1
2
3
4
5
6
7Network Working Group                                        K. Zeilenga
8Request for Comments: 4530                           OpenLDAP Foundation
9Category: Standards Track                                      June 2006
10
11
12              Lightweight Directory Access Protocol (LDAP)
13                    entryUUID Operational Attribute
14
15
16Status of This Memo
17
18   This document specifies an Internet standards track protocol for the
19   Internet community, and requests discussion and suggestions for
20   improvements.  Please refer to the current edition of the "Internet
21   Official Protocol Standards" (STD 1) for the standardization state
22   and status of this protocol.  Distribution of this memo is unlimited.
23
24Copyright Notice
25
26   Copyright (C) The Internet Society (2006).
27
28Abstract
29
30   This document describes the LDAP/X.500 'entryUUID' operational
31   attribute and associated matching rules and syntax.  The attribute
32   holds a server-assigned Universally Unique Identifier (UUID) for the
33   object.  Directory clients may use this attribute to distinguish
34   objects identified by a distinguished name or to locate an object
35   after renaming.
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58Zeilenga                    Standards Track                     [Page 1]
59
60RFC 4530                     LDAP entryUUID                    June 2006
61
62
63Table of Contents
64
65   1. Background and Intended Use .....................................2
66   2. UUID Schema Elements ............................................3
67      2.1. UUID Syntax ................................................3
68      2.2. 'uuidMatch' Matching Rule ..................................3
69      2.3. 'uuidOrderingMatch' Matching Rule ..........................3
70      2.4. 'entryUUID' Attribute ......................................4
71   3. Security Considerations .........................................4
72   4. IANA Considerations .............................................5
73      4.1. Object Identifier Registration .............................5
74      4.2. UUID Syntax Registration ...................................5
75      4.3. 'uuidMatch' Descriptor Registration ........................5
76      4.4. 'uuidOrderingMatch' Descriptor Registration ................5
77      4.5. 'entryUUID' Descriptor Registration ........................6
78   5. Acknowledgements ................................................6
79   6. References ......................................................6
80      6.1. Normative References .......................................6
81      6.2. Informative References .....................................7
82
831.  Background and Intended Use
84
85   In X.500 Directory Services [X.501], such as those accessible using
86   the Lightweight Directory Access Protocol (LDAP) [RFC4510], an object
87   is identified by its distinguished name (DN).  However, DNs are not
88   stable identifiers.  That is, a new object may be identified by a DN
89   that previously identified another (now renamed or deleted) object.
90
91   A Universally Unique Identifier (UUID) is "an identifier unique
92   across both space and time, with respect to the space of all UUIDs"
93   [RFC4122].  UUIDs are used in a wide range of systems.
94
95   This document describes the 'entryUUID' operational attribute, which
96   holds the UUID assigned to the object by the server.  Clients may use
97   this attribute to distinguish objects identified by a particular
98   distinguished name or to locate a particular object after renaming.
99
100   This document defines the UUID syntax, the 'uuidMatch' and
101   'uuidOrderingMatch' matching rules, and the 'entryUUID' attribute
102   type.
103
104   Schema definitions are provided using LDAP description formats
105   [RFC4512].  Definitions provided here are formatted (line wrapped)
106   for readability.
107
108
109
110
111
112
113
114Zeilenga                    Standards Track                     [Page 2]
115
116RFC 4530                     LDAP entryUUID                    June 2006
117
118
119   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
120   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
121   and "OPTIONAL" are to be interpreted as described in BCP 14
122   [RFC2119].
123
1242.  UUID Schema Elements
125
1262.1.  UUID Syntax
127
128   A Universally Unique Identifier (UUID) [RFC4122] is a 16-octet (128-
129   bit) value that identifies an object.  The ASN.1 [X.680] type UUID is
130   defined to represent UUIDs as follows:
131
132       UUID ::= OCTET STRING (SIZE(16))
133             -- constrained to an UUID [RFC4122]
134
135   In LDAP, UUID values are encoded using the [ASCII] character string
136   representation described in [RFC4122].  For example,
137   "597ae2f6-16a6-1027-98f4-d28b5365dc14".
138
139   The following is an LDAP syntax description suitable for publication
140   in subschema subentries.
141
142       ( 1.3.6.1.1.16.1 DESC 'UUID' )
143
1442.2.  'uuidMatch' Matching Rule
145
146   The 'uuidMatch' matching rule compares an asserted UUID with a stored
147   UUID for equality.  Its semantics are the same as the
148   'octetStringMatch' [X.520][RFC4517] matching rule.  The rule differs
149   from 'octetStringMatch' in that the assertion value is encoded using
150   the UUID string representation instead of the normal OCTET STRING
151   string representation.
152
153   The following is an LDAP matching rule description suitable for
154   publication in subschema subentries.
155
156       ( 1.3.6.1.1.16.2 NAME 'uuidMatch'
157           SYNTAX 1.3.6.1.1.16.1 )
158
1592.3.  'uuidOrderingMatch' Matching Rule
160
161   The 'uuidOrderingMatch' matching rule compares an asserted UUID with
162   a stored UUID for ordering.  Its semantics are the same as the
163   'octetStringOrderingMatch' [X.520][RFC4517] matching rule.  The rule
164   differs from 'octetStringOrderingMatch' in that the assertion value
165   is encoded using the UUID string representation instead of the normal
166   OCTET STRING string representation.
167
168
169
170Zeilenga                    Standards Track                     [Page 3]
171
172RFC 4530                     LDAP entryUUID                    June 2006
173
174
175   The following is an LDAP matching rule description suitable for
176   publication in subschema subentries.
177
178       ( 1.3.6.1.1.16.3 NAME 'uuidOrderingMatch'
179           SYNTAX 1.3.6.1.1.16.1 )
180
181   Note that not all UUID variants have a defined ordering; and even
182   where it does, servers are not obligated to assign UUIDs in any
183   particular order.  This matching rule is provided for completeness.
184
1852.4.  'entryUUID' Attribute
186
187   The 'entryUUID' operational attribute provides the Universally Unique
188   Identifier (UUID) assigned to the entry.
189
190   The following is an LDAP attribute type description suitable for
191   publication in subschema subentries.
192
193       ( 1.3.6.1.1.16.4 NAME 'entryUUID'
194           DESC 'UUID of the entry'
195           EQUALITY uuidMatch
196           ORDERING uuidOrderingMatch
197           SYNTAX 1.3.6.1.1.16.1
198           SINGLE-VALUE
199           NO-USER-MODIFICATION
200           USAGE directoryOperation )
201
202   Servers SHALL generate and assign a new UUID to each entry upon its
203   addition to the directory and provide that UUID as the value of the
204   'entryUUID' operational attribute.  An entry's UUID is immutable.
205
206   UUID are to be generated in accordance with Section 4 of [RFC4122].
207   In particular, servers MUST ensure that each generated UUID is unique
208   in space and time.
209
2103.  Security Considerations
211
212   An entry's relative distinguish name (RDN) is composed from attribute
213   values of the entry, which are commonly descriptive of the object the
214   entry represents.  Although deployers are encouraged to use naming
215   attributes whose values are widely disclosable [RFC4514], entries are
216   often named using information that cannot be disclosed to all
217   parties.  As UUIDs do not contain any descriptive information of the
218   object they identify, UUIDs may be used to identify a particular
219   entry without disclosure of its contents.
220
221   General UUID security considerations [RFC4122] apply.
222
223
224
225
226Zeilenga                    Standards Track                     [Page 4]
227
228RFC 4530                     LDAP entryUUID                    June 2006
229
230
231   General LDAP security considerations [RFC4510] apply.
232
2334.  IANA Considerations
234
235   The IANA has registered the LDAP values [RFC4520] specified in this
236   document.
237
2384.1.  Object Identifier Registration
239
240       Subject: Request for LDAP OID Registration
241       Person & email address to contact for further information:
242           Kurt Zeilenga <kurt@OpenLDAP.org>
243       Specification: RFC 4530
244       Author/Change Controller: IESG
245       Comments:
246           Identifies the UUID schema elements
247
2484.2.  UUID Syntax Registration
249
250       Subject: Request for LDAP Syntax Registration
251       Object Identifier: 1.3.6.1.1.16.1
252       Description: UUID
253       Person & email address to contact for further information:
254           Kurt Zeilenga <kurt@OpenLDAP.org>
255       Specification: RFC 4530
256       Author/Change Controller: IESG
257       Comments:
258            Identifies the UUID syntax
259
2604.3.  'uuidMatch' Descriptor Registration
261
262       Subject: Request for LDAP Descriptor Registration
263       Descriptor (short name): uuidMatch
264       Object Identifier: 1.3.6.1.1.16.2
265       Person & email address to contact for further information:
266           Kurt Zeilenga <kurt@OpenLDAP.org>
267       Usage: Matching Rule
268       Specification: RFC 4530
269       Author/Change Controller: IESG
270
2714.4.  'uuidOrderingMatch' Descriptor Registration
272
273       Subject: Request for LDAP Descriptor Registration
274       Descriptor (short name): uuidOrderingMatch
275       Object Identifier: 1.3.6.1.1.16.3
276       Person & email address to contact for further information:
277           Kurt Zeilenga <kurt@OpenLDAP.org>
278       Usage: Matching Rule
279
280
281
282Zeilenga                    Standards Track                     [Page 5]
283
284RFC 4530                     LDAP entryUUID                    June 2006
285
286
287       Specification: RFC 4530
288       Author/Change Controller: IESG
289
2904.5.  'entryUUID' Descriptor Registration
291
292   The IANA has registered the LDAP 'entryUUID' descriptor.
293
294       Subject: Request for LDAP Descriptor Registration
295       Descriptor (short name): entryUUID
296       Object Identifier: 1.3.6.1.1.16.4
297       Person & email address to contact for further information:
298           Kurt Zeilenga <kurt@OpenLDAP.org>
299       Usage: Attribute Type
300       Specification: RFC 4530
301       Author/Change Controller: IESG
302
3035.  Acknowledgements
304
305   This document is based upon discussions in the LDAP Update and
306   Duplication Protocols (LDUP) WG.  Members of the LDAP Directorate
307   provided review.
308
3096.  References
310
3116.1.  Normative References
312
313   [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
314                 Requirement Levels", BCP 14, RFC 2119, March 1997.
315
316   [RFC4122]     Leach, P., Mealling, M., and R. Salz, "A Universally
317                 Unique IDentifier (UUID) URN Namespace", RFC 4122, July
318                 2005.
319
320   [RFC4510]     Zeilenga, K., Ed., "Lightweight Directory Access
321                 Protocol (LDAP): Technical Specification Road Map", RFC
322                 4510, June 2006.
323
324   [RFC4512]     Zeilenga, K., "Lightweight Directory Access Protocol
325                 (LDAP): Directory Information Models", RFC 4512, June
326                 2006.
327
328   [RFC4517]     Legg, S., Ed., "Lightweight Directory Access Protocol
329                 (LDAP): Syntaxes and Matching Rules", RFC 4517, June
330                 2006.
331
332   [ASCII]       Coded Character Set--7-bit American Standard Code for
333                 Information Interchange, ANSI X3.4-1986.
334
335
336
337
338Zeilenga                    Standards Track                     [Page 6]
339
340RFC 4530                     LDAP entryUUID                    June 2006
341
342
343   [X.501]       International Telecommunication Union -
344                 Telecommunication Standardization Sector, "The
345                 Directory -- Models," X.501(1993) (also ISO/IEC 9594-
346                 2:1994).
347
348   [X.520]       International Telecommunication Union -
349                 Telecommunication Standardization Sector, "The
350                 Directory: Selected Attribute Types", X.520(1993) (also
351                 ISO/IEC 9594-6:1994).
352
353   [X.680]       International Telecommunication Union -
354                 Telecommunication Standardization Sector, "Abstract
355                 Syntax Notation One (ASN.1) - Specification of Basic
356                 Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
357
3586.2.  Informative References
359
360   [RFC4514]     Zeilenga, K., Ed., "Lightweight Directory Access
361                 Protocol (LDAP): String Representation of Distinguished
362                 Names", RFC 4514, June 2006.
363
364   [RFC4520]     Zeilenga, K., "Internet Assigned Numbers Authority
365                 (IANA) Considerations for the Lightweight Directory
366                 Access Protocol (LDAP)", BCP 64, RFC 4520, June 2006.
367
368Author's Address
369
370   Kurt D. Zeilenga
371   OpenLDAP Foundation
372
373   EMail: Kurt@OpenLDAP.org
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394Zeilenga                    Standards Track                     [Page 7]
395
396RFC 4530                     LDAP entryUUID                    June 2006
397
398
399Full Copyright Statement
400
401   Copyright (C) The Internet Society (2006).
402
403   This document is subject to the rights, licenses and restrictions
404   contained in BCP 78, and except as set forth therein, the authors
405   retain all their rights.
406
407   This document and the information contained herein are provided on an
408   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
409   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
410   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
411   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
412   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
413   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
414
415Intellectual Property
416
417   The IETF takes no position regarding the validity or scope of any
418   Intellectual Property Rights or other rights that might be claimed to
419   pertain to the implementation or use of the technology described in
420   this document or the extent to which any license under such rights
421   might or might not be available; nor does it represent that it has
422   made any independent effort to identify any such rights.  Information
423   on the procedures with respect to rights in RFC documents can be
424   found in BCP 78 and BCP 79.
425
426   Copies of IPR disclosures made to the IETF Secretariat and any
427   assurances of licenses to be made available, or the result of an
428   attempt made to obtain a general license or permission for the use of
429   such proprietary rights by implementers or users of this
430   specification can be obtained from the IETF on-line IPR repository at
431   http://www.ietf.org/ipr.
432
433   The IETF invites any interested party to bring to its attention any
434   copyrights, patents or patent applications, or other proprietary
435   rights that may cover technology that may be required to implement
436   this standard.  Please address the information to the IETF at
437   ietf-ipr@ietf.org.
438
439Acknowledgement
440
441   Funding for the RFC Editor function is provided by the IETF
442   Administrative Support Activity (IASA).
443
444
445
446
447
448
449
450Zeilenga                    Standards Track                     [Page 8]
451
452