Network Working Group K. Zeilenga
Request for Comments: 4530 OpenLDAP Foundation
Category: Standards Track June 2006
Network Working Group K. Zeilenga
Request for Comments: 4530 OpenLDAP Foundation
Category: Standards Track June 2006
Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
轻量级目录访问协议(LDAP)entryUUID操作属性
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This document describes the LDAP/X.500 'entryUUID' operational attribute and associated matching rules and syntax. The attribute holds a server-assigned Universally Unique Identifier (UUID) for the object. Directory clients may use this attribute to distinguish objects identified by a distinguished name or to locate an object after renaming.
本文档描述LDAP/X.500“entryUUID”操作属性以及相关的匹配规则和语法。该属性保存服务器为对象分配的通用唯一标识符(UUID)。目录客户端可以使用此属性来区分由可分辨名称标识的对象,或者在重命名后定位对象。
Table of Contents
目录
1. Background and Intended Use .....................................2
2. UUID Schema Elements ............................................3
2.1. UUID Syntax ................................................3
2.2. 'uuidMatch' Matching Rule ..................................3
2.3. 'uuidOrderingMatch' Matching Rule ..........................3
2.4. 'entryUUID' Attribute ......................................4
3. Security Considerations .........................................4
4. IANA Considerations .............................................5
4.1. Object Identifier Registration .............................5
4.2. UUID Syntax Registration ...................................5
4.3. 'uuidMatch' Descriptor Registration ........................5
4.4. 'uuidOrderingMatch' Descriptor Registration ................5
4.5. 'entryUUID' Descriptor Registration ........................6
5. Acknowledgements ................................................6
6. References ......................................................6
6.1. Normative References .......................................6
6.2. Informative References .....................................7
1. Background and Intended Use .....................................2
2. UUID Schema Elements ............................................3
2.1. UUID Syntax ................................................3
2.2. 'uuidMatch' Matching Rule ..................................3
2.3. 'uuidOrderingMatch' Matching Rule ..........................3
2.4. 'entryUUID' Attribute ......................................4
3. Security Considerations .........................................4
4. IANA Considerations .............................................5
4.1. Object Identifier Registration .............................5
4.2. UUID Syntax Registration ...................................5
4.3. 'uuidMatch' Descriptor Registration ........................5
4.4. 'uuidOrderingMatch' Descriptor Registration ................5
4.5. 'entryUUID' Descriptor Registration ........................6
5. Acknowledgements ................................................6
6. References ......................................................6
6.1. Normative References .......................................6
6.2. Informative References .....................................7
In X.500 Directory Services [X.501], such as those accessible using the Lightweight Directory Access Protocol (LDAP) [RFC4510], an object is identified by its distinguished name (DN). However, DNs are not stable identifiers. That is, a new object may be identified by a DN that previously identified another (now renamed or deleted) object.
在X.500目录服务[X.501]中,例如使用轻量级目录访问协议(LDAP)[RFC4510]可访问的目录服务,对象由其可分辨名称(DN)标识。但是,DNs不是稳定的标识符。也就是说,一个新对象可以由以前标识另一个(现在重命名或删除)对象的DN标识。
A Universally Unique Identifier (UUID) is "an identifier unique across both space and time, with respect to the space of all UUIDs" [RFC4122]. UUIDs are used in a wide range of systems.
通用唯一标识符(UUID)是“相对于所有UUID的空间而言,在空间和时间上都是唯一的标识符”[RFC4122]。UUID广泛用于各种系统中。
This document describes the 'entryUUID' operational attribute, which holds the UUID assigned to the object by the server. Clients may use this attribute to distinguish objects identified by a particular distinguished name or to locate a particular object after renaming.
本文档描述了“entryUUID”操作属性,该属性保存服务器分配给对象的UUID。客户端可以使用此属性来区分由特定可分辨名称标识的对象,或者在重命名后定位特定对象。
This document defines the UUID syntax, the 'uuidMatch' and 'uuidOrderingMatch' matching rules, and the 'entryUUID' attribute type.
本文档定义了UUID语法、“uuidMatch”和“UUIDReringMatch”匹配规则以及“entryUUID”属性类型。
Schema definitions are provided using LDAP description formats [RFC4512]. Definitions provided here are formatted (line wrapped) for readability.
模式定义使用LDAP描述格式[RFC4512]提供。为了便于阅读,这里提供的定义是格式化的(换行)。
In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14 [RFC2119].
在本文件中,关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14[RFC2119]中的说明进行解释。
A Universally Unique Identifier (UUID) [RFC4122] is a 16-octet (128- bit) value that identifies an object. The ASN.1 [X.680] type UUID is defined to represent UUIDs as follows:
通用唯一标识符(UUID)[RFC4122]是标识对象的16个八位组(128位)的值。ASN.1[X.680]类型UUID定义为表示UUID,如下所示:
UUID ::= OCTET STRING (SIZE(16))
-- constrained to an UUID [RFC4122]
UUID ::= OCTET STRING (SIZE(16))
-- constrained to an UUID [RFC4122]
In LDAP, UUID values are encoded using the [ASCII] character string representation described in [RFC4122]. For example, "597ae2f6-16a6-1027-98f4-d28b5365dc14".
在LDAP中,UUID值使用[RFC4122]中描述的[ASCII]字符串表示进行编码。例如,“597ae2f6-16a6-1027-98f4-d28b5365dc14”。
The following is an LDAP syntax description suitable for publication in subschema subentries.
以下是适用于在子模式子条目中发布的LDAP语法描述。
( 1.3.6.1.1.16.1 DESC 'UUID' )
(1.3.6.1.1.16.1描述“UUID”)
The 'uuidMatch' matching rule compares an asserted UUID with a stored UUID for equality. Its semantics are the same as the 'octetStringMatch' [X.520][RFC4517] matching rule. The rule differs from 'octetStringMatch' in that the assertion value is encoded using the UUID string representation instead of the normal OCTET STRING string representation.
“uuidMatch”匹配规则比较断言的UUID与存储的UUID是否相等。其语义与“octetStringMatch”[X.520][RFC4517]匹配规则相同。该规则与“octetStringMatch”的不同之处在于,断言值是使用UUID字符串表示而不是普通的八位字节字符串表示进行编码的。
The following is an LDAP matching rule description suitable for publication in subschema subentries.
以下是适用于在子模式子条目中发布的LDAP匹配规则描述。
( 1.3.6.1.1.16.2 NAME 'uuidMatch' SYNTAX 1.3.6.1.1.16.1 )
(1.3.6.1.1.16.2名称“uuidMatch”语法1.3.6.1.1.16.1)
The 'uuidOrderingMatch' matching rule compares an asserted UUID with a stored UUID for ordering. Its semantics are the same as the 'octetStringOrderingMatch' [X.520][RFC4517] matching rule. The rule differs from 'octetStringOrderingMatch' in that the assertion value is encoded using the UUID string representation instead of the normal OCTET STRING string representation.
“uuidOrderingMatch”匹配规则将断言的UUID与存储的UUID进行比较以进行排序。其语义与“octetStringOrderingMatch”[X.520][RFC4517]匹配规则相同。该规则与“octetStringOrderingMatch”的不同之处在于,断言值是使用UUID字符串表示而不是普通的八进制字符串表示进行编码的。
The following is an LDAP matching rule description suitable for publication in subschema subentries.
以下是适用于在子模式子条目中发布的LDAP匹配规则描述。
( 1.3.6.1.1.16.3 NAME 'uuidOrderingMatch' SYNTAX 1.3.6.1.1.16.1 )
(1.3.6.1.1.16.3名称“UuiDreringMatch”语法1.3.6.1.1.16.1)
Note that not all UUID variants have a defined ordering; and even where it does, servers are not obligated to assign UUIDs in any particular order. This matching rule is provided for completeness.
注意,并非所有UUID变体都有定义的顺序;即使在有UUID的地方,服务器也没有义务按任何特定顺序分配UUID。提供此匹配规则是为了完整性。
The 'entryUUID' operational attribute provides the Universally Unique Identifier (UUID) assigned to the entry.
“entryUUID”操作属性提供分配给条目的通用唯一标识符(UUID)。
The following is an LDAP attribute type description suitable for publication in subschema subentries.
以下是适用于在子模式子条目中发布的LDAP属性类型描述。
( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
(1.3.6.1.1.16.4条目“EQUALITY uuidMatch ORDERING UUIDRingMatch SYNTAX 1.3.6.1.1.16.1单值无用户修改使用目录操作”的名称“entryUUID”DESC“UUID”)
Servers SHALL generate and assign a new UUID to each entry upon its addition to the directory and provide that UUID as the value of the 'entryUUID' operational attribute. An entry's UUID is immutable.
服务器应在将每个条目添加到目录中时为其生成并分配一个新的UUID,并将该UUID作为“entryUUID”操作属性的值提供。条目的UUID是不可变的。
UUID are to be generated in accordance with Section 4 of [RFC4122]. In particular, servers MUST ensure that each generated UUID is unique in space and time.
UUID将根据[RFC4122]第4节生成。特别是,服务器必须确保生成的每个UUID在空间和时间上都是唯一的。
An entry's relative distinguish name (RDN) is composed from attribute values of the entry, which are commonly descriptive of the object the entry represents. Although deployers are encouraged to use naming attributes whose values are widely disclosable [RFC4514], entries are often named using information that cannot be disclosed to all parties. As UUIDs do not contain any descriptive information of the object they identify, UUIDs may be used to identify a particular entry without disclosure of its contents.
条目的相对区分名称(RDN)由条目的属性值组成,这些属性值通常描述条目所代表的对象。尽管鼓励部署人员使用其值可广泛披露的命名属性[RFC4514],但条目的命名通常使用无法向各方披露的信息。由于UUID不包含其标识的对象的任何描述性信息,因此UUID可用于标识特定条目,而无需披露其内容。
General UUID security considerations [RFC4122] apply.
一般UUID安全注意事项[RFC4122]适用。
General LDAP security considerations [RFC4510] apply.
一般LDAP安全注意事项[RFC4510]适用。
The IANA has registered the LDAP values [RFC4520] specified in this document.
IANA已注册本文档中指定的LDAP值[RFC4520]。
Subject: Request for LDAP OID Registration
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Specification: RFC 4530
Author/Change Controller: IESG
Comments:
Identifies the UUID schema elements
Subject: Request for LDAP OID Registration
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Specification: RFC 4530
Author/Change Controller: IESG
Comments:
Identifies the UUID schema elements
Subject: Request for LDAP Syntax Registration
Object Identifier: 1.3.6.1.1.16.1
Description: UUID
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Specification: RFC 4530
Author/Change Controller: IESG
Comments:
Identifies the UUID syntax
Subject: Request for LDAP Syntax Registration
Object Identifier: 1.3.6.1.1.16.1
Description: UUID
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Specification: RFC 4530
Author/Change Controller: IESG
Comments:
Identifies the UUID syntax
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): uuidMatch
Object Identifier: 1.3.6.1.1.16.2
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Matching Rule
Specification: RFC 4530
Author/Change Controller: IESG
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): uuidMatch
Object Identifier: 1.3.6.1.1.16.2
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Matching Rule
Specification: RFC 4530
Author/Change Controller: IESG
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): uuidOrderingMatch
Object Identifier: 1.3.6.1.1.16.3
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Matching Rule
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): uuidOrderingMatch
Object Identifier: 1.3.6.1.1.16.3
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Matching Rule
Specification: RFC 4530 Author/Change Controller: IESG
规格:RFC 4530作者/变更控制器:IESG
The IANA has registered the LDAP 'entryUUID' descriptor.
IANA已注册LDAP“entryUUID”描述符。
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): entryUUID
Object Identifier: 1.3.6.1.1.16.4
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Attribute Type
Specification: RFC 4530
Author/Change Controller: IESG
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): entryUUID
Object Identifier: 1.3.6.1.1.16.4
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Attribute Type
Specification: RFC 4530
Author/Change Controller: IESG
This document is based upon discussions in the LDAP Update and Duplication Protocols (LDUP) WG. Members of the LDAP Directorate provided review.
本文档基于LDAP更新和复制协议(LDUP)工作组中的讨论。LDAP董事会成员提供了审查。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
[RFC4122]Leach,P.,Mealling,M.和R.Salz,“通用唯一标识符(UUID)URN名称空间”,RFC 4122,2005年7月。
[RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006.
[RFC4510]Zeilenga,K.,Ed.“轻量级目录访问协议(LDAP):技术规范路线图”,RFC45102006年6月。
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Directory Information Models", RFC 4512, June 2006.
[RFC4512]Zeilenga,K.,“轻量级目录访问协议(LDAP):目录信息模型”,RFC4512,2006年6月。
[RFC4517] Legg, S., Ed., "Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules", RFC 4517, June 2006.
[RFC4517]Legg,S.,Ed.,“轻量级目录访问协议(LDAP):语法和匹配规则”,RFC4517,2006年6月。
[ASCII] Coded Character Set--7-bit American Standard Code for Information Interchange, ANSI X3.4-1986.
[ASCII]编码字符集——信息交换用7位美国标准代码,ANSI X3.4-1986。
[X.501] International Telecommunication Union - Telecommunication Standardization Sector, "The Directory -- Models," X.501(1993) (also ISO/IEC 9594- 2:1994).
[X.501]国际电信联盟-电信标准化部门,“目录——模型”,X.501(1993)(也指ISO/IEC 9594-2:1994)。
[X.520] International Telecommunication Union - Telecommunication Standardization Sector, "The Directory: Selected Attribute Types", X.520(1993) (also ISO/IEC 9594-6:1994).
[X.520]国际电信联盟-电信标准化部门,“目录:选定的属性类型”,X.520(1993)(也是ISO/IEC 9594-6:1994)。
[X.680] International Telecommunication Union - Telecommunication Standardization Sector, "Abstract Syntax Notation One (ASN.1) - Specification of Basic Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
[X.680]国际电信联盟-电信标准化部门,“抽象语法符号1(ASN.1)-基本符号规范”,X.680(2002)(也称ISO/IEC 8824-1:2002)。
[RFC4514] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names", RFC 4514, June 2006.
[RFC4514]Zeilenga,K.,Ed.“轻量级目录访问协议(LDAP):可分辨名称的字符串表示”,RFC4514,2006年6月。
[RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 4520, June 2006.
[RFC4520]Zeilenga,K.,“轻量级目录访问协议(LDAP)的互联网分配号码管理局(IANA)注意事项”,BCP 64,RFC 4520,2006年6月。
Author's Address
作者地址
Kurt D. Zeilenga OpenLDAP Foundation
库尔特D.Zeeliga OpenLDAP基金会
EMail: Kurt@OpenLDAP.org
EMail: Kurt@OpenLDAP.org
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。