Editor's note: These minutes have not been edited. Access and Searching of Internet Directories WG Meeting Meeting Minutes Wednesday, December 11, 1530-1730 Reported by: Tim Howes - Agenda review/changes The proposed agenda was slashed quite a bit, with some items punted to the list, in an effort to make room for LDAPv3, which was anticipated to require a lengthy discussion. Items dropped were: pgp draft (to the list), domains draft (discussed already in IDS), cip and ldap discussion (discussed already in FIND). Items cut down in time were: whois++, rwhois. - application/directory MIME type drafts - application/directory framework Tim reported that a new application/directory framework draft had been produced which addressed all outstanding comments received. A brief discussion revealed several more issues with the draft that people raised. These issues were: - Example is wrong in how it does line breaks. ACTION: Tim to fix this in the draft. - Using MIME vs. BEGIN: END: sentinals to carry multiple parts. ACTION: Discussion to take place on the list. - Change the "proto" parameter to "context" ACTION: Tim to change this in the draft. - Reference to RFC 1123 time/date formats should be change to reference an I-D describing the ISO 8061 time/date format. Chris Newman volunteered to write up this draft. ACTION: Tim to fix references in the draft. ACTION: Chris to write up the 8061 draft. - Ned Freed and Kevin Jordan both had comments that they agreed to send to the authors and/or bring up on the list. ACTION: Ned and Kevin and others with issues to bring them up on the list, and/or to give feedback directly to the authors. - vcard profile Frank Dawson reported that the vcard profile draft had been revised to address all known problems and issues raised at the last meeting. One additional issue was raised at this meeting: the use of MIME media types for audio and photo types. The group felt this would be better than devising a new scheme. ACTION: Frank to revise the draft to reference the MIME media type registry. - WHOIS++ drafts New WHOIS++ drafts have been produced which address various problems found during implementation of the drafts. These include: - Multi-language handling - Separate INCHARSET and OUTCHARSET parameters. - New templates for X.509, PGP, etc. ACTION: Tim to ask the ADs to re-issue these documents as proposed standard. - RWhois Network Solutions is working on a meta-directory service that will map organization and domain names to directory services. Version one supports RWhois. The next version will support more general access from other protocols and the ability to refer to arbitrary directory services via URLs. - LDAP API Tim and Mark produced a new draft updating RFC 1823, describing the LDAP API. The updates include preliminary support for the changes expected in LDAPv3, support for threading, better data encapsulation, etc. The group discussed the future of this draft, whether they wanted it brought within the working group, and if so, what track should it be put on (standard, informational, experimental). The group consensus was to bring the draft into ASID so it would get the careful review it deserves. The group decided to try to push the draft along the standards track initially, with informational as a fall-back. An issue was raised about draft ownership and perceived credit, should the draft become an informational RFC. The concern was that an informational document that was essentially the product of a single company rather than the working group, not be presented as the work of the ASID group. Only if the group has consensus on the draft and feels it has had sufficient input to it, should the draft be advertised as a product of the ASID working group. ACTION: Tim to re-issue the next version of the draft to the working group. - LDAPv3 The LDAPv3 discussion began with Mark Wahl summarizing the outstanding issues with the current drafts. These issues and others raised during the first part of the meeting were: - The relationship between SSL authentication and the LDAP Bind operation needs cleaning up. - Compliance - What does it mean to be LDAPv3 compliant? The current drafts are not clear. - Normalized matching - Do we really want to make this optional, as stated in the current draft? - Paged searching - When can the server discard result sets from searches? Some discussion that this no longer matters, since each paged search request now contains enough information to reconstruct the original search. - Bind as DN w/out password - The semantics of this operation need clarifying. - Mapping onto LDAPv2 - Needs clarifying. - Mapping onto DAP - Needs clarifying. Should this be throughout the document, in a separate document, or in an appendix? - X.500 93 subentries on search - This is believed to be covered by doing an explicit search for the proper object class. - Relationship of the X.500 93 contexts feature and the current multi-language support - This needs to be reexamined and clarified to see if 1) there is more valuable stuff we can steal from X.500 and 2) there are small changes we can make to be more compatible with X.500 93 without increasing complexity. - Additional SASL mechanisms - Should we define some. - X.500 97 user requirements - [[can someone explain the issue here?]] - Mapping of strong authentication - How does this map onto DAP? What does it mean? - General direction of LDAPv3 - Some people feel it is too complex. - LDAPv2 revisions - should this be progressed or dropped in favor of LDAPv3 entirely? - LDAPv2 coexistence strategy - We need one. Discussion very shortly centered around two related topics: The future of the LDAPv2 drafts, and the general feeling that the current LDAPv3 proposal represents an overly complex revolutionary rather than evolutionary change to LDAPv2. Harald emphatically stated that LDAPv2 could not be progressed past draft standard since it has the following known fatal deficiencies: - No referrals - No internationalization support - Broken handling of certificates - Generally insecure password-based authentication - No extensibility mechanism There was much discussion about the best approach to take to fix these deficiencies in LDAPv3. The debate soon centered around two options, the final form of which are presented below: 1) Start with the LDAPv2 RFCs and add support for referrals, i18n, extensibility, and better authentication. Fix the broken certificate support. 2) Start with the LDAPv3 drafts and do a brutal feature review and cut with the following criteria: Anything that's in must solve one of the problems above. Other features to be added later via the extensibility mechanism. A third option that involved bludgeong Harald into letting the group progress LDAPv2 as is was quickly dismissed, much to Harald's relief. There was much debate and an initial straw poll showing the room pretty evenly divided between the two options. After much "concensizing", the group actually came to a miraculous concensus view that approach 2) was the way to go, provided there was a way to ensure that the feature review and cut would actually happen. Tim proposed and the group agreed that a small group of motivated volunteers should be tasked with going off and doing the feature review and cut, which would then be brought back to the group. The group agreed that this task must be completed by January 31, 1997. ACTION: Tim to organize the feature review and cut posse. - Any Other Business The meeting concluded with consensification, almost on time. The next ASID meeting will be in April in Memphis, TN, USA.