[ldapext] Proposal of a companion control to draft-wahl-ldap-session
Pierangelo Masarati <ando@sys-net.it> Sat, 15 September 2007 14:12 UTC
Return-path: <ldapext-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWYO9-0007Xa-2e; Sat, 15 Sep 2007 10:12:49 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWYO8-0007XV-5E for ldapext@ietf.org; Sat, 15 Sep 2007 10:12:48 -0400
Received: from ns1.sys-net.it ([194.244.21.114] helo=mail.sys-net.it) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IWYO6-00022o-IS for ldapext@ietf.org; Sat, 15 Sep 2007 10:12:48 -0400
Received: from [192.168.1.199] (dossi.sys-net.it [82.63.140.131]) (authenticated bits=0) by mail.sys-net.it (8.13.5.20060308/8.13.3) with ESMTP id l8FEBRqT029920 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ldapext@ietf.org>; Sat, 15 Sep 2007 16:11:30 +0200
Message-ID: <46EBE8A6.4090100@sys-net.it>
Date: Sat, 15 Sep 2007 16:13:58 +0200
From: Pierangelo Masarati <ando@sys-net.it>
User-Agent: Mail/News 1.5.0.8 (X11/20061210)
MIME-Version: 1.0
To: Ldapext <ldapext@ietf.org>
X-Enigmail-Version: 0.94.2.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-SysNet-MailScanner-Information: postmaster@sys-net.it
X-SysNet-MailScanner:
X-MailScanner-From: ando@sys-net.it
X-Spam-Score: -0.0 (/)
X-Scan-Signature: 6d95a152022472c7d6cdf886a0424dc6
Subject: [ldapext] Proposal of a companion control to draft-wahl-ldap-session
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ldapext>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
Errors-To: ldapext-bounces@ietf.org
Hi all. The draft in object proposes a control that a client can send along with a request, and similarly a server can return along with a response, to add session tracking information to LDAP operations when a client-server operation is just part of a larger infrastructure. I think that, in the spirit of a fair cooperation between components of the same infrastructure, the session tracking control of draft-wahl-ldap-session (1.3.6.1.4.1.21008.108.63.1) could be augmented by a companion control that requests session tracking contents in response to an operation, to allow the client to request information about how a proxy handled the operation. The rationale behind it is that a proxy, acting as a client in an operation that is chained across a distributed system (I'm using the term "chain" in a loose manner, with no direct reference to chained operations as described in X.500), might want to track how the operation is actually performed only in some cases, so a server could be configured to return control 1.3.6.1.4.1.21008.108.63.1 only on demand. I'm proposing this enhancement here instead of in a separate I.D. because I think I need some preliminary feedback first, and also because I think it is so closely related to draft-wahl-ldap-session that it could even be integrated in it, if considered appropriate. Based on discussion, if any, I plan to start implementing it in OpenLDAP very soon. The semantics of the proposed control is discussed below. Cheers, p. - o --- o --- o - This control solicits a response containing the same type of information of control 1.3.6.1.4.1.21008.108.63.1 for informational purposes. request control: sessionTrackingRequest OID: TBA criticality: TRUE or FALSE value: propagate BOOLEAN OPTIONAL if the server is willing to propagate the control, this occurs only if propagate is not FALSE. if the server is not willing to propagate the control and propagate is TRUE, if criticality is TRUE, the operation is bounced returning unwillingToPerform, otherwise if criticality is FALSE the control is ignored. if the client has no preference about control propagation, the control value MUST be absent. response control: sessionTrackingRequest OID: TBA criticality: FALSE as per RFC 4511 four response scenarios: 1. [in case of request criticality == FALSE] the control is absent (not recognized, or unwillingToPerform because of local privacy/security policy considerations) 2. [in case of request criticality == TRUE] the response is unwillingToPerform (not recognized, or because of local privacy/security policy considerations) 3. [regardless of request criticality] the control is present, but the value is absent: the request has been handled locally, or the server is pretending so 4. [regardless of request criticality] the control is present, with value as per 1.3.6.1.4.1.21008.108.63.1 If value is present, it SHALL contain information as per 1.3.6.1.4.1.21008.108.63.1 related to the remote server that was contacted to perform the operation. It is left to the DSA's discretion (based on local privacy/security policy considerations) to propagate the control request along with the operation, according to the semantics of the "propagate" in the request, and to return any other instance of the control response along with the response to the operation; in this case there might be multiple instances of the control in the response. If the server is willing to provide 1.3.6.1.4.1.21008.108.63.1 in the response, and sessionTrackingRequest was issued and not ignored, it SHALL return sessionTrackingRequest instead. The same security considerations of draft-wahl-ldap-session apply. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it --------------------------------------- _______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www1.ietf.org/mailman/listinfo/ldapext
- [ldapext] Proposal of a companion control to draf… Pierangelo Masarati