Uniform Resource Name (URN) Namespace Definition Mechanisms
draft-ietf-urnbis-rfc3406bis-urn-ns-reg-07

Abstract

This document supplements the Uniform Resource Name (URN) syntax specification by defining the concept of a URN namespace, as well as mechanisms for defining and registering such namespaces. This document obsoletes RFC 3406.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on May 17, 2014.

Copyright Notice

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

1. Introduction
2. Terminology
3. What is a URN Namespace?
4. URN Namespace Types
4.1. Formal Namespaces
4.2. Informal Namespaces
5. Defining a URN Namespace
5.1. Purpose
5.2. Syntax
5.3. Assignment
5.4. Security
5.5. Resolution
6. Registration Template
6.1. Namespace ID
6.2. Version
6.3. Date
6.4. Registrant
6.5. Purpose
6.6. Syntax
6.7. Assignment
6.8. Resolution
6.9. Documentation
7. Registering a URN Namespace
7.1. Formal Namespaces
7.2. Informal Namespaces
8. Guidelines for Designated Experts
9. IANA Considerations
10. Security Considerations
11. References
11.1. Normative References
11.2. Informative References
Appendix A. Changes from RFC 3406
Appendix B. Contributors
Appendix C. Acknowledgements
Author's Address

1. Introduction

A Uniform Resource Name (URN) [I-D.ietf-urnbis-rfc2141bis-urn] is a Uniform Resource Identifier (URI) [RFC3986] that is intended to serve as a persistent, location-independent resource identifier. This document supplements the Uniform Resource Name (URN) syntax specification [I-D.ietf-urnbis-rfc2141bis-urn] by defining:

The concept of a URN namespace.
A mechanism for defining a URN namespace and associating it with a public identifier (called a Namespace ID or "NID").
Procedures for registering NIDs with the Internet Assigned Numbers Authority (IANA).

Syntactically, the NID follows the 'urn' scheme name. For instance, a URN in the 'example' namespace [RFC6963] might be of the form "urn:example:foo".

This document rests on two key assumptions:

Assignment of a URN is a managed process.

A string that conforms to the URN syntax is not necessarily a valid URN, because a URN needs to be assigned according to the rules of a particular namespace (in terms of syntax, semantics, and process).
The space of URN namespaces is itself managed.

A string in the namespace identifier slot of the URN syntax is not necessarily a valid URN namespace identifier, because in order to be valid a namespace needs to be defined and registered in accordance with the rules of this document.

URN namespaces were originally defined in [RFC2611], which was obsoleted by [RFC3406]. Based on experience with defining and registering URN namespaces since that time, this document specifies URN namespaces with the smallest reasonable set of changes from [RFC3406], while at the same time simplifying the registration process. This document obsoletes RFC 3406.

2. Terminology

Several important terms used in this document are defined in the URN syntax specification [I-D.ietf-urnbis-rfc2141bis-urn].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

3. What is a URN Namespace?

A URN namespace is a collection of identifiers that are (1) unique, (2) assigned in a consistent way, and (3) assigned according to a common definition.

The "uniqueness" constraint means that an identifier within the namespace is never assigned to more than one resource and never reassigned to a different resource.
The "consistent assignment" constraint means that an identifier within the namespace is assigned by an organization or minted in accordance with a process or algorithm that is always followed.
The "common definition" constraint means that there are clear definitions for the syntax of identifiers within the namespace and the process of assigning or minting them.

A URN namespace is identified by a particular NID in order to ensure the global uniqueness of URNs and, optionally, to provide a cue regarding the structure of URNs assigned within a namespace.

With regard to global uniqueness, using different NIDs for different collections of identifiers ensures that no two URNs will be the same for different resources, since each collection is required to uniquely assign each identifier. However, a single resource can have more than one URN assigned to it for different purposes (e.g., some numbers might be valid identifiers in two different identifier systems, where the namespace identifier differentiates between the resulting URNs).

With regard to the structure of URNs assigned within a namespace, the development of an identifier structure (and thereby a collection of identifiers) depends on the requirements of the community defining the identifiers, how the identifiers will be assigned and used, etc. These issues are beyond the scope of URN syntax and the general rules for URN namespaces, because they are specific to the community defining a namespace (e.g., the bibliographic and publishing communities in the case of the 'ISBN' and 'ISSN' namespaces, or the developers of extensions to the Extensible Messaging and Presence Protocol in the case of the 'XMPP' namespace).

URN namespaces inherit certain rights and responsibilities, e.g.:

They uphold the general principles of a well-managed URN namespace by providing persistent identification of resources and unique assignment of identifier strings.
They can be registered in global registration services.

4. URN Namespace Types

There are two types of URN namespace: formal and informal. These are distinguished by the expected level of service, the information needed to define the namespace, and the procedures for registration. Because the majority of the namespaces registered so far have been formal, this document concentrates on formal namespaces.

Note: [RFC3406] defined a third type of "experimental namespaces", denoted by prefixing the namespace identifier with the string "X-". Consistent with [RFC6648], this specification removes the experimental category.

4.1. Formal Namespaces

A formal namespace provides benefit to some subset of users on the Internet (i.e., not limited to users in communities or networks not connected to the Internet). For example, it would be inappropriate for a NID to effectively force someone to use a proprietary network or service not open to the general Internet user. The intent is that, while the community of those who might actively use the names assigned within that NID might be small, the potential use of identifiers within that NID is open to any user on the Internet. Formal NIDs might be appropriate when some aspects are not fully open. For example, a namespace might make use of a fee-based, privately managed, or proprietary registry for assignment of URNs in the namespace. However, it might still benefit some Internet users if the associated services have openly-published access protocols.

An organization that will assign URNs within a formal namespace ought to meet the following criteria:

Organizational stability and the ability to maintain the URN namespace for a long time; absent such evidence, it ought to be clear how the namespace can remain viable if the organization can no longer maintain the namespace.
Competency in name assignment. This will improve the likelihood of persistence (e.g. to minimize the likelihood of conflicts).
Commitment to not reassigning existing names and to allowing old names to continue to be valid, even if the owners or assignees of those names are no longer members or customers of that organization. With regard to URN resolution [RFC2276], this does not mean that there needs to be resolution of such names, only that the names will not resolve to false or stale information.

A formal namespace establishes a particular NID, subject to the following constraints (above and beyond the syntax rules specified in [I-D.ietf-urnbis-rfc2141bis-urn]):

It MUST NOT be an already-registered NID.
It MUST NOT start with "urn-" (which is reserved for informal namespaces).
It MUST be more than two characters long.
It MUST NOT start with "XY-", where "XY" is any combination of two ASCII letters.

All two-letter combinations, and all two-letter combinations followed by "-" and any sequence of valid NID characters, are reserved for potential use as countrycode-based NIDs for eventual national registrations of URN namespaces. The definition and scoping of rules for allocation of responsibility for such countrycode-based namespaces is beyond the scope of this document.

4.2. Informal Namespaces

Informal namespaces are full-fledged URN namespaces, with all the associated rights and responsibilities. Informal namespaces differ from formal namespaces in the process for assigning a NID: IANA will assign an alphanumeric NID (e.g., "urn-7") to informal namespaces, with the following syntax:

    "urn-" <number>

The only restrictions on <number> are that it (1) consist strictly of ASCII digits and (2) not cause the NID to exceed the length limitations defined in the URN syntax specification [I-D.ietf-urnbis-rfc2141bis-urn].

5. Defining a URN Namespace

The definition of a formal namespace ought to pay particular attention to:

The purpose of the namespace.
The syntax of URNs assigned within the namespace.
The process for assigning URNs within the namespace.
The security implications of assigning and using the assigned URNs.
Optionally, the process for resolving URNs issued within the namepace.

The following sections explain these matters in greater detail. For convenience, a template for defining and registering a URN namespace is provided under Section 6. This information can be especially helpful to entities that wish to request assignment of a URN in a namespace and to entities that wish to provide URN resolution for a namespace.

5.1. Purpose

The "Purpose" section of the template describes matters such as:

The kinds of resources identified by URNs assigned within the namespace.
Why it is preferable to use URNs rather than some other technology (e.g., URIs) and why existing URN namespace (if any) are not a good fit.
The kinds of software applications that can use or resolve the assigned URNs (e.g., by differentiating among disparate namespaces, identifying resources in a persistent fashion, or meaningfully resolving and accessing services associated with the namespace).
The scope of the namespace (public vs. private, global vs. local to a particular organization, nation, or industry). For example, a namespace claiming to deal in "social security numbers" ought to have a global scope and address all social security number structures, whereas a URN scheme for a particular national system would need to handle only that nation's social security numbers.
How the intended community (and the Internet community at large) will benefit from using or resolving the assigned URNs.

5.2. Syntax

The "Syntax" section of the template describes:

A description of the structure of URNs within the namespace, in conformance with the fundamental URN syntax [I-D.ietf-urnbis-rfc2141bis-urn]. The structure might be described in terms of a formal definition (e.g., using Augmented BNF for Syntax Specifications (ABNF) as specified in [RFC5234]), an algorithm for generating conformant URNs, a regular expression for parsing the identifier into components, or by explaining that the structure is opaque.
Any special character encoding rules for assigned URNs (e.g., which character ought to always be used for single-quotes).
Rules for determining equivalence between two identifiers in the namespace. Such rules ought to always have the effect of eliminating false negatives that might otherwise result from comparison. If it is appropriate and helpful, reference can be made to the equivalence rules defined in the URI specification [RFC3986]. Examples of equivalence rules include equivalence between uppercase and lowercase characters in the Namespace Specific String, between hyphenated and non-hyphenated groupings in the identifier string, or between single-quotes and double-quotes. (Note that these are not normative statements for any kind of best practice related to handling of equivalences between characters in general; they are statements limited to this specific namespace only.)
Any special considerations necessary for conforming with the URN syntax. This is particularly applicable in the case of legacy naming systems that are used in the context of URNs. For example, if a namespace is used in contexts other than URNs, it might make use of characters that are reserved in the URN syntax. This section ought to note any such characters, and outline necessary mappings to conform to URN syntax. Normally, this will be handled by percent-encoding the character as specified in the URI specification [RFC3986].

5.3. Assignment

The "Assignment" section of the template describes matters such as:

Mechanisms or authorities for assigning URNs to resources. It ought to make clear whether assignment is completely open (e.g., following a particular algorithm), completely closed (e.g., for a private organization), or limited in various ways (e.g., delegated to authorities recognized by a particular organization); if limited, it ought to explain how to become an assigner of identifiers or how to request assignemtn of identifers from existing assignment authorities.
Methods for ensuring that URNs within the namespace are unique. For example, identifiers might be assigned sequentially or in accordance with some well-defined process by a single authority, assignment might be partitioned among delegated authorities that are individually responsible for respecting uniqueness rules, or URNs might be minted independently following an algorithm that itself guarantees uniqueness.
Methods for ensuring the longevity and maintainability of the namespace and URNs assigned with the namespace. Although non-reassignment of URNs ensures that a URN will persist in identifying a particular resource even after the "lifetime of the resource" or the assignment authority, some consideration ought to be given to the persistence of the usability of the URN. This is particularly important in the case of URN namespaces providing global resolution.

5.4. Security

The "Security" section of the template describes any potential security-related issues with regard to assignment, use, and resolution of identifiers within the namespace. Examples of such issues include the consequences of producing false negatives and false positives during comparison for equivalence (see also [RFC6943]), leakage of private information when identifiers are communicated on the public Internet, the potential for directory harvesting, and various issues discussed in the guidelines for security considerations in RFCs [RFC3552].

5.5. Resolution

The "Resolution" section specifies the rules for resolution of URNs assigned within the namespace. If such URNs are intended to be resolvable, the namespace needs to be registered in a Resolution Discovery System (RDS, see [RFC2276]) such as DDDS. Resolution then proceeds according to standard URI resolution processes, as well as the mechanisms of the RDS. This section ought to lists the requirements for becoming a recognized resolver of URNs in the relevant namespace (and being so listed in the RDS registry). Answers might include, but are not limited to:

The namespace is not listed with an RDS; therefore this section is not applicable.
Resolution mirroring is completely open, with a mechanism for updating an appropriate RDS.
Resolution is controlled by entities to which assignment has been delegated.

6. Registration Template

6.1. Namespace ID

Requested of IANA (formal) or assigned by IANA (informal).

6.2. Version

The version of the registration, starting with 1 and incrementing by 1 with each new version.

6.3. Date

The date when the registration is requested of IANA, using the format YYYY-MM-DD.

6.4. Registrant

The person or organization that has registered the NID, including the following information:

The name and address of the registering organization.
The name and contact information (email, phone number, and/or postal address) of the designated contact person.

6.5. Purpose

Described under Section 5.1 of this document.

6.6. Syntax

Described under Section 5.2 of this document.

6.7. Assignment

Described under Section 5.3 of this document.

6.8. Resolution

Described under Section 5.5 of this document.

6.9. Documentation

Any Internet-Draft, RFC, specification, or other published document that defines or explains the namespace.

7. Registering a URN Namespace

7.1. Formal Namespaces

The registration policy for formal namespaces is Expert Review as defined in the "IANA Considerations" document [RFC5226]. The key steps for registration of a formal namespace are:

Fill out the namespace registration template (see Section 6). This can be done as part of an Internet-Draft or a specification in another series, although that is not necessary.
Send the completed template to the urn-nid@ietf.org discussion list for technical review.
If necessary to address comments received, repeat steps 1 and 2.
If the designated experts approve the request, the IANA will register the requested NID.

A formal namespace registration can be revised by updating the registration template, following the same steps outlined above for new registrations.

7.2. Informal Namespaces

The registration policy for informal namespaces is First Come First Served [RFC5226]. The key steps for registration of an informal namespace are:

Write a completed namespace definition template (see Section 6).
Send it to the urn-nid@ietf.org discussion list for feedback.
Once the review period has expired, send the final template to IANA (via the iana@iana.org email address).

An informal namespace registration can be revised by updating the registration template, following the same steps outlined above for new registrations.

8. Guidelines for Designated Experts

Experience to date with NID registration requests has shown that registrants sometimes do not initially understand some of the subtleties of URN namespaces, and that defining the namespace in the form of a specification enables the registrants to clearly formulate their "contract" with the intended user community. Therefore, although the registration policy for formal namespaces is Expert Review and a specification is not required, the designated experts for NID registration requests are encouraged to prefer that a specification exist documenting the namespace definition.

9. IANA Considerations

This document outlines the processes for registering URN namespaces, and has implications for the IANA in terms of registries to be maintained. In all cases, the IANA ought to assign the appropriate NID (formal or informal) once the procedures outlined in this document have been completed.

10. Security Considerations

This document largely focuses on providing mechanisms for the declaration of public information. Nominally, these declarations will be of relatively low security profile, however there is always the danger of "spoofing" and providing misinformation. Information in these declarations ought to be taken as advisory.

The definition of a URN namespace needs to account for potential security issues related to assignment, use, and resolution of identifiers within the namespace.

11. References

11.1. Normative References

[I-D.ietf-urnbis-rfc2141bis-urn]	Saint-Andre, P., "Uniform Resource Name (URN) Syntax", Internet-Draft draft-ietf-urnbis-rfc2141bis-urn-06, August 2013.
[RFC2119]	Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3986]	Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.
[RFC5226]	Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

11.2. Informative References

[RFC2276]	Sollins, K., "Architectural Principles of Uniform Resource Name Resolution", RFC 2276, January 1998.
[RFC2611]	Daigle, L., van Gulik, D., Iannella, R. and P. Faltstrom, "URN Namespace Definition Mechanisms", BCP 33, RFC 2611, June 1999.
[RFC3406]	Daigle, L., van Gulik, D., Iannella, R. and P. Faltstrom, "Uniform Resource Names (URN) Namespace Definition Mechanisms", BCP 66, RFC 3406, October 2002.
[RFC3552]	Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003.
[RFC5234]	Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC6648]	Saint-Andre, P., Crocker, D. and M. Nottingham, "Deprecating the "X-" Prefix and Similar Constructs in Application Protocols", BCP 178, RFC 6648, June 2012.
[RFC6943]	Thaler, D., "Issues in Identifier Comparison for Security Purposes", RFC 6943, May 2013.
[RFC6963]	Saint-Andre, P., "A Uniform Resource Name (URN) Namespace for Examples", BCP 183, RFC 6963, May 2013.

Appendix A. Changes from RFC 3406

This document makes the following substantive changes from [RFC3406]:

Relaxes the registration policy for formal namespaces from "IETF Review" to "Expert Review" [RFC5226].
Removes the category of experimental namespaces, consistent with [RFC6648].
Simplifies the registration template.

In addition, some of the text has been updated to be consistent with the definition of Uniform Resource Identifiers (URIs) [RFC3986] and the processes for registering information with the IANA [RFC5226], as well as more modern guidance with regard to security issues [RFC3552] and identifier comparison [RFC6943].

Appendix B. Contributors

RFC 3406, which provided the basis for this document, was authored by Leslie Daigle, Dirk-Willem van Gulik, Renato Iannella, and Patrik Faltstrom. Their work is gratefully acknowledged.

Appendix C. Acknowledgements

Thanks to Marc Blanchet, Juha Hakala, John Klensin, and Barry Leiba for their input.

Author's Address

Peter Saint-Andre Cisco Systems, Inc. 1899 Wynkoop Street, Suite 600 Denver, CO 80202 USA Phone: +1-303-308-3282 EMail: psaintan@cisco.com