An Information Model for Kerberos Version 5
RFC 6880

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    krb-wg mailing list <ietf-krb-wg@lists.anl.gov>,
    krb-wg chair <krb-wg-chairs@tools.ietf.org>
Subject: Protocol Action: 'An information model for Kerberos version 5' to Proposed Standard (draft-ietf-krb-wg-kdc-model-16.txt)

The IESG has approved the following document:
- 'An information model for Kerberos version 5'
  (draft-ietf-krb-wg-kdc-model-16.txt) as Proposed Standard

This document is the product of the Kerberos Working Group.

The IESG contact persons are Stephen Farrell and Sean Turner.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-krb-wg-kdc-model/


Technical Summary

This document describes an information model for Kerberos version 5
from the point of view of an administrative service. There is no
standard for administrating a kerberos 5 Key Distribution Center
(KDC). This document describes the services exposed by an
administrative interface to a KDC.

Working Group Summary

This document represents the consensus of the Kerberos Working Group.
and will serve as the basis for further development of an LDAP schema.


Document Quality

As an information model, this document does not specify anything
that can be directly implemented. Rather, it forms the basis for
further work, such as the production of an LDAP schema which can be
used to support administration of a Kerberos KDC. Producing such
a schema is a chartered work item of the Kerberos Working Group.

In addition, while this document is not necessarily intended to
serve as a basis for KDC database design, it has been informed by
the design of several implementations, including some which are
able to use LDAP as a data store for the KDC database.

Personnel

The Document Shepherd for this document is Jeffrey Hutzelman.
The responsible Area Director is Stephen Farrell. 

RFC Editor Notes
 
1. in the abstract, expand the acronym KDC

OLD:

   a kerberos 5 KDC

NEW: 

   a kerberos 5 Key Distribution Center (KDC)

2. Use upper case "K" for Kerberos consistently
   throughout when the term Kerberos is used.
   The only exceptions I see are in draft 
   file names.

OLD:

   kerberos

NEW:

   Kerberos


3. Introduction, 1st paragraph, Don't refer to 4120 as a "standard"

OLD:

   The Kerberos version 5 authentication service described in [RFC4120]
   describes how a Key Distribution Center (KDC) provides authentication
   to clients.  The standard does not stipulate how a KDC is managed and

NEW:

   The Kerberos version 5 authentication service described in [RFC4120]
   describes how a Key Distribution Center (KDC) provides authentication
   to clients.  RFC 4120 does not stipulate how a KDC is managed and

4. 4.2.2, re-word

OLD:

   To each KeySet MUST be associated a set of 1 or more Keys.

NEW:

   Each KeySet MUST be associated with a set of 1 or more Keys.


5. 4.3, re-word

OLD:

   Implementations of this model MUST NOT REQUIRE keys to be
   represented.

NEW:

   Implementations of this model MUST NOT force keys to be
   represented. That is, a schema that REQUIRED a key to be
   present would not meet this constraint.

6. 4.2.1.1, typo

OLD:

   incremembed

NEW: 

   incremented


7. add a reference to 4.3.1.5 and 4.3.1.6 

OLD:

4.3.1.5. keyNotUsedBefore


   This key MUST NOT be used before this date.  The syntax of the
   attribute MUST be semantically equivalent with the standard ISO date
   format.  This MUST be a single-valued attribute.

4.3.1.6. keyNotUsedAfter


   This key MUST NOT be used after this date.  The syntax of the
   attribute MUST be semantically equivalent with the standard ISO date
   format. This MUST be a single-valued attribute.

NEW:

4.3.1.5. keyNotUsedBefore


   This key MUST NOT be used before this date.  The syntax of the
   attribute MUST be semantically equivalent with the standard ISO date
   format. [RFC3339]  This MUST be a single-valued attribute.

4.3.1.6. keyNotUsedAfter


   This key MUST NOT be used after this date.  The syntax of the
   attribute MUST be semantically equivalent with the standard ISO date
   format. [RFC3339]  This MUST be a single-valued attribute.


8. Add RFC 3339 as a normative reference to 9.1

NEW: 

   [RFC3339]          Klyne, G., Ed. and C. Newman, "Date and Time on
                      the Internet: Timestamps", RFC 3339, July 2002.