LDAP Duplication/Replication/Update Protocols WG (ldup)
Thursday, December 13 at 1530-1730
CHAIRS: Chris Apple <christopher.apple@xxxxxxxxxxx>
John Strassner <john.strassner@xxxxxxxxxxxxxx>
0) Agenda Bashing
No changes were made to the agenda.
1) LDUP Update Reconciliation Procedures
A new version was issued several weeks prior to the WG Meeting.
Specific changes to the document are
listed at the end of the draft.
Some editorial changes were made. Other changes to be made in a future
document revision will include the addition of other reference documents.
2) LDAPv3 Replication Requirements
This document has passed WG Last Call.
Comments recently posted to the list
after the conclusion of the WG Last Call period will be handled as a part
of IETF Last Call. Co-Chairs have an action item to follow up with the
Applications Area ADs to find out when the document will be included in the
IESG queue for consideration.
3) LDAP Replication Architecture
A requirements coverage matrix has been
posted to the WG mailing list.
This posting indicates that the architecture model document lags other
WG documents somewhat and needs to be revised. Some requirements are defined
in the requirements document that the architecture document doesn't address.
Requirements related to state-based systems are not covered. Log-based
replication requirements are not adequately addressed.
It was pointed out by Ed Reed that this
requirements coverage matrix
will also help to identify holes in information model document.
4) LDUP Replication Information Model
A new revision was submitted shortly
before the IETF meeting deadline.
No comments on this document revision had been posted to the list as of
the WG meeting date. Slides were presented covering the changes made to
the document. These slides have been posted to the WG mailing list.
5) LDAP Subentry Schema
Discussion via e-mail between the
document editors and Kurt Zeilenga have led to
WG consensus that the original proposal in this document should not be used. An
individual alternative was published by Kurt Zeilenga. The document will be
considered by the WG as a proposal on the list. The X.500 committee has agreed
to consider changes to the X.500 subentry specification to foster compatibility
between LDAP and X.500 provided that we publish rationale and requirements for
their consideration. There was some discussion about adoption of the individual
proposal from Kurt Zeilenga as a WG deliverable that would replace the existing
WG deliverable. This discussion was deferred until such time as the next WG Charter
revision proposal is posted to the WG mailing list.
6) The LDUP Replication Update Protocol
A revision was submitted shortly before
the IETF meeting deadline. Several
changes were made since the -02 version. These changes are documented in slides
that were posted to the WG mailing list. It is likely that this document will
need to be revised at least once more prior to considering WG Last Call.
7) General Usage Profile for LDAPv3 Replication
The document editors were unable to
attend the WG meeting but submitted a
slide to the Co-Chairs for presentation at the meeting. This slide was posted
to the mailing list. It is likely that this document will need to be revised
again after several other WG documents have been revised.
8) LDAP Client Update Protocol
Based on mailing list discussion, this
document is close to being ready for WG Last Call.
The changes made to the document since the -01 revision are included in the document.
There is one major issue that requires more mailing list discussion. The issue is
whether or not a discovery mechanism enabling client/server implementations to
determine what cookie schemes are supported may be overkill. There was some general
agreement in the room that this might indeed be overkill and that it should be discussed
on the WG mailing list. Once this issue is resolved by the WG, the document should be
ready for WG Last Call.
9) Profile for Framing LDAPv3 Operations
There was discussion about the
possibility of relaxing the framing constraints
on LDAPv3 operations in the context of LDUP. Appropriate text from this document
should be included in a revised grouping document. The Co-Chair requested
that this topic be aired on the list a bit more as there were concerns
about having a WG document subsumed by a non-WG document without adopting the
subsequent document as a WG deliverable. This topic will be discussed further
once a post-Salt Lake City WG charter proposal is posted to the list.
10) Mandatory LDAP Replica Management
This document was published by the
editors as a very rough draft. The Co-Chairs
encouraged members of the WG to review this document with this in mind.
Kurt Zeilenga asked if the word
mandatory in the title carried its traditional
weight as it does when included in requirements language in the body of a document.
The general answer given by the Co-Chairs was "not quite" but agreed that the
WG should consider an alternate title for the document to clear up confusion if
it indeed shouldn't carry its traditional weight.
11) LDAPv3 Access Control - Options to Consider
a) Adding it to LDUP?
b) Forming a WG Solely to Address Access Control for LDAPv3?
c) Handling the Access Control problem by (potentially competing)
d) Do nothing and let the work go on outside of the IETF?
e) Other options?
Discussion about this topic indicates that it is generally accepted that LDUP will not have
successfully concluded if it publishes deliverables which do not support and actively address
interoperable, secure replication of information between LDAP servers. Room belief is that it
belongs in a WG.The pending conclusion of the LDAPEXT WG prior to completion of the LDAP Access
Control Model work creates an issue that the LDUP WG needs to resolve. When the questions above
were posed to the WG members in attendance, they clearly expressed a belief that a general LDAP
Access Control model should not become an LDUP deliverable. However, there was also a strong
belief among those in attendance that such work does belong in a working group.
After much discussion of possible paths to successful WG conclusion, it was proposed that
concensus on an access control model
applicable only within the context of LDUP
specifications might be achieved by using X.500 basic or a profile thereof - or some
even simpler proposal.
An Engineering Team needs to be convened to draft a list of the minimally required factors
needed in an access control model for LDUP.
It was pointed out by Kurt Zeilenga that identity to authentication credential mapping will
have to be addressed by any access control model for LDUP implementations to use it
12) Broader WG Charter Discussion
The most recent WG Charter proposal
posted to the WG mailing list will be revised to
remove present wording related to LDUP adoption of the LDAPEXT Access Control Model work.
This charter content and associated deliverables will be replaced with content consistent
with the discussion that took place during the WG meeting.
BEGIN:VCARD VERSION:2.1 N:Apple;Christopher FN:Chris Apple (christopher.apple@xxxxxxxxxxx) TEL;HOME;VOICE:(215) 873-0850 TEL;CELL;VOICE:(610) 585-4241 ADR;WORK:;;214 New Street, Apt 4-N;Philadelphia;PA;19106;United States of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:214 New Street, Apt 4-N=0D=0APhiladelphia, PA 19106=0D=0AUnited States of Am= erica EMAIL;PREF;INTERNET:christopher.apple@xxxxxxxxxxx REV:20011217T233830Z END:VCARD