Chris Apple
christopher.apple@xxxxxxxxxxx
Meeting Minutes
LDAP Duplication/Replication/Update Protocols WG (ldup)
Thursday, December 13 at 1530-1730
===================================
CHAIRS: Chris Apple <christopher.apple@xxxxxxxxxxx>
John
Strassner <john.strassner@xxxxxxxxxxxxxx>
0) Agenda Bashing
No changes were made to the agenda.
1) LDUP Update Reconciliation Procedures
http://www.ietf.org/internet-drafts/draft-ietf-ldup-urp-05.txt
A new version was issued several weeks prior to the WG Meeting.
Specific changes to the document are
listed at the end of the draft.
Some editorial changes were made. Other
changes to be made in a future
document revision will include the addition of
other reference documents.
2) LDAPv3 Replication
Requirements
http://www.ietf.org/internet-drafts/draft-ietf-ldup-replica-req-10.txt
This document has passed WG Last Call.
Comments recently posted to the list
after the conclusion of the WG Last Call
period will be handled as a part
of IETF Last Call. Co-Chairs have an action
item to follow up with the
Applications Area ADs to find out when the
document will be included in the
IESG queue for consideration.
3) LDAP Replication Architecture
http://www.ietf.org/internet-drafts/draft-ietf-ldup-model-06.txt
A requirements coverage matrix has been
posted to the WG mailing list.
This posting indicates that the architecture
model document lags other
WG documents somewhat and needs to be revised. Some
requirements are defined
in the requirements document that the architecture
document doesn't address.
Requirements related to state-based systems are not
covered. Log-based
replication requirements are not adequately
addressed.
It was pointed out by Ed Reed that this
requirements coverage matrix
will also help to identify holes in information
model document.
4) LDUP Replication Information Model
http://www.ietf.org/internet-drafts/draft-ietf-ldup-infomod-04.txt
A new revision was submitted shortly
before the IETF meeting deadline.
No comments on this document revision had
been posted to the list as of
the WG meeting date. Slides were presented
covering the changes made to
the document. These slides have been posted to
the WG mailing list.
5) LDAP Subentry Schema
http://www.ietf.org/internet-drafts/draft-ietf-ldup-subentry-08.txt
Discussion via e-mail between the
document editors and Kurt Zeilenga have led to
WG consensus that the original
proposal in this document should not be used. An
individual alternative was
published by Kurt Zeilenga. The document will be
considered by the WG as a
proposal on the list. The X.500 committee has agreed
to consider changes to
the X.500 subentry specification to foster compatibility
between LDAP and
X.500 provided that we publish rationale and requirements for
their
consideration. There was some discussion about adoption of the
individual
proposal from Kurt Zeilenga as a WG deliverable that would replace
the existing
WG deliverable. This discussion was deferred until such time as
the next WG Charter
revision proposal is posted to the WG mailing
list.
6) The LDUP Replication Update Protocol
http://www.ietf.org/internet-drafts/draft-ietf-ldup-protocol-03.txt
A revision was submitted shortly before
the IETF meeting deadline. Several
changes were made since the -02 version.
These changes are documented in slides
that were posted to the WG mailing
list. It is likely that this document will
need to be revised at least once
more prior to considering WG Last Call.
7) General Usage Profile for LDAPv3 Replication
http://www.ietf.org/internet-drafts/draft-ietf-ldup-usage-profile-02.txt
The document editors were unable to
attend the WG meeting but submitted a
slide to the Co-Chairs for presentation
at the meeting. This slide was posted
to the mailing list. It is likely that
this document will need to be revised
again after several other WG documents
have been revised.
8) LDAP Client Update Protocol
http://www.ietf.org/internet-drafts/draft-ietf-ldup-lcup-02.txt
Based on mailing list discussion, this
document is close to being ready for WG Last Call.
The changes made to the
document since the -01 revision are included in the document.
There is one
major issue that requires more mailing list discussion. The issue is
whether
or not a discovery mechanism enabling client/server implementations
to
determine what cookie schemes are supported may be overkill. There was
some general
agreement in the room that this might indeed be overkill and
that it should be discussed
on the WG mailing list. Once this issue is
resolved by the WG, the document should be
ready for WG Last Call.
9) Profile for Framing LDAPv3 Operations
http://www.ietf.org/internet-drafts/draft-ietf-ldup-framing-profile-00.txt
There was discussion about the
possibility of relaxing the framing constraints
on LDAPv3 operations in the
context of LDUP. Appropriate text from this document
should be included in a
revised grouping document. The Co-Chair requested
that this topic be aired on
the list a bit more as there were concerns
about having a WG document
subsumed by a non-WG document without
adopting the
subsequent document as a WG deliverable. This topic will be
discussed further
once a post-Salt Lake City WG charter proposal is posted to
the list.
10) Mandatory LDAP Replica Management
http://www.ietf.org/internet-drafts/draft-ietf-ldup-mrm-00.txt
This document was published by the
editors as a very rough draft. The Co-Chairs
encouraged members of the WG to
review this document with this in mind.
Kurt Zeilenga asked if the word
mandatory in the title carried its traditional
weight as it does when
included in requirements language in the body of a document.
The general
answer given by the Co-Chairs was "not quite" but agreed that the
WG should
consider an alternate title for the document to clear up confusion if
it
indeed shouldn't carry its traditional weight.
11) LDAPv3 Access Control - Options to Consider
a) Adding it to LDUP?
b)
Forming a WG Solely to Address Access Control for LDAPv3?
c) Handling
the Access Control problem by (potentially
competing)
individual contributions?
d) Do
nothing and let the work go on outside of the IETF?
e) Other
options?
Discussion about this topic indicates that it is generally accepted that LDUP will not have
successfully concluded if it publishes deliverables which do not support and actively address
interoperable, secure replication of information between LDAP servers. Room belief is that it
belongs in a WG.The pending conclusion of the LDAPEXT WG prior to completion of the LDAP Access
Control Model work creates an issue that the LDUP WG needs to resolve. When the questions above
were posed to the WG members in attendance, they clearly expressed a belief that a general LDAP
Access Control model should not become an LDUP deliverable. However, there was also a strong
belief among those in attendance that such work does belong in a working group.
After much discussion of possible paths to successful WG conclusion, it was proposed that
concensus on an access control model
applicable only within the context of LDUP
specifications might be achieved
by using X.500 basic or a profile thereof - or some
even simpler
proposal.
An Engineering Team needs to be convened to draft a list of the minimally required factors
needed in an access control model for LDUP.
It was pointed out by Kurt Zeilenga that identity to authentication credential mapping will
have to be addressed by any access control model for LDUP implementations to use it
effectively.
12) Broader WG Charter Discussion
The most recent WG Charter proposal
posted to the WG mailing list will be revised to
remove present wording
related to LDUP adoption of the LDAPEXT Access Control Model work.
This
charter content and associated deliverables will be replaced with content
consistent
with the discussion that took place during the WG
meeting.
BEGIN:VCARD VERSION:2.1 N:Apple;Christopher FN:Chris Apple (christopher.apple@xxxxxxxxxxx) TEL;HOME;VOICE:(215) 873-0850 TEL;CELL;VOICE:(610) 585-4241 ADR;WORK:;;214 New Street, Apt 4-N;Philadelphia;PA;19106;United States of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:214 New Street, Apt 4-N=0D=0APhiladelphia, PA 19106=0D=0AUnited States of Am= erica EMAIL;PREF;INTERNET:christopher.apple@xxxxxxxxxxx REV:20011217T233830Z END:VCARD