Browse Prior Art Database

Policy Core Lightweight Directory Access Protocol (LDAP) Schema (RFC3703)

IP.com Disclosure Number: IPCOM000022101D
Original Publication Date: 2004-Feb-01
Included in the Prior Art Database: 2004-Feb-25

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Strassner: AUTHOR [+4]

Abstract

This document defines a mapping of the Policy Core Information Model to a form that can be implemented in a directory that uses Lightweight Directory Access Protocol (LDAP) as its access protocol. This model defines two hierarchies of object classes: structural classes representing information for representing and controlling policy data as specified in RFC 3060, and relationship classes that indicate how instances of the structural classes are related to each other. Classes are also added to the LDAP schema to improve the performance of a client's interactions with an LDAP server when the client is retrieving large amounts of policy-related information. These classes exist only to optimize LDAP retrievals: there are no classes in the information model that correspond to them.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group J. Strassner

Request for Comments: 3703 Intelliden Corporation

Category: Standards Track B. Moore

IBM Corporation

R. Moats

Lemur Networks, Inc.

E. Ellesson

February 2004

Policy Core Lightweight Directory Access Protocol (LDAP) Schema

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2004). All Rights Reserved.

Abstract

This document defines a mapping of the Policy Core Information Model

to a form that can be implemented in a directory that uses

Lightweight Directory Access Protocol (LDAP) as its access protocol.

This model defines two hierarchies of object classes: structural

classes representing information for representing and controlling

policy data as specified in RFC 3060, and relationship classes that

indicate how instances of the structural classes are related to each

other. Classes are also added to the LDAP schema to improve the

performance of a client's interactions with an LDAP server when the

client is retrieving large amounts of policy-related information.

These classes exist only to optimize LDAP retrievals: there are no

classes in the information model that correspond to them.

Table of Contents

1. Introduction ................................................. 2

2. The Policy Core Information Model ............................ 4

3. Inheritance Hierarchy for the PCLS ........................... 5

4. General Discussion of Mapping the Information Model to LDAP .. 6

4.1. Summary of Class and Association Mappings .............. 7

4.2. Usage of DIT Content and Structure Rules and Name Forms. 9

4.3. Naming Attributes in the PCLS .......................... 10

Strassner, et al. Standards Track [Page 1]

RFC 3703 Policy Core LDAP Schema February 2004

4.4. Rule-Specific and Reusable Conditions and Actions ...... 11

4.5. Location and Retrieval of Policy Objects in the

Directory .............................................. 16

4.5.1. Aliases and Other DIT-Optimization Techniques .. 19

5. Class Definitions ............................................ 19

5.1. The Abstract Class "pcimPolicy" ........................ 21

5.2. The Three Policy Group Classes ......................... 22

5.3. The Three Policy Rule Classes .......................... 23

5.4. The Class pcimRuleConditionAssociation ................. 30

5.5. The Class pcimRuleValidityAssociation .................. 32

5.6. The Class pcimRuleActionAssociation .................... 34

5.7. The Auxiliary Class pcimConditionAuxClass .............. 36

5.8. The Auxiliary Class pcimTPCAuxClass .................... 36

5.9. The Auxiliary Class pcimConditionVendorAuxClass ........ 40

5.10. The Auxiliary Class pcimActionAuxCla...