Policy Core Lightweight Directory Access Protocol (LDAP) Schema
RFC 3703
Document Type RFC - Proposed Standard (February 2004; No errata)
Updated by RFC 4104
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3703 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Bert Wijnen
IESG note Published as RFC 3703
Send notices to <joel@stevecrocker.com>
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                       J. Strassner
Request for Comments: 3703                        Intelliden Corporation
Category: Standards Track                                       B. Moore
                                                         IBM Corporation
                                                                R. Moats
                                                    Lemur Networks, Inc.
                                                             E. Ellesson
                                                           February 2004

    Policy Core Lightweight Directory Access Protocol (LDAP) Schema

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document defines a mapping of the Policy Core Information Model
   to a form that can be implemented in a directory that uses
   Lightweight Directory Access Protocol (LDAP) as its access protocol.
   This model defines two hierarchies of object classes: structural
   classes representing information for representing and controlling
   policy data as specified in RFC 3060, and relationship classes that
   indicate how instances of the structural classes are related to each
   other.  Classes are also added to the LDAP schema to improve the
   performance of a client's interactions with an LDAP server when the
   client is retrieving large amounts of policy-related information.
   These classes exist only to optimize LDAP retrievals: there are no
   classes in the information model that correspond to them.

Table of Contents

   1.  Introduction .................................................  2
   2.  The Policy Core Information Model ............................  4
   3.  Inheritance Hierarchy for the PCLS ...........................  5
   4.  General Discussion of Mapping the Information Model to LDAP ..  6
       4.1.  Summary of Class and Association Mappings ..............  7
       4.2.  Usage of DIT Content and Structure Rules and Name Forms.  9
       4.3.  Naming Attributes in the PCLS .......................... 10

Strassner, et al.           Standards Track                     [Page 1]
RFC 3703                Policy Core LDAP Schema            February 2004

       4.4.  Rule-Specific and Reusable Conditions and Actions ...... 11
       4.5.  Location and Retrieval of Policy Objects in the
             Directory .............................................. 16
             4.5.1.  Aliases and Other DIT-Optimization Techniques .. 19
   5.  Class Definitions ............................................ 19
       5.1.  The Abstract Class "pcimPolicy" ........................ 21
       5.2.  The Three Policy Group Classes ......................... 22
       5.3.  The Three Policy Rule Classes .......................... 23
       5.4.  The Class pcimRuleConditionAssociation ................. 30
       5.5.  The Class pcimRuleValidityAssociation .................. 32
       5.6.  The Class pcimRuleActionAssociation .................... 34
       5.7.  The Auxiliary Class pcimConditionAuxClass .............. 36
       5.8.  The Auxiliary Class pcimTPCAuxClass .................... 36
       5.9.  The Auxiliary Class pcimConditionVendorAuxClass ........ 40
       5.10. The Auxiliary Class pcimActionAuxClass ................. 41
       5.11. The Auxiliary Class pcimActionVendorAuxClass ........... 42
       5.12. The Class pcimPolicyInstance ........................... 43
       5.13. The Auxiliary Class pcimElementAuxClass ................ 44
       5.14. The Three Policy Repository Classes .................... 45
       5.15. The Auxiliary Class pcimSubtreesPtrAuxClass ............ 46
       5.16. The Auxiliary Class pcimGroupContainmentAuxClass ....... 48
       5.17. The Auxiliary Class pcimRuleContainmentAuxClass ........ 49
   6.  Extending the Classes Defined in This Document ............... 50
       6.1.  Subclassing pcimConditionAuxClass and pcimActionAuxClass 50
       6.2.  Using the Vendor Policy Attributes ..................... 50
       6.3.  Using Time Validity Periods ............................ 51
   7.  Security Considerations ...................................... 51
   8.  IANA Considerations .......................................... 53
       8.1.  Object Identifiers ..................................... 53
       8.2.  Object Identifier Descriptors .......................... 53
   9.  Acknowledgments .............................................. 56
   10. Appendix:  Constructing the Value of orderedCIMKeys .......... 57
   11. References ................................................... 58
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA