Policy Core Lightweight Directory Access Protocol (LDAP) Schema
RFC 3703
Document | Type |
RFC - Proposed Standard
(February 2004; No errata)
Updated by RFC 4104
|
|
---|---|---|---|
Authors | Ed Ellesson , Robert Moore , Ryan Moats , John Strassner | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3703 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Bert Wijnen | ||
IESG note | Published as RFC 3703 | ||
Send notices to | <joel@stevecrocker.com> |
Network Working Group J. Strassner Request for Comments: 3703 Intelliden Corporation Category: Standards Track B. Moore IBM Corporation R. Moats Lemur Networks, Inc. E. Ellesson February 2004 Policy Core Lightweight Directory Access Protocol (LDAP) Schema Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document defines a mapping of the Policy Core Information Model to a form that can be implemented in a directory that uses Lightweight Directory Access Protocol (LDAP) as its access protocol. This model defines two hierarchies of object classes: structural classes representing information for representing and controlling policy data as specified in RFC 3060, and relationship classes that indicate how instances of the structural classes are related to each other. Classes are also added to the LDAP schema to improve the performance of a client's interactions with an LDAP server when the client is retrieving large amounts of policy-related information. These classes exist only to optimize LDAP retrievals: there are no classes in the information model that correspond to them. Table of Contents 1. Introduction ................................................. 2 2. The Policy Core Information Model ............................ 4 3. Inheritance Hierarchy for the PCLS ........................... 5 4. General Discussion of Mapping the Information Model to LDAP .. 6 4.1. Summary of Class and Association Mappings .............. 7 4.2. Usage of DIT Content and Structure Rules and Name Forms. 9 4.3. Naming Attributes in the PCLS .......................... 10 Strassner, et al. Standards Track [Page 1] RFC 3703 Policy Core LDAP Schema February 2004 4.4. Rule-Specific and Reusable Conditions and Actions ...... 11 4.5. Location and Retrieval of Policy Objects in the Directory .............................................. 16 4.5.1. Aliases and Other DIT-Optimization Techniques .. 19 5. Class Definitions ............................................ 19 5.1. The Abstract Class "pcimPolicy" ........................ 21 5.2. The Three Policy Group Classes ......................... 22 5.3. The Three Policy Rule Classes .......................... 23 5.4. The Class pcimRuleConditionAssociation ................. 30 5.5. The Class pcimRuleValidityAssociation .................. 32 5.6. The Class pcimRuleActionAssociation .................... 34 5.7. The Auxiliary Class pcimConditionAuxClass .............. 36 5.8. The Auxiliary Class pcimTPCAuxClass .................... 36 5.9. The Auxiliary Class pcimConditionVendorAuxClass ........ 40 5.10. The Auxiliary Class pcimActionAuxClass ................. 41 5.11. The Auxiliary Class pcimActionVendorAuxClass ........... 42 5.12. The Class pcimPolicyInstance ........................... 43 5.13. The Auxiliary Class pcimElementAuxClass ................ 44 5.14. The Three Policy Repository Classes .................... 45 5.15. The Auxiliary Class pcimSubtreesPtrAuxClass ............ 46 5.16. The Auxiliary Class pcimGroupContainmentAuxClass ....... 48 5.17. The Auxiliary Class pcimRuleContainmentAuxClass ........ 49 6. Extending the Classes Defined in This Document ............... 50 6.1. Subclassing pcimConditionAuxClass and pcimActionAuxClass 50 6.2. Using the Vendor Policy Attributes ..................... 50 6.3. Using Time Validity Periods ............................ 51 7. Security Considerations ...................................... 51 8. IANA Considerations .......................................... 53 8.1. Object Identifiers ..................................... 53 8.2. Object Identifier Descriptors .......................... 53 9. Acknowledgments .............................................. 56 10. Appendix: Constructing the Value of orderedCIMKeys .......... 57 11. References ................................................... 58Show full document text