Network Working Group                                           O. Lendl
Request for Comments: 5105                                       enum.at
Category: Standards Track                                  December 2007
        
Network Working Group                                           O. Lendl
Request for Comments: 5105                                       enum.at
Category: Standards Track                                  December 2007
        

ENUM Validation Token Format Definition

枚举验证令牌格式定义

Status of This Memo

关于下段备忘

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Abstract

摘要

An ENUM domain name is tightly coupled with the underlying E.164 number. The process of verifying whether the Registrant of an ENUM domain name is identical to the Assignee of the corresponding E.164 number is commonly called "validation". This document describes a signed XML data format -- the Validation Token -- with which Validation Entities can convey successful completion of a validation procedure in a secure fashion.

ENUM域名与基础E.164号紧密耦合。验证ENUM域名的注册人是否与相应E.164号码的受让人相同的过程通常称为“验证”。本文档描述了一种签名的XML数据格式——验证令牌——通过该格式,验证实体可以安全地传递验证过程的成功完成。

Table of Contents

目录

   1. Introduction ....................................................2
   2. Data Requirements ...............................................2
   3. Digital Signature ...............................................3
   4. Field Descriptions ..............................................4
      4.1. The <validation> Element ...................................4
      4.2. The <tokendata> Element ....................................5
   5. Examples ........................................................6
      5.1. Unsigned Token without Registrant Information ..............6
      5.2. Signed Token ...............................................6
   6. Formal Syntax ...................................................8
      6.1. Token Core Schema ..........................................9
      6.2. Token Data Schema .........................................10
   7. Other Applications of the Token Concept ........................12
   8. IANA Considerations ............................................12
   9. Security Considerations ........................................13
   10. Acknowledgements ..............................................14
   11. References ....................................................14
      11.1. Normative References .....................................14
      11.2. Informative References ...................................15
        
   1. Introduction ....................................................2
   2. Data Requirements ...............................................2
   3. Digital Signature ...............................................3
   4. Field Descriptions ..............................................4
      4.1. The <validation> Element ...................................4
      4.2. The <tokendata> Element ....................................5
   5. Examples ........................................................6
      5.1. Unsigned Token without Registrant Information ..............6
      5.2. Signed Token ...............................................6
   6. Formal Syntax ...................................................8
      6.1. Token Core Schema ..........................................9
      6.2. Token Data Schema .........................................10
   7. Other Applications of the Token Concept ........................12
   8. IANA Considerations ............................................12
   9. Security Considerations ........................................13
   10. Acknowledgements ..............................................14
   11. References ....................................................14
      11.1. Normative References .....................................14
      11.2. Informative References ...................................15
        
1. Introduction
1. 介绍

In the case where an ENUM (E.164 Number Mapping [1]) domain name corresponds to an existing E.164 number [2], the delegation of this domain needs to be authorized by the Assignee of the corresponding E.164 number. In the role model described in [15], the entity that performs this check is called the Validation Entity (VE).

如果ENUM(E.164编号映射[1])域名对应于现有E.164编号[2],则该域名的授权需要得到相应E.164编号受让人的授权。在[15]中描述的角色模型中,执行此检查的实体称为验证实体(VE)。

By conveying an ENUM Validation Token -- a signed XML document -- to the Registry, a VE certifies that delegation requirements have been met and are current.

通过将枚举验证令牌(一个签名的XML文档)传递到注册表,VE可以证明委托要求已经满足并且是最新的。

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[3]中所述进行解释。

2. Data Requirements
2. 数据要求

In this model, the Token is the only piece of data passed from the VE to the Registry. Therefore, the Token needs to contain at least as much information as the Registry requires to grant the delegation of the requested ENUM domain according to its registration policy. As such, the Registry will need confirmation that:

在此模型中,令牌是从VE传递到注册表的唯一数据块。因此,令牌至少需要包含注册中心根据其注册策略授予请求的枚举域的委派所需的信息。因此,登记处需要确认:

o the Token was created by an accredited VE,

o 该代币由经认证的VE创建,

o the Token's duration of validity conforms to the policy,

o 令牌的有效期符合策略,

o the validation procedure employed has met minimum requirements as set forth by policy,

o 所采用的验证程序符合政策规定的最低要求,

o and that the Token is protected against tampering and replay attacks.

o 并且令牌受到保护,不受篡改和重放攻击。

Beyond such mandatory information, the Token may optionally include number holder information, in particular, to simplify future revalidations.

除了这些强制性信息之外,令牌还可以选择性地包括号码持有者信息,特别是为了简化未来的重新验证。

For example, if initial validation requires the steps "Check the identity of the Registrant" and "Check the ownership of an E.164 number", then a later revalidation only needs to re-check the ownership as the identity of the Registrant does not change.

例如,如果初始验证需要“检查注册人的身份”和“检查E.164号码的所有权”步骤,那么以后的重新验证只需要重新检查所有权,因为注册人的身份没有改变。

As the Token will be included (see e.g., [16]) in XML-based Registry/ Registrar protocols like the Extensible Provisioning Protocol (EPP) [13], it is a natural choice to use XML to encode Validation Tokens.

由于令牌将包含在基于XML的注册表/注册器协议(如可扩展资源调配协议(EPP)[13]中(参见[16]),因此使用XML对验证令牌进行编码是一种自然选择。

3. Digital Signature
3. 数字签名

According to the architecture model the propriety of an ENUM delegation depends on the trust relationship between the Registry and the VE. In general, an untrusted link between the Registry and VE should be assumed (for instance, the Token is passed along with the registration request by a Registrar, who might have no role in asserting the right-to-use). Therefore, the Token must be protected against forgery, tampering, and replay-attacks.

根据体系结构模型,枚举委派的适当性取决于注册表和VE之间的信任关系。通常,应该假定注册表和VE之间存在不受信任的链接(例如,令牌与注册请求一起由注册者传递,注册者可能不参与声明使用权)。因此,必须保护令牌免受伪造、篡改和重放攻击。

A digital signature on the token:

令牌上的数字签名:

o asserts that the token was indeed generated by the indicated VE (authenticity).

o 断言令牌确实是由指示的VE(真实性)生成的。

o guarantees that the token was not tampered with in transit (integrity).

o 保证令牌在传输过程中未被篡改(完整性)。

o enables auditing the validation process (non-repudiation).

o 启用审核验证过程(不可否认性)。

The cryptographic signature on the token follows RFC 3275 (XML-DSIG [4]). As tokens might be transmitted as part of an already XML based protocol, the exclusive XML canonicalization [9] MUST be used. This transform guarantees that namespace declarations inherited from the surrounding XML do not invalidate the signature. In order to make the signature an integral part of the token, the "enveloped"-signature mode is employed. The signature covers all information contained in the Token.

令牌上的加密签名遵循RFC 3275(XML-DSIG[4])。由于令牌可能作为已经基于XML的协议的一部分进行传输,因此必须使用独占的XML规范化[9]。此转换确保从周围XML继承的命名空间声明不会使签名无效。为了使签名成为令牌不可分割的一部分,采用了“信封式”签名模式。签名覆盖令牌中包含的所有信息。

XML-DSIG offers a number of cryptographic algorithms for digesting and signing documents and recommends SHA1/RSA-SHA1. Recent advances in cryptanalysis have cast doubt on the security of SHA1, thus rendering this recommendation obsolete (see e.g., the Security Considerations of [14]). RFC 4051 [5] defines how additional algorithms can be used with XML-DSIG.

XML-DSIG提供了许多用于摘要和签名文档的加密算法,并推荐SHA1/RSA-SHA1。密码分析的最新进展使人们对SHA1的安全性产生了怀疑,从而使该建议过时(例如,参见[14]中的安全注意事项)。RFC 4051[5]定义了如何将其他算法用于XML-DSIG。

Validation Entities MUST be able to sign tokens according to XML-DSIG, MUST support RSA-SHA1 and RSA-SHA256 [5], MUST support RSA key sizes of 1024 and 2048 bits, and MUST be able to embed X.509 [10] certificates. The Registry MUST define which signature algorithms and key sizes it will accept in Validation Tokens as part of its local policy.

验证实体必须能够根据XML-DSIG对令牌进行签名,必须支持RSA-SHA1和RSA-SHA256[5],必须支持1024和2048位的RSA密钥大小,并且必须能够嵌入X.509[10]证书。作为本地策略的一部分,注册表必须定义它将在验证令牌中接受哪些签名算法和密钥大小。

The choice of a RSA-based signature does not require a public key infrastructure. Whether the Registry acts as a certification authority, accepts certs from a public certification authority, or only accepts pre-registered keys is a local policy choice.

选择基于RSA的签名不需要公钥基础结构。注册中心是充当证书颁发机构、接受来自公共证书颁发机构的证书,还是只接受预注册的密钥是本地策略的选择。

4. Field Descriptions
4. 字段描述

The Validation Token is structured into three parts: the basic validation information, additional information about the Registrant, and the digital signature. The XML schema can be found in Section 6.

验证令牌分为三部分:基本验证信息、关于注册人的附加信息和数字签名。XML模式可以在第6节中找到。

4.1. The <validation> Element
4.1. <validation>元素

A token MUST contain a <validation> element that contains the following:

令牌必须包含包含以下内容的<validation>元素:

o A single validation "serial" attribute identifying a validation token for a certain VE. It must be unique per VE.

o 单个验证“串行”属性,用于标识特定VE的验证令牌。它必须是唯一的。

o A single <E164Number> element containing the underlying E.164 number in fully qualified (international) format.

o 单个<E164Number>元素,包含完全限定(国际)格式的基础E.164编号。

o An optional <lastE164Number> element. If present, it indicates that the whole number block starting with <E164Number> up to and including <lastE164Number> has been validated. To avoid ambiguity, both numbers MUST be of the same length.

o 可选的<lastE164Number>元素。如果存在,则表示已验证从<E164Number>开始到<lasted164number>的整个数字块。为避免歧义,两个数字的长度必须相同。

o A single <validationEntityID> element identifying the VE.

o 标识VE的单个<validationEntityID>元素。

o A single <registrarID> element identifying the Registrar on whose behalf the validation was performed.

o 一个<registerid>元素,标识代表其执行验证的注册者。

o A single <methodID> element identifying the method used by the VE for validation.

o 单个<methodID>元素,标识VE用于验证的方法。

o A single <executionDate> attribute containing the date of validation formatted as "full-date" according to RFC 3339 [6].

o 根据RFC 3339[6],包含格式为“完整日期”的验证日期的单个<executionDate>属性。

o An optional <expirationDate> attribute marking the expiration date of the validation token formatted as "full-date" according to RFC 3339. The Registry will automatically revoke the delegation at this date unless a new Token has been submitted that extends the lifetime of the validation. A missing <expirationDate> indicates infinite validity of the Token.

o 一个可选的<expirationDate>属性,用于标记根据RFC 3339格式化为“完整日期”的验证令牌的过期日期。除非提交了延长验证生命周期的新令牌,否则注册表将在此日期自动撤销委托。缺少<expirationDate>表示令牌的无限有效性。

The format and the uniqueness-constraints of these IDs is left to the local policy of the Registry.

这些ID的格式和唯一性约束由注册表的本地策略决定。

4.2. The <tokendata> Element
4.2. <tokendata>元素

A token may contain a <tokendata> section containing information about the number holder, consisting of the following elements:

令牌可能包含一个<tokendata>部分,其中包含有关号码持有者的信息,包括以下元素:

o A single <organization> element containing the full name of the organization to which the Registrant is affiliated.

o 包含注册人所属组织全名的单个<organization>元素。

o A single <commercialregisternumber> element. If the Registrant is a company, then this field can be used to uniquely identify this company by its official registration number within the local country. The interpretation of this field is thus country-specific.

o 单个<commercialregisternumber>元素。如果注册人是一家公司,则此字段可用于通过其在当地国家的官方注册号唯一标识该公司。因此,对这一领域的解释是针对具体国家的。

o A single <title> element.

o 单个<title>元素。

o A single <firstname> element.

o 单个<firstname>元素。

o A single <lastname> element.

o 单个<lastname>元素。

o A single <address> section containing the following elements: * A single optional <streetName> * A single optional <houseNumber> * A single optional <postalCode> * A single optional <locality> * A single optional <countyStateOrProvince> * A single optional <ISOcountryCode>

o 包含以下元素的单个<address>部分:*单个可选<streetName>*单个可选<houseNumber>*单个可选<postalCode>*单个可选<Location>*单个可选<CountyState或Province>*单个可选<IsoccountryCode>

o Up to 10 <phone> elements containing full E.164 numbers.

o 最多10个<phone>元素包含完整的E.164号码。

o Up to 10 <fax> elements containing full E.164 numbers.

o 最多10个<fax>元素,包含完整的E.164编号。

o Up to 10 <email> elements.

o 最多10个<email>元素。

All elements directly under <tokendata> are optional. The <ISOcountryCode> element specifies the country using the alpha-2 country code from ISO 3166-1:2006 [11] (including updates published by the 3166 Maintenance Agency). The definition of the first five elements within the <address> element conforms to the second version of the E.115 Computerized Directory Assistance [17].

<tokendata>下的所有元素都是可选的。<ISOcountryCode>元素指定使用ISO 3166-1:2006[11]中的alpha-2国家代码(包括3166维护机构发布的更新)的国家。<address>元素中前五个元素的定义符合E.115计算机化目录辅助的第二个版本[17]。

5. Examples
5. 例子
5.1. Unsigned Token without Registrant Information
5.1. 无注册人信息的未签名令牌

This basic Token without any information about the Registrant and without the cryptographic signature shows the basic layout of the Token.

此基本令牌没有关于注册人的任何信息,也没有加密签名,显示令牌的基本布局。

   <?xml version="1.0" encoding="utf-8" standalone="no" ?>
   <token xmlns="urn:ietf:params:xml:ns:enum-token-1.0" Id="TOKEN"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation=
    "urn:ietf:params:xml:ns:enum-token-1.0 enum-token-1.0.xsd">
     <validation serial="acmeve-000002">
       <E164Number>+442079460200</E164Number>
       <lastE164Number>+442079460499</lastE164Number>
       <validationEntityID>ACME-VE</validationEntityID>
       <registrarID>reg-4711</registrarID>
       <methodID>42</methodID>
       <executionDate>2007-05-08</executionDate>
       <expirationDate>2007-11-01</expirationDate>
     </validation>
   </token>
        
   <?xml version="1.0" encoding="utf-8" standalone="no" ?>
   <token xmlns="urn:ietf:params:xml:ns:enum-token-1.0" Id="TOKEN"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation=
    "urn:ietf:params:xml:ns:enum-token-1.0 enum-token-1.0.xsd">
     <validation serial="acmeve-000002">
       <E164Number>+442079460200</E164Number>
       <lastE164Number>+442079460499</lastE164Number>
       <validationEntityID>ACME-VE</validationEntityID>
       <registrarID>reg-4711</registrarID>
       <methodID>42</methodID>
       <executionDate>2007-05-08</executionDate>
       <expirationDate>2007-11-01</expirationDate>
     </validation>
   </token>
        
5.2. Signed Token
5.2. 签名令牌

This example uses an X.509 based signature that includes the certificate of the signing validation entity. Thus, the validity of the signature can be verified without the need for a key-server. A valid signature is a necessary, but not sufficient, condition for a valid Token. Any entity evaluating a Token needs to check other factors as well, e.g., the certificate and the XML schema.

此示例使用基于X.509的签名,该签名包括签名验证实体的证书。因此,可以在不需要密钥服务器的情况下验证签名的有效性。有效签名是有效令牌的必要条件,但不是充分条件。任何评估令牌的实体都需要检查其他因素,例如证书和XML模式。

<?xml version="1.0" encoding="utf-8" standalone="no" ?>
<token xmlns="urn:ietf:params:xml:ns:enum-token-1.0" Id="TOKEN"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation=
 "urn:ietf:params:xml:ns:enum-token-1.0 enum-token-1.0.xsd">
  <validation serial="acmeve-000001">
    <E164Number>+442079460123</E164Number>
    <validationEntityID>ACME-VE</validationEntityID>
    <registrarID>reg-4711</registrarID>
    <methodID>42</methodID>
    <executionDate>2007-05-08</executionDate>
  </validation>
  <tokendata xmlns="urn:ietf:params:xml:ns:enum-tokendata-1.0"
   xsi:schemaLocation=
   "urn:ietf:params:xml:ns:enum-tokendata-1.0 enum-tokendata-1.0.xsd">
        
<?xml version="1.0" encoding="utf-8" standalone="no" ?>
<token xmlns="urn:ietf:params:xml:ns:enum-token-1.0" Id="TOKEN"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation=
 "urn:ietf:params:xml:ns:enum-token-1.0 enum-token-1.0.xsd">
  <validation serial="acmeve-000001">
    <E164Number>+442079460123</E164Number>
    <validationEntityID>ACME-VE</validationEntityID>
    <registrarID>reg-4711</registrarID>
    <methodID>42</methodID>
    <executionDate>2007-05-08</executionDate>
  </validation>
  <tokendata xmlns="urn:ietf:params:xml:ns:enum-tokendata-1.0"
   xsi:schemaLocation=
   "urn:ietf:params:xml:ns:enum-tokendata-1.0 enum-tokendata-1.0.xsd">
        
    <contact>
      <organisation>Example Inc.</organisation>
      <commercialregisternumber>4711</commercialregisternumber>
      <title>Dr.</title>
      <firstname>Max</firstname>
      <lastname>Mustermann</lastname>
      <address>
        <streetName>Main</streetName>
        <houseNumber>10</houseNumber>
        <postalCode>1010</postalCode>
        <locality>London</locality>
        <countyStateOrProvince>London</countyStateOrProvince>
        <ISOcountryCode>GB</ISOcountryCode>
      </address>
      <phone>+442079460123</phone>
      <email>mm@example.com</email>
    </contact>
  </tokendata>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod
       Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <SignatureMethod
       Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
      <Reference URI="#TOKEN">
        <Transforms>
          <Transform Algorithm=
           "http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <Transform
           Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <InclusiveNamespaces
             xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
             PrefixList="enum-token enum-tokendata"/>
          </Transform>
        </Transforms>
        <DigestMethod
         Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <DigestValue
        >VxqsBxSNPFwPAUlCHts3g3DehcexnB1dqUz+GypLZ0k=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>
QKqphKRNPokVZFbenje+HZZV+RLrNweGnlWBw7ngAtH+rtuslR8LhMLmC4DlBb9V
HvKItl+7zLGm3VgYsqfHH8q3jCl1mFxUIuLlIPqtpJs+xAHAJDzZ+vmsF/q2IgrS
K0uMmKuU5V1gydDBOvIipcJx+PrPYyXYZSjQXkWknK8=</SignatureValue>
  <KeyInfo>
<X509Data>
<X509Certificate>
        
    <contact>
      <organisation>Example Inc.</organisation>
      <commercialregisternumber>4711</commercialregisternumber>
      <title>Dr.</title>
      <firstname>Max</firstname>
      <lastname>Mustermann</lastname>
      <address>
        <streetName>Main</streetName>
        <houseNumber>10</houseNumber>
        <postalCode>1010</postalCode>
        <locality>London</locality>
        <countyStateOrProvince>London</countyStateOrProvince>
        <ISOcountryCode>GB</ISOcountryCode>
      </address>
      <phone>+442079460123</phone>
      <email>mm@example.com</email>
    </contact>
  </tokendata>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod
       Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <SignatureMethod
       Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
      <Reference URI="#TOKEN">
        <Transforms>
          <Transform Algorithm=
           "http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <Transform
           Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <InclusiveNamespaces
             xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
             PrefixList="enum-token enum-tokendata"/>
          </Transform>
        </Transforms>
        <DigestMethod
         Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <DigestValue
        >VxqsBxSNPFwPAUlCHts3g3DehcexnB1dqUz+GypLZ0k=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>
QKqphKRNPokVZFbenje+HZZV+RLrNweGnlWBw7ngAtH+rtuslR8LhMLmC4DlBb9V
HvKItl+7zLGm3VgYsqfHH8q3jCl1mFxUIuLlIPqtpJs+xAHAJDzZ+vmsF/q2IgrS
K0uMmKuU5V1gydDBOvIipcJx+PrPYyXYZSjQXkWknK8=</SignatureValue>
  <KeyInfo>
<X509Data>
<X509Certificate>
        
MIIDZjCCAs+gAwIBAgIBBDANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJBVDEP
MA0GA1UEBxMGVmllbm5hMRQwEgYDVQQKEwtCT0ZIIENlcnRzLjEbMBkGA1UEAxMS
Q0VSVFMuYm9maC5wcml2LmF0MSEwHwYJKoZIhvcNAQkBFhJjZXJ0c0Bib2ZoLnBy
aXYuYXQwHhcNMDQwNzIwMTMxNTA5WhcNMDUwNzIwMTMxNTA5WjB/MQswCQYDVQQG
EwJBVDEKMAgGA1UECBMBLTEPMA0GA1UEBxMGVmllbm5hMR0wGwYDVQQKExRBY21l
IEVOVU0gVmFsaWRhdGlvbjEQMA4GA1UEAxMHYWNtZS1WRTEiMCAGCSqGSIb3DQEJ
ARYTbm9ib2R5QGVudW0tYWNtZS5hdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEArJPcjMFc54/zwztSdQXGxUtodJT9r1qGI2lQPNjLvtPJg93+7o5SIOsZGSpg
zWbztDAV5qc7PHZWUVIyf6MbM5qSgQDVrjNRhTosNtyqmwi23BH52SKkX3P7eGit
LmqEkiUZRxZhZ6upRbtcqvKSwmXitvW4zXZhkVHYJZ2HuMcCAwEAAaOB/DCB+TAJ
BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
aWZpY2F0ZTAdBgNVHQ4EFgQUyK4otTQtvv6KdSlMBOPT5Ve18JgwgZ4GA1UdIwSB
ljCBk4AUvfPadpm0HhmZx2iAVumQTwgnG2eheKR2MHQxCzAJBgNVBAYTAkFUMQ8w
DQYDVQQHEwZWaWVubmExFDASBgNVBAoTC0JPRkggQ2VydHMuMRswGQYDVQQDExJD
RVJUUy5ib2ZoLnByaXYuYXQxITAfBgkqhkiG9w0BCQEWEmNlcnRzQGJvZmgucHJp
di5hdIIBADANBgkqhkiG9w0BAQQFAAOBgQCB9CHBnIUhrdic4h5Ar4hdxjHSQkDH
sJWd+MYrNcuSrv3TIOsUkUgNpNNhmkZPtiXqfy3388IRdJtJiLWXSOb/XlZHOM9I
MvwKYwhcpQ9UdM/w7VpXQqf+CEj0XSyqxGw65UsHIOijgiG/WyhSj+Lzriw7CTge
P2iAJkJVC4t2XA==
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</token>
        
MIIDZjCCAs+gAwIBAgIBBDANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJBVDEP
MA0GA1UEBxMGVmllbm5hMRQwEgYDVQQKEwtCT0ZIIENlcnRzLjEbMBkGA1UEAxMS
Q0VSVFMuYm9maC5wcml2LmF0MSEwHwYJKoZIhvcNAQkBFhJjZXJ0c0Bib2ZoLnBy
aXYuYXQwHhcNMDQwNzIwMTMxNTA5WhcNMDUwNzIwMTMxNTA5WjB/MQswCQYDVQQG
EwJBVDEKMAgGA1UECBMBLTEPMA0GA1UEBxMGVmllbm5hMR0wGwYDVQQKExRBY21l
IEVOVU0gVmFsaWRhdGlvbjEQMA4GA1UEAxMHYWNtZS1WRTEiMCAGCSqGSIb3DQEJ
ARYTbm9ib2R5QGVudW0tYWNtZS5hdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEArJPcjMFc54/zwztSdQXGxUtodJT9r1qGI2lQPNjLvtPJg93+7o5SIOsZGSpg
zWbztDAV5qc7PHZWUVIyf6MbM5qSgQDVrjNRhTosNtyqmwi23BH52SKkX3P7eGit
LmqEkiUZRxZhZ6upRbtcqvKSwmXitvW4zXZhkVHYJZ2HuMcCAwEAAaOB/DCB+TAJ
BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
aWZpY2F0ZTAdBgNVHQ4EFgQUyK4otTQtvv6KdSlMBOPT5Ve18JgwgZ4GA1UdIwSB
ljCBk4AUvfPadpm0HhmZx2iAVumQTwgnG2eheKR2MHQxCzAJBgNVBAYTAkFUMQ8w
DQYDVQQHEwZWaWVubmExFDASBgNVBAoTC0JPRkggQ2VydHMuMRswGQYDVQQDExJD
RVJUUy5ib2ZoLnByaXYuYXQxITAfBgkqhkiG9w0BCQEWEmNlcnRzQGJvZmgucHJp
di5hdIIBADANBgkqhkiG9w0BAQQFAAOBgQCB9CHBnIUhrdic4h5Ar4hdxjHSQkDH
sJWd+MYrNcuSrv3TIOsUkUgNpNNhmkZPtiXqfy3388IRdJtJiLWXSOb/XlZHOM9I
MvwKYwhcpQ9UdM/w7VpXQqf+CEj0XSyqxGw65UsHIOijgiG/WyhSj+Lzriw7CTge
P2iAJkJVC4t2XA==
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</token>
        
6. Formal Syntax
6. 形式语法

The formal syntax of the validation token is specified using XML schema notation [7] [8]. Two schemas are defined: The "token core schema" contains mandatory attribute definitions, and the "token data schema" defines the format of the optional "tokendata" section. The BEGIN and END tags are not part of the schema; they are used to note the beginning and ending of the schema for URI registration purposes.

验证令牌的形式语法是使用XML模式表示法[7][8]指定的。定义了两个模式:“令牌核心模式”包含强制属性定义,“令牌数据模式”定义可选“令牌数据”部分的格式。开始和结束标记不是模式的一部分;它们用于记录模式的开始和结束,以便进行URI注册。

6.1. Token Core Schema
6.1. 令牌核心模式
   BEGIN
   <?xml version="1.0" encoding="UTF-8"?>
        
   BEGIN
   <?xml version="1.0" encoding="UTF-8"?>
        
   <schema targetNamespace="urn:ietf:params:xml:ns:enum-token-1.0"
     xmlns:enum-token="urn:ietf:params:xml:ns:enum-token-1.0"
     xmlns:enum-tokendata="urn:ietf:params:xml:ns:enum-tokendata-1.0"
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
     xmlns="http://www.w3.org/2001/XMLSchema"
     elementFormDefault="qualified">
        
   <schema targetNamespace="urn:ietf:params:xml:ns:enum-token-1.0"
     xmlns:enum-token="urn:ietf:params:xml:ns:enum-token-1.0"
     xmlns:enum-tokendata="urn:ietf:params:xml:ns:enum-tokendata-1.0"
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
     xmlns="http://www.w3.org/2001/XMLSchema"
     elementFormDefault="qualified">
        
   <!--  Import common element types.  -->
        
   <!--  Import common element types.  -->
        
     <import namespace="http://www.w3.org/2000/09/xmldsig#"
             schemaLocation="xmldsig-core-schema.xsd"/>
     <import namespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
             schemaLocation="enum-tokendata-1.0.xsd"/>
        
     <import namespace="http://www.w3.org/2000/09/xmldsig#"
             schemaLocation="xmldsig-core-schema.xsd"/>
     <import namespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
             schemaLocation="enum-tokendata-1.0.xsd"/>
        
     <annotation>
       <documentation>
         Validation Token core schema
       </documentation>
     </annotation>
        
     <annotation>
       <documentation>
         Validation Token core schema
       </documentation>
     </annotation>
        
     <element name="token" type="enum-token:tokenBaseType"/>
        
     <element name="token" type="enum-token:tokenBaseType"/>
        
     <simpleType name="shortTokenType">
       <restriction base="token">
         <minLength value="1"/>
         <maxLength value="20"/>
       </restriction>
     </simpleType>
        
     <simpleType name="shortTokenType">
       <restriction base="token">
         <minLength value="1"/>
         <maxLength value="20"/>
       </restriction>
     </simpleType>
        
     <simpleType name="e164numberType">
       <restriction base="token">
         <maxLength value="20"/>
         <pattern value="\+\d\d*"/>
       </restriction>
     </simpleType>
        
     <simpleType name="e164numberType">
       <restriction base="token">
         <maxLength value="20"/>
         <pattern value="\+\d\d*"/>
       </restriction>
     </simpleType>
        
     <complexType name="validationDataType">
       <sequence>
         <element name="E164Number"
                         type="enum-token:e164numberType"/>
         <element name="lastE164Number" minOccurs="0"
                         type="enum-token:e164numberType"/>
         <element name="validationEntityID"
        
     <complexType name="validationDataType">
       <sequence>
         <element name="E164Number"
                         type="enum-token:e164numberType"/>
         <element name="lastE164Number" minOccurs="0"
                         type="enum-token:e164numberType"/>
         <element name="validationEntityID"
        
                         type="enum-token:shortTokenType"/>
         <element name="registrarID"
                         type="enum-token:shortTokenType"/>
         <element name="methodID"
                         type="enum-token:shortTokenType"/>
         <element name="executionDate" type="date"/>
         <element name="expirationDate"
                         type="date" minOccurs="0"/>
       </sequence>
       <attribute name="serial" type="enum-token:shortTokenType"
        use="required"/>
     </complexType>
        
                         type="enum-token:shortTokenType"/>
         <element name="registrarID"
                         type="enum-token:shortTokenType"/>
         <element name="methodID"
                         type="enum-token:shortTokenType"/>
         <element name="executionDate" type="date"/>
         <element name="expirationDate"
                         type="date" minOccurs="0"/>
       </sequence>
       <attribute name="serial" type="enum-token:shortTokenType"
        use="required"/>
     </complexType>
        
     <complexType name="tokenBaseType">
       <sequence>
         <element name="validation"
          type="enum-token:validationDataType"/>
         <any namespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
          minOccurs="0"/>
         <any namespace="http://www.w3.org/2000/09/xmldsig#"/>
       </sequence>
       <attribute name="Id" type="ID" use="required"/>
     </complexType>
   </schema>
   END
        
     <complexType name="tokenBaseType">
       <sequence>
         <element name="validation"
          type="enum-token:validationDataType"/>
         <any namespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
          minOccurs="0"/>
         <any namespace="http://www.w3.org/2000/09/xmldsig#"/>
       </sequence>
       <attribute name="Id" type="ID" use="required"/>
     </complexType>
   </schema>
   END
        
6.2. Token Data Schema
6.2. 令牌数据模式
   BEGIN
   <?xml version="1.0" encoding="UTF-8"?>
        
   BEGIN
   <?xml version="1.0" encoding="UTF-8"?>
        
   <schema targetNamespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
     xmlns:enum-tokendata="urn:ietf:params:xml:ns:enum-tokendata-1.0"
     xmlns="http://www.w3.org/2001/XMLSchema"
     elementFormDefault="qualified">
        
   <schema targetNamespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
     xmlns:enum-tokendata="urn:ietf:params:xml:ns:enum-tokendata-1.0"
     xmlns="http://www.w3.org/2001/XMLSchema"
     elementFormDefault="qualified">
        
     <element name="tokendata" type="enum-tokendata:tokenDataType"/>
        
     <element name="tokendata" type="enum-tokendata:tokenDataType"/>
        
     <simpleType name="E115String">
       <restriction base="string">
    <pattern value="[&#x20;-&#x7A;&#xA0;-&#xD7FF;&#xE000;-&#xFFFD;]*"/>
       </restriction>
     </simpleType>
        
     <simpleType name="E115String">
       <restriction base="string">
    <pattern value="[&#x20;-&#x7A;&#xA0;-&#xD7FF;&#xE000;-&#xFFFD;]*"/>
       </restriction>
     </simpleType>
        
     <simpleType name="E115StringUb256">
       <restriction base="enum-tokendata:E115String">
         <minLength value="1"/>
         <maxLength value="256"/>
        
     <simpleType name="E115StringUb256">
       <restriction base="enum-tokendata:E115String">
         <minLength value="1"/>
         <maxLength value="256"/>
        
       </restriction>
     </simpleType>
        
       </restriction>
     </simpleType>
        
     <simpleType name="countryCodeType">
       <restriction base="token">
         <minLength value="2"/>
         <maxLength value="2"/>
       </restriction>
     </simpleType>
        
     <simpleType name="countryCodeType">
       <restriction base="token">
         <minLength value="2"/>
         <maxLength value="2"/>
       </restriction>
     </simpleType>
        
     <simpleType name="TokenType">
       <restriction base="token">
         <minLength value="1"/>
         <maxLength value="64"/>
       </restriction>
     </simpleType>
        
     <simpleType name="TokenType">
       <restriction base="token">
         <minLength value="1"/>
         <maxLength value="64"/>
       </restriction>
     </simpleType>
        
     <complexType name="addressType">
       <all>
         <element name="streetName"     minOccurs="0"
          type="enum-tokendata:E115StringUb256" />
         <element name="houseNumber"    minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="postalCode"     minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="locality"       minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="countyStateOrProvince" minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="ISOcountryCode" minOccurs="0"
          type="enum-tokendata:countryCodeType"/>
       </all>
     </complexType>
        
     <complexType name="addressType">
       <all>
         <element name="streetName"     minOccurs="0"
          type="enum-tokendata:E115StringUb256" />
         <element name="houseNumber"    minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="postalCode"     minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="locality"       minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="countyStateOrProvince" minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="ISOcountryCode" minOccurs="0"
          type="enum-tokendata:countryCodeType"/>
       </all>
     </complexType>
        
     <group name="tokenContactBaseGroup">
       <sequence>
         <element name="organisation"  minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="commercialregisternumber" minOccurs="0"
          type="enum-tokendata:TokenType"/>
         <element name="title"         minOccurs="0"
          type="enum-tokendata:TokenType"/>
         <element name="firstname"     minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="lastname"      minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="address"       minOccurs="0"
          type="enum-tokendata:addressType"/>
        
     <group name="tokenContactBaseGroup">
       <sequence>
         <element name="organisation"  minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="commercialregisternumber" minOccurs="0"
          type="enum-tokendata:TokenType"/>
         <element name="title"         minOccurs="0"
          type="enum-tokendata:TokenType"/>
         <element name="firstname"     minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="lastname"      minOccurs="0"
          type="enum-tokendata:E115StringUb256"/>
         <element name="address"       minOccurs="0"
          type="enum-tokendata:addressType"/>
        
         <element name="phone" type="enum-tokendata:TokenType"
          minOccurs="0" maxOccurs="10" />
         <element name="fax"   type="enum-tokendata:TokenType"
          minOccurs="0" maxOccurs="10" />
         <element name="email" type="enum-tokendata:TokenType"
          minOccurs="0" maxOccurs="10" />
       </sequence>
     </group>
        
         <element name="phone" type="enum-tokendata:TokenType"
          minOccurs="0" maxOccurs="10" />
         <element name="fax"   type="enum-tokendata:TokenType"
          minOccurs="0" maxOccurs="10" />
         <element name="email" type="enum-tokendata:TokenType"
          minOccurs="0" maxOccurs="10" />
       </sequence>
     </group>
        
     <complexType name="contactType">
       <sequence>
         <group ref="enum-tokendata:tokenContactBaseGroup"/>
       </sequence>
     </complexType>
        
     <complexType name="contactType">
       <sequence>
         <group ref="enum-tokendata:tokenContactBaseGroup"/>
       </sequence>
     </complexType>
        
     <complexType name="tokenDataType">
       <sequence>
         <element name="contact" type="enum-tokendata:contactType"/>
       </sequence>
     </complexType>
        
     <complexType name="tokenDataType">
       <sequence>
         <element name="contact" type="enum-tokendata:contactType"/>
       </sequence>
     </complexType>
        

</schema> END

</schema>END

7. Other Applications of the Token Concept
7. 令牌概念的其他应用

The concept of the validation token may be useful in other registry-type applications where the proof of an underlying right is a condition for a valid registration.

验证令牌的概念在其他注册表类型的应用程序中可能很有用,其中基本权利的证明是有效注册的一个条件。

An example is a Top Level Domain (TLD) where registration is subject to proof of some precondition, like a trade mark or the right in a name. Such situations often arise during the introduction of a new TLD, e.g., during a "sunrise" phase.

一个例子是顶级域名(TLD),其中注册需要证明某些先决条件,如商标或名称中的权利。这种情况通常在引入新TLD期间出现,例如在“日出”阶段。

A Number Portability (NP) database faces very similar verification issues. An NP system based on the Token concept could potentially be superior to current methods, and aid in the convergence of NP and ENUM.

数字可移植性(NP)数据库面临非常相似的验证问题。基于令牌概念的NP系统可能优于现有方法,并有助于NP和ENUM的收敛。

8. IANA Considerations
8. IANA考虑

This document uses Uniform Resource Names (URNs) to describe XML namespaces and XML schemas conforming to a registry mechanism described in RFC 3688 [12]. IANA has made the following four URI assignments.

本文档使用统一资源名称(URN)来描述符合RFC 3688[12]中描述的注册表机制的XML名称空间和XML模式。IANA进行了以下四个URI分配。

1. Registration for the Token namespace: * URI: urn:ietf:params:xml:ns:enum-token-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: None. Namespace URIs do not represent an XML specification.

1. 令牌命名空间的注册:*URI:urn:ietf:params:xml:ns:enum-Token-1.0*注册人联系人:请参阅本文档的“作者地址”部分。*XML:没有。命名空间URI不表示XML规范。

2. Registration for the Token XML schema: * URI: urn:ietf:params:xml:schema:enum-token-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: See Section 6.1 of this document.

2. 令牌XML架构的注册:*URI:urn:ietf:params:XML:schema:enum-Token-1.0*注册人联系人:请参阅本文档的“作者地址”部分。*XML:参见本文档第6.1节。

3. Registration for the Token Data namespace: * URI: urn:ietf:params:xml:ns:enum-tokendata-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: None. Namespace URIs do not represent an XML specification.

3. 令牌数据命名空间的注册:*URI:urn:ietf:params:xml:ns:enum-tokendata-1.0*注册人联系人:请参阅本文档的“作者地址”部分。*XML:没有。命名空间URI不表示XML规范。

4. Registration for the Token Data XML schema: * URI: urn:ietf:params:xml:schema:enum-tokendata-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: See Section 6.2 of this document.

4. 令牌数据XML架构的注册:*URI:urn:ietf:params:XML:schema:enum-tokendata-1.0*注册人联系人:请参阅本文档的“作者地址”部分。*XML:参见本文档第6.2节。

The IDs used in the validationEntityID, RegistrarID, and methodID elements are subject to local policy and thus do not require IANA registration.

validationEntityID、RegistrarID和methodID元素中使用的ID受本地策略约束,因此不需要IANA注册。

9. Security Considerations
9. 安全考虑

The security of the Validation Token depends on the security of the underlying XML DSIG algorithms. As such, all the security considerations from [4] apply here as well. Two points from [4] merit repetition:

验证令牌的安全性取决于底层XML DSIG算法的安全性。因此,[4]中的所有安全注意事项也适用于此处。[4]中的两点值得重复:

Transforms are used to select the relevant data for signing and discarding irrelevant information (e.g., pretty-printing and name-space local names).

转换用于选择相关数据,用于签名和丢弃无关信息(例如,漂亮打印和名称空间本地名称)。

The <Reference URI="#TOKEN"> element and attribute combined with the Id="TOKEN" attribute in <token> specifies that the signature should cover the complete token. Moving the Id="TOKEN" attribute to e.g., the <tokendata> element would make the signature worthless.

<Reference URI=“#TOKEN”>元素和属性与<TOKEN>中的Id=“TOKEN”属性相结合,指定签名应覆盖整个令牌。将Id=“TOKEN”属性移动到例如<tokendata>元素将使签名毫无价值。

It is thus critical that the Registry not only checks whether the Token passes a generic XML-DSIG signature check, but also that:

因此,注册表不仅要检查令牌是否通过通用XML-DSIG签名检查,而且还要检查:

1. the signature uses approved transforms and cryptographic algorithms. 2. the signature references the <token> element. 3. the key used in the signature belongs to an accredited VE.

1. 签名使用经批准的转换和加密算法。2.签名引用<token>元素。3.签名中使用的密钥属于经认证的VE。

The Token content is not encrypted. If local policy dictates that the information contained within the token should be confidential, then this has to be handled through a different mechanism.

令牌内容未加密。如果本地策略规定令牌中包含的信息应保密,则必须通过不同的机制来处理。

When processing a delegation request, the Registry MUST verify that the information contained in the Token matches the delegation request. The <registrarID> element in the Token prevents a malicious second Registrar from using an eavesdropped Token to register a domain in his name. The Registry MUST verify that the <expirationDate> given (including the case of no given expiration date) conforms to the Registry's policy. To avert replay attacks, local policy MUST specify how long after <executionDate> the Token can be used to authorize a delegation.

在处理委派请求时,注册表必须验证令牌中包含的信息是否与委派请求匹配。令牌中的<registerid>元素可防止恶意的第二注册者使用被窃听的令牌以其名义注册域。注册表必须验证给定的<expirationDate>(包括没有给定过期日期的情况)是否符合注册表的策略。为了避免重播攻击,本地策略必须指定<executionDate>令牌可用于授权委派的时间。

10. Acknowledgements
10. 致谢

The author would like to thank the following persons for their valuable suggestions and contributions: Michael Haberler, Alexander Mayrhofer, Bernie Hoeneisen, Michael Braunoeder, Staffan Hagnell, Lawrence Conroy, and Tony Rutkowski.

作者要感谢以下人士的宝贵建议和贡献:迈克尔·哈伯勒、亚历山大·梅尔霍夫、伯尼·霍内森、迈克尔·布劳内德、斯塔凡·哈格内尔、劳伦斯·康罗伊和托尼·鲁特科夫斯基。

11. References
11. 工具书类
11.1. Normative References
11.1. 规范性引用文件

[1] Faltstrom, P. and M. Mealling, "The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)", RFC 3761, April 2004.

[1] Faltstrom,P.和M.Mealling,“E.164到统一资源标识符(URI)动态委托发现系统(DDDS)应用程序(ENUM)”,RFC 3761,2004年4月。

[2] ITU-T, "The international public telecommunication numbering plan", Recommendation E.164, May 1997.

[2] ITU-T,“国际公共电信编号计划”,建议E.164,1997年5月。

[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[3] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[4] Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible Markup Language) XML-Signature Syntax and Processing", RFC 3275, March 2002.

[4] Eastlake 3rd,D.,Reagle,J.,和D.Solo,“(可扩展标记语言)XML签名语法和处理”,RFC 3275,2002年3月。

[5] Eastlake 3rd, D., "Additional XML Security Uniform Resource Identifiers (URIs)", RFC 4051, April 2005.

[5] Eastlake 3rd,D.,“额外的XML安全统一资源标识符(URI)”,RFC 4051,2005年4月。

[6] Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, July 2002.

[6] Klyne,G.和C.Newman,“互联网上的日期和时间:时间戳”,RFC 33392002年7月。

[7] Maloney, M., Beech, D., Mendelsohn, N., and H. Thompson, "XML Schema Part 1: Structures", W3C REC REC-xmlschema-1-20010502, May 2001.

[7] Maloney,M.,Beech,D.,Mendelsohn,N.,和H.Thompson,“XML模式第1部分:结构”,W3C REC-xmlschema-1-20010502,2001年5月。

[8] Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes", W3C REC REC-xmlschema-2-20010502, May 2001.

[8] Malhotra,A.和P.Biron,“XML模式第2部分:数据类型”,W3C REC-xmlschema-2-20010502,2001年5月。

[9] Eastlake, D., Boyer, J., and J. Reagle, "Exclusive XML Canonicalization Version 1.0", W3C REC REC-xml-exc-c14n-20020718, July 2002.

[9] Eastlake,D.,Boyer,J.,和J.Reagle,“独家XML规范化版本1.0”,W3C REC REC-XML-exc-c14n-20020718,2002年7月。

[10] International Telecommunications Union, "Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks", ITU-T Recommendation X.509, ISO Standard 9594-8, March 2000.

[10] 国际电信联盟,“信息技术-开放系统互连-目录:公钥和属性证书框架”,ITU-T建议X.509,ISO标准9594-8,2000年3月。

[11] International Organization for Standardization, "Codes for the representation of names of countries and their subdivisions -- Part 1: Country codes, 2nd edition", ISO Standard 3166, November 2006.

[11] 国际标准化组织,“国家及其分支机构名称表示代码——第1部分:国家代码,第2版”,ISO标准3166,2006年11月。

[12] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004.

[12] Mealling,M.,“IETF XML注册表”,BCP 81,RFC 3688,2004年1月。

11.2. Informative References
11.2. 资料性引用

[13] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", RFC 4930, May 2007.

[13] Hollenbeck,S.,“可扩展资源调配协议(EPP)”,RFC 4930,2007年5月。

[14] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, June 2005.

[14] Schaad,J.,Kaliski,B.,和R.Housley,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中使用的RSA加密的其他算法和标识符”,RFC 4055,2005年6月。

[15] Mayrhofer, A. and B. Hoeneisen, "ENUM Validation Architecture", RFC 4725, November 2006.

[15] Mayrhofer,A.和B.Hoeneisen,“枚举验证体系结构”,RFC 47252006年11月。

[16] Hoeneisen, B., "ENUM Validation Information Mapping for the Extensible Provisioning Protocol", RFC 5076, December 2007.

[16] Hoeneisen,B.,“可扩展供应协议的枚举验证信息映射”,RFC 5076,2007年12月。

[17] ITU-T, "Computerized Directory Assistance Version 2", Recommendation E.115v2, October 2005.

[17] ITU-T,“计算机化目录辅助版本2”,建议E.115v2,2005年10月。

Author's Address

作者地址

Otmar Lendl enum.at GmbH Karlsplatz 1/2/9 Wien A-1010 Austria

奥地利维也纳A-1010卡尔斯普拉茨1/2/9 Otmar Lendl enum.at股份有限公司

   Phone: +43 1 5056416 33
   EMail: otmar.lendl@enum.at
   URI:   http://www.enum.at/
        
   Phone: +43 1 5056416 33
   EMail: otmar.lendl@enum.at
   URI:   http://www.enum.at/
        

Full Copyright Statement

完整版权声明

Copyright (C) The IETF Trust (2007).

版权所有(C)IETF信托基金(2007年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.