Internet Engineerinf Task Force James Kempf
INTERNET DRAFT Sun Microsystems
20 June 1999 Ryan Moats
AT&T Laboratories
Pete St. Pierre
Sun Microsystems
Conversion of LDAP Schemas to and from SLP Templates
draft-ietf-svrloc-template-conversion-04.txt
Status of This Memo
This document is a submission by the Service Location Working Group
of the Internet Engineering Task Force (IETF). Comments should be
submitted to the srvloc@srvloc.org mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page i]
Internet Draft Schemas and Templates 20 June 1999
Abstract
This document describes a procedure for mapping between SLP service
advertisments and LDAP descriptions of services. The document
covers two aspects of the mapping. One aspect is mapping between
SLP service type templates and LDAP directory schema. Because the
SLP service type template grammer is relatively simple, mapping from
service type templates to LDAP types is straightforward. Mapping
in the other direction is straightforward if the LDAP schema is
restricted to the set of attribute types defined in RFC 2252. If
arbitrary ASN.1 types occur in the schema, then the mapping is
more complex and may even be impossible. The second aspect is
representation of service information in an LDAP directory. The
recommended representation simplifies interoperability with SLP by
allowing SLP directory agents to backend into LDAP directory servers.
The resulting system allows service advertisements to propagate
easily between SLP and LDAP.
Contents
Status of This Memo i
Abstract ii
1. Introduction 1
2. Mapping SLP Templates to LDAP Schema 2
2.1. Mapping from SLP Attribute Types to LDAP Attribute Types 5
2.1.1. Integer . . . . . . . . . . . . . . . . . . . . . 6
2.1.2. String . . . . . . . . . . . . . . . . . . . . . 6
2.1.3. Boolean . . . . . . . . . . . . . . . . . . . . . 6
2.1.4. Opaque . . . . . . . . . . . . . . . . . . . . . 7
2.2. Keyword Attributes . . . . . . . . . . . . . . . . . . . 7
2.3. Template Flags . . . . . . . . . . . . . . . . . . . . . 7
2.3.1. Multi-valued . . . . . . . . . . . . . . . . . . 7
2.3.2. Optional . . . . . . . . . . . . . . . . . . . . 8
2.3.3. Literal . . . . . . . . . . . . . . . . . . . . . 8
2.3.4. Explicit Matching . . . . . . . . . . . . . . . . 8
2.4. Default and Allowed Value Lists . . . . . . . . . . . . . 8
2.5. Descriptive Text . . . . . . . . . . . . . . . . . . . . 9
2.6. Example . . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Mapping from Schema to Templates 12
3.1. Mapping LDAP Attribute Types to SLP Attribute Types . . . 13
3.2. Mapping ASN.1 Types to SLP Types . . . . . . . . . . . . 15
3.2.1. Integer . . . . . . . . . . . . . . . . . . . . . 15
3.2.2. Case Ignore String, Case Exact String . . . . . . 16
3.2.3. Boolean . . . . . . . . . . . . . . . . . . . . . 16
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page ii]
Internet Draft Schemas and Templates 20 June 1999
3.2.4. Octet String . . . . . . . . . . . . . . . . . . 16
3.2.5. Binary . . . . . . . . . . . . . . . . . . . . . 16
3.2.6. Enumeration . . . . . . . . . . . . . . . . . . . 16
3.2.7. Set . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.8. Real . . . . . . . . . . . . . . . . . . . . . . 17
3.2.9. Object Identifier . . . . . . . . . . . . . . . . 18
3.2.10. Sequence . . . . . . . . . . . . . . . . . . . . 18
3.3. Example ASN.1 Schema . . . . . . . . . . . . . . . . . . 18
4. Representing SLP Service Advertisments in an LDAP DIT 20
5. Internationalization Considerations 22
6. Security Considerations 22
1. Introduction
SLP templates [2] are intended to create a simple encoding of the
syntactic and semantic conventions for individual service types,
their attributes, and conventions. They can easily be generated,
transmitted, read by humans and parsed by programs, as it is a string
based syntax with required comments. Directory schemas serve to
formalize directory entry structures for use with LDAP [3]. These
directories serve to store information about many types of entities.
Network services are an example of one such entity.
Interoperability between SLP and LDAP is important so clients using
one protocol derive benefit from services registered through the
other. In addition, LDAP directory servers can serve as the backend
for SLP directory agents (DAs) if interoperability is possible In
order to facilitate interoperability, this document creates mappings
between the SLP template grammar and LDAP directory schema, and
establishes some conventions for representing service advertisements
in LDAP directories. The goal of the translation is to allow SLPv2
queries (which are syntatically and semantically equivalent to LDAPv3
string queries [7]) to be submitted to an LDAP directory server by an
SLP DA backended into LDAP without extensive processing by the DA.
The simple notation and syntactic/semantic attribute capabilities
of SLP templates map easily into directory schemas, and are easily
converted into directory schemas, even by automated means. The
reverse may not be true. If the LDAP schema contains arbitrary ASN.1
types, the translation may be difficult or impossible. If, however,
the LDAP schema contains the types described in RFC 2252 [8], then
the translation is more straightforward.
This document outlines the correct mappings for SLP templates into
the syntatic representation specified for LDAP directory schema by
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 1]
Internet Draft Schemas and Templates 20 June 1999
RFC 2252 [8]. This syntax is a subset of the ASN.1/BER described in
the X.209 specification [9], and is used by the LDAPv3 [3] directory
schema. Likewise, rules and guidelines are proposed to facilitate
consistent mapping of ASN.1 based schemas to be translated in the
SLP template grammar. Finally, a proposal for a representation
of service advertisements in LDAP directory services is made that
facilitates SLP interoperability.
2. Mapping SLP Templates to LDAP Schema
SLP service type templates begin with four definitions that set the
context of the template:
template-type
This defines the service type of the template. The service
type can be a simple service type, like ``service:ftp'', an
abstract service type, like ``service:printer'' or a concrete
service type, like ``service:printer:lpr''. The name that
appears in this field omits the ``service:'' prefix.
template-version
A string containing a major and minor version number, separated
by a period.
template-description
A block of human readable text describing what the service type
does.
template-url-syntax
An ABNF [5] grammer describing the service type specific part
of the service URL.
The SLP template-type definition is used as the name of the ASN.1
class for the template. If the template defines an SLP concrete
type, then the generic URL scheme name or protocol name becomes the
ASN.1 class name and the abstract type name is the ASN.1 superclass.
For example, the template for ``service:printer:lpr'' is translated
into an ASN.1 class called ``lpr'' having a superclass ``printer''.
If the template defines a simple SLP type or an abstract type,
then the superclass is ``top''. An example is the template for
``service:printer'', which is an abstract type, or ``service:ftp'',
which is a simple type. In the case of an SLP abstract type,
the ASN.1 class is ``ABSTRACT'', while concrete types and simple
types are ``STRUCTURAL''. Since there is no way syntactically to
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 2]
Internet Draft Schemas and Templates 20 June 1999
differentiate between abstract types and simple types in an SLP
service type template, the designation of abstract v.s. structural
for the LDAP type must be entered by hand.
The template-version definition is partitioned into two attributes,
major-version-number and minor-version-number. The LDAP definition
for these attributes is (note: all numericoids used in this document
are samples, they do not represent actual numericoids):
( <standardOID1>
NAME 'major-version-number'
DESC 'The major version number of the service type template'
EQUALITY integerMatch
SYNTAX 'INTEGER'
SINGLE-VALUE
NO-USER-MODIFICATION
)
( <standardOID2>
NAME 'minor-version-number'
DESC 'The minor version number of the service type template'
SYNTAX 'INTEGER'
EQUALITY integerMatch
SINGLE-VALUE
NO-USER-MODIFICATION
)
These attributes are marked NO-USER-MODIFICATION because they are
set by the definition of the template, and they are required (MUST
contain) attributes in the ASN.1 class translated from the template.
The template-description, and template-url-syntax definitions in the
SLP template are described by the following attributes:
( <standardOID3>
NAME 'template-description'
DESC 'A block of human readable text describing what the
service type does'
SYNTAX 'IA5String'
EQUALITY caseExactMatch
SINGLE-VALUE
)
( <standardOID4>
NAME 'template-url-syntax'
DESC 'An ABNF [5] grammar describing the service type
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 3]
Internet Draft Schemas and Templates 20 June 1999
specific part of the service URL'
SYNTAX 'IA5String'
EQUALITY caseExactMatch
SINGLE-VALUE
)
We further establish the convention that SLP template characteristcs
that can't be translated into LDAP are inserted into the DESC field
of the object class definition. The items are separated by empty
lines, start on a new line, and are tagged at the beginning of the
line to indicate what they represent. This allows the template to be
reconstructed from the schema by properly parsing the comments.
The bulk of an SLP template consists of attribute definitions. There
are four items in an SLP template attribute definition that need to
be mapped into LDAP:
Attribute Name
Since SLPv2 attribute names are defined to be compatible with
LDAPv3, SLP attributes map directly into LDAP attributes with
no change. Similarly, LDAP attributes map directly to SLP
attributes.
Attribute Type
The SLP attribute type is mapped into the LDAP attribute type.
Attribute Flags
The SLP attribute flags are mapped into characterics of
the LDAP attribute definition, or into the DESC field if no
equivalent LDAP attribute definition characteristic occurs.
Default and Allowed Values
These must be handled by the client or a DA enabled to handle
templates, as in SLP. For reference, however, they should be
included in the DESC field of the LDAP attribute definition.
Descriptive Text
The SLP template descriptive text should be mapped into the
DESC field.
We discuss mapping of types, flags, default and allowed values, and
descriptive text in the subsections below.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 4]
Internet Draft Schemas and Templates 20 June 1999
For purposes of representing an SLP entry, we also define two
standardized LDAP attributes with standardized OIDs (TBD). These
attributes are:
( <standardOID5>
NAME 'service-type'
DESC 'The service type of the service advertisement. For SLP service
types, the "service:" is dropped. For SLP abstract types, the
value is "abstract-type:concrete-type".'
SYNTAX 'IA5String'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
)
( <standardOID6>
NAME 'scopes'
DESC 'A list of scopes for a service advertisement.'
SYNTAX 'IA5String'
EQUALITY caseIgnoreMatch
)
Searchs for abstract types can be made with an LDAP query that
wildcards the concrete type. For example, a search for all service
advertisements of the printer abstract type can be made with the
following query:
(service-type=printer:*)
SLP specifies that service URLs and attribute lists can be
accompanied by a structured authenticator consisting of a digital
signature and information necessary to verify the signature. Two
standardized SLP attributes are defined for this purpose:
( <standardOID7>
NAME 'url-authenticator'
DESC 'The authenticator for the URL, null if none.'
SYNTAX 'binary'
SINGLE-VALUE
)
( <standardOID8>
NAME 'attribute-authenticator'
DESC 'The authenticator for the attribute list, null if none.'
SYNTAX 'IA5String'
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 5]
Internet Draft Schemas and Templates 20 June 1999
EQUALITY caseIgnoreMatch
)
Finally, we define the following abstract object class as the parent
class for all services. Any specific service type may add other
attributes.
( <standardOOID1>
NAME 'service'
DESC 'parent superclass for SLP services'
ABSTRACT
SUP 'top'
MUST ( major-version-number \$ minor-version-number \$
template-description \$ template-url-syntax \$
service-type \$ scopes \$ url-authenticator \$
attribute-authenticator )
)
2.1. Mapping from SLP Attribute Types to LDAP Attribute Types
We define the mapping from SLP attribute types to LDAP as follows:
SLP Type ASN.1 Type LDAP Type
----------------------------------------------
Integer Integer Binary
String String Directory String
Boolean String Boolean
Opaque String IA5String
Keyword String IA5String
Note that the Integer is represented by the LDAP Binary type. This
allows SLP integer attributes to be encoded according to the X.680
Basic Encoding Rules (BER) [9] and for the X.500 [6] integer equality
and ordering rules and octet string equality rules to apply rather
than the LDAP attribute type rules described in RFC 2252 [8].
The following subsections discuss further details of the mapping.
2.1.1. Integer
SLP integers are encoded as strings. An integer value of 17869
would be represented by a 5 byte string containing the values of the
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 6]
Internet Draft Schemas and Templates 20 June 1999
characters '1', '7', '8', '6', and '9'. SLP integers can include
a negative sign, and the ordering operators ``<='' and ``>='' are
expected to order negative integers correctly.
The LDAP INTEGER type [8] consists of a string of digits. The LDAP
types described in RFC 2252 have no way of representing negative
integers, and there is no ordering rule for integers that would
handle negative integers.
Consequently, the mapping from the SLP integer type to LDAP is
Binary, and the first byte of the Octet String wrapper consists
of the ASN.1 tag byte for Integer. The ASN.1 integer is encoded
according to the X.680 [9] BER. The directory server treats the value
as an ASN.1 integer for purposes of matching and comparison.
2.1.2. String
SLP strings are encoded as described in the SLP protocol
specification [4]. All value strings are considered case insensitive
for matching operations. SLP strings are not null terminated and are
encoded in UTF-8.
SLP strings are mapped to the LDAP Directory String type. The
Directory String type exactly matches the SLP string type, i.e.
it is a non-null terminated UTF-8 string. The caseIgnoreMatch
equality rule, caseIgnoreOrderingMatch ordering rule, and
caseIgnoreSubstringsMatch substring rule are used for comparing
string attribute values.
2.1.3. Boolean
Boolean attributes may have one of two possible values. In SLP,
these values are represented as strings, TRUE and FALSE. In SLP's
string encoding of a boolean value, case does not matter.
The SLP Boolean type maps directly into an LDAP Boolean. The
caseIgnoreMatch rule is used for equality matching.
2.1.4. Opaque
SLP attribute values of type Opaque are represented as a string
beginning with the nonUTF-8 character ``\ff'' and consisting of the
escaped bytes of the opaque, the escape sequence consisting of `\`
followed by the two hex digits of the byte. SLP allows equality
comparison on opaques.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 7]
Internet Draft Schemas and Templates 20 June 1999
SLP opaques encoded as strings are mapped directly into LDAP
IA5 Strings and the caseIgnoreMatch equality matching attribute
applies. However, neither the caseIgnoreOrderingMatch nor the
caseIgnoreSubstringMatch rules apply, since SLP opaques do not
support string ordering and substring matching on opaques.
2.2. Keyword Attributes
SLP service type templates allow the definition of keyword
attributes. Keyword attributes are attributes whose only
characteristic is their presence. Keyword attributes have no flag
information, nor any default or allowed values (since, by definition,
they have no values).
ASN.1 has no concept of keyword attributes. Keyword attributes are
translated into a ``May'' clause in the ASN.1 class defintion for the
service type. If the keyword attribute is present, then its value
is of no consequence, but for consistency we make it simply the NUL
character, ``\00''.
2.3. Template Flags
SLP template flags can be handled as described in the following
subsections.
2.3.1. Multi-valued
Multi-valued attributes are defined in an SLP template using the 'M'
flag. This flag indicates that an attribute may have more than one
value. All values for a given attribute must be of the same type.
LDAP attribute definitions require that a single valued attribute
include the SINGLE-VALUE tag if the attribute is single valued.
Otherwise, the attribute is assumed to be multivalued by default.
2.3.2. Optional
SLP uses the 'O' flag to indicate an attribute may or may not be
present. These optional attributes are defined using the "May"
clause in the ASN.1 definition class definition for the service type.
All other attributes must be defined as a "Must"
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 8]
Internet Draft Schemas and Templates 20 June 1999
2.3.3. Literal
ASN.1 does not have a mechanism to indicate that the values of an
attribute may not be translated from one language to another, since
ASN.1 schema are not typically translated. This flag is dropped when
translating a template, but presence of the flag should be noted in
the DESC field. It should be placed on a separate line and tagged
with ``Literal:'' so the template can be reconstructed from the
schema.
2.3.4. Explicit Matching
The SLP template syntax uses a flag of 'X' to indicate that an
attribute must be present in order for the query to be properly
satisfied. There is no provision for requiring that particular
attributes be in a query. Consequently, this flag is dropped when
translating a template, but presence of the flag should be noted in
the DESC field. It should be placed on a separate line and tagged
with ``Explicit:'' so the template can be reconstructed from the
schema.
2.4. Default and Allowed Value Lists
The SLP template grammar provides the capability to define
default and allowed values for an attribute. The SLP protocol
does not enforce these restrictions on registered attributes,
however. The default and allowed values may be used by client
side applications, or alternatively it may also be used by DAs to
initialize registrations having no attributes and to limit attribute
values to the template allowed values.
LDAP servers also do not support default and allowed values on
attributes. Therefore, enforcement of default and allowed values
in SLP templates is left up to the clients or a DA, if the DA
is backending into LDAP. The default and allowed values should
be included in the DESC field. The comments should be placed on
separate lines and labelled with the ``Default:'' and ``Allowed:''
tags to allow reconstruction of the tempalte.
2.5. Descriptive Text
The descriptive text associated with an attribute definition should
be included in the DESC field. It should start on a separate line
and begin with the ``Description:'' tag.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 9]
Internet Draft Schemas and Templates 20 June 1999
2.6. Example
The template included below is a hypothetical abstract printer
service template, similar to that described in [10].
template-type = printer
template-version = 0.0
template-description =
The printer service template describes the attributes
supported by network printing devices. Devices may be
either directly connected to a network, or connected to a
printer spooler that understands the a network queuing
protocol such as IPP, lpr or the Salutation Architecture.
template-url-syntax =
;The URL syntax is specific to the printing protocol being
;employed
description = STRING
# This attribute is a free form string that can contain any
# site-specific descriptive information about this printer.
security-mechanisms-supported = STRING L M
none
# This attribute indicates the security mechanisms supported
tls, ssl, http-basic, http-digest, none
operator = STRING O L M
# A person, or persons responsible for maintaining a
# printer on a day-to-day basis, including such tasks
# as filling empty media trays, emptying full output
# trays, replacing toner cartridges, clearing simple
# paper jams, etc.
location-address = STRING O
# Physical/Postal address for this device. Useful for
# nailing down a group of printers in a very large corporate
# network. For example: 960 Main Street, San Jose, CA 95130
priority-queue = BOOLEAN O
FALSE
# TRUE indicates this printer or print queue is a priority
# queuing device.
number-up = INTEGER O
1
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 10]
Internet Draft Schemas and Templates 20 June 1999
# This job attribute specifies the number of source
# page-images to impose upon a single side of an instance
# of a selected medium.
1, 2, 4
paper-output = STRING M L O
standard
# This attribute describes the mode in which pages output
# are arranged.
standard, noncollated sort, collated sort, stack, unknown
The LDAP class definition for the printer abstract service type is
translated as follows (note: we use attribute names instead of oids
in MUST and MAY for clarity):
( 42.42.42.42.1
NAME 'printer'
DESC `Description: The printer service template describes the
attributes supported by network printing devices. Devices
may be either directly connected to a network, or connected
to a printer spooler that understands the a network queuing
protocol such as IPP, lpr or the Salutation Architecture.
URL Syntax: ;The URL syntax is specific to the printing
protocol being employed.'
SUP 'top'
ABSTRACT
SUP 'service'
MUST ( description \$ security-mechanisms-supported \$
labelledURI)
MAY ( operator \$ location-address \$ priority-queue \$
number-up \$ paper-output)
)
The attribute definitions are translated as follows:
( 42.42.42.42.4
NAME 'description'
DESC 'Description: This attribute is a free form string
that can contain any site-specific descriptive
information about the printer.'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
SINGLE-VALUE
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 11]
Internet Draft Schemas and Templates 20 June 1999
)
( 42.42.42.42.5
NAME 'security-mechanisms-supported'
DESC 'Description: This attribute indicates the security mechanisms
supported.
Default: value
Allowed: tls, ssl, http-basic, http-digest, none
Literal:'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
)
( 42.42.42.42.6
NAME 'operator'
DESC 'Description: A person, or persons responsible for
maintaining a printer on a day-to-day basis, including
such tasks as filling empty media trays, emptying full
output trays, replacing toner cartridges, clearing simple
paper jams, etc.
Literal:'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
)
( 42.42.42.42.7
NAME 'location-address'
DESC 'Description Physical/Postal address for this device.
Useful for nailing down a group of printers in a very
large corporate network. For example: 960 Main Street,
San Jose, CA 95130.'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
SINGLE-VALUE
)
( 42.42.42.42.8
NAME 'priority-queue'
DESC 'Description: TRUE indicates this printer or print
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 12]
Internet Draft Schemas and Templates 20 June 1999
queue is a priority queuing device.'
EQUALITY caseIgnoreMatch
SYNTAX 'Boolean'
SINGLE-VALUE
)
( 42.42.42.42.9
NAME 'number-up'
DESC 'Description: This job attribute specifies the number
of source page-images to impose upon a single side of
an instance of a selected medium. This attribute is
an ASN.1 Integer.
Default: 1
Allowed: 1, 2, 3, 4'
SYNTAX 'Binary'
SINGLE-VALUE
)
( 42.42.42.42.10
NAME 'paper-output'
DESC 'Description: This attribute describes the mode in
which pages output are arranged. Default value is
standard.
Default: standard
Allowed: standard, noncollated sort, collated sort,
stack, unknown.
Literal:'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
)
3. Mapping from Schema to Templates
The reverse mapping from LDAP schema to SLP service type templates
requires dealing with both LDAP and ASN.1 data types. RFC 2252
defines 57 LDAP attribute data types that should be supported by LDAP
directory servers. These data type are defined on top of the ASN.1
typing system used by X.500, but directory servers are also required
to support standard X.500 ASN.1 data types using the LDAP Binary type
escape.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 13]
Internet Draft Schemas and Templates 20 June 1999
Mapping of the LDAP data types into SLP template types is fairly
straightforward, but mapping arbitrary ASN.1 data types is somewhat
more complicated and requires encoding the ASN.1 data type into a
string. To a certain extent, this masks the ASN.1 data type because
it becomes impossible to distinguish between a native string having
content equivalent to an encoded ASN.1 string. However, inclusion of
the ASN.1 data type in the comment provides additional information
should a reverse transformation from SLP to ASN.1 be required.
The following subsections deal with both LDAP and ASN.1 attribute
data type mappings.
3.1. Mapping LDAP Attribute Types to SLP Attribute Types
The following table contains the mappings for LDAP data types to SLP
data types:
LDAP Type SLP Type
--------------------------------------------------------
ACI Item NA
Access Point NA
Attribute Type Description NA
Audio Opaque
Binary ASN.1 escape
Bit String String
Boolean Boolean
Certificate Opaque
Certificate List Opaque
Certificate Pair Opaque
Country String String
DN String
Data Quality Syntax NA
Delivery Method NA
Directory String String
DIT Content Rule Description NA
DIT Structure Rule Description NA
DL Submit Permission NA
DSA Quality Synax NA
Enhanced Guide NA
Facsimile Telephone Number String
Fax Opaque
Generalized Time String
Guide NA
IA5 String String
INTEGER String
JPEG Opaque
LDAP Syntax Description NA
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 14]
Internet Draft Schemas and Templates 20 June 1999
LDAP Schema Definition NA
LDAP Schema Description NA
Master and Shadow Access Points NA
Matching Rule Description NA
Matching Rule Use Description NA
Mail Preference NA
MHS OR Address String
Modify Rights NA
Name and Optional UID NA
Name Form Description NA
Numeric String String
Object Class Description NA
Octet String Opaque
OID String
Other Mailbox String
Postal Address String
Protocol Information NA
Presentation Address String
Printable String String
Subset Assertion NA
Subtree Specification NA
Supplier Information NA
Supplier or Consumer NA
Supplier And Consumer NA
Supported Algorithm NA
Telephone Number String
Teletex Terminal Identifier String
Telex Number String
UTC Time String
If the SLP type is NA in the above table, the LDAP type is involved
in schema representation or some other internal function, or is
otherwise unlikely to appear in the schema definition for a service
type.
Note that there is no LDAP type that maps into SLP Integer. The
LDAP INTEGER and Numeric String types map into SLP Strings. The
reason is that, as discussed in 2, neither LDAP type supports
integer ordering. In addition, since most of the LDAP types map into
the SLP String type, the reverse mapping requires either that the
formatted string is recognized as being of the appropriate LDAP type
or the translation records the exact LDAP type in the SLP attribute
description comment.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 15]
Internet Draft Schemas and Templates 20 June 1999
3.2. Mapping ASN.1 Types to SLP Types
ASN.1 employs a much richer set of data types than provided by SLP.
The table below show the mapping of selected ASN.1 data type to their
nearest SLP equivalent. Because of the complexity and flexibility of
ASN.1, a complete list cannot be provided.
As sample of some ASN.1 encodings and their mappings to SLP:
ASN.1 type SLP type
-----------------------------------------
Integer Integer
Case Exact String String
Case Ignore String String
Boolean Boolean
Octet String Opaque
Binary Opaque
Enumeration String
Set Of Formatted String
Real String
Object Identifier String
Sequence Of Formatted String
Data types that do not map directly to SLP data types should be
defined as either a String, or as Opaque. ASN.1 types that may only
contain valid characters for Strings, as defined in X.680 [9] should
be encoded as strings. If a value may contain illegal string values,
the SLP Opaque type should be used. In either case, the first line
of the help text is used to indicate the original ASN.1 data type.
The following subsections describe how to convert from the ASN.1
BER [9] to the SLP template for the different types in the table
above.
3.2.1. Integer
Both SLP templates and ASN.1 support Integers, so there is a one to
one mapping between an SLP Integer attribute and an ASN.1 Integer
attribute. Details on the encoding of integers is summarized in the
SLP template to ASN.1 section above.
3.2.2. Case Ignore String, Case Exact String
Strings are supported between both SLP and ASN.1. SLP encoding
of the strings must conform to the rules for handling special
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 16]
Internet Draft Schemas and Templates 20 June 1999
characters, as outlined in RFC XXX [4]. Note that, unless the ASN.1
type is recorded into the comment, the reverse translation will lose
the ASN.1 type.
3.2.3. Boolean
Boolean values are supported by both SLP and ASN.1, though on wire
encodings differ. X.680 [9] specifies zero and non-zero encoding
for booleans, where SLP encodes booleans using the strings TRUE and
FALSE. In general, most LDAP servers will use the LDAP Boolean type
(which is a string), so again the ASN.1 type should be recorded in
the comment or it will be lost.
3.2.4. Octet String
An ASN.1 octet string should be mapped to an Opaque in an SLP
template. An octet string is a sequence of bytes, whereas an Opaque
is a a string that encodes a sequence of bytes. Again, the ASN.1
type is lost unless recorded in the comment.
3.2.5. Binary
An ASN.1 Binary should be mapped to an Opaque in an SLP template. A
binary value is a sequence of bytes, whereas an Opaque is a a string
that encodes a sequence of bytes. Again, the ASN.1 type is lost
unless recorded in the comment.
3.2.6. Enumeration
SLP templates support the concept of enumerations through the listing
of allowed values in the attribute definition. These enumerations
are not strictly binding on clients or DAs, but they are similar
to the ASN.1 definition of enumerations. BER encodes the ASN.1
enumeration by passing the number of the element's position in the
enumeration. This requires both sides to have knowledge of the
specific enumeration prior to decoding an enumeration's value. SLP
provides no specific support for transmitting enumerations. They are
simply String types. Information on the ASN.1 type and ASN. encoding
of the enumeration values is recorded in the comment.
Example:
color-supported = STRING M
none
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 17]
Internet Draft Schemas and Templates 20 June 1999
# ASN.1: Enumeration.
# ASN.1 Mapping: none = 0, highlight = 1, three color = 2, four color = 4,
# monochrmatic = 5
#This attribute specifies whether the Printer supports
# color and, if so, what type.
none,highlight,three color,four color,monochromatic
3.2.7. Set
ASN.1 Sets can be accommodated in an SLP template by simply
concatenating the set elements into a string, separated by
whitespace. Searches for individual set elements in SLP can use the
LDAP wildcard syntax. For example, given a translated Set attribute
with value ``one two three'', a search can be made for attributes
with set value ``two'' by using the LDAP wildcard ``*two*''.
Problems arise if the set contains as one or more of its
elements a data item that is, itself, a set. Without some
delimiter, the elements of both sets would run together and become
indistinguishable. To avoid this problem, we use curly braces ``{}''
to delimit a set. Thus the set in the above example becomes ``{ one
two three }''.
Since sets have no implicit ordering, the ordering of the values in
the string is unimportant. Note that sets cannot be represented as
multivalued attributes because it is possible that an LDAP attribute
having the ASN.1 Set type may additionally be multivalued. The
template's help text should indicate the original ASN.1 type to
facilitate backwards conversion.
3.2.8. Real
There is no direct mapping between floating point numbers and any
SLP data types. Attributes having the ASN.1 type of Real are mapped
to SLP type String. Comments are added to the attribute help text
indicating the value was originally an ASN.1 real. For example:
weight = STRING
# ASN.1: Real
# The objects weight in pounds.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 18]
Internet Draft Schemas and Templates 20 June 1999
3.2.9. Object Identifier
Object identifiers(OIDs) are commonly used in the ASN.1 world to
identify object and attributes. OIDs are a numerical representation
of an element's place in the naming hierarchy. Each element at a
particular level of a hierarchy has a unique number assigned within
that level of the hierarchy. A sample OID would be the naming tree
for SNMP MIBs: iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) would
be written as the string ``1.3.6.1.2.1''.
Because this representation reduces down to a string of dot separated
numbers, this maps easily to the SLP String type. The help text for
this element should indicate it is an ASN.1 OID
identifier = STRING
# ASN.1: OID
# The object identifier for this SNMP agent.
3.2.10. Sequence
The ASN.1 Sequence type is handled exactly like the Set type. The
sequence elements are converted to strings and inserted into a string
with whitespace separators. Sequences are delimited with angle
brackets ``<>''. An example encoded sequence is ``< one two three
>''. Unlike sets, the ordering of items in a sequence is important
and should be respected by client software. The SLP template
attribute help text should indicate that the attribute was translated
from an ASN.1 sequence.
3.3. Example ASN.1 Schema
The following is an example schema for an exported filesystem. The
section presents it as in ASN.1 and the following section shows the
SLP template translation. Note that the template translation does
not capture the actual attribute format for the Set type, that would
be done in the LDAP client software making the translatin.
-- abstraction of a fstab entry (a "mount")
-- these lookups would likely be performed by an
-- an automounter type application
mount OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN {
-- the mount host
mountHost,
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 19]
Internet Draft Schemas and Templates 20 June 1999
-- the mount point
mountDirectory.
-- the mount type
mountType
}
MAY CONTAIN {
-- mount options
mountOption,
-- dump frequency
mountDumpFrequency,
-- passno
mountPassNo
}
mountHost OBJECT-TYPE
SYNTAX Case Ignore String
DESCRIPTION
"The mount host"
mountDirectory OBJECT-TYPE
SYNTAX Case Ignore String
DESCRIPTION
"The filesystem to mount"
mountType OBJECT-TYPE
SYNTAX INTEGER {
ufs(1)
hsfs(2)
nfs(3)
rfs(4)
}
DESCRIPTION
"The type of the filesystem being mounted"
mountOption OBJECT-TYPE
SYNTAX SET OF Case Ignore String
DESCRIPTION
"mount options for this filesystem"
mountDumpFrequency OBJECT-TYPE
SYNTAX INTEGER (0..9)
DESCRIPTION
"How often to dump this filesystem"
mountPassNo OBJECT-TYPE
SYNTAX Integer
DESCRIPTION
"Boot time mount pass number"
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 20]
Internet Draft Schemas and Templates 20 June 1999
The translated SLP template is:
template-type = mount
template-version = 1.0
template-description = "Describes a remote filesystem access protocol"
template-url-syntax =
filesystem = 1*[ DIGIT / ALPHA ]
urlpath = "/" filesystem
mountHost = STRING L
# ASN.1: Case Ignore String
# The mount host
mountDirectory = STRING L
# ASN.1: Case Ignore String
# The filesystem to mount
mountType = STRING L
ufs
# ASN.1: Enumeration
# ASN.1 Mapping: ufs = 1, hsfs = 2, nfs = 3, rfs = 4
# The type of the filesystem being mounted
ufs, hsfs, nfs, rfs
mountOption = STRING M O L
# ASN.1: Set of Case Ignore String
# mount options for this filesystem
mountDumpFrequency = INTEGER O
0
# ASN.1: Integer Range
# How often to dump this filesystem
0, 1, 2, 3, 4, 5, 6, 7, 8, 9
mountPassNo = INTEGER O
# ASN.1: Integer
# Boot time mount pass number
4. Representing SLP Service Advertisments in an LDAP DIT
In addition to translating between SLP templates and LDAP schema,
another area requiring compatibility is the representation
of SLP service advertisements in an LDAP DIT. A standardized
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 21]
Internet Draft Schemas and Templates 20 June 1999
representation for service information allows SLP DAs to store
service advertisements in LDAP, and for LDAP clients to query
the DIT for those services. Similarly, if LDAP clients represent
service information in the same form, SLP clients can benefit from
interoperability.
In addition, a service advertisement contains the service URL in a
'labelledURI' attribute [11]. The labelledURI attribute in a service
advertisement should only contain the service URL for the service,
with no additional label.It is recommended that the labelledURI be
used as the RDN for the service object in the DIT.
Although service advertisements can appear anywhere within the
DIT, it is recommended that all services be stored under a single
common point to facilitates searching. This allows a client to
search for all of advertisements of a particular service type, say,
for all printers. The recommended storage point is a container
node named "oc=service" under the root node for the local LDAP
server. For example, a printer service with labelledURI of
"service:lpr://printsr/queue1" advertised in the LDAP server that
holds the root for the "dc=foobar, dc=com" tree would have the
following DN:
"labelledURI=service:lpr://printsr/queue1, oc=service, dc=foobar, dc=com"
While this leads to a flat space of service storage, since SLP uses
search filters from LDAP for searches, these filters can be used for
one-level searches from the root node.
A few examples should clarify. The following example illustrates how
an advertisement having a simple service type is represented. The
advertisment for a printer is:
Service URL: service:lpr://printsrv/queue1
Scopes: eng, corp
Attributes: description = A general printer for all to use.
security-mechanisms-supported = none
No Authentication
The RDN of the object is labelledURI=service:lpr://printsrv/queue1,
and the following LDAP search filter will return this object, along
with any others of the service type 'lpr' that match the other
attributes:
(&(service-type=lpr)(scopes=eng, corp)
(description=A general printer for all to use)
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 22]
Internet Draft Schemas and Templates 20 June 1999
(security-mechanisms-supported=none))
Service advertisements in SLP also have a lease time associated
with them. In LDAP servers that support the extensions for dynamic
directory services [12], the service advertisement entry objectClass
should be extended with the dynamicObject class. This allows the
service advertisment to time out within the LDAP directory server.
If the LDAP directory server does not support the dynamic directory
services extension, then advertisement lease timeouts must be handled
by the SLP agent.
While the service advertisement schema outlined in this section
is primarily for SLP DAs that use LDAP as a backing store, if
LDAP agents register services using the same format, complete
interoperability with SLP is achieved.
5. Internationalization Considerations
SLP specifies that an RFC 1766 [13] language code accompanies every
service advertisement. Language codes for service advertisements in
LDAP must be represented according to RFC 2596 [14].
RFC 2596 prohibits language codes in DNs, and specifies that a
directory server which does not support language codes must treat an
attribute with a language code as an unrecognized attributes. If the
directory server does not support language codes, an SLP DA using
LDAP as a backing store should encode the language code in the label
of the 'labelledURI' attribute field.
For example, consider the service URL "service:lpr://printserv/queue1"
registered in the "fr" (French) locale. The 'labelledURI' attribute
in an LDAP directory service that doesn't support language codes is:
labelledURI=service:lpr://printserv/queue1 fr
6. Security Considerations
SLP authenticators are stored with the service advertisement in
the DIT, as discussed in Section 4. LDAP clients need to use LDAP
authentication [15] to assure that they are connecting with a secure
server. In particular, SLP DAs that use LDAP as a back end store
and that implement SLP authentication MUST use LDAP authentication
to assure that the LDAP entries for their service registrations are
secure.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 23]
Internet Draft Schemas and Templates 20 June 1999
References
[1] S. Bradner. Key Words for Use in RFCs to Indicate Requirement
Levels. RFC 2119, March 1997.
[2] E. Guttman, C. Perkins, J. Kempf. Service Templates and
service:Schemes. RFC XXX, April, 1999.
[3] M. Wahl, T. Howes, and S. Kille. Lightweight Directory Access
Protocol (v3). RFC 2251, December, 1997.
[4] E. Guttman, C. Perkins, J. Veizades, and M. Day. Service
Location Protocol version 2. RFC XXX, April 1999.
[5] D. Crocker and P Overell. Augmented BNF for Syntax
Specifications: ABNF. RFC 2234 November 1997.
[6] ITU-T Rec. X.500. The Directory: Overview of Concepts, Models,
and Service. 1993.
[7] T. Howes. The String Representation of LDAP Search Filters.
RFC 2254, December 1997.
[8] M. Wahl, A. Coulbeck, T. Howe, and S. Kille. Lightweight
Directory Access Protocol (v3): Attribute Syntax Definition.
RFC 2252, December, 1997.
[9] ITU-T Rec. X.680. Abstract Syntax Notation One (ASN.1) -
Specification of Basic Notation. 1994.
[10] P. St. Pierre, S. Isaccson, I. McDonald. Definition
of printer: URLs for use with Service Location
draft-ietf-svrloc-printer-scheme-03.txt Work in Progress
[11] M. Smith. Definition of an X.500 Attribute Type and an Object
Class to Hold Uniform Resource Identifiers (URIs). RFC 2079,
January, 1997.
[12] Y. Yaacovi, M. Wahl, and T. Genovese. Lightweight Directory
Access Protocol (v3): Extensions for Dynamic Directory
Services. RFC 2589, May, 1999.
[13] H. Alverstrand. Tags for the Identification of Lanaguages. RFC
2252, December, 1997.
[14] M. Wahl and T. Howes. Use of Language Codes in LDAP. RFC 2596,
May, 1999.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 24]
Internet Draft Schemas and Templates 20 June 1999
[15] M. Wahl, H. Alvestrand, J. Hodges, and R. Morgan.
Authentication Methods in LDAP. draft-ietf-ldapext-authmeth-xx.txt.
A work in progress.
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 25]
Internet Draft Schemas and Templates 20 June 1999
Full Copyright Statement
Copyright (C) The Internet Society (1997). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However,
this document itself may not be modified in any way, such as by
removing the copyright notice or references to the Internet Society
or other Internet organizations, except as needed for the purpose
of developing Internet standards in which case the procedures
for copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
Authors' Address
James Kempf Ryan Moats
Sun Microsystems AT&T Laboratories
901 San Antonio Avenue 15621 Drexel Circle
Palo Alto, CA 94303 Omaha, NE, 68135
USA
Phone: +1 650 786-5890 +1 402 894-9456
Email: james.kempf@sun.com jayhawk@att.com
Pete St. Pierre
Sun Microsystems
901 San Antonio Avenue
Palo Alto, CA 94303
USA
Phone: +1 415 786-5790
Email: Pete.StPierre@Eng.Sun.COM
Kempf, Moats, St.Pierre Expires 20 December 1999 [Page 26]
