defined in Section 2.2
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.18
NAME 'arcRegAuthorityCountry'
DESC 'Common Name for the sponsorship contact country name
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP c )
2.1.19. 'arcRegDefaultCountry'
The 'arcRegDefaultCountry' attribute type allows for a country code
to be assigned to an arc registration entry, meant to represent the
country in which a default contact resides.
This attribute type is derived from 'c', as defined in Section 2.2
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.19
NAME 'arcRegDefaultCountry'
DESC 'Common Name for the default contact country name
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP c )
2.1.20. 'arcRegSponsorCountry'
The 'arcRegSponsorCountry' attribute type allows for a country code
to be assigned to an arc registration entry, meant to represent the
country in which a sponsorship contact resides.
This attribute type is derived from 'c', as defined in Section 2.2
of [RFC4519].
Coretta Expires August 17, 2021 [Page 11]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.20
NAME 'arcRegSponsorCountry'
DESC 'Common Name for the default contact country name
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP c )
2.1.21. 'arcRegAuthorityEmail'
The 'arcRegAuthorityEmail' attribute type allows for an email address
to be assigned to an arc registration entry, meant to be associated
with an authoritative contact.
This attribute type is derived from 'mail', as defined in Section
2.16 of [RFC4524].
( 1.3.6.1.4.1.56521.101.2.1.21
NAME 'arcRegAuthorityEmail'
DESC 'Email address for the authoritative contact associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP mail )
2.1.22. 'arcRegDefaultEmail'
The 'arcRegDefaultEmail' attribute type allows for an email address
to be assigned to an arc registration entry, meant to be associated
with a default contact.
This attribute type is derived from 'mail', as defined in Section
2.16 of [RFC4524].
( 1.3.6.1.4.1.56521.101.2.1.22
NAME 'arcRegDefaultEmail'
DESC 'Email address for the default contact associated with an
X.660 arc registration entry'
SINGLE-VALUE
SUP mail )
2.1.23. 'arcRegSponsorEmail'
The 'arcRegSponsorEmail' attribute type allows for an email address
to be assigned to an arc registration entry, meant to be associated
with a sponsorship contact.
This attribute type is derived from 'mail', as defined in Section
2.16 of [RFC4524].
Coretta Expires August 17, 2021 [Page 12]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.23
NAME 'arcRegSponsorEmail'
DESC 'Email address for the sponsorship contact associated with
an X.660 arc registration entry'
SINGLE-VALUE
SUP mail )
2.1.24. 'arcRegAuthorityFax'
The 'arcRegAuthorityFax' attribute type allows for an email address
to be assigned to an arc registration entry, meant to be associated
with an authoritative contact.
This attribute type is derived from 'facsimileTelephoneNumber', as
defined in Section 2.10 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.24
NAME 'arcRegAuthorityFax'
DESC 'Facsimile telephone number assigned to an authoritative
contact associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP facsimileTelephoneNumber )
2.1.25. 'arcRegDefaultFax'
The 'arcRegDefaultFax' attribute type allows for an email address
to be assigned to an arc registration entry, meant to be associated
with a default contact.
This attribute type is derived from 'facsimileTelephoneNumber', as
defined in Section 2.10 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.25
NAME 'arcRegDefaultFax'
DESC 'Facsimile telephone number assigned to a default contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP facsimileTelephoneNumber )
2.1.26. 'arcRegSponsorFax'
The 'arcRegSponsorFax' attribute type allows for an email address
to be assigned to an arc registration entry, meant to be associated
with a sponsorship contact.
This attribute type is derived from 'facsimileTelephoneNumber', as
defined in Section 2.10 of [RFC4519].
Coretta Expires August 17, 2021 [Page 13]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.26
NAME 'arcRegSponsorFax'
DESC 'Facsimile telephone number assigned to a sponsorship
contact associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP facsimileTelephoneNumber )
2.1.27. 'arcRegAuthorityFriendlyCountry'
The 'arcRegAuthorityFriendlyCountry' attribute type allows for a
so-called friendly country name to be assigned to an authoritative
contact.
This attribute type is derived from 'co', as defined in Section 2.4
of [RFC4524].
( 1.3.6.1.4.1.56521.101.2.1.27
NAME 'arcRegAuthorityFriendlyCountry'
DESC 'Friendly country name assigned to an authoritative contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP co )
2.1.28. 'arcRegDefaultFriendlyCountry'
The 'arcRegDefaultFriendlyCountry' attribute type allows for a
so-called friendly country name to be assigned to a default contact.
This attribute type is derived from 'co', as defined in Section 2.4
of [RFC4524].
( 1.3.6.1.4.1.56521.101.2.1.28
NAME 'arcRegDefaultFriendlyCountry'
DESC 'Friendly country name assigned to a default contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP co )
2.1.29. 'arcRegSponsorFriendlyCountry'
The 'arcRegSponsorFriendlyCountry' attribute type allows for a
so-called friendly country name to be assigned to a sponsorship
registration contact.
This attribute type is derived from 'co', as defined in Section 2.4
of [RFC4524].
Coretta Expires August 17, 2021 [Page 14]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.29
NAME 'arcRegSponsorFriendlyCountry'
DESC 'Friendly country name assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP co )
2.1.30. 'arcRegAuthorityLocality'
The 'arcRegAuthorityLocality' attribute type allows for a locality
name to be assigned to an authoritative contact.
This attribute type is derived from 'l', as defined in Section 2.16
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.30
NAME 'arcRegAuthorityLocality'
DESC 'Locality name assigned to an authoritative contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP l )
2.1.31. 'arcRegDefaultLocality'
The 'arcRegDefaultLocality' attribute type allows for a locality
name to be assigned to a default contact.
This attribute type is derived from 'l', as defined in Section 2.16
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.31
NAME 'arcRegDefaultLocality'
DESC 'Locality name assigned to a default contact associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP l )
2.1.32. 'arcRegSponsorLocality'
The 'arcRegSponsorLocality' attribute type allows for a locality
name to be assigned to a sponsorship contact.
This attribute type is derived from 'l', as defined in Section 2.16
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.32
NAME 'arcRegSponsorLocality'
DESC 'Locality name assigned to a sponsorship contact associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP l )
Coretta Expires August 17, 2021 [Page 15]
Internet-Draft X.660 LDAP Schema and Models February 2021
2.1.33. 'arcRegAuthorityMobile'
The 'arcRegAuthorityMobile' attribute type allows for a mobile
telephone number to be assigned to an authoritative contact.
This attribute type is derived from 'mobile', as defined in Section
2.18 of [RFC4524].
( 1.3.6.1.4.1.56521.101.2.1.33
NAME 'arcRegAuthorityMobile'
DESC 'Mobile telephone number assigned to an authoritative
contact associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP mobile )
2.1.34. 'arcRegDefaultMobile'
The 'arcRegDefaultMobile' attribute type allows for a mobile
telephone number to be assigned to a default contact.
This attribute type is derived from 'mobile', as defined in Section
2.18 of [RFC4524].
( 1.3.6.1.4.1.56521.101.2.1.34
NAME 'arcRegDefaultMobile'
DESC 'Mobile telephone number assigned to a default contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP mobile )
2.1.35. 'arcRegSponsorMobile'
The 'arcRegSponsorMobile' attribute type allows for a mobile
telephone number to be assigned to a sponsorship contact.
This attribute type is derived from 'mobile', as defined in Section
2.18 of [RFC4524].
( 1.3.6.1.4.1.56521.101.2.1.35
NAME 'arcRegSponsorMobile'
DESC 'Mobile telephone number assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP mobile )
2.1.36. 'arcRegAuthorityOrg'
The 'arcRegAuthorityOrg' attribute type allows for an organization
name associated with an authoritative contact.
This attribute type is derived from 'o', as defined in Section 2.19
of [RFC4519].
Coretta Expires August 17, 2021 [Page 16]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.36
NAME 'arcRegAuthorityOrg'
DESC 'Organization name assigned to an authoritative contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP o )
2.1.37. 'arcRegDefaultOrg'
The 'arcRegDefaultOrg' attribute type allows for an organization name
associated with a default contact.
This attribute type is derived from 'o', as defined in Section 2.19
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.37
NAME 'arcRegDefaultOrg'
DESC 'Organization name assigned to a default contact associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP o )
2.1.38. 'arcRegSponsorOrg'
The 'arcRegSponsorOrg' attribute type allows for an organization name
associated with a sponsorship contact.
This attribute type is derived from 'o', as defined in Section 2.19
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.38
NAME 'arcRegSponsorOrg'
DESC 'Organization name assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP o )
2.1.39. 'arcRegAuthorityPostOfficeBox'
The 'arcRegAuthorityPostOfficeBox' attribute type allows for a post
office box number to be assigned to an authoritative contact.
This attribute type is derived from 'postOfficeBox', as defined in
Section 2.25 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.39
NAME 'arcRegAuthorityPostOfficeBox'
DESC 'Post office box number assigned to an authoritative
contact associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP postOfficeBox )
Coretta Expires August 17, 2021 [Page 17]
Internet-Draft X.660 LDAP Schema and Models February 2021
2.1.40. 'arcRegDefaultPostOfficeBox'
The 'arcRegDefaultPostOfficeBox' attribute type allows for a post
office box number to be assigned to a default contact.
This attribute type is derived from 'postOfficeBox', as defined in
Section 2.25 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.40
NAME 'arcRegDefaultPostOfficeBox'
DESC 'Post office box number assigned to an default contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP postOfficeBox )
2.1.41. 'arcRegSponsorPostOfficeBox'
The 'arcRegSponsorPostOfficeBox' attribute type allows for a post
office box number to be assigned to a sponsorship contact.
This attribute type is derived from 'postOfficeBox', as defined in
Section 2.25 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.41
NAME 'arcRegSponsorPostOfficeBox'
DESC 'Post office box number assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP postOfficeBox )
2.1.42. 'arcRegAuthorityPostalAddress'
The 'arcRegAuthorityPostalAddress' attribute type allows for a full
postal address to be assigned to an authoritative contact.
This attribute type is derived from 'postalAddress', as defined in
Section 2.23 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.42
NAME 'arcRegAuthorityPostalAddress'
DESC 'Postal address assigned to an authoritative contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP postalAddress )
2.1.43. 'arcRegDefaultPostalAddress'
The 'arcRegDefaultPostalAddress' attribute type allows for a full
postal address to be assigned to a default contact.
This attribute type is derived from 'postalAddress', as defined in
Section 2.23 of [RFC4519].
Coretta Expires August 17, 2021 [Page 18]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.43
NAME 'arcRegDefaultPostalAddress'
DESC 'Postal address assigned to a default contact associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP postalAddress )
2.1.44. 'arcRegSponsorPostalAddress'
The 'arcRegSponsorPostalAddress' attribute type allows for a full
postal address to be assigned to a sponsorship contact.
This attribute type is derived from 'postalAddress', as defined in
Section 2.23 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.44
NAME 'arcRegSponsorPostalAddress'
DESC 'Postal address assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP postalAddress )
2.1.45. 'arcRegAuthorityPostalCode'
The 'arcRegAuthorityPostalCode' attribute type allows for a postal
code to be assigned to an authoritative contact.
This attribute type is derived from 'postalCode', as defined in
Section 2.23 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.45
NAME 'arcRegAuthorityPostalCode'
DESC 'Postal code assigned to an authoritative contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP postalCode )
2.1.46. 'arcRegDefaultPostalCode'
The 'arcRegDefaultPostalCode' attribute type allows for a postal code
to be assigned to a default contact.
This attribute type is derived from 'postalCode', as defined in
Section 2.23 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.46
NAME 'arcRegDefaultPostalCode'
DESC 'Postal code assigned to a default contact associated with
an X.660 arc registration entry'
SINGLE-VALUE
SUP postalCode )
Coretta Expires August 17, 2021 [Page 19]
Internet-Draft X.660 LDAP Schema and Models February 2021
2.1.47. 'arcRegSponsorPostalCode'
The 'arcRegSponsorPostalCode' attribute type allows for a postal code
to be assigned to a sponsorship contact.
This attribute type is derived from 'postalCode', as defined in
Section 2.23 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.47
NAME 'arcRegSponsorPostalCode'
DESC 'Postal code assigned to a sponsorship contact associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP postalCode )
2.1.48. 'arcRegAuthorityState'
The 'arcRegAuthorityState' attribute type allows for a state or
province name to be assigned to an authoritative contact.
This attribute type is derived from 'st', as defined in Section 2.33
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.48
NAME 'arcRegAuthorityState'
DESC 'State or province name assigned to an authoritative
contact associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP st )
2.1.49. 'arcRegDefaultState'
The 'arcRegDefaultState' attribute type allows for a state or
province name to be assigned to a default contact.
This attribute type is derived from 'st', as defined in Section 2.33
of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.49
NAME 'arcRegDefaultState'
DESC 'State or province name assigned to a default contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP st )
2.1.50. 'arcRegSponsorState'
The 'arcRegSponsorState' attribute type allows for a state or
province name to be assigned to a sponsorship contact.
This attribute type is derived from 'st', as defined in Section 2.33
of [RFC4519].
Coretta Expires August 17, 2021 [Page 20]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.1.50
NAME 'arcRegSponsorState'
DESC 'State or province name assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP st )
2.1.51. 'arcRegAuthorityStreet'
The 'arcRegAuthorityStreet' attribute type allows for a street name
and number to be assigned to an authoritative contact.
This attribute type is derived from 'street', as defined in Section
2.34 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.51
NAME 'arcRegAuthorityStreet'
DESC 'Street name and number assigned to an authoritative
contact associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP street )
2.1.52. 'arcRegDefaultStreet'
The 'arcRegDefaultStreet' attribute type allows for a street name and
number to be assigned to a default contact.
This attribute type is derived from 'street', as defined in Section
2.34 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.52
NAME 'arcRegDefaultStreet'
DESC 'Street name and number assigned to a default contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP street )
2.1.53. 'arcRegSponsorStreet'
The 'arcRegSponsorStreet' attribute type allows for a street name and
number to be assigned to a sponsorship contact.
This attribute type is derived from 'street', as defined in Section
2.34 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.53
NAME 'arcRegSponsorStreet'
DESC 'Street name and number assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP street )
Coretta Expires August 17, 2021 [Page 21]
Internet-Draft X.660 LDAP Schema and Models February 2021
2.1.54. 'arcRegAuthorityTelephone'
The 'arcRegAuthorityTelephone' attribute type allows for a telephone
number to be assigned to an authoritative contact.
This attribute type is derived from 'telephoneNumber', as defined in
Section 2.35 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.54
NAME 'arcRegAuthorityTelephone'
DESC 'Telephone number assigned to an authoritative contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP telephoneNumber )
2.1.55. 'arcRegDefaultTelephone'
The 'arcRegDefaultTelephone' attribute type allows for a telephone
number to be assigned to a default contact.
This attribute type is derived from 'telephoneNumber', as defined in
Section 2.35 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.55
NAME 'arcRegDefaultTelephone'
DESC 'Telephone number assigned to a default contact associated
with an X.660 arc registration entry'
SINGLE-VALUE
SUP telephoneNumber )
2.1.56. 'arcRegSponsorTelephone'
The 'arcRegSponsorTelephone' attribute type allows for a telephone
number to be assigned to a sponsorship contact.
This attribute type is derived from 'telephoneNumber', as defined in
Section 2.35 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.56
NAME 'arcRegSponsorTelephone'
DESC 'Telephone number assigned to a sponsorship contact
associated with an X.660 arc registration entry'
SINGLE-VALUE
SUP telephoneNumber )
2.1.57. 'arcRegAuthorityTitle'
The 'arcRegAuthorityTitle' attribute type allows for an official or
professional title to be assigned to an authoritative contact,
typically an individual.
Coretta Expires August 17, 2021 [Page 22]
Internet-Draft X.660 LDAP Schema and Models February 2021
This attribute type is derived from 'title', as defined in Section
2.38 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.57
NAME 'arcRegAuthorityTitle'
DESC 'Title assigned to an authoritative contact associated with
an X.660 arc registration entry'
SINGLE-VALUE
SUP title )
2.1.58. 'arcRegDefaultTitle'
The 'arcRegDefaultTitle' attribute type allows for an official or
professional title to be assigned to a default contact, typically
an individual.
This attribute type is derived from 'title', as defined in Section
2.38 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.58
NAME 'arcRegDefaultTitle'
DESC 'Title assigned to a default contact associated with an
X.660 arc registration entry'
SINGLE-VALUE
SUP title )
2.1.59. 'arcRegSponsorTitle'
The 'arcRegSponsorTitle' attribute type allows for an official or
professional title to be assigned to a sponsorship contact, typically
an individual.
This attribute type is derived from 'title', as defined in Section
2.38 of [RFC4519].
( 1.3.6.1.4.1.56521.101.2.1.59
NAME 'arcRegSponsorTitle'
DESC 'Title assigned to a sponsorship contact associated with
an X.660 arc registration entry'
SINGLE-VALUE
SUP title )
2.2. Object Classes
The following subsections describes LDAP object classes made
available by this specification.
2.2.1. 'x660RootArcEntry'
The 'x660RootArcEntry' class is meant to define a maximum of three
(3) root arcs within a DIT, per Rec. ITU-T X.660 (ISO/IEC 9834-1).
Coretta Expires August 17, 2021 [Page 23]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.2.1
NAME 'x660RootArcEntry'
DESC 'Top-level class for entries meant to represent ITU-T, ISO
or Joint-ISO-ITU-T root arcs as defined in Section A.2 of
the X.660 specification'
SUP top
STRUCTURAL
MUST ( arc $ arcId )
MAY ( arcData $ arcAuthorityContact $ arcSponsorContact $
arcDefaultContact $ arcSecId $ labeledURI $ arcTitle $
arcDescription $ arcAddlSecId $ arcCreateTimestamp $
arcModifyTimestamp ) )
2.2.2. 'x660ArcEntry'
The 'x660ArcEntry' object class makes a collection of attribute types
available for use when crafting non-root arc entries within a DIT.
( 1.3.6.1.4.1.56521.101.2.2.2
NAME 'x660ArcEntry'
DESC 'A generalized class meant to represent subordinate arcs
beneath any root, as defined in X.660 Sections A.3-A.5'
SUP top
STRUCTURAL
MUST ( arc )
MAY ( arcAddlSecId $ arcData $ arcOID $ arcSecId $ arcTitle $
arcSponsorContact $ arcAuthorityContact $ labeledURI $
arcDefaultContact $ arcDescription $ arcModifyTimestamp $
arcCreateTimestamp $ arcId ) )
2.2.3. 'x660ContactEntry'
The 'x660ContactEntry' object class allows generalized default,
sponsor and/or authority contact information to be stored within an
entry.
In larger, more complete implementations of this specification, it
is RECOMMENDED that registration data be stored in dedicated entries
that bear this class. In contrast, sparse implementations MAY opt
to assign this class directly to x660RootArcEntry and x660ArcEntry
DIT entries, though this is not required.
Coretta Expires August 17, 2021 [Page 24]
Internet-Draft X.660 LDAP Schema and Models February 2021
( 1.3.6.1.4.1.56521.101.2.2.3
NAME 'x660ContactEntry'
DESC 'A generalized auxiliary class for X.660 arc registration
default, sponsor and/or authority contact information'
SUP top
AUXILIARY
MAY ( arcRegAuthorityPostalAddress $ arcRegAuthorityState $
arcRegDefaultPostalAddress $ arcRegDefaultState $
arcRegSponsorPostalAddress $ arcRegSponsorState $
arcRegAuthorityFriendlyCountry $ arcRegAuthorityFax $
arcRegDefaultFriendlyCountry $ arcRegDefaultFax $
arcRegSponsorFriendlyCountry $ arcRegSponsorFax $
arcRegAuthorityPostOfficeBox $ arcRegAuthorityCountry $
arcRegDefaultPostOfficeBox $ arcRegDefaultCountry $
arcRegSponsorPostOfficeBox $ arcRegSponsorCountry $
arcRegAuthorityCommonName $ arcRegAuthorityPostalCode $
arcRegDefaultCommonName $ arcRegDefaultPostalCode $
arcRegSponsorCommonName $ arcRegSponsorPostalCode $
arcRegAuthorityTelephone $ arcRegAuthorityLocality $
arcRegDefaultTelephone $ arcRegDefaultLocality $
arcRegSponsorTelephone $ arcRegSponsorLocality $
arcRegAuthorityMobile $ arcRegAuthorityStreet $
arcRegDefaultMobile $ arcRegDefaultStreet $
arcRegSponsorMobile $ arcRegSponsorStreet $
arcRegAuthorityEmail $ arcRegAuthorityTitle $
arcRegDefaultEmail $ arcRegDefaultTitle $
arcRegSponsorEmail $ arcRegSponsorTitle $
arcRegAuthorityOrg $ arcRegDefaultOrg $
arcRegSponsorOrg $ arcRegId ) )
3. Directory Models
This specification offers two (2) distinct models by which directory
architects and application developers SHOULD be guided during their
efforts for implementation.
3.1. Naming Context and Organization Entries
In these examples, a naming context of "dc=example, dc=com" is used
as the fictional "suffix". Within this suffix are two (2) entries:
- "ou=X660, dc=example, dc=com" - Storage of all arc registration
entries.
- "ou=Contacts, dc=example, dc=com" - Storage of all arc default,
authority and sponsorship contact entries (OPTIONAL).
Directory architects MAY choose to use models of their own design, so
long as noted requirements in the following sections are satisfied.
Coretta Expires August 17, 2021 [Page 25]
Internet-Draft X.660 LDAP Schema and Models February 2021
3.2. Two-Dimensional Model
This model suggests that arc registration entries reside as siblings
within an LDAP DIT in singular, non-hierarchical locations.
This model is RECOMMENDED for small and/or sparse implementations.
The three-dimensional model (See Section 3.3) may be more appropriate
for larger, more robust implementations.
Use of this model is entirely at the discretion of the directory
architect(s) involved. It should be noted that if users will be
managing OID data directly through use of standard LDAP TUI or GUI
applications, this model would seem to be more convenient as opposed
to the three-dimensional model.
3.2.1. Requirements
One requirement of this model is strict use of the arcOID attribute
type, covered in Section 2.1.2. This attribute MUST be used on all
non-root arc registration entries.
Root arc registration entries SHALL NOT bear an arcOID value, as the
syntax for OIDs (see Section 3.3.26 of [RFC4517]) requires at least
two (2) nodes in a given value.
Uniqueness of arcOID values within a directory structure MUST always
be enforced to ensure unambiguous results. The simplest way to meet
this requirement would be to adopt arcOID-based DN structure as shown
in the next section.
3.2.2. Distinguished Name Convention
Because all LDAP search requests can be conducted using a "one-level
scope" below the circumscribing directory branch, a hierarchical DN
structure is unnecessary. While the three-dimensional model (shown
in Section 3.3) uses the integer-based arc attribute type (defined in
Section 2.1.1) to form the effective LDAP RDN of an entry, it is not
practical in this model.
The most sensible convention for DN involves use of the arcOID
attribute as shown:
dn: arcOID=1.3,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660ArcEntry
arc: 3
arcId: Identified-Organization
arcOID: 1.3
Subsequent entries, regardless of hierarchical superiority, manifest
as sibling entries. For example, the addition of deeper arcs would
be procedurally identical:
Coretta Expires August 17, 2021 [Page 26]
Internet-Draft X.660 LDAP Schema and Models February 2021
dn: arcOID=1.3.6.1,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660ArcEntry
arc: 1
arcId: internet
arcOID: 1.3.6.1
3.2.3. Root Arc Entries
A maximum of three (3) root arcs MAY exist within the directory
landscape. If one or more are created, they SHOULD be identifiable
as follows:
- ITU-T (0)
- ISO (1)
- Joint-ISO-ITU-T (2)
As sibling entries, these root arcs MUST use the x660RootArcEntry
class, as shown in Section 2.2.1:
dn: arc=0,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660RootArcEntry
arc: 0
arcId: ITU-T
dn: arc=1,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660RootArcEntry
arc: 1
arcId: ISO
dn: arc=2,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660RootArcEntry
arc: 2
arcId: Joint-ISO-ITU-T
Using root arc entries is only useful in the two-dimensional model if
the administrator wishes to organize lists of OIDs beneath their
respective root arcs. This is likely unnecessary in implementations
that are small and sparse. In larger implementations, however, this
model may be convenient in situations where DIT content segmentation
is in effect.
3.3. Three-Dimensional Model
This model is hierarchical by nature, providing a means for storing
arc registration entries in "nested" fashion, thereby reflecting the
hierarchy of the [X.660] specification itself.
Coretta Expires August 17, 2021 [Page 27]
Internet-Draft X.660 LDAP Schema and Models February 2021
This model is RECOMMENDED for thorough or complete implementations,
or implementations in which custom solutions (applications) have been
tailored for this purpose. This model is NOT RECOMMENDED for sparse
and/or small implementations.
Use of this model is entirely at the discretion of the directory
architect(s) involved. It should be noted that end-users that will
directly access or manage this data through standard LDAP TUI or GUI
applications alone may find this model tedious, and may prefer the
two-dimensional model as described in Section 3.2.
3.3.1. Requirements
In this model, interim arc registrations MUST exist even if they are
otherwise unnecessary.
For example, in order to add the well-known arc "internet" OID,
directory administrators MUST ensure these registrations exist
beforehand:
dn: arc=1,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660RootArcEntry
arc: 1
arcId: ISO
dn: arc=3,arc=1,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660ArcEntry
arc: 3
arcId: Identified-Organization
dn: arc=6,arc=3,arc=1,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660ArcEntry
arc: 6
arcId: dod
Only once this requirement is satisfied would the administrators be
able to create the desired registration, such as a registration entry
for the "internet" OID, as shown in [RFC1155]:
dn: arc=1,arc=6,arc=3,arc=1,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660ArcEntry
arc: 1
arcId: internet
Coretta Expires August 17, 2021 [Page 28]
Internet-Draft X.660 LDAP Schema and Models February 2021
3.3.2. Distinguished Name Convention
Under a strict interpretation of this model, its implementation will
provide a means for bidirectional resolution of registered arc OIDs.
LDAP DNs can be deduced from OIDs, and vice versa.
This is achieved by using the arc attribute type (as discussed in
Section 2.1.1) as components in the effective LDAP DN, but in reverse
order to reflect the directory hierarchy.
For example: the "internet" OID would exist as an entry with a DN as
depicted below:
dn: arc=1, arc=6, arc=3, arc=1, ou=X660, dc=example, dc=com
| | | |
----------------------
1.3.6.1
3.3.3. Root Arc Entries
A maximum of three (3) root arcs SHOULD exist within the directory
landscape. If one or more are created, they MUST be identifiable
as follows:
- ITU-T (0)
- ISO (1)
- Joint-ISO-ITU-T (2)
As sibling entries, these root arcs MUST use the x660RootArcEntry
class, as shown in Section 2.2.1:
dn: arc=0,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660RootArcEntry
arc: 0
arcId: ITU-T
dn: arc=1,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660RootArcEntry
arc: 1
arcId: ISO
dn: arc=2,ou=X660,dc=example,dc=com
objectClass: top
objectClass: x660RootArcEntry
arc: 2
arcId: Joint-ISO-ITU-T
Coretta Expires August 17, 2021 [Page 29]
Internet-Draft X.660 LDAP Schema and Models February 2021
Depending on the breadth and scope of an implementation, creation and
use of root arc registration entries is RECOMMENDED, but not required
in all situations.
3.4. Arc Authority, Sponsorship and Default Contact Info
Directory architects MAY choose to store authoritative, sponsorship
or generalized contact information in one of two main ways:
- Store default, sponsor or authority contact information within
the x660RootArcEntry or x660ArcEntry entries themselves, or ...
- Store default, sponsor or authority contact information within
dedicated x660ContactEntry entries, and reference each
entry by DN using arcDefaultContact, arcSponsorContact and/or
arcAuthorityContact attribute types stored within an arc
registration entry directly.
3.4.1. Examples
3.4.1.1. Combined OID and Contact Entries
This is a basic two-dimensional example entry comprised of both OID
and contact attribute types.
dn: arcOID=1.3.6.1.4.1.56521,arc=1,ou=X660,dc=example,dc=com
objectClass: x660ArcEntry
objectClass: x660ContactEntry
objectClass: top
arcRegAuthorityPostalAddress: 123 Fake St$Anywhere$CA$99999
arcRegAuthorityCommonName: Jesse Coretta
arcRegAuthorityEmail: jesse.coretta@example.com
arcRegAuthorityMobile: +1 123 456 7890
arcOID: 1.3.6.1.4.1.56521
arcId: Jesse Coretta
arc: 56521
This is a basic three-dimensional example entry of the same design.
dn: arc=56521,arc=1,arc=4,arc=1,arc=6,arc=3,arc=1,ou=X660,
dc=example,dc=com
objectClass: x660ArcEntry
objectClass: x660ContactEntry
objectClass: top
arcRegAuthorityPostalAddress: 123 Fake St$Anywhere$CA$99999
arcRegAuthorityCommonName: Jesse Coretta
arcRegAuthorityEmail: jesse.coretta@example.com
arcRegAuthorityMobile: +1 123 456 7890
arcId: Jesse Coretta
arc: 56521
Coretta Expires August 17, 2021 [Page 30]
Internet-Draft X.660 LDAP Schema and Models February 2021
3.4.1.2. Dedicated Contact Entries
This is a basic example of a single authority-based contact entry.
Please note that use of the 'organizationalRole' object class (per
Section 3.10 of [RFC4519]) is purely incidental here. Directory
architects MAY choose to base contact entries upon another suitable
STRUCTURAL object class.
dn: arcRegId=2c68fc8a-ddec-45fd-9cd9-6a4f4382aee0,ou=Contacts,
dc=example,dc=com
arcRegId: 2c68fc8a-ddec-45fd-9cd9-6a4f4382aee0
cn: 2c68fc8a-ddec-45fd-9cd9-6a4f4382aee0
objectClass: organizationalRole
objectClass: x660ContactEntry
objectClass: top
arcRegAuthorityPostalAddress: 123 Fake St$Anywhere$CA$99999
arcRegAuthorityCommonName: Jesse Coretta
arcRegAuthorityEmail: jesse.coretta@example.com
arcRegAuthorityMobile: +1 123 456 7890
In cases where multiple distinct individuals or addresses are used,
they can all be combined into a single record:
dn: arcRegId=2c68fc8a-ddec-45fd-9cd9-6a4f4382aee0,ou=Contacts,
dc=example,dc=com
arcRegId: 2c68fc8a-ddec-45fd-9cd9-6a4f4382aee0
cn: 2c68fc8a-ddec-45fd-9cd9-6a4f4382aee0
objectClass: organizationalRole
objectClass: x660ContactEntry
objectClass: top
arcRegAuthorityPostalAddress: 123 Fake St$Anywhere$CA$99999
arcRegAuthorityCommonName: Jesse Coretta
arcRegAuthorityEmail: jesse.coretta@example.com
arcRegAuthorityMobile: +1 123 456 7890
arcRegSponsorPostalAddress: 456 Fake St$Anywhere$CA$99999
arcRegSponsorOrg: Sponsor, Co.
arcRegSponsorEmail: sponsor@example.com
arcRegSponsorMobile: +1 123 456 0987
arcRegDefaultPostalAddress: 789 Fake St$Anywhere$CA$99999
arcRegDefaultOrg: Default Contact, Co.
arcRegDefaultEmail: default@example.com
arcRegDefaultMobile: +1 123 456 0123
4. References
4.1. Normative References
[RFC1155] Rose, M., "Structure and Identification of Management
Information for TCP/IP-based Internets", RFC 1155, May
1990.
Coretta Expires August 17, 2021 [Page 31]
Internet-Draft X.660 LDAP Schema and Models February 2021
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol
(LDAP): Technical Specification Road Map", RFC 4510, June
2006.
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP): Directory Information Models", RFC 4512, June
2006.
[RFC4517] Legg, Ed., S., "Lightweight Directory Access Protocol
(LDAP): Syntaxes and Matching Rules", RFC 4517, June
2006.
[RFC4519] Sciberras, Ed., A., "Lightweight Directory Access Protocol
(LDAP): Schema for User Applications", RFC 4519, June
2006.
[RFC4524] Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP): COSINE LDAP/X.500 Schema", RFC 4524, June 2006.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", RFC 8174, May 2017.
[X.660] International Telecommunication Union - Telecommunication
Standardization Sector, "General procedures and top arcs
of the international object identifier tree", X.660, July
2011.
[X.680] International Telecommunication Union - Telecommunication
Standardization Sector, "Abstract Syntax Notation One
(ASN.1): Specification of basic notation", X.680, July
2002.
5. IANA Considerations
There are no requests to IANA in this document.
6. Security Considerations
This document focuses on providing flexible directory models and LDAP
schema elements in order to serve arc registration data, and to allow
an LDAP-based means for OID resolution, either within an organization
or within the context of personal use.
If some or all of the data in the directory is sensitive in nature,
directory architects MUST take appropriate steps to secure this
information. This concept is out of scope for this document.
Beyond this, there are no specific concerns in the area of security.
Coretta Expires August 17, 2021 [Page 32]
Internet-Draft X.660 LDAP Schema and Models February 2021
Author's Address
Jesse Coretta
Palm Springs, CA 92262
United States
Email: jesse.coretta@icloud.com
Coretta Expires August 17, 2021 [Page 33]