Minutes for the LDAPEXT working group ACTION SUMMARY: - chairs: add caching and triggered search to charter, issue IETF last calls on dynamic entries and caching drafts, and issue WG last calls on updated drafts for referral maintenance, language tags and Start TLS when available. - Ellen Stokes: produce draft on transactions and update draft on access control requirements. - Mark Wahl: update drafts on recommended auth. methods and language tags. - Tim Howes: update draft on referral maintenance. - Jeff Hodges: update draft on Start TLS. - Pat Richard: produce draft on signing information control. 1. Agenda review Partition management and transactions were proposed for discussion as potential additions to the charter. Discussion of recommended authentication methods and access control requirements were moved up in the agenda, in case the group ran out of time. C/Java APIs and Dynamic Attributes drafts were not discussed at the meeting. 2. Charter review 2.1. Caching As there was a draft already near completion, the use of a ttl attribute for caching was agreed to be added to the charter. See item 5 below for more about this caching draft. ACTION (chairs): add "caching" to charter. 2.2. Persistent or triggered search There were two proposals made for a design by which an LDAP server could, if requested, asynchronously notify a connected client that entries had been added to the directory. These proposals are documented in: draft-smith-ldap-psearch-00 (Mark Smith et al) draft-wahl-ldapv3-trigger-00 (Mark Wahl) The group discussed whether: - this was a different concept than replication, - a general event service could be used instead, and - it was necessary for the client to have a connection. Concensus was reached that this topic should be added to the charter of the working group. ACTION (chairs): add "persistent or triggered search" to charter. Discussion of the details of the two proposals should be done on the working group mailing list. 2.3. Normalized match Jeff Hodges proposed a need for having new matching rules for attributes whose values contain human-readable strings, in particular names. These rules would allow the server to better support comparison of names containing non-ASCII characters. A BOF for a new working group "lessor" was held at the IETF, to develop a framework for registering matching rules to be used in application servers which support filtering on string-based attributes. These would include LDAP servers, as well as IMAP and ACAP servers. At this meeting, concenus of the group was that this item was not to be added to the charter. 2.4. Partition management Russel Weiser proposed the addition of LDAP server partition management to the working group charter. Partition management would include topics such as the moving of whole subtrees of entries between servers, support for backlinks, and the impacts on access control of administrative areas which cross server boundaries. At this meeting, concensus of the group was that this item was not to be added to the charter. 2.5. Transactions Sanjay Jain proposed the addition of Transactions to the working group charter. Ellen Stokes said that she and others had been identifying requirements for transactions in LDAP, and would produce a draft for the group to review. ACTION (Ellen Stokes): produce draft on transaction requirements. 3. Recommended authentication methods The core LDAP protocol document, RFC 2251, includes an IESG note that implementations may not interoperate with a secure authentication mechanism as there is no mandatory-to-implement security mechanism provided in the document. Mark Wahl described the planned changes to the document draft-ietf-ldapext-authmeth: 1 Fix error in description of CRAM-MD5 and make it a MANDATORY SASL mechanism for implementations 2 Improve description of TLS certificate-based authentication and make EXTERNAL a RECOMMENDED SASL mechanism 3 Add description of simple (password based) inside of a TLS encrypted connection and make it a RECOMMENDED method With the publication of an RFC with these statements, it is expected the IESG restriction on the LDAP protocol could be removed. This draft references draft-ietf-asid-ldapv3-tls-02 draft for the definition of how TLS is used in LDAP. That draft can now move forward as TLS has been approved by the IESG. ACTION (Mark Wahl): send updated draft on authentication methods to the list. 4. Dynamic Entries Yoram Yaacovi reviewed the recent comments seen on the mailing list regarding draft-ietf-asid-ldapv3-dynamic-07, which has completed working group last call. These were: - whether to use an extended operation or a Modify request - whether to have a dynamicObject object class A mapping of the extended operation onto a DAP Modify request could be documented. Yoram also noted that he would in the future produce a draft on dynamic non-leaf objects. The consensus of the working group meeting was that the document should be sent to the IESG to become a Proposed Standard RFC. ACTION (chairs): initiate IETF last call on this document. 5. Caching The consensus of the working group meeting was that the document draft-ietf-asid-ldap-cache-01, which had completed working group last call, should be sent to the IESG to become a Proposed Standard RFC. ACTION (chairs): initiate IETF last call on this document. 6. Sorting As the author was not present at the meeting, discussion of the sorting document was deferred to the mailing list. 7. Referrals and knowledge maintenance Mark Wahl and Tim Howes summarized the document draft-ietf-asid-ldapv3-referral-00 on representing LDAP knowledge in the directory. There was a minor error which would need to be corrected in a revised draft before it could be sent to the IESG. There had also been a request from the mailing list to document the relationship between the LDAP referral knowledge model and the X.500 knowledge model, and a request at the meeting to be able to indicate whether a referral is to a master or shadow copy of data. The consensus of the working group meeting was than an updated draft should become a standards-track RFC. ACTION (Tim Howes): produce updated draft, ACTION (chairs): initiate working group last call. 8. Use of language tags Mark Wahl summarized the proposed changes to the document draft-ietf-asid-ldapv3-lang-02, in particular the removal of the preferred language indication control. The consensus of the working group meeting was that an updated draft should become a standards-track RFC. ACTION (Mark Wahl): produce updated draft, ACTION (chairs): initiate working group last call. 9. Start TLS Jeff Hodges discussed the proposed changes to the document draft-ietf-asid-ldapv3-tls-02. The consensus of the working group meeting was than an updated draft should become a standards-track RFC. ACTION (Jeff Hodges): produce updated draft, ACTION (chairs): initiate working group last call. 10. Signed information control Pat Richard made a presentation of the proposal for a signed information control, which would allow an LDAP server to return a digital signature associated with an LDAP result. A document describing this proposal will be produced and circulated to the list. ACTION (Pat Richard): send draft to the list. 11. Paging and scrolling There are two documents on search result paging and scrolling. draft-ietf-asid-ldapv3-simplepaged-01 allows the client to request that the server return search results in pages, but does not allow the client to scroll forward and backward in the result set. draft-ietf-ldapext-ldapv3-vlv-00 allows the client to move to arbitrary locations in the result, but requires that the server sort results. Further discussion of these documents will occur on the list. 12. Access control requirements Ellen Stokes said that she had received several comments on the document draft-stokes-ldapext-acl-reqts-00. ACTION (Ellen Stokes): send an updated draft to the list. The next meeting will be held at the IETF in March 1998.