Internet Engineerinf Task Force James Kempf
INTERNET DRAFT Sun Microsystems
22 October 1999 Ryan Moats
AT&T Laboratories
Pete St. Pierre
Sun Microsystems
Conversion of LDAP Schemas to and from SLP Templates
draft-ietf-svrloc-template-conversion-05.txt
Status of This Memo
This document is a submission by the Service Location Working Group
of the Internet Engineering Task Force (IETF). Comments should be
submitted to the srvloc@srvloc.org mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page i]
Internet Draft Schemas and Templates 22 October 1999
Abstract
This document describes a procedure for mapping between SLP service
advertisments and LDAP descriptions of services. The document
covers two aspects of the mapping. One aspect is mapping between
SLP service type templates and LDAP directory schema. Because the
SLP service type template grammer is relatively simple, mapping from
service type templates to LDAP types is straightforward. Mapping
in the other direction is straightforward if the LDAP schema is
restricted to the set of attribute types defined in RFC 2252. If
arbitrary ASN.1 types occur in the schema, then the mapping is
more complex and may even be impossible. The second aspect is
representation of service information in an LDAP directory. The
recommended representation simplifies interoperability with SLP by
allowing SLP directory agents to backend into LDAP directory servers.
The resulting system allows service advertisements to propagate
easily between SLP and LDAP.
Contents
Status of This Memo i
Abstract ii
1. Introduction 1
2. Mapping SLP Templates to LDAP Schema 2
2.1. Mapping from SLP Attribute Types to LDAP Attribute Types 6
2.1.1. Integer . . . . . . . . . . . . . . . . . . . . . 6
2.1.2. String . . . . . . . . . . . . . . . . . . . . . 7
2.1.3. Boolean . . . . . . . . . . . . . . . . . . . . . 7
2.1.4. Opaque . . . . . . . . . . . . . . . . . . . . . 7
2.2. Keyword Attributes . . . . . . . . . . . . . . . . . . . 7
2.3. Template Flags . . . . . . . . . . . . . . . . . . . . . 8
2.3.1. Multi-valued . . . . . . . . . . . . . . . . . . 8
2.3.2. Optional . . . . . . . . . . . . . . . . . . . . 8
2.3.3. Literal . . . . . . . . . . . . . . . . . . . . . 8
2.3.4. Explicit Matching . . . . . . . . . . . . . . . . 8
2.4. Default and Allowed Value Lists . . . . . . . . . . . . . 9
2.5. Descriptive Text . . . . . . . . . . . . . . . . . . . . 9
2.6. Example . . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Attribute Name Conflicts 13
4. Mapping from Schema to Templates 13
4.1. Mapping LDAP Attribute Types to SLP Attribute Types . . . 14
4.2. Mapping ASN.1 Types to SLP Types . . . . . . . . . . . . 15
4.2.1. Integer . . . . . . . . . . . . . . . . . . . . . 16
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page ii]
Internet Draft Schemas and Templates 22 October 1999
4.2.2. Case Ignore String, Case Exact String . . . . . . 16
4.2.3. Boolean . . . . . . . . . . . . . . . . . . . . . 16
4.2.4. Octet String . . . . . . . . . . . . . . . . . . 17
4.2.5. Binary . . . . . . . . . . . . . . . . . . . . . 17
4.2.6. Enumeration . . . . . . . . . . . . . . . . . . . 17
4.2.7. Set . . . . . . . . . . . . . . . . . . . . . . . 17
4.2.8. Real . . . . . . . . . . . . . . . . . . . . . . 18
4.2.9. Object Identifier . . . . . . . . . . . . . . . . 18
4.2.10. Sequence . . . . . . . . . . . . . . . . . . . . 19
4.3. Example ASN.1 Schema . . . . . . . . . . . . . . . . . . 19
5. Representing SLP Service Advertisments in an LDAP DIT 21
6. Internationalization Considerations 23
7. Security Considerations 23
1. Introduction
SLP templates [2] are intended to create a simple encoding of the
syntactic and semantic conventions for individual service types,
their attributes, and conventions. They can easily be generated,
transmitted, read by humans and parsed by programs, as it is a string
based syntax with required comments. Directory schemas serve to
formalize directory entry structures for use with LDAP [3]. These
directories serve to store information about many types of entities.
Network services are an example of one such entity.
Interoperability between SLP and LDAP is important so clients using
one protocol derive benefit from services registered through the
other. In addition, LDAP directory servers can serve as the backend
for SLP directory agents (DAs) if interoperability is possible In
order to facilitate interoperability, this document creates mappings
between the SLP template grammar and LDAP directory schema, and
establishes some conventions for representing service advertisements
in LDAP directories. The goal of the translation is to allow SLPv2
queries (which are syntatically and semantically equivalent to LDAPv3
string queries [9]) to be submitted to an LDAP directory server by an
SLP DA backended into LDAP without extensive processing by the DA.
The simple notation and syntactic/semantic attribute capabilities
of SLP templates map easily into directory schemas, and are easily
converted into directory schemas, even by automated means. The
reverse may not be true. If the LDAP schema contains arbitrary ASN.1
types, the translation may be difficult or impossible. If, however,
the LDAP schema contains the types described in RFC 2252 [10], then
the translation is more straightforward.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 1]
Internet Draft Schemas and Templates 22 October 1999
This document outlines the correct mappings for SLP templates into
the syntatic representation specified for LDAP directory schema by
RFC 2252 [10]. This syntax is a subset of the ASN.1/BER described in
the X.209 specification [11], and is used by the LDAPv3 [3] directory
schema. Likewise, rules and guidelines are proposed to facilitate
consistent mapping of ASN.1 based schemas to be translated in the
SLP template grammar. Finally, a proposal for a representation
of service advertisements in LDAP directory services is made that
facilitates SLP interoperability.
2. Mapping SLP Templates to LDAP Schema
We define the following abstract object class as the parent class for
all services. Any specific service type may add other attributes:
( 1.3.6.1.4.1.42.2.27.6.2.1
NAME 'slpService'
DESC 'parent superclass for SLP services'
ABSTRACT
SUP 'top'
MUST ( template-major-version-number \$
template-minor-version-number \$
description \$
template-url-syntax \$
service-advert-service-type \$
service-advert-scopes )
MAY ( service-advert-url-authenticator \$
service-advert-attribute-authenticator )
)
The attributes correspond to various parts of the SLP service
template and SLP service advertisement.
SLP service type templates begin with four definitions that set the
context of the template:
template-type
This defines the service type of the template. The service
type can be a simple service type, like ``service:ftp'', an
abstract service type, like ``service:printer'' or a concrete
service type, like ``service:printer:lpr''. The type name
can additionally include a naming authority, for example
``service:printer.sun:local''. The name that appears in this
field omits the ``service:'' prefix.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 2]
Internet Draft Schemas and Templates 22 October 1999
template-version
A string containing a major and minor version number, separated
by a period.
template-description
A block of human readable text describing what the service type
does.
template-url-syntax
An ABNF [7] grammer describing the service type specific part
of the service URL.
The SLP template-type definition is used as the name of the ASN.1
class for the template, a subclass of the ``slpService'' class,
together with the ``service'' prefix to indicate that the name
is for a service. In the translating service type name, colons
and the period separating the naming authority are converted
into hyphens. If the template defines an SLP concrete type,
the concrete type name is used; the abstract type name is never
used. For example, the template for ``service:printer:lpr'' is
translated into an ASN.1 class called ``service-printer-lpr''.
Furthermore, if the type name contains a naming authority, the naming
authority name must be included. For example, the service type name
``service:printer.sun:local'' becomes ``service-printer-sun-local''.
The ASN.1 class is always ``STRUCTURAL''.
The template-version definition is partitioned into two attributes,
template-major-version-number and template-minor-version-number. The
LDAP definition for these attributes is:
( 1.3.6.1.4.1.42.2.27.6.1.1
NAME 'template-major-version-number'
DESC 'The major version number of the service type template'
EQUALITY integerMatch
SYNTAX INTEGER
SINGLE-VALUE
NO-USER-MODIFICATION
)
( 1.3.6.1.4.1.42.2.27.6.1.2
NAME 'template-minor-version-number'
DESC 'The minor version number of the service type template'
SYNTAX INTEGER
EQUALITY integerMatch
SINGLE-VALUE
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 3]
Internet Draft Schemas and Templates 22 October 1999
NO-USER-MODIFICATION
)
These attributes are marked NO-USER-MODIFICATION because they are
set by the definition of the template, and they are required (MUST
contain) attributes in the ASN.1 class translated from the template.
The template-url-syntax definition in the SLP template is described
by the following attribute:
( 1.3.6.1.4.1.42.2.27.6.1.3
NAME 'template-url-syntax'
DESC 'An ABNF grammar describing the service type
specific part of the service URL'
SYNTAX IA5String
EQUALITY caseExactMatch
SINGLE-VALUE
)
The template-description attribute is translated into the X.520
standard attribute ``description'' [4].
We further establish the convention that SLP template characteristcs
that can't be translated into LDAP are inserted into the DESC field
of the object class definition. The items are separated by empty
lines, start on a new line, and are tagged at the beginning of the
line to indicate what they represent. This allows the template to be
reconstructed from the schema by properly parsing the comments.
The bulk of an SLP template consists of attribute definitions. There
are four items in an SLP template attribute definition that need to
be mapped into LDAP:
Attribute Name
Since SLPv2 attribute names are defined to be compatible with
LDAPv3, SLP attributes map directly into LDAP attributes with
no change. Similarly, LDAP attributes map directly to SLP
attributes.
Attribute Type
The SLP attribute type is mapped into the LDAP attribute type.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 4]
Internet Draft Schemas and Templates 22 October 1999
Attribute Flags
The SLP attribute flags are mapped into characterics of
the LDAP attribute definition, or into the DESC field if no
equivalent LDAP attribute definition characteristic occurs.
Default and Allowed Values
These must be handled by the client or a DA enabled to handle
templates, as in SLP. For reference, however, they should be
included in the DESC field of the LDAP attribute definition.
Descriptive Text
The SLP template descriptive text should be mapped into the
DESC field.
We discuss mapping of types, flags, default and allowed values, and
descriptive text in the subsections below.
For purposes of representing an SLP entry, we also define two
standardized LDAP attributes with standardized OIDs. These
attributes are:
( 1.3.6.1.4.1.42.2.27.6.1.4
NAME 'service-advert-service-type'
DESC 'The service type of the service advertisement, including the
"service:" prefix.'
SYNTAX IA5String
SINGLE-VALUE
EQUALITY caseIgnoreMatch
)
( 1.3.6.1.4.1.42.2.27.6.1.5
NAME 'service-advert-scopes'
DESC 'A list of scopes for a service advertisement.'
SYNTAX IA5String
EQUALITY caseIgnoreMatch
)
Searchs for abstract types can be made with an LDAP query that
wildcards the concrete type. For example, a search for all service
advertisements of the printer abstract type can be made with the
following query:
(service-advert-service-type=service:printer:*)
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 5]
Internet Draft Schemas and Templates 22 October 1999
SLP specifies that service URLs and attribute lists can be
accompanied by a structured authenticator consisting of a digital
signature and information necessary to verify the signature. Two
standardized SLP attributes are defined for this purpose:
( 1.3.6.1.4.1.42.2.27.6.1.6
NAME 'service-advert-url-authenticator'
DESC 'The authenticator for the URL, null if none.'
SYNTAX Binary
SINGLE-VALUE
)
( 1.3.6.1.4.1.42.2.27.6.1.7
NAME 'service-advert-attribute-authenticator'
DESC 'The authenticator for the attribute list, null if none.'
SYNTAX Binary
SINGLE_VALUE
)
2.1. Mapping from SLP Attribute Types to LDAP Attribute Types
We define the mapping from SLP attribute types to LDAP as follows:
SLP Type ASN.1 Type LDAP Type
----------------------------------------------
Integer Integer INTEGER
String String Directory String
Boolean String Boolean
Opaque BINARY BINARY
Keyword String IA5String
The following subsections discuss further details of the mapping.
2.1.1. Integer
SLP integers compare as integers when performing a query. LDAP
integers behave similarly Consequently, the mapping from the SLP
integer type to LDAP is INTEGER, with the integerMatch matching rule.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 6]
Internet Draft Schemas and Templates 22 October 1999
2.1.2. String
SLP strings are encoded as described in the SLP protocol
specification [6]. All value strings are considered case insensitive
for matching operations. SLP strings are not null terminated and are
encoded in UTF-8.
SLP strings are mapped to the LDAP Directory String type. The
Directory String type exactly matches the SLP string type, i.e.
it is a non-null terminated UTF-8 string. The caseIgnoreMatch
equality rule, caseIgnoreOrderingMatch ordering rule, and
caseIgnoreSubstringsMatch substring rule are used for comparing
string attribute values.
2.1.3. Boolean
Boolean attributes may have one of two possible values. In SLP,
these values are represented as strings, TRUE and FALSE. In SLP's
string encoding of a boolean value, case does not matter.
The SLP Boolean type maps directly into an LDAP Boolean. The
caseIgnoreMatch rule is used for equality matching.
2.1.4. Opaque
SLP attribute values of type Opaque are represented as BINARY in
LDAP.
2.2. Keyword Attributes
SLP service type templates allow the definition of keyword
attributes. Keyword attributes are attributes whose only
characteristic is their presence. Keyword attributes have no flag
information, nor any default or allowed values (since, by definition,
they have no values).
ASN.1 has no concept of keyword attributes. Keyword attributes are
translated into a ``May'' clause in the ASN.1 class defintion for the
service type. If the keyword attribute is present, then its value
is of no consequence, but for consistency we make it simply the NUL
character, ``\00''.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 7]
Internet Draft Schemas and Templates 22 October 1999
2.3. Template Flags
SLP template flags can be handled as described in the following
subsections.
2.3.1. Multi-valued
Multi-valued attributes are defined in an SLP template using the 'M'
flag. This flag indicates that an attribute may have more than one
value. All values for a given attribute must be of the same type.
LDAP attribute definitions require that a single valued attribute
include the SINGLE-VALUE tag if the attribute is single valued.
Otherwise, the attribute is assumed to be multivalued by default.
2.3.2. Optional
SLP uses the 'O' flag to indicate an attribute may or may not be
present. These optional attributes are defined using the "May"
clause in the ASN.1 definition class definition for the service type.
All other attributes must be defined as a "Must"
2.3.3. Literal
ASN.1 does not have a mechanism to indicate that the values of an
attribute may not be translated from one language to another, since
ASN.1 schema are not typically translated. This flag is dropped when
translating a template, but presence of the flag should be noted in
the DESC field. It should be placed on a separate line and tagged
with ``Literal:'' so the template can be reconstructed from the
schema.
2.3.4. Explicit Matching
The SLP template syntax uses a flag of 'X' to indicate that an
attribute must be present in order for the query to be properly
satisfied. There is no provision for requiring that particular
attributes be in a query. Consequently, this flag is dropped when
translating a template, but presence of the flag should be noted in
the DESC field. It should be placed on a separate line and tagged
with ``Explicit:'' so the template can be reconstructed from the
schema.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 8]
Internet Draft Schemas and Templates 22 October 1999
2.4. Default and Allowed Value Lists
The SLP template grammar provides the capability to define
default and allowed values for an attribute. The SLP protocol
does not enforce these restrictions on registered attributes,
however. The default and allowed values may be used by client
side applications, or alternatively it may also be used by DAs to
initialize registrations having no attributes and to limit attribute
values to the template allowed values.
LDAP servers also do not support default and allowed values on
attributes. Therefore, enforcement of default and allowed values
in SLP templates is left up to the clients or a DA, if the DA
is backending into LDAP. The default and allowed values should
be included in the DESC field. The comments should be placed on
separate lines and labelled with the ``Default:'' and ``Allowed:''
tags to allow reconstruction of the tempalte.
2.5. Descriptive Text
The descriptive text associated with an attribute definition should
be included in the DESC field. It should start on a separate line
and begin with the ``Description:'' tag.
2.6. Example
The template included below is a hypothetical abstract printer
service template, similar to that described in [12].
template-type = printer
template-version = 0.0
template-description =
The printer service template describes the attributes
supported by network printing devices. Devices may be
either directly connected to a network, or connected to a
printer spooler that understands the a network queuing
protocol such as IPP, lpr or the Salutation Architecture.
template-url-syntax =
;The URL syntax is specific to the printing protocol being
;employed
description = STRING
# This attribute is a free form string that can contain any
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 9]
Internet Draft Schemas and Templates 22 October 1999
# site-specific descriptive information about this printer.
printer-security-mechanisms-supported = STRING L M
none
# This attribute indicates the security mechanisms supported
tls, ssl, http-basic, http-digest, none
printer-operator = STRING O L M
# A person, or persons responsible for maintaining a
# printer on a day-to-day basis, including such tasks
# as filling empty media trays, emptying full output
# trays, replacing toner cartridges, clearing simple
# paper jams, etc.
printer-location-address = STRING O
# Physical/Postal address for this device. Useful for
# nailing down a group of printers in a very large corporate
# network. For example: 960 Main Street, San Jose, CA 95130
printer-priority-queue = BOOLEAN O
FALSE
# TRUE indicates this printer or print queue is a priority
# queuing device.
printer-number-up = INTEGER O
1
# This job attribute specifies the number of source
# page-images to impose upon a single side of an instance
# of a selected medium.
1, 2, 4
printer-paper-output = STRING M L O
standard
# This attribute describes the mode in which pages output
# are arranged.
standard, noncollated sort, collated sort, stack, unknown
We assume that the concrete type ``service:printer:lpr'' for
printers that speak the LPR protocol [5] has the following template
definition:
template-type = printer:lpr
template-version = 0.0
template-description =
The printer:lpr service template describes the attributes
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 10]
Internet Draft Schemas and Templates 22 October 1999
supported by network printing devices that speak the
LPR protocol. No new attributes are included.
template-url-syntax = queue
queue = ;The queue name, see RFC 1179.
The LDAP class definition for the ``service:printer:lpr'' concrete
service type is translated as follows. We use attribute names
instead of oids in MUST and MAY for clarity:
( <numericOID1>
NAME 'service-printer-lpr'
DESC `Description: The printer:lpr service template
describes the attributes supported by network printing
devices that speak the LPR protocol. No new attributes
are included.'
URL Syntax: queue
queue = ;The queue name, see RFC 1179.'
SUP 'slpService'
MUST ( description \$ security-mechanisms-supported \$
labelledURI)
MAY ( operator \$ location-address \$ priority-queue \$
number-up \$ paper-output)
)
The attribute definitions are translated as follows:
( <numericOID2>
NAME 'printer-security-mechanisms-supported'
DESC 'Description: This attribute indicates the security mechanisms
supported.
Default: value
Allowed: tls, ssl, http-basic, http-digest, none
Literal:'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
)
( <numericOID3>
NAME 'printer-operator'
DESC 'Description: A person, or persons responsible for
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 11]
Internet Draft Schemas and Templates 22 October 1999
maintaining a printer on a day-to-day basis, including
such tasks as filling empty media trays, emptying full
output trays, replacing toner cartridges, clearing simple
paper jams, etc.
Literal:'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
)
( <numericOID4>
NAME 'printer-location-address'
DESC 'Description Physical/Postal address for this device.
Useful for nailing down a group of printers in a very
large corporate network. For example: 960 Main Street,
San Jose, CA 95130.'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
SINGLE-VALUE
)
( <numericOID5>
NAME 'printer-priority-queue'
DESC 'Description: TRUE indicates this printer or print
queue is a priority queuing device.'
EQUALITY caseIgnoreMatch
SYNTAX 'Boolean'
SINGLE-VALUE
)
( <numericOID6>
NAME 'printer-number-up'
DESC 'Description: This job attribute specifies the number
of source page-images to impose upon a single side of
an instance of a selected medium. This attribute is
INTEGER.
Default: 1
Allowed: 1, 2, 3, 4'
SYNTAX 'Integer'
EQUALITY integerMatch
SINGLE-VALUE
)
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 12]
Internet Draft Schemas and Templates 22 October 1999
( <numericOID7>
NAME 'printer-paper-output'
DESC 'Description: This attribute describes the mode in
which pages output are arranged. Default value is
standard.
Default: standard
Allowed: standard, noncollated sort, collated sort,
stack, unknown.
Literal:'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringMatch
SYNTAX 'Directory String'
)
3. Attribute Name Conflicts
LDAP has a flat name space, and attribute names and OIDs must be
unique in a directory server. In order to avoid name conflicts in
the translation of SLP templates to LDAP schemas, template developers
may want to consider prepending the name of the service type to
the attribute. Postprocessing attribute names to make them unique
when translated is not possible, because it would require the DA to
rewrite queries before submitting them to the directory server. In
addition, developers should use standard LDAP attributes when such
attributes are available.
In the above example template, the abstract type name ``printer''
is prepended to attributes to avoid conflicts. The standard
``description'' attribute defined by X.520 [4] is used to translate
the template description attribute.
4. Mapping from Schema to Templates
The reverse mapping from LDAP schema to SLP service type templates
requires dealing with both LDAP and ASN.1 data types. RFC 2252
defines 57 LDAP attribute data types that should be supported by LDAP
directory servers. These data type are defined on top of the ASN.1
typing system used by X.500, but directory servers are also required
to support standard X.500 ASN.1 data types using the LDAP Binary type
escape.
Mapping of the LDAP data types into SLP template types is fairly
straightforward, but mapping arbitrary ASN.1 data types is somewhat
more complicated and requires encoding the ASN.1 data type into a
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 13]
Internet Draft Schemas and Templates 22 October 1999
string. To a certain extent, this masks the ASN.1 data type because
it becomes impossible to distinguish between a native string having
content equivalent to an encoded ASN.1 string. However, inclusion of
the ASN.1 data type in the comment provides additional information
should a reverse transformation from SLP to ASN.1 be required.
The following subsections deal with both LDAP and ASN.1 attribute
data type mappings.
4.1. Mapping LDAP Attribute Types to SLP Attribute Types
The following table contains the mappings for LDAP data types to SLP
data types:
LDAP Type SLP Type
--------------------------------------------------------
ACI Item NA
Access Point NA
Attribute Type Description NA
Audio Opaque
Binary ASN.1 escape
Bit String String
Boolean Boolean
Certificate Opaque
Certificate List Opaque
Certificate Pair Opaque
Country String String
DN String
Data Quality Syntax NA
Delivery Method NA
Directory String String
DIT Content Rule Description NA
DIT Structure Rule Description NA
DL Submit Permission NA
DSA Quality Synax NA
Enhanced Guide NA
Facsimile Telephone Number String
Fax Opaque
Generalized Time String
Guide NA
IA5 String String
INTEGER Integer
JPEG Opaque
LDAP Syntax Description NA
LDAP Schema Definition NA
LDAP Schema Description NA
Master and Shadow Access Points NA
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 14]
Internet Draft Schemas and Templates 22 October 1999
Matching Rule Description NA
Matching Rule Use Description NA
Mail Preference NA
MHS OR Address String
Modify Rights NA
Name and Optional UID NA
Name Form Description NA
Numeric String String
Object Class Description NA
Octet String Opaque
OID String
Other Mailbox String
Postal Address String
Protocol Information NA
Presentation Address String
Printable String String
Subset Assertion NA
Subtree Specification NA
Supplier Information NA
Supplier or Consumer NA
Supplier And Consumer NA
Supported Algorithm NA
Telephone Number String
Teletex Terminal Identifier String
Telex Number String
UTC Time String
If the SLP type is NA in the above table, the LDAP type is involved
in schema representation or some other internal function, or is
otherwise unlikely to appear in the schema definition for a service
type.
4.2. Mapping ASN.1 Types to SLP Types
ASN.1 employs a much richer set of data types than provided by SLP.
The table below show the mapping of selected ASN.1 data type to their
nearest SLP equivalent. Because of the complexity and flexibility of
ASN.1, a complete list cannot be provided.
As sample of some ASN.1 encodings and their mappings to SLP:
ASN.1 type SLP type
-----------------------------------------
Integer Integer
Case Exact String String
Case Ignore String String
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 15]
Internet Draft Schemas and Templates 22 October 1999
Boolean Boolean
Octet String Opaque
Binary Opaque
Enumeration String
Set Of Formatted String
Real String
Object Identifier String
Sequence Of Formatted String
Data types that do not map directly to SLP data types should be
defined as either a String, or as Opaque. ASN.1 types that may only
contain valid characters for Strings, as defined in X.680 [11] should
be encoded as strings. If a value may contain illegal string values,
the SLP Opaque type should be used. In either case, the first line
of the help text is used to indicate the original ASN.1 data type.
The following subsections describe how to convert from the ASN.1
BER [11] to the SLP template for the different types in the table
above.
4.2.1. Integer
Both SLP templates and ASN.1 support Integers, so there is a one to
one mapping between an SLP Integer attribute and an ASN.1 Integer
attribute. Details on the encoding of integers is summarized in the
SLP template to ASN.1 section above.
4.2.2. Case Ignore String, Case Exact String
Strings are supported between both SLP and ASN.1. SLP encoding
of the strings must conform to the rules for handling special
characters, as outlined in RFC XXX [6]. Note that, unless the ASN.1
type is recorded into the comment, the reverse translation will lose
the ASN.1 type.
4.2.3. Boolean
Boolean values are supported by both SLP and ASN.1, though on wire
encodings differ. X.680 [11] specifies zero and non-zero encoding
for booleans, where SLP encodes booleans using the strings TRUE and
FALSE. In general, most LDAP servers will use the LDAP Boolean type
(which is a string), so again the ASN.1 type should be recorded in
the comment or it will be lost.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 16]
Internet Draft Schemas and Templates 22 October 1999
4.2.4. Octet String
An ASN.1 octet string should be mapped to an Opaque in an SLP
template. An octet string is a sequence of bytes, whereas an Opaque
is a a string that encodes a sequence of bytes. Again, the ASN.1
type is lost unless recorded in the comment.
4.2.5. Binary
An ASN.1 Binary should be mapped to an Opaque in an SLP template. A
binary value is a sequence of bytes, whereas an Opaque is a a string
that encodes a sequence of bytes. Again, the ASN.1 type is lost
unless recorded in the comment.
4.2.6. Enumeration
SLP templates support the concept of enumerations through the listing
of allowed values in the attribute definition. These enumerations
are not strictly binding on clients or DAs, but they are similar
to the ASN.1 definition of enumerations. BER encodes the ASN.1
enumeration by passing the number of the element's position in the
enumeration. This requires both sides to have knowledge of the
specific enumeration prior to decoding an enumeration's value. SLP
provides no specific support for transmitting enumerations. They are
simply String types. Information on the ASN.1 type and ASN. encoding
of the enumeration values is recorded in the comment.
Example:
color-supported = STRING M
none
# ASN.1: Enumeration.
# ASN.1 Mapping: none = 0, highlight = 1, three color = 2, four color = 4,
# monochrmatic = 5
#This attribute specifies whether the Printer supports
# color and, if so, what type.
none,highlight,three color,four color,monochromatic
4.2.7. Set
ASN.1 Sets can be accommodated in an SLP template by simply
concatenating the set elements into a string, separated by
whitespace. Searches for individual set elements in SLP can use the
LDAP wildcard syntax. For example, given a translated Set attribute
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 17]
Internet Draft Schemas and Templates 22 October 1999
with value ``one two three'', a search can be made for attributes
with set value ``two'' by using the LDAP wildcard ``*two*''.
Problems arise if the set contains as one or more of its
elements a data item that is, itself, a set. Without some
delimiter, the elements of both sets would run together and become
indistinguishable. To avoid this problem, we use curly braces ``{}''
to delimit a set. Thus the set in the above example becomes ``{ one
two three }''.
Since sets have no implicit ordering, the ordering of the values in
the string is unimportant. Note that sets cannot be represented as
multivalued attributes because it is possible that an LDAP attribute
having the ASN.1 Set type may additionally be multivalued. The
template's help text should indicate the original ASN.1 type to
facilitate backwards conversion.
4.2.8. Real
There is no direct mapping between floating point numbers and any
SLP data types. Attributes having the ASN.1 type of Real are mapped
to SLP type String. Comments are added to the attribute help text
indicating the value was originally an ASN.1 real. For example:
weight = STRING
# ASN.1: Real
# The objects weight in pounds.
4.2.9. Object Identifier
Object identifiers(OIDs) are commonly used in the ASN.1 world to
identify object and attributes. OIDs are a numerical representation
of an element's place in the naming hierarchy. Each element at a
particular level of a hierarchy has a unique number assigned within
that level of the hierarchy. A sample OID would be the naming tree
for SNMP MIBs: iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) would
be written as the string ``1.3.6.1.2.1''.
Because this representation reduces down to a string of dot separated
numbers, this maps easily to the SLP String type. The help text for
this element should indicate it is an ASN.1 OID
identifier = STRING
# ASN.1: OID
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 18]
Internet Draft Schemas and Templates 22 October 1999
# The object identifier for this SNMP agent.
4.2.10. Sequence
The ASN.1 Sequence type is handled exactly like the Set type. The
sequence elements are converted to strings and inserted into a string
with whitespace separators. Sequences are delimited with angle
brackets ``<>''. An example encoded sequence is ``< one two three
>''. Unlike sets, the ordering of items in a sequence is important
and should be respected by client software. The SLP template
attribute help text should indicate that the attribute was translated
from an ASN.1 sequence.
4.3. Example ASN.1 Schema
The following is an example schema for an exported filesystem. The
section presents it as in ASN.1 and the following section shows
the SLP template translation. The template translation does not
capture the actual attribute format for the Set type, that would
be done in the LDAP client software making the translation. Note
that even though the class definition does not conform with the
previously defined conventions for SLP classes, the schema can still
be translated into an SLP template.
-- abstraction of a fstab entry (a "mount")
-- these lookups would likely be performed by an
-- an automounter type application
mount OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN {
-- the mount host
mountHost,
-- the mount point
mountDirectory.
-- the mount type
mountType
}
MAY CONTAIN {
-- mount options
mountOption,
-- dump frequency
mountDumpFrequency,
-- passno
mountPassNo
}
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 19]
Internet Draft Schemas and Templates 22 October 1999
mountHost OBJECT-TYPE
SYNTAX Case Ignore String
DESCRIPTION
"The mount host"
mountDirectory OBJECT-TYPE
SYNTAX Case Ignore String
DESCRIPTION
"The filesystem to mount"
mountType OBJECT-TYPE
SYNTAX INTEGER {
ufs(1)
hsfs(2)
nfs(3)
rfs(4)
}
DESCRIPTION
"The type of the filesystem being mounted"
mountOption OBJECT-TYPE
SYNTAX SET OF Case Ignore String
DESCRIPTION
"mount options for this filesystem"
mountDumpFrequency OBJECT-TYPE
SYNTAX INTEGER (0..9)
DESCRIPTION
"How often to dump this filesystem"
mountPassNo OBJECT-TYPE
SYNTAX Integer
DESCRIPTION
"Boot time mount pass number"
The translated SLP template is:
template-type = mount
template-version = 1.0
template-description = "Describes a remote filesystem access protocol"
template-url-syntax =
filesystem = 1*[ DIGIT / ALPHA ]
urlpath = "/" filesystem
mountHost = STRING L
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 20]
Internet Draft Schemas and Templates 22 October 1999
# ASN.1: Case Ignore String
# The mount host
mountDirectory = STRING L
# ASN.1: Case Ignore String
# The filesystem to mount
mountType = STRING L
ufs
# ASN.1: Enumeration
# ASN.1 Mapping: ufs = 1, hsfs = 2, nfs = 3, rfs = 4
# The type of the filesystem being mounted
ufs, hsfs, nfs, rfs
mountOption = STRING M O L
# ASN.1: Set of Case Ignore String
# mount options for this filesystem
mountDumpFrequency = INTEGER O
0
# ASN.1: Integer Range
# How often to dump this filesystem
0, 1, 2, 3, 4, 5, 6, 7, 8, 9
mountPassNo = INTEGER O
# ASN.1: Integer
# Boot time mount pass number
5. Representing SLP Service Advertisments in an LDAP DIT
In addition to translating between SLP templates and LDAP schema,
another area requiring compatibility is the representation
of SLP service advertisements in an LDAP DIT. A standardized
representation for service information allows SLP DAs to store
service advertisements in LDAP, and for LDAP clients to query
the DIT for those services. Similarly, if LDAP clients represent
service information in the same form, SLP clients can benefit from
interoperability.
In addition, a service advertisement contains the service URL in a
'labelledURI' attribute [13]. The labelledURI attribute in a service
advertisement should only contain the service URL for the service,
with no additional label.It is recommended that the labelledURI be
used as the RDN for the service object in the DIT.
Although service advertisements can appear anywhere within the
DIT, it is recommended that all services be stored under a single
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 21]
Internet Draft Schemas and Templates 22 October 1999
common point to facilitates searching. This allows a client to
search for all of advertisements of a particular service type, say,
for all printers. The recommended storage point is a container
node named "oc=service" under the root node for the local LDAP
server. For example, a printer service with labelledURI of
"service:lpr://printsr/queue1" advertised in the LDAP server that
holds the root for the "dc=foobar, dc=com" tree would have the
following DN:
"labelledURI=service:lpr://printsr/queue1, oc=service, dc=foobar, dc=com"
While this leads to a flat space of service storage, since SLP uses
search filters from LDAP for searches, these filters can be used for
one-level searches from the root node.
A few examples should clarify. The following example illustrates how
an advertisement having a simple service type is represented. The
advertisment for a printer is:
Service URL: service:lpr://printsrv/queue1
Scopes: eng, corp
Attributes: description = A general printer for all to use.
security-mechanisms-supported = none
No Authentication
The RDN of the object is labelledURI=service:lpr://printsrv/queue1,
and the following LDAP search filter will return this object, along
with any others of the service type ``service:lpr'' that match the
other attributes:
(&(service-advert-service-type=service:lpr)
(service-advert-scopes=eng,corp)
(description=A general printer for all to use)
(security-mechanisms-supported=none))
Service advertisements in SLP also have a lease time associated
with them. In LDAP servers that support the extensions for dynamic
directory services [14], the service advertisement entry objectClass
should be extended with the dynamicObject class. This allows the
service advertisment to time out within the LDAP directory server.
If the LDAP directory server does not support the dynamic directory
services extension, then advertisement lease timeouts must be handled
by the SLP agent.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 22]
Internet Draft Schemas and Templates 22 October 1999
While the service advertisement schema outlined in this section
is primarily for SLP DAs that use LDAP as a backing store, if
LDAP agents register services using the same format, complete
interoperability with SLP is achieved.
6. Internationalization Considerations
SLP specifies that an RFC 1766 [15] language code accompanies every
service advertisement. Language codes for service advertisements in
LDAP must be represented according to RFC 2596 [16].
RFC 2596 prohibits language codes in DNs, and specifies that a
directory server which does not support language codes must treat
an attribute with a language code as an unrecognized attributes.
According to RFC 2596, language codes are appended to attribute names
with a semicolon (``;''). For example, the following attribute/value
pair is in the German locale:
(address;lang-de=44 Bahnhofstrasse, 2365 Maennerstadt, Germany)
An attribute with a language tag in a specific locale is considered a
separate attribute from attributes in other locales.
If the service advertisement is in the default SLP locale (``en'',
no dialect), then the language code need not be appended to the
attribute name.
SLP queries in locales other than the default need not be rewritten
to include language tags before being submitted to the directory
server. RFC 2596 specifies that all entries that match are returned,
including those with language tags, without requiring the language
tags to be explicitly present in the query. The SLP DA can then
postprocess the result to select the entries from the required
locale.
7. Security Considerations
SLP authenticators are stored with the service advertisement in
the DIT, as discussed in Section 5. LDAP clients need to use LDAP
authentication [17] to assure that they are connecting with a secure
server. In particular, SLP DAs that use LDAP as a back end store
and that implement SLP authentication MUST use LDAP authentication
to assure that the LDAP entries for their service registrations are
secure.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 23]
Internet Draft Schemas and Templates 22 October 1999
References
[1] S. Bradner. Key Words for Use in RFCs to Indicate Requirement
Levels. RFC 2119, March 1997.
[2] E. Guttman, C. Perkins, J. Kempf. Service Templates and
service:Schemes. RFC 2609, April, 1999.
[3] M. Wahl, T. Howes, and S. Kille. Lightweight Directory Access
Protocol (v3). RFC 2251, December, 1997.
[4] International Telecommunications Union The Directory:Selected
Attribute Types ITU Recommendation X.520, August, 1997.
[5] L. McLaughlin Line Printer Daemon Protocol RFC 1179, August,
1990.
[6] E. Guttman, C. Perkins, J. Veizades, and M. Day. Service
Location Protocol version 2. RFC 2608, April 1999.
[7] D. Crocker and P Overell. Augmented BNF for Syntax
Specifications: ABNF. RFC 2234 November 1997.
[8] ITU-T Rec. X.500. The Directory: Overview of Concepts, Models,
and Service. 1993.
[9] T. Howes. The String Representation of LDAP Search Filters.
RFC 2254, December 1997.
[10] M. Wahl, A. Coulbeck, T. Howe, and S. Kille. Lightweight
Directory Access Protocol (v3): Attribute Syntax Definition.
RFC 2252, December, 1997.
[11] ITU-T Rec. X.680. Abstract Syntax Notation One (ASN.1) -
Specification of Basic Notation. 1994.
[12] P. St. Pierre, S. Isaccson, I. McDonald. Definition
of printer: URLs for use with Service Location
draft-ietf-svrloc-printer-scheme-03.txt Work in Progress
[13] M. Smith. Definition of an X.500 Attribute Type and an Object
Class to Hold Uniform Resource Identifiers (URIs). RFC 2079,
January, 1997.
[14] Y. Yaacovi, M. Wahl, and T. Genovese. Lightweight Directory
Access Protocol (v3): Extensions for Dynamic Directory
Services. RFC 2589, May, 1999.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 24]
Internet Draft Schemas and Templates 22 October 1999
[15] H. Alverstrand. Tags for the Identification of Lanaguages. RFC
2252, December, 1997.
[16] M. Wahl and T. Howes. Use of Language Codes in LDAP. RFC 2596,
May, 1999.
[17] M. Wahl, H. Alvestrand, J. Hodges, and R. Morgan.
Authentication Methods in LDAP. draft-ietf-ldapext-authmeth-xx.txt.
A work in progress.
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 25]
Internet Draft Schemas and Templates 22 October 1999
Full Copyright Statement
Copyright (C) The Internet Society (1997). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However,
this document itself may not be modified in any way, such as by
removing the copyright notice or references to the Internet Society
or other Internet organizations, except as needed for the purpose
of developing Internet standards in which case the procedures
for copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
Authors' Address
James Kempf Ryan Moats
Sun Microsystems AT&T Laboratories
901 San Antonio Avenue 15621 Drexel Circle
Palo Alto, CA 94303 Omaha, NE, 68135
USA
Phone: +1 650 786-5890 +1 402 894-9456
Email: james.kempf@sun.com jayhawk@att.com
Pete St. Pierre
Sun Microsystems
901 San Antonio Avenue
Palo Alto, CA 94303
USA
Phone: +1 415 786-5790
Email: Pete.StPierre@Eng.Sun.COM
Kempf, Moats, St.Pierre Expires 22 Feburary 2000 [Page 26]
