--- 1/draft-ietf-regext-org-02.txt 2018-04-27 03:13:08.382205063 -0700 +++ 2/draft-ietf-regext-org-03.txt 2018-04-27 03:13:08.450206672 -0700 @@ -1,22 +1,22 @@ Internet Engineering Task Force L. Zhou Internet-Draft N. Kong Intended status: Standards Track G. Zhou -Expires: September 1, 2018 X. Lee +Expires: October 29, 2018 X. Lee CNNIC J. Gould VeriSign, Inc. - February 28, 2018 + April 27, 2018 Extensible Provisioning Protocol (EPP) Organization Mapping - draft-ietf-regext-org-02 + draft-ietf-regext-org-03 Abstract This document describes an Extensible Provisioning Protocol (EPP) mapping for provisioning and management of organization objects stored in a shared central repository. Specified in Extensible Markup Language (XML), this extended mapping is applied to provide additional features required for the provisioning of organizations. Status of This Memo @@ -27,21 +27,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 1, 2018. + This Internet-Draft will expire on October 29, 2018. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -64,53 +64,55 @@ than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 3. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Organization Identifier . . . . . . . . . . . . . . . . . 4 3.2. Organization Roles . . . . . . . . . . . . . . . . . . . 4 3.2.1. Role Type . . . . . . . . . . . . . . . . . . . . . . 4 - 3.2.2. Role Identifier . . . . . . . . . . . . . . . . . . . 4 - 3.2.3. Example of Organization Roles . . . . . . . . . . . . 4 + 3.2.2. Role Status . . . . . . . . . . . . . . . . . . . . . 4 + 3.2.3. Role Identifier . . . . . . . . . . . . . . . . . . . 4 3.3. Contact and Client Identifiers . . . . . . . . . . . . . 5 3.4. Organization Status Values . . . . . . . . . . . . . . . 5 3.5. Role Status Values . . . . . . . . . . . . . . . . . . . 6 3.6. Parent Identifier . . . . . . . . . . . . . . . . . . . . 6 3.7. URL . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 - 3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 + 3.8. Dates and Times . . . . . . . . . . . . . . . . . . . . . 7 4. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 7 4.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 7 4.1.1. EPP Command . . . . . . . . . . . . . . . . . 7 4.1.2. EPP Command . . . . . . . . . . . . . . . . . 9 4.1.3. EPP Command . . . . . . . . . . . . . . . 15 4.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 15 4.2.1. EPP Command . . . . . . . . . . . . . . . . 15 4.2.2. EPP Command . . . . . . . . . . . . . . . . 19 4.2.3. EPP Command . . . . . . . . . . . . . . . . . 20 4.2.4. EPP Command . . . . . . . . . . . . . . . 20 4.2.5. EPP Command . . . . . . . . . . . . . . . . 21 - 5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 24 - 6. Internationalization Considerations . . . . . . . . . . . . . 30 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 - 7.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 30 - 7.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 31 - 7.3. Role Values Registry . . . . . . . . . . . . . . . . . . 31 - 8. Implementation Status . . . . . . . . . . . . . . . . . . . . 32 - 8.1. CNNIC Implementation . . . . . . . . . . . . . . . . . . 32 - 8.2. Reseller Extension . . . . . . . . . . . . . . . . . . . 33 - 9. Security Considerations . . . . . . . . . . . . . . . . . . . 33 - 10. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . 33 - 11. Normative References . . . . . . . . . . . . . . . . . . . . 33 - Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 34 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 + 5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 25 + 6. Internationalization Considerations . . . . . . . . . . . . . 33 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 + 7.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 33 + 7.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 34 + 7.3. Role Values Registry . . . . . . . . . . . . . . . . . . 34 + 7.3.1. Registration Template . . . . . . . . . . . . . . . . 34 + 7.3.2. Initial Registry Contents . . . . . . . . . . . . . . 34 + 8. Implementation Status . . . . . . . . . . . . . . . . . . . . 35 + 8.1. CNNIC Implementation . . . . . . . . . . . . . . . . . . 36 + 8.2. Reseller Extension . . . . . . . . . . . . . . . . . . . 36 + 9. Security Considerations . . . . . . . . . . . . . . . . . . . 36 + 10. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . 36 + 11. Normative References . . . . . . . . . . . . . . . . . . . . 36 + Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 38 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 1. Introduction There are many entities, such as registrars, resellers, DNS service operators, or privacy proxies involved in the domain registration business. These kind of entities have not been formally defined as an object in EPP which will be specified as "organization" in this document. This document describes an organization object mapping for version @@ -158,51 +160,62 @@ described in [RFC5730]. Its corresponding element is . 3.2. Organization Roles The organization roles are used to represent the relationship an organization would have. Its corresponding element is . 3.2.1. Role Type An organization would support a list of roles. See Section 7.3 for a - list of values. Its corresponding element is with a - "roleStatus" attribute. The values of role statuses are defined in - Section 3.5. + list of values. Its corresponding element is . -3.2.2. Role Identifier +3.2.2. Role Status + + A role of an organization object would have its own statuses. Its + corresponding element is . The values of role status are + defined in Section 3.5. + +3.2.3. Role Identifier A role MAY have a third party assigned identifier such as the IANA ID for registrars. Its corresponding element is . -3.2.3. Example of Organization Roles - - Example of "Organization Roles" + Example of organization role identifier: - S: - S: registrar - S: 1362 - S: + + registrar + ok + linked + 1362 + 3.3. Contact and Client Identifiers All EPP contacts are identified by a server-unique identifier. Contact identifiers are character strings with a specific minimum length, a specified maximum length, and a specified format. Contact identifiers use the "clIDType" client identifier syntax described in [RFC5730]. 3.4. Organization Status Values An organization object MUST always have at least one associated status value. The default value is "ok". + Status values that can be added or removed by a client are prefixed + with "client". Corresponding status values that can be added or + removed by a server are prefixed with "server". The "hold" and + "terminated" are server-managed when the organization has no parent + identifier [Section 3.6] and otherwise MAY be client-managed based on + server policy. + Status Value Descriptions: o ok: This is the normal status value for an object that has no pending operations or prohibitions. This value is set and removed by the server as other status values are added or removed. o hold: Organization transform commands and new links MUST be rejected. o terminated: The organization which has been terminated MUST NOT be @@ -278,44 +291,44 @@ Loops SHOULD be prohibited. If organization A has B as parent identifier, organization B must not have organization A as parent identifier. 3.7. URL The URL represents the organization web home page, as defined with the element. -3.8. +3.8. Dates and Times Date and time attribute values MUST be represented in Universal Coordinated Time (UTC) using the Gregorian calendar. The extended date-time form using upper case "T" and "Z" characters defined in [W3C.REC-xmlschema-2-20041028] MUST be used to represent date-time values, as XML Schema does not support truncated date-time forms or lower case "T" and "Z" characters. 4. EPP Command Mapping A detailed description of the EPP syntax and semantics can be found in the EPP core protocol specification [RFC5730]. The command mappings described here are specifically for use in provisioning and managing organization information via EPP. 4.1. EPP Query Commands - EPP provides two commands to retrieve domain information: to - determine if an organization object can be provisioned within a - repository, and to retrieve detailed information associated - with an organization object. This document does not define a mapping - for the EPP command to retrieve domain-object transfer - status information.. + EPP provides two commands to retrieve organization information: + to determine if an organization object can be provisioned + within a repository, and to retrieve detailed information + associated with an organization object. This document does not + define a mapping for the EPP command to retrieve + organization-object transfer status information.. 4.1.1. EPP Command The EPP command is used to determine if an object can be provisioned within a repository. It provides a hint that allows a client to anticipate the success or failure of provisioning an object using the command, as object-provisioning requirements are ultimately a matter of server policy. In addition to the standard EPP command elements, the command @@ -429,38 +442,40 @@ identifies the organization namespace. The element contains the following child elements: o A element that contains the server-unique identifier of the organization object, as defined in Section 3.1. o A element that contains the Repository Object IDentifier assigned to the organization object when the object was created. - o One or more elements that contains the role type and - optional role id of the organization. + o One or more elements that contains the role type, role + status and optional role id of the organization. * A element that contains the type of the - organization, as defined in Section 3.2. A "roleStatus" - attribute is used to describe the status value of a role type. + organization, as defined in Section 3.2. + + * Zero or more elements of a role. The values of + role status are defined in Section 3.5. * An OPTIONAL element that contains a third party assigned identifier, such as IANA ID for registrars, as defined - in Section 3.2.2. + in Section 3.2.3. - o One or more elements that contains the operational + o Zero or more elements that contains the operational status of the organization, as defined in Section 3.4. o An OPTIONAL element that contains the identifier of the parent object, as defined in Section 3.6. - o One or two elements that contain postal-address + o Zero to two elements that contain postal-address information. Two elements are provided so that address information can be provided in both internationalized and localized forms; a "type" attribute is used to identify the two forms. If an internationalized form (type="int") is provided, element content MUST be represented in a subset of UTF-8 that can be represented in the 7-bit US-ASCII character set. If a localized form (type="loc") is provided, element content MAY be represented in unrestricted UTF-8. The element contains the following child elements: @@ -532,21 +547,23 @@ S: S: S: Command completed successfully S: S: S: S: registrar1362 S: registrar1362-REP S: - S: registrar + S: registrar + S: ok + S: linked S: 1362 S: S: ok S: S: Example Registrar Inc. S: S: 123 Example Dr. S: Suite 100 S: Dulles S: VA @@ -582,21 +600,23 @@ S: S: S: Command completed successfully S: S: S: S: reseller1523 S: reseller1523-REP S: - S: reseller + S: reseller + S: ok + S: linked S: S: ok S: registrar1362 S: S: Example Reseller Inc. S: S: 123 Example Dr. S: Suite 100 S: Dulles S: VA @@ -623,79 +644,79 @@ An EPP error response MUST be returned if an command cannot be processed for any reason. 4.1.3. EPP Command The transfer semantics does not apply to organization object. No EPP command is defined in this document. 4.2. EPP Transform Commands - EPP provides four commands to transform organization object + EPP provides three commands to transform organization object information: to create an instance of an organization - object, to delete an instance of an organization object, - to manage organization-object sponsorship changes, and + object, to delete an instance of an organization object, and to change information associated with an organization object. This document does not define a mapping for the EPP and command. Transform commands are typically processed and completed in real time. Server operators MAY receive and process transform commands but defer completing the requested action if human or third-party review is required before the requested action can be completed. In such situations, the server MUST return a 1001 response code to the client to note that the command has been received and processed but that the requested action is pending. The server MUST also manage the status of the object that is the subject of the command to reflect the initiation and completion of the requested action. Once - the action has been completed, all clients involved in the - transaction MUST be notified using a service message that the action - has been completed and that the status of the object has changed. - Other notification methods MAY be used in addition to the required - service message. + the action has been completed, the client MUST be notified using a + service message that the action has been completed and that the + status of the object has changed. Other notification methods MAY be + used in addition to the required service message. Server operators SHOULD confirm that a client is authorized to perform a transform command on a given object. Any attempt to transform an object by an unauthorized client MUST be rejected, and the server MUST return a 2201 response code to the client to note that the client lacks privileges to execute the requested command. 4.2.1. EPP Command The EPP command provides a transform operation that allows a client to create an organization object. In addition to the standard EPP command elements, the command MUST contain a element that identifies the organization namespace. The element contains the following child elements: o A element that contains the desired server-unique identifier for the organization to be created, as defined in Section 3.1. - o One or more elements that contains the role type and - optional role id of the organization. + o One or more elements that contains the role type, role + status and optional role id of the organization. * A element that contains the type of the - organization, as defined in Section 3.2. A "roleStatus" - attribute is used to describe the status value of a role type. + organization, as defined in Section 3.2. + + * Zero or more elements of a role. The values of + role status are defined in Section 3.5. * An OPTIONAL element that contains a third party assigned identifier, such as IANA ID for registrars, as defined - in Section 3.2.2. + in Section 3.2.3. - o A element that contains the operational status of the - organization, as defined in Section 3.4. + o Zero of more element that contains the operational + status of the organization, as defined in Section 3.4. o An OPTIONAL element that contains the identifier of the parent object, as defined in Section 3.6. - o One or two elements that contain postal-address + o Zero to two elements that contain postal-address information. Two elements are provided so that address information can be provided in both internationalized and localized forms; a "type" attribute is used to identify the two forms. If an internationalized form (type="int") is provided, element content MUST be represented in a subset of UTF-8 that can be represented in the 7-bit US-ASCII character set. If a localized form (type="loc") is provided, element content MAY be represented in unrestricted UTF-8. The element contains the following child elements: @@ -739,24 +760,23 @@ Example command: C: C: C: C: C: C: res1523 C: - C: reseller - C: privacyproxy + C: reseller + C: ok C: - C: ok C: 1523res C: C: Example Organization Inc. C: C: 123 Example Dr. C: Suite 100 C: Dulles C: VA C: 20166-6503 C: US @@ -899,36 +919,38 @@ provided if the command is not being extended. All of these elements MAY be omitted if an extension is present. The and elements contain the following child element: o Zero or more elements that contain the identifiers for contact objects to be associated with or removed from the organization object. Contact object identifiers MUST be known to the server before the contact object can be associated with the organization object. - A element contains the following OPTIONAL child elements. - At least one child element MUST be present: - - o One or more elements that contains the role type and - optional role id of the organization. + o Zero or more elements that contains the role type, role + status and optional role id of the organization. * A element that contains the type of the - organization, as defined in Section 3.2. A "roleStatus" - attribute is used to describe the status value of a role type. + organization, as defined in Section 3.2. + + * Zero or more elements of a role. The values of + role status are defined in Section 3.5. * An OPTIONAL element that contains a third party assigned identifier, such as IANA ID for registrars, as defined - in Section 3.2.2. + in Section 3.2.3. - o A element that contains the operational status of the - organization. + o Zero or more element that contains the operational + status of the organization. + + A element contains the following OPTIONAL child elements. + At least one child element MUST be present: o A element that contains the identifier of the parent object. o One or two elements that contain postal-address information. Two elements are provided so that address information can be provided in both internationalized and localized forms; a "type" attribute is used to identify the two forms. If an internationalized form (type="int") is provided, element content MUST be represented in a subset of UTF-8 that can @@ -978,27 +1000,34 @@ C: C: C: C: C: C: res1523 C: C: sh8013 + C: + C: privacyproxy + C: clientLinkProhibited + C: + C: clientLinkProhibited C: -C: + C: + C: sh8014 C: -C: reseller -C: privacyproxy + C: reseller + C: clientDeleteProhibited C: -C: ok + C: + C: C: C: C: 124 Example Dr. C: Suite 200 C: Dulles C: VA C: 20166-6503 C: US C: C: @@ -1041,31 +1070,28 @@ are used to note the beginning and ending of the schema for URI registration purposes. BEGIN - - Extensible Provisioning Protocol v1.0 organization provisioning schema. - + @@ -1177,44 +1260,43 @@ + type="org:roleType" maxOccurs="unbounded"/> + type="org:statusType" minOccurs="0" maxOccurs="4"/> + type="org:postalInfoType" minOccurs="0" maxOccurs="2"/> + type="org:e164Type" minOccurs="0"/> + type="org:e164Type" minOccurs="0"/> + type="eppcom:minTokenType" minOccurs="0"/> + minOccurs="0" maxOccurs="unbounded"/> + type="org:contactType" minOccurs="0" maxOccurs="unbounded"/> + + - + type="org:e164Type" minOccurs="0"/> + type="org:e164Type" minOccurs="0"/> + + type="org:postalLineType" minOccurs="0"/> + type="org:addrType" minOccurs="0"/> + type="org:postalInfoEnumType" use="required"/> - - + + + + + + + + + + + + + + + + + + + + + + + + + type="org:roleType" maxOccurs="unbounded"/> + type="org:statusType" maxOccurs="9"/> + type="org:postalInfoType" minOccurs="0" maxOccurs="2"/> + type="org:e164Type" minOccurs="0"/> + type="org:e164Type" minOccurs="0"/> + type="eppcom:minTokenType" minOccurs="0"/> + type="org:contactType" minOccurs="0" maxOccurs="unbounded"/> - + + + + + + + END 6. Internationalization Considerations EPP is represented in XML, which provides native support for encoding @@ -1343,76 +1463,93 @@ conforming to a registry mechanism described in [RFC3688]. IANA is requested to assignment the following URI. Registration request for the organization namespace: o URI: urn:ietf:params:xml:ns:org-1.0 o Registrant Contact: See the "Author's Address" section of this document. + o XML: None. Namespace URIs do not represent an XML specification. + + Registration request for the organization XML schema: + + o URI: urn:ietf:params:xml:ns:org-1.0 + + o Registrant Contact: See the "Author's Address" section of this + document. + o XML: See the "Formal Syntax" section of this document. 7.2. EPP Extension Registry The EPP extension described in this document should be registered by the IANA in the EPP Extension Registry described in [RFC7451]. The details of the registration are as follows: Name of Extension: Organization Object Extension Document status: Standards Track Reference: (insert reference to RFC version of this document) - Registrant Name and Email Address: See the "Author's Address" section - of this document. + Registrant Name and Email Address: IESG TLDs: any IPR Disclosure: none Status: active Notes: none 7.3. Role Values Registry The following values should be registered by the IANA in the "EPP - Organization Role Values" registry: + Organization Role Values" registry. The registration policy for this + registry is "Expert Review" [RFC8126]. - Value: registrar +7.3.1. Registration Template - Type: role + Value: the string value being registered. + + Description: Brief description of the organization role values. + + Registrant Name: For Standards Track RFCs, state "IESG". For others, + give the name of the responsible party. + + Registrant Contact Information: an email address, postal address, or + some other information to be used to contact the registrant. + +7.3.2. Initial Registry Contents + + Value: registrar Description: The entity object instance represents the authority responsible for the registration in the registry. Registrant Name: IESG - Registrant Contact Information: iesg@ietf.org Value: reseller - Type: role - Description: The entity object instance represents a third party through which the registration was conducted (i.e., not the registry or registrar). Registrant Name: IESG + Registrant Contact Information: iesg@ietf.org Value: privacyproxy - Type: role - Description: The entity object instance represents a third-party who could help to register a domain without exposing the registrants' private information.. Registrant Name: IESG Registrant Contact Information: iesg@ietf.org 8. Implementation Status @@ -1430,29 +1567,32 @@ be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to [RFC6982], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit". - CNNIC is in the process of development research to update EPP - organization mapping from reseller mapping. Verisign is also - planning to implement this document. + CNNIC and Net::DRI (Patrick Mevzek) are in the process of development + research to update organization extension from reseller extension. + + Dns Belgium is planning to implement it after the publication of this + document. 8.1. CNNIC Implementation Organization: CNNIC Name: EPP Organization Mapping + Description: CNNIC is trying to update EPP organization mapping from previous reseller mapping according to this document. Level of maturity: Research. Coverage: EPP organization mapping. Contact: zhouguiqing@cnnic.cn 8.2. Reseller Extension @@ -1451,21 +1591,21 @@ Level of maturity: Research. Coverage: EPP organization mapping. Contact: zhouguiqing@cnnic.cn 8.2. Reseller Extension This document was updated from draft-ietf-regext-reseller. CNNIC, - Verisign and Net::DRI (Patrick Mevzek) have already implemented the + VeriSign and Net::DRI (Patrick Mevzek) have already implemented the reseller mapping. 9. Security Considerations The object mapping extension described in this document does not provide any other security services or introduce any additional considerations beyond those described by [RFC5730] or those caused by the protocol layers used by EPP. The security considerations described in these other specifications apply to this specification as well. @@ -1497,20 +1637,25 @@ [RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", RFC 6982, DOI 10.17487/RFC6982, July 2013, . [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451, February 2015, . + [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for + Writing an IANA Considerations Section in RFCs", BCP 26, + RFC 8126, DOI 10.17487/RFC8126, June 2017, + . + [W3C.REC-xml-20040204] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and F. Yergeau, ""Extensible Markup Language (XML) 1.0 (Third Edition)", World Wide Web Consortium FirstEdition REC-xml- 20040204", February 2004, . [W3C.REC-xmlschema-1-20041028] Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, ""XML Schema Part 1: Structures Second Edition", World @@ -1576,21 +1720,36 @@ Reseller object or entity object with multiple roles? Organization WG document-00: Change to a generic organization object mapping. Organization WG document-01: Added "Implementation Status" section. Organization WG document-02: Accepted some of the feedbacks on the mailing list. + Organization WG document-03: + + * Updated section 3.2, changed the structure of organization + role. + + * Updated section 4.2.5 for the "add", "rem" and "chg" example. + + * Updated section 5 of formal syntax. + + * Updated section 7.2 for the registration template and initial + values. + + * Updated section 8 of implementation status. + Authors' Addresses + Linlin Zhou CNNIC 4 South 4th Street, Zhongguancun, Haidian District Beijing, Beijing 100190 China Phone: +86 10 5881 2677 Email: zhoulinlin@cnnic.cn Ning Kong