draft-ietf-kitten-gssapi-domain-based-names-05.txt   draft-ietf-kitten-gssapi-domain-based-names-06.txt 
NETWORK WORKING GROUP N. Williams NETWORK WORKING GROUP N. Williams
Internet-Draft Sun Internet-Draft Sun
Expires: June 23, 2008 A. Melnikov Expires: July 27, 2008 A. Melnikov
Isode Ltd. Isode Ltd.
December 21, 2007 January 24, 2008
GSS-API Internationalization and Domain-Based Service Names and Name GSS-API Internationalization and Domain-Based Service Names and Name
Type Type
draft-ietf-kitten-gssapi-domain-based-names-05.txt draft-ietf-kitten-gssapi-domain-based-names-06.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 36 skipping to change at page 1, line 36
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 23, 2008. This Internet-Draft will expire on July 27, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This document describes domainname-based service principal names and This document describes domainname-based service principal names and
the corresponding name type for the Generic Security Service the corresponding name type for the Generic Security Service
Application Programming Interface (GSS-API). Internationalization of Application Programming Interface (GSS-API). Internationalization of
the GSS-API is also covered. the GSS-API is also covered.
Domain-based service names are similar to host-based service names, Domain-based service names are similar to host-based service names,
but using a domain name (not necessarily an Internet domain name) in but using a domain name (not necessarily an Internet domain name) in
skipping to change at page 5, line 9 skipping to change at page 5, line 9
Note that domain-based naming isn't new. According to a report to Note that domain-based naming isn't new. According to a report to
the KITTEN WG mailing list there exists at least one implementation the KITTEN WG mailing list there exists at least one implementation
of LDAP which uses domain-based service naming, and the DIGEST-MD5 of LDAP which uses domain-based service naming, and the DIGEST-MD5
HTTP/SASL mechanism [RFC2831] describes a similar notion (see section HTTP/SASL mechanism [RFC2831] describes a similar notion (see section
2.1.2, description of the "serv-name" field of the digest-response). 2.1.2, description of the "serv-name" field of the digest-response).
3. IANA Considerations 3. IANA Considerations
3.1. Name Type OID and Symbolic Name 3.1. Name Type OID and Symbolic Name
IANA is requested to assign a new OID for the new GSS-API name type This document creates a new GSS-API name-type, with a symbol name of
defined in this document. This OID should have the following prefix: "GSS_C_NT_DOMAINBASED_SERVICE" and this OID:
{iso(1) org(3) dod(6) internet(1) security(5) nametypes(6) gss- {iso(1) org(3) dod(6) internet(1) security(5) nametypes(6) gss-
domain-based(5)} domain-based(5)}
The recommended symbolic name for this GSS-API name type is allocated manually with RFC2743 as the authoritative "registry" --
"GSS_C_NT_DOMAINBASED_SERVICE". there is no IANA registry for GSS-API name types at this time.
Therefore there are no IANA considerations in this document.
4. Query and Display Syntaxes 4. Query and Display Syntaxes
There is a single name syntax for domain-based names. It is There is a single name syntax for domain-based names. It is
expressed using the ABNF [RFC4234]. expressed using the ABNF [RFC4234].
The syntax is: The syntax is:
domain-based-name = domain-based-name =
service "@" domain "@" hostname service "@" domain "@" hostname
hostname = hostname =
domain domain
domain domain =
sub-domain 1*("." sub-domain) sub-domain 1*("." sub-domain)
sub-domain sub-domain =
Let-dig [Ldh-str] Let-dig [Ldh-str]
Let-dig Let-dig =
ALPHA / DIGIT ALPHA / DIGIT
Ldh-str Ldh-str =
*( ALPHA / DIGIT / "-" ) Let-dig *( ALPHA / DIGIT / "-" ) Let-dig
Where <service> is defined in Section 4.1 of [RFC2743]. Other rules Where <service> is defined in Section 4.1 of [RFC2743]. Other rules
not defined above are defined in Appendix B.1 of [RFC4234]. not defined above are defined in Appendix B.1 of [RFC4234].
4.1. Examples of domain-based names 4.1. Examples of domain-based names
These examples are not normative: These examples are not normative:
skipping to change at page 7, line 19 skipping to change at page 7, line 19
ACE-encoded DNS in the non-internationalized interfaces [RFC3490]. ACE-encoded DNS in the non-internationalized interfaces [RFC3490].
5.1. Importing internationalized names 5.1. Importing internationalized names
When the input_name_type parameter is the When the input_name_type parameter is the
GSS_C_NT_DOMAINBASED_SERVICE OID then GSS_Import_name() GSS_C_NT_DOMAINBASED_SERVICE OID then GSS_Import_name()
implementations and GSS-API mechanisms MUST accept ACE-encoded implementations and GSS-API mechanisms MUST accept ACE-encoded
internationalized domain names in the hostname and domain name slots internationalized domain names in the hostname and domain name slots
of the given domain-based name string. of the given domain-based name string.
Support for non-ASCII internationalized domain names SHOULD be Support for non-ASCII internationalized domain names SHOULD also be
provided through a new function, GSS_Import_name_utf8(), that provided through a new function, GSS_Import_name_utf8(), that
operates exactly like GSS_Import_name(), except that it MUST accept operates exactly like GSS_Import_name() (with the same input and
output parameters and behaviour), except that it MUST accept
internationalized domain names both, as UTF-8 strings and as ACE- internationalized domain names both, as UTF-8 strings and as ACE-
encoded strings via its input_name_string argument. encoded strings via its input_name_string argument.
5.2. Displaying internationalized names 5.2. Displaying internationalized names
Implementations of GSS_Display_name() MUST only output US-ASCII or Implementations of GSS_Display_name() MUST only output US-ASCII or
ACE-encoded internationalized domain names in the hostname and domain ACE-encoded internationalized domain names in the hostname and domain
name slots of domain-based names (or mechanism names (MN) that name slots of domain-based names (or mechanism names (MN) that
conform to the mechanism's form for domain-based names). conform to the mechanism's form for domain-based names).
Support for non-ASCII internationalized domain names SHOULD be Support for non-ASCII internationalized domain names SHOULD also be
provided through a new function, GSS_Display_name_utf8(), that provided through a new function, GSS_Display_name_utf8(), that
operates exactly like GSS_Display_name(), except that it outputs operates exactly like GSS_Display_name() (with the same input and
UTF-8 strings via its name_string output argument. output parameters and behaviour), except that it outputs UTF-8
GSS_Display_name_utf8() MUST NOT output ACE-encoded internationalized strings via its name_string output argument. GSS_Display_name_utf8()
domain names. MUST NOT output ACE-encoded internationalized domain names.
6. Application protocol examples 6. Application protocol examples
The following examples are not normative. They describe how the The following examples are not normative. They describe how the
author envisions two applications' use of domain-based names. author envisions two applications' use of domain-based names.
6.1. NFSv4 domain-wide namespace root server discovery 6.1. NFSv4 domain-wide namespace root server discovery
Work is ongoing to provide a method for constructing domain-wide Work is ongoing to provide a method for constructing domain-wide
NFSv4 [RFC3530] filesystem namespaces where there is a single "root" NFSv4 [RFC3530] filesystem namespaces where there is a single "root"
skipping to change at page 13, line 7 skipping to change at page 13, line 7
Isode Ltd. Isode Ltd.
5 Castle Business Village, 5 Castle Business Village,
36 Station Road 36 Station Road
Hampton, Middlesex TW12 2BX Hampton, Middlesex TW12 2BX
United Kingdom United Kingdom
Email: Alexey.Melnikov@isode.com Email: Alexey.Melnikov@isode.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
 End of changes. 16 change blocks. 
21 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/