[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP terminology proposal

To: ietf-ldapbis@OpenLDAP.org
Subject: LDAP terminology proposal
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 09 Nov 2004 13:41:49 -0500

An ad-hoc engineering team consisting of Jim, Roger, Hallvard,
Bob, and myself offer the following proposal for WG consideration
to address LDAP session terminology issues (related to the LDAPBIS
I-Ds use of "LDAP exchange", "connection", "LDAP association" and
related terms.  The proposal basically(*) replaces the term
"LDAP exchange" as used in [Protocol] with the term "LDAP stream",
and (re)introduces the term "LDAP session".  Also, as part of this
proposal, the terms "exchange" and "association" would not take on
any LDAPBIS-specific meaning.  That is, they are (and would be)
used in the dictionary and/or RFC 2828 sense.

(* It is recognized that in some cases the old terms cannot
(or should not) simply be replaced with new terms.  Some minor
tweaking would be needed here and there, and the WG would need
to carefully review that tweaking.)

The terms would be defined as follows:

	"connection" refers to the underlying transport services 
       used to carry the protocol exchange, as well as
	associations established by these services.

	"TLS layer" refers to TLS services used in providing
	security services, as well as associations
	established by these services.

	"SASL layer" refers to SASL services used in providing
	security services, as well as associations established
	by these services.

	"LDAP stream" refers to the LDAP Message (PDU) services
	used in providing directory services, as well as associations
	established by these services.

	"LDAP session" refers to combined services (connection, TLS
	layer, SASL layer, LDAP stream) and their associations.

The following diagram illustrates how the component services
of an LDAP session relate to each other:

               +------------------+
               |    LDAP stream   |
               +------------------+ > LDAP PDUs
               +------------------+ < data
               |    SASL layer    |
               +------------------+ > SASL-protected data
               +------------------+ < data
               |    TLS layer     |
   Application +------------------+ > TLS-protected data               
   ------------+------------------+ < data
     Transport |    connection    |
               +------------------+

To further illustrate the use intended by this proposal, the following is
how these terms would be used in [Protocol, 4.3]:

   The function of the Unbind Operation is to terminate an LDAP session.
   The Unbind operation is not the antithesis of the Bind operation as
   the name implies. The naming of these operations is historical. The
   Unbind operation should be thought of as the "quit" operation.
   
   The Unbind Operation is defined as follows:                
     
        UnbindRequest ::= [APPLICATION 2] NULL
   
   The Unbind Operation has no response defined. The client, upon
   transmission of the UnbindRequest, and the server, upon receipt
   of the UnbindRequest are to close the LDAP session as follows:
	1) close the LDAP stream and cease sending LDAP messages,
	2) close the SASL layer (if installed),
	3) close the TLS layer (if installed), and
	4) close the connection.
   Uncompleted operations are handled as specified in Section 5.1.

Comments?

Follow-Ups:
- Re: LDAP terminology proposal
  - From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>

Prev by Date: Re: Empty IA5String
Next by Date: Re: Cross-purpose SEQUENCE/CHOICE protocol extension fields
Index(es):
- Chronological
- Thread