Internet Engineering Task Force Y. Chen Internet Draft J. Xie Intended status: Experimental Z. Li Expires: February 24, 2021 Z. Fan China Academy of Information and Communications Technology August 17, 2020 Extensible Provisioning Protocol (EPP) Industrial Internet Identifier Mapping draft-chen-epp-identifier-mapping-03 Abstract This document describes an Extensible Provisioning Protocol (EPP)mapping for the provisioning and management of Industrial Internet Identifiers. Specified in XML, the mapping defines EPP command syntax and semantics as applied to identifiers. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on February 24, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Chen, et al. Expires February 17,2021 [Page 1] Internet-Draft EPP Identifier Mapping August 17,2020 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Chen, et al. Expires February 17,2021 [Page 2] Internet-Draft EPP Identifier Mapping August 17,2020 Table of Contents 1. Introduction ................................................... 4 1.1. Conventions Used in This Document ......................... 4 1.2. Scope of Experimentation ................................ 4 2. Object Attributes .............................................. 4 2.1. Industrial Internet Identifier Object ..................... 5 2.2. Client Identifiers ........................................ 5 2.3. Status Values ............................................. 5 2.4. Dates and Times.............................................7 2.5. IP Addresses ...............................................7 3. EPP Command Mapping ............................................ 7 3.1. EPP Query Commands ........................................ 7 3.1.1. EPP Command ................................ 8 3.1.2. EPP Command ................................ 10 3.1.3. EPP Query Command ........................ 14 3.2. EPP Transform Commands .................................. 14 3.2.1. EPP Command .............................. 15 3.2.2. EPP Command .............................. 19 3.2.3. EPP Command .............................. 20 3.2.4. EPP Command ............................ 20 3.2.5. EPP Command ............................. 20 4. Formal Syntax ................................................. 25 5. Internationalization Considerations ........................... 33 6. Security Considerations ..................................... 34 7. IANA Considerations ........................................... 34 8. Acknowledgments ................................................35 9. References .....................................................35 9.1. Normative References ................................... 35 9.2. Informative References ................................. 36 Chen, et al. Expires February 17,2021 [Page 3] Internet-Draft EPP Identifier Mapping August 17,2020 1. Introduction Industrial Internet Identifiers are character strings with a specified format that may consist of digits, letters or notations being structured in a way that is interpretable by one or more computational facilities. This document describes an Industrial Internet Identifier mapping for version 1.0 of the Extensible Provisioning Protocol (EPP). This mapping is specified using the Extensible Markup Language (XML)1.0 as described in [W3C.REC-xml-20040204] and XML Schema notation as described in [W3C.REC-xmlschema-1-20041028] and [W3C.REC-xmlschema- 2-20041028]. [RFC5730]provides a complete description of EPP command and response structures. A thorough understanding of the base protocol specification is necessary to understand the mapping described in this document. XML is case sensitive. Unless stated otherwise, XML specifications and examples provided in this document MUST be interpreted in the character case presented to develop a conforming implementation. 1.1. Conventions Used in This Document In examples, "C:" represents lines sent by a protocol client and "S:" represents lines returned by a protocol server. Indentation and white space in examples are provided only to illustrate element relationships and are not a REQUIRED feature of this protocol. 1.2. Scope of Experimentation This document describes an experimental extension to EPP protocol. This section specifies scope of this experiment and how it can yield useful information. This EPP extension is designed to manage the registration, modification and resolution of digital objects, handles, OID, for example throughout the Industrial Internet. According to the definition of EPP, this extension is an XML text protocol that permits multiple service providers to perform object-provisioning operations using a shared central object repository. It is designed for use in a layered protocol environment. Bindings to specific transport and security protocols are outside the scope of this specification. Chen, et al. Expires February 17,2021 [Page 4] Internet-Draft EPP Identifier Mapping August 17,2020 Given the above points, the experiment can be run on the open Internet between consenting client and server implementations. 2. Object Attributes An EPP identifier object has attributes and associated values that can be viewed and modified by the sponsoring client or the server. This section describes each attribute type in detail. The formal syntax for the attribute values described here can be found in the "Formal Syntax" section of this document and in the appropriate normative references. 2.1. Industrial Internet Identifier Object Industrial Internet Identifiers are character strings with a specified format that may consist of digits, letters or notations being structured in a way that is interpretable by one or more computational facilities. It is an unique persistent set of bits used to identify and obtain state information about physical resource such as machines, products, or digital resources such as algorithms, manufacturing process, etc. This document provides an overview of the EPP mapping of Industrial Internet Identification. Handle mapping is specified as an example, while description in this document applies to other identification techniques as well. The syntax for handle namespace described in this document MUST conform to [RFC3650], [RFC3651], [RFC3652]. Handle identifiers are character strings with a specified length and a specified format. All handle identifiers are of the form prefix/suffix where, by default, the prefix may first be resolved to locate the specific identifier service and the suffix may be any bit sequence. Epp mapping on the prefix examples are provided in this document while it MAY also apply to handle identifiers with suffix. These conformance requirements might change in the future as a result of progressing work in developing standards for internationalized digital object identification. 2.2. Client Identifiers All EPP clients are identified by a server-unique identifier. Client identifiers conform to the "clIDType" syntax described in [RFC5730]. 2.3. Status Values An EPP identifier object MUST always have at least one associated status value. Status values MAY be set only by the client that sponsors an identifier object and by the server on which the object Chen, et al. Expires February 17,2021 [Page 5] Internet-Draft EPP Identifier Mapping August 17,2020 resides. A client can change the status of object using the EPP command. Each status value MAY be accompanied by a string of human-readable text that describes the rationale for the status applied to the object. A client MUST NOT alter status values set by the server. A server MAY alter or override status values set by a client, subject to local server policies. The status of an object MAY change as a result of either a client-initiated transform command or an action performed by a server operator. Status values that can be added or removed by a client are prefixed with "client". Corresponding status values that can be added or removed by a server are prefixed with "server". Status values that do not begin with either "client" or "server" are server-managed. Status Value Descriptions: - clientDeleteProhibited, serverDeleteProhibited Requests to delete the object MUST be rejected. - clientUpdateProhibited, serverUpdateProhibited Requests to update the object (other than to remove this status) MUST be rejected. - linked The identifier object has at least one active association with another object. Servers SHOULD provide services to determine existing object associations. - ok This is the normal status value for an object that has no pending operations or prohibitions. This value is set and removed by the server as other status values are added or removed. - pendingCreate, pendingDelete, pendingTransfer, pendingUpdate A transform command has been processed for the object, but the action has not been completed by the server. Server operators can delay action completion for a variety of reasons, such as to allow for human review or third-party action. A transform command that is processed, but whose requested action is pending, is noted with response code 1001. When the requested action has been completed, the pendingCreate, pendingDelete, pendingTransfer, or pendingUpdate status value MUST be removed. All clients involved in the transaction MUST be Chen, et al. Expires February 17,2021 [Page 6] Internet-Draft EPP Identifier Mapping August 17,2020 notified using a service message that the action has been completed and that the status of the object has changed. "ok" status MAY only be combined with "linked" status. "linked" status MAY be combined with any status. "pendingDelete" status MUST NOT be combined with either "clientDeleteProhibited" or "serverDeleteProhibited" status. "pendingUpdate" status MUST NOT be combined with either "clientUpdateProhibited" or "serverUpdateProhibited" status. The pendingCreate, pendingDelete, pendingTransfer, and pendingUpdate status values MUST NOT be combined with each other. Other status combinations not expressly prohibited MAY be used. 2.4. Dates and Times Date and time attribute values MUST be represented in Universal Coordinated Time (UTC) using the Gregorian calendar. The extended date-time form using upper case "T" and "Z" characters defined in [W3C.REC-xmlschema-2-20041028] MUST be used to represent date-time values, as XML Schema does not support truncated date-time forms or lower case "T" and "Z" characters. 2.5. IP Addresses The syntax for IPv4 addresses described in this document MUST conform To[RFC5730]. The syntax for IPv6 addresses described in this document MUST conform to [RFC4291]. Practical considerations for publishing IPv6 address information in zone files are documented in [RFC2874] and [RFC3596]. A server MAY reject IP addresses that have not been allocated for public use by IANA. 3. EPP Command Mapping A detailed description of the EPP syntax and semantics is specified in [RFC5730]. The command mappings described here are specifically for use in provisioning and managing Industrial Internet identifiers via EPP. 3.1. EPP Query Commands EPP provides two commands to retrieve object information: to determine if an EPP object can be provisioned within a repository, Chen, et al. Expires February 17,2021 [Page 7] Internet-Draft EPP Identifier Mapping August 17,2020 and to retrieve detailed information associated with an EPP object. 3.1.1. EPP Command The EPP command is used to determine if an object can be provisioned within a repository. It provides a hint that allows a client to anticipate the success or failure of provisioning an object using the command, as object-provisioning requirements are ultimately a matter of server policy. In addition to the standard EPP command elements, the command MUST contain an element that recognizes the identifier namespace. The element contains the following child elements: o One or more elements that contain the fully qualified names of the identifier objects to be queried. example command: C: C: C: C: C: C: 88.1000.1 C: 88.1000.2 C: C: C: ABC-12345 C: C: When a command has been processed successfully, a server MUST respond with an EPP element that MUST contain a child element that identifies the identifier object namespace. The child elements of the element are identifier-specific, though the EPP element MUST contain a child element that contains one or more (check data) elements. Each element contains the following child elements: Chen, et al. Expires February 17,2021 [Page 8] Internet-Draft EPP Identifier Mapping August 17,2020 o An identifier-specific element that identifies the queried identifier. This element MUST contain an "avail" attribute whose value indicates object availability (can it be provisioned or not) at the moment the command was completed. A value of "1" or "true" means that the identifier can be provisioned. A value of "0" or "false" means that the identifier cannot be provisioned. o An element that is provided when an identifier cannot be provisioned. This element contains server- specific text to help explain why the identifier cannot be provisioned. This text MUST be represented in the response language previously negotiated with the client; an OPTIONAL "lang" attribute MAY be present to identify the language if the negotiated value is something other than the default value of "en" (English). Example response: S: S: S: S: S: Command completed successfully S: S: S: S: S: 88.1000.1 S: S: The identifier already exists S: S: S: S: 88.1000.1 S: S: S: S: S: S: ABC-12345 S: 54321-XYZ Chen, et al. Expires February 17,2021 [Page 9] Internet-Draft EPP Identifier Mapping August 17,2020 S: S: S: An EPP error response MUST be returned if a command cannotbe processed for any reason. 3.1.2. EPP Command The EPP command is used to retrieve information associated with an Industrial Internet Identifier object. In addition to the standard EPP command elements, the command MUST contain an element that identifies the identifier namespace. The element contains one child element: An element that contains the fully qualified name of the identifier object for which information is requested. Example command: C: C: C: C: C: C: 88.1000.1 C: C: C: ABC-12345 C: C: When an command has been processed successfully, the EPP element MUST contain a child element that identifies the identifier namespace. The element contains the following child elements: o An element that contains the fully qualified name of the identifier object to be created. The identifier name with a minimum length of 1 byte and a maximum length of 255 bytes SHOULD be unique and SHOULD NOT be reused. Chen, et al. Expires February 17,2021 [Page 10] Internet-Draft EPP Identifier Mapping August 17,2020 o An element that specifies type of identification technique of the identifier object. Handle is taken as an example in this document. o Zero or more OPTIONAL elements that contain contact information of the enterprise that applies for the identifier to be queried. o Zero or more OPTIONAL elements that contain the URL associated with the identifier object to be queried. o An element that contains one or more elements that specify administrator information of the identifier object. Identifier administrators are entitled to create identifier or sub-naming authorities under the handle prefix according to the permission defined by its sub-element. Each element includes the following child elements: An element that provides the reference to the authentication key that can be used to authenticate the administrator. An element that contains the authentication key of the administrator and information of the type of the technique used to authenticate administrator. The public key is processed with base64 encoding schemes. Three types of algorithms are recommended to authenticate the identifier administrator: Digital Signature Algorithm (DSA) public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key cryptography, or the password-based authentication mechanism. The Digital Signature Algorithm (DSA) is a typical kind of cryptographic algorithm to generate pairs of keys used in public-key system: public keys which may be stored in the server, and private keys which are known only to the client. The RSA is one of the first public-key cryptosystems and is another kind of cryptographic algorithm used for secure data transmission. The password is a word or string of characters used for user authentication to prove identity of the administrator. An element MAY contain zero or more elements that specify information about the administration authority of the administrator. A set of administration functions that include adding, deleting, and modifying identifier or identifier values are supported by the identifier service. Before fulfilling any administration request, Chen, et al. Expires February 17,2021 [Page 11] Internet-Draft EPP Identifier Mapping August 17,2020 the server must authenticate the client as the identifier administrator that is authorized for the administrative operation. List of all the permissions see the "Formal Syntax" section of this document. o An element that contains one or more elements that provide information to locate the site to implement provisions and resolution of the identifier. In this section, the element defines a handle service site by identifying the server computers that comprise the site along with their service configurations (e.g., port numbers). Each contains the following child elements: An element that indicates the specific index of a site. An element that indicates handle protocol version used to create the handle identifier. One or more elements that contain the following elements: An element defines the number of servers in the service site. One or more elements that describe IP address of the identifier service. Each element MAY contain an "ip" attribute to identify the IP address format. Attribute value "v4" is used to note IPv4 address format. Attribute value "v6" is used to note IPv6 address format. If the "ip" attribute is not specified,"v4" is the default attribute value. An element that contains the server's public key with a "type" attribute that specifies algorithms used to generate the public key. Public key in the can be used to authenticate any service response from the handle server. One or more elements that have three child elements: an element that indicates whether the service is for query or for administration, an element that specifies transmission protocol, where UDP and HTTP could be considered as alternative protocols, and the element that represents service port of specific the service component. Example response: Chen, et al. Expires February 17,2021 [Page 12] Internet-Draft EPP Identifier Mapping August 17,2020 S: S: S: S: S: Command completed successfully S: S: S: S: 88.1000.1 S: handle S: S: jd1234 S: www.caict.ac.cn S: S: S: 100 S: S: AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf S: wYFTfB05hhLDC1... S: S: add_handle S: S: delete_handle S: S: add_value S: S: modify_admin S: S: remove_admin S: S: S: S: S: S: S: 500 S: 2.10 S: S: S: 1 S: 192.0.2.2 S: S: 1080:0:0:0:8:800:200C:417A S: Chen, et al. Expires February 17,2021 [Page 13] Internet-Draft EPP Identifier Mapping August 17,2020 S: S: AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03QfwY S: FTfB05hhLDC1... S: S: query S: S: tcp S: 2641 S: S: S: S: S: S: S: S: ABC-12345 S: 54322-XYZ S: S: S: An EPP error response MUST be returned if an command cannot be processed for any reason. 3.1.3. EPP Query Command Transfer semantics do not directly apply to identifier objects, so there is no mapping defined for the EPP query command. 3.2. EPP Transform Commands EPP provides three commands to transform identifier objects: to create an instance of an identifier object, to delete an instance of an identifier object, and to change information associated with an identifier object. This document does not define identifier-object mappings for the EPP and commands. Transform commands are typically processed and completed in real time. Server operators MAY receive and process transform commands but defer completing the requested action if human or third-party review is required before the requested action can be completed. In such situations, the server MUST return a 1001 response code to the client to note that the command has been received and processed but that the requested action is pending. The server MUST also manage the status of the object that is the subject of the command to reflect the initiation and completion of the requested action. Once the action has been completed; all clients involved in the transaction MUST be notified using a service message that the action has been completed and that the status of the object has changed. Chen, et al. Expires February 17,2021 [Page 14] Internet-Draft EPP Identifier Mapping August 17,2020 Other notification methods MAY be used in addition to the required service message. Server operators SHOULD confirm that a client is authorized to perform a transform command on a given object. Any attempt to transform an object by an unauthorized client MUST be rejected, and the server MUST return a 2201 response code to the client to note that the client lacks privileges to execute the requested command. 3.2.1. EPP Command The EPP command provides an operation that allows a client to create an identifier object. In addition to the standard EPP command elements, the command MUST contain an element that identifies the identifier to be created. The element contains the following child elements: o An element that contains the fully qualified name of the identifier object to be created. The identifier name with a minimum length of 1 byte and a maximum length of 255 bytes SHOULD be unique and SHOULD NOT be reused. o An element that specifies type of identification technique of the identifier object. Handle is taken as an example in this document. o Zero or more OPTIONAL elements that contain contact information of the enterprise that applies for the identifier to be created. o Zero or more OPTIONAL elements that contain the URL associated with the identifier object to be created. o An element that contains one or more elements that specify administrator information of the identifier object. Identifier administrators are entitled to administrate or resolve identifier or identifier values according to the permission defined by its sub-element. Each element includes the following child elements: An element that provides the reference to the authentication key that can be used to authenticate the administrator. An element that contains the authentication key of the administrator and information of the type of the technique used to authenticate administrator. The public key is processed with base64 encoding schemes. Chen, et al. Expires February 17,2021 [Page 15] Internet-Draft EPP Identifier Mapping August 17,2020 Three types of algorithms are recommended to authenticate the identifier administrator: Digital Signature Algorithm (DSA) public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key cryptography, or the password-based authentication mechanism. The Digital Signature Algorithm (DSA) is a typical kind of cryptographic algorithm to generate pairs of keys used in public- key system: public keys which may be stored in the server, and private keys which are known only to the client. The RSA is one of the first public-key cryptosystems and is another kind of cryptographic algorithm used for secure data transmission. The password is a word or string of characters used for user authentication to prove identity of the administrator. An element MAY contain zero or more elements that specify information about the administration authority of the administrator. A set of administration functions that include adding, deleting, and modifying identifier or identifier values are supported by the identifier service. Before fulfilling any administration request, the server must authenticate the client as the identifier administrator that is authorized for the administrative operation. List of all the permissions see the "Formal Syntax" section of this document. o An element that contains one or more elements that provide information to locate the site to implement provisions and resolution of the identifier. In this section, the element defines a handle service site by identifying the server computers that comprise the site along with their service configurations (e.g., port numbers). Each contains the following child elements: An element that indicates the specific index of a site. An element that indicates handle protocol version used to create the handle identifier. One or more elements that contain the following elements: An element defines the number of servers in the service site. One or more elements that describe IP address of the identifier service. Each element MAY contain an "ip" attribute to identify the IP address format. Chen, et al. Expires February 17,2021 [Page 16] Internet-Draft EPP Identifier Mapping August 17,2020 Attribute value "v4" is used to note IPv4 address format. Attribute value "v6" is used to note IPv6 address format. If the "ip" attribute is not specified,"v4" is the default attribute value. An element that contains the server's public key with a "type" attribute that specifies algorithms used to generate the public key. Public key in the can be used to authenticate any service response from the handle server. One or more elements that have three child elements: an element that indicates whether the service is for query or for administration, an element that specifies transmission protocol, where UDP and HTTP could be considered as alternative protocols, and the element that represents service port of specific the service component. Example command: C: C: C: C: C: C: 88.1000.1 C: handle C: jd1234 C: www.caict.ac.cn C: C: C: 100 C: C: AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4 C: e175lVnv03QfwYFTfB05hhLDC1... C: C: add_handle C: C: delete_handle C: C: add_value Chen, et al. Expires February 17,2021 [Page 17] Internet-Draft EPP Identifier Mapping August 17,2020 C: C: modify_admin C: C: remove_admin C: C: C: C: C: C: C: 500 C: 2.10 C: C: C: 1 C: 192.0.2.2 C: 1080:0:0:0:8:800:200C:417A C: C: C: AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e C: 175lVnv03QfwYFTfB05hhLDC1... C: C: query C: C: tcp C: 2641 C: C: C: C: C: C: C: ABC-12345 C: C: When a command has been processed successfully, the EPP element MUST contain a child element that identifies the result of processing. Example response: S: S: S: Chen, et al. Expires February 17,2021 [Page 18] Internet-Draft EPP Identifier Mapping August 17,2020 S: S: Command completed successfully S: S: S: ABC-12345 S: 54321-XYZ S: S: S: An EPP error response MUST be returned if a command cannot be processed for any reason. 3.2.2. EPP Command The EPP command provides an operation that allows a client to delete an identifier object. In addition to the standard EPP command elements, the command MUST contain an element that specifies the identifier namespace. The element contains the following child element: o An element that contains the fully qualified name of the identifier object to be deleted. Example command: C: C: C: C: C: C: 88.1000.1 C: C: C: ABC-12345 C: C: When a command has been processed successfully, a server MUST respond with an EPP response with no element. Chen, et al. Expires February 17,2021 [Page 19] Internet-Draft EPP Identifier Mapping August 17,2020 Example response S: S: S: S: S: Command completed successfully S: S: S: ABC-12345 S: 54321-XYZ S: S: S: An EPP error response MUST be returned if a command cannot be processed for any reason. 3.2.3. EPP Command Renewal semantics do not apply to identifier objects, so there is no identifier mapping defined for the EPP command. 3.2.4. EPP Command Transfer semantics do not directly apply to identifier objects, so there is no mapping defined for the EPP command. 3.2.5. EPP Command The EPP command provides an operation that allows a client to modify the attributes of an identifier. In addition to the standard EPP command elements, the command MUST contain an element that identifies the identifier object and attributes to be updated. The element contains the following child elements: o An element that contains the fully qualified name of the identifier object to be updated. o An OPTIONAL element that contains attribute values to be added to the identifier object. o An OPTIONAL element that contains attribute values to be removed from the object. It has the following child elements: An OPTIONAL element that contains contact information that is to be removed from the identifier. Chen, et al. Expires February 17,2021 [Page 20] Internet-Draft EPP Identifier Mapping August 17,2020 An optional element that contains the URL to be removed. An OPTIONAL element that specifies the index of the identifier administrator to be deleted. An OPTIONAL element that contains information about index of the site to be removed from the identifier object. At least one child element of MUST be provided if the element is present. o An OPTIONAL element that contains object attribute values to be changed. The name of an identifier MUST NOT be changed, due to impacts on associated identifier objects. At least one , , or element MUST be provided if the command is not being extended. All of these elements MAY be omitted if an extension is present. The and elements share two common child elements: and the element. The element has two additional child elements: and other than the common element. Whereas the has an additional element that specifies status of the identifier object. Description of the common child elements of and goes as follows: - An element that specifies administrator information of the identifier object. Identifier administrators are entitled to administrate or resolve identifier or identifier values according to the permission defined by its sub-element. An element includes the following child elements: An element that provides the reference to the authentication key that can be used to authenticate the administrator. An element that contains the authentication key of the administrator and information of the type of the technique used to authenticate administrator. The public key is processed with base64 encoding schemes. Three types of algorithms are recommended to authenticate the identifier administrator: Digital Signature Algorithm (DSA) public-key cryptography, Rivest-Shamir-Adleman(RSA) public-key cryptography, or the password-based authentication mechanism. An element MAY contain zero or more elements that specify information about Chen, et al. Expires February 17,2021 [Page 21] Internet-Draft EPP Identifier Mapping August 17,2020 the administration authority of the administrator. A set of administration functions that include adding, deleting, and modifying identifier or identifier values are supported by the identifier service. Before fulfilling any administration request, the server must authenticate the client as the identifier administrator that is authorized for the administrative operation. Lists of all the permissions see the "Formal Syntax" section of this document. - An element that provides information to locate the site to implement provisions and resolution of the identifier.The element defines a handle service site by identifying the server computers that comprise the site along with their service configurations (e.g., port numbers).It contains the following child elements: An element that indicates the specific index of a site that is added or modified. An element that indicates handle protocol version used to create the handle identifier. One or more elements that contain the following elements: An element defines the number of servers in the service site. One or more elements that describe IP address of the identifier service. Each element MAY contain an "ip" attribute to identify the IP address format. Attribute value "v4" is used to note IPv4 address format. Attribute value "v6" is used to note IPv6 address format. If the "ip" attribute is not specified,"v4" is the default attribute value. An element that contains the server's public key with a "type" attribute that specifies algorithms used to generate the public key. Public key in the can be used to authenticate any service response from the handle server. One or more elements that have three child elements: an element that indicates whether the service is for query or for administration, an element that specifies transmission protocol, where UDP and HTTP could be considered as alternative protocols, and the element that represents service port of specific the service component. Example command: C: C: C: C: C: C: 88.1000.1 C: C: jd12345 C: www.abc.com C: C: 101 C: C: AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf C: wYFTfB05hhLDC1... C: C: add_handle C: C: delete_handle C: C: add_value C: C: modify_admin C: C: remove_admin C: C: C: C: C: 501 C: 2.10 C: C: C: 1 C: 192.0.2.2 C: 1080:0:0:0:8:800:200C:417A C: C: C: AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e C: 175lVnv03QfwYFTfB05hhLDC1... C: C: admin C: C: tcp Chen, et al. Expires February 17,2021 [Page 23] Internet-Draft EPP Identifier Mapping August 17,2020 C: 2641 C: C: C: C: C: C: jd12345 C: www.abc.com C: 101 C: 500 C: C: C: C: C: 102 C: C: AAAAB3NzaC1yc2EAAAADAQABAAABAQCprNl4N4e175lVnv03Qf C: wYFTfB05hhLDC1... C: C: add_handle C: C: delete_handle C: C: add_value C: C: C: C: C: 500 C: 2.10 C: C: C: 2 C: 192.0.2.2 C: 1080:0:0:0:8:800:200C:417A C: C: C: query C: C: tcp C: 2641 C: C: C: C: Chen, et al. Expires February 17,2021 [Page 24] Internet-Draft EPP Identifier Mapping August 17,2020 C: C: C: ABC-12345 C: C: When an command has been processed successfully, a server MUST respond with an EPP response with no element. Example response: S: S: S: S: S: Command completed successfully S: S: S: ABC-12345 S: 54321-XYZ S: S: S: An EPP error response MUST be returned if an command could not be processed for any reason. 4. Formal Syntax An EPP object mapping is specified in XML Schema notation. The formal syntax presented here is a complete schema representation of the object mapping suitable for automated validation of EPP XML instances. The BEGIN and END tags are not part of the schema; they are used to note the beginning and ending of the schema for URI registration purposes. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: o Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. o Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Chen, et al. Expires February 17,2021 [Page 25] Internet-Draft EPP Identifier Mapping August 17,2020 o Neither the name of Internet Society, IETF or IETF Trust, nor the names of specific contributors, may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. BEGIN Extensible Provisioning Protocol v1.0 identifier provisioning schema. Chen, et al. Expires February 17,2021 [Page 27] Internet-Draft EPP Identifier Mapping August 17,2020 Chen, et al. Expires February 17,2021 [Page 28] Internet-Draft EPP Identifier Mapping August 17,2020 Chen, et al. Expires February 17,2021 [Page 29] Internet-Draft EPP Identifier Mapping August 17,2020 Chen, et al. Expires February 17,2021 [Page 30] Internet-Draft EPP Identifier Mapping August 17,2020 END 5. Internationalization Considerations EPP is represented in XML, which provides native support for encoding information using the Unicode character set and its more compact representations including UTF-8. Conformant XML processors recognize both UTF-8 and UTF-16 [RFC2781]. Though XML includes Chen, et al. Expires February 17,2021 [Page 33] Internet-Draft EPP Identifier Mapping August 17,2020 provisions to identify and use other character encodings through use of an "encoding" attribute in an declaration, use of UTF-8 is RECOMMENDED in environments where parser encoding support incompatibility exists. All date-time values presented via EPP MUST be expressed in Universal Coordinated Time using the Gregorian calendar. XML Schema allows use of time zone identifiers to indicate offsets from the zero meridian, but this option MUST NOT be used with EPP. The extended date-time form using upper case "T" and "Z" characters defined in [W3C.REC-xmlschema-2-20041028] MUST be used to represent date-time values, as XML Schema does not support truncated date-time forms or lower case "T" and "Z" characters. The syntax for handle identifiers described in this document MUST conform to [RFC3650], [RFC3651], [RFC3652]. The conformance requirements might change as a result of progressing work in developing standards for internationalized identifier techniques. 6. Security Considerations Authorization information as described in Section 3.2 is REQUIRED to create an identifier object. This information is used in some query and transfer operations as an additional means of determining client authorization to perform the command. Failure to protect authorization information from inadvertent disclosure can result in unauthorized transfer operations and unauthorized information release. Both client and server MUST ensure that authorization information is stored and exchanged with high-grade encryption mechanisms to provide privacy services. The object mapping described in this document does not provide any other security services or introduce any additional considerations beyond those described by [RFC5730] or those caused by the protocol layers used by EPP. 7. IANA Considerations This document uses URNs to describe XML namespaces and XML schemas conforming to a registry mechanism described in [RFC3688]. Two URI assignments have been registered by the IANA. Registration request for the identifier namespace: URI: urn:ietf:params:xml:ns:identifier-1.0 Registrant Contact: See the "Author's Address" section of this document. XML: None. Namespace URIs do not represent an XML specification. Registration request for the identifier XML schema: Chen, et al. Expires February 17,2021 [Page 34] Internet-Draft EPP Identifier Mapping August 17,2020 URI: urn:ietf:params:xml:schema:identifier-1.0 Registrant Contact: See the "Author's Address" section of this document. XML: See the "Formal Syntax" section of this document. 8. Acknowledgments This document is based on an identifier application of EPP.Thus, the authors would like to thank J. Xie who suggested improvements and provided many invaluable comments. This document are individual submissions, based on the work done in RFC 5730. This document was prepared using 2-Word-v2.0.template.dot. 9. References 9.1. Normative References [W3C.REC-xml-20040204] Sperberg-McQueen, C., Maler, E., Yergeau, F., Paoli, J., and T. Bray, "Extensible Markup Language (XML) 1.0 (Third Edition)", World Wide Web Consortium FirstEdition REC-xml-20040204, February 2004, . [W3C.REC-xmlschema-1-20041028] Maloney, M., Thompson, H., Mendelsohn, N., and D. Beech, "XML Schema Part 1: Structures Second Edition", World Wide Web Consortium Recommendation REC-xmlschema-1-20041028, October 2004, . [W3C.REC-xmlschema-2-20041028] Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes Second Edition", World Wide Web Consortium Recommendation REC-xmlschema-2-20041028, October 2004, . [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", STD 69, RFC 5730, August 2009. [RFC3650] Sun, S. and L. Lannom, "Handle System Overview", November 2003. [RFC3651] Sun, S., Reilly, S. and L. Lannom, "Handle System Namespace and Service Definition", November 2003. [RFC3652] Sun, S., Reilly, S. and L. Lannom, "Handle System Protocol (ver 2.1) Specification", November 2003. Chen, et al. Expires February 17,2021 [Page 35] Internet-Draft EPP Identifier Mapping August 17,2020 9.2. Informative References [RFC1558] T. Howes, "A String Representation of LDAP Search Filters", RFC 1558, December 1993. [RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO 10646", RFC 2781, February 2000. [RFC2874] Crawford, M. and C. Huitema, "DNS Extensions to Support IPv6 Address Aggregation and Renumbering", RFC 2874, July 2000. [RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, "DNS Extensions to Support IP Version 6", RFC 3596, October 2003. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. Chen, et al. Expires February 17,2021 [Page 36] Internet-Draft EPP Identifier Mapping August 17,2020 Author's Address Yuying Chen CAICT No.52 Huayuan North Road, Haidian District Beijing, Beijing, 100191 China Phone: +86 188 1008 2358 Email: chenyuying@caict.ac.cn Jiagui Xie CAICT No.52 Huayuan North Road, Haidian District Beijing, Beijing, 100191 China Phone: +86 150 0138 5070 Email: xiejiagui@caict.ac.cn Zhiping Li CAICT No.52 Huayuan North Road, Haidian District Beijing, Beijing, 100191 China Phone: +86 185 1107 1386 Email: lizhiping@caict.ac.cn Zhipeng Fan CAICT No.52 Huayuan North Road, Haidian District Beijing, Beijing, 100191 China Phone: +86 159 1112 3285 Email: fanzhipeng@caict.ac.cn Chen, et al. Expires February 17,2021 [Page 37]