[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS libidn/doc/specifications
|
From: |
libidn-commit |
|
Subject: |
CVS libidn/doc/specifications |
|
Date: |
Tue, 24 Jan 2006 22:36:33 +0100 |
Update of /home/cvs/libidn/doc/specifications
In directory dopio:/tmp/cvs-serv19705
Added Files:
draft-ietf-ldapbis-strprep-07.txt
Log Message:
Add.
--- /home/cvs/libidn/doc/specifications/draft-ietf-ldapbis-strprep-07.txt
2006/01/24 21:36:33 NONE
+++ /home/cvs/libidn/doc/specifications/draft-ietf-ldapbis-strprep-07.txt
2006/01/24 21:36:33 1.1
Internet-Draft Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
Expires in six months 23 January 2006
LDAP: Internationalized String Preparation
<draft-ietf-ldapbis-strprep-07.txt>
Status of this Memo
This document is intended to be published as a Standard Track RFC.
Distribution of this memo is unlimited. Technical discussion of this
document will take place on the IETF LDAP Revision Working Group
mailing list <address@hidden>. Please send editorial
comments directly to the editor <address@hidden>.
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware have
been or will be disclosed, and any of which he or she becomes aware
will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright (C) The Internet Society (2006). All Rights Reserved.
Please see the Full Copyright section near the end of this document
for more information.
Zeilenga LDAPprep [Page 1]
�
Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
Abstract
The previous Lightweight Directory Access Protocol (LDAP) technical
specifications did not precisely define how character string matching
is to be performed. This led to a number of usability and
interoperability problems. This document defines string preparation
algorithms for character-based matching rules defined for use in LDAP.
Conventions and Terms
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
Character names in this document use the notation for code points and
names from the Unicode Standard [Unicode]. For example, the letter
"a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
In the lists of mappings and the prohibited characters, the "U+" is
left off to make the lists easier to read. The comments for character
ranges are shown in square brackets (such as "[CONTROL CHARACTERS]")
and do not come from the standard.
Note: a glossary of terms used in Unicode can be found in [Glossary].
Information on the Unicode character encoding model can be found in
[CharModel].
The term "combining mark", as used in this specification, refers to
any Unicode [Unicode] code point which has a mark property (Mn, Mc,
Me). Appendix A provides a definitive list of combining marks.
1. Introduction
1.1. Background
A Lightweight Directory Access Protocol (LDAP) [Roadmap] matching rule
[Syntaxes] defines an algorithm for determining whether a presented
value matches an attribute value in accordance with the criteria
defined for the rule. The proposition may be evaluated to True,
False, or Undefined.
True - the attribute contains a matching value,
False - the attribute contains no matching value,
Undefined - it cannot be determined whether the attribute contains
a matching value or not.
Zeilenga LDAPprep [Page 2]
�
Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
For instance, the caseIgnoreMatch matching rule may be used to compare
whether the commonName attribute contains a particular value without
regard for case and insignificant spaces.
1.2. X.500 String Matching Rules
"X.520: Selected attribute types" [X.520] provides (amongst other
things) value syntaxes and matching rules for comparing values
commonly used in the Directory. These specifications are inadequate
for strings composed of Unicode [Unicode] characters.
The caseIgnoreMatch matching rule [X.520], for example, is simply
defined as being a case insensitive comparison where insignificant
spaces are ignored. For printableString, there is only one space
character and case mapping is bijective, hence this definition is
sufficient. However, for Unicode string types such as
universalString, this is not sufficient. For example, a case
insensitive matching implementation which folded lower case characters
to upper case would yield different different results than an
implementation which used upper case to lower case folding. Or one
implementation may view space as referring to only SPACE (U+0020), a
second implementation may view any character with the space separator
(Zs) property as a space, and another implementation may view any
character with the whitespace (WS) category as a space.
The lack of precise specification for character string matching has
led to significant interoperability problems. When used in
certificate chain validation, security vulnerabilities can arise. To
address these problems, this document defines precise algorithms for
preparing character strings for matching.
1.3. Relationship to "stringprep"
The character string preparation algorithms described in this document
are based upon the "stringprep" approach [RFC3454]. In "stringprep",
presented and stored values are first prepared for comparison and so
that a character-by-character comparison yields the "correct" result.
The approach used here is a refinement of the "stringprep" [RFC3454]
approach. Each algorithm involves two additional preparation steps.
a) prior to applying the Unicode string preparation steps outlined in
"stringprep", the string is transcoded to Unicode;
b) after applying the Unicode string preparation steps outlined in
"stringprep", the string is modified to appropriately handle
Zeilenga LDAPprep [Page 3]
�
Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
characters insignificant to the matching rule.
Hence, preparation of character strings for X.500 matching involves
the following steps:
1) Transcode
2) Map
3) Normalize
4) Prohibit
5) Check Bidi (Bidirectional)
6) Insignificant Character Handling
These steps are described in Section 2.
It is noted that while various tables of Unicode characters included
or referenced by this specification are derived from Unicode [UNICODE]
data, these tables are to be considered definitive for the purpose of
implementing this specification.
1.4. Relationship to the LDAP Technical Specification
This document is a integral part of the LDAP technical specification
[Roadmap] which obsoletes the previously defined LDAP technical
specification [RFC3377] in its entirety.
This document details new LDAP internationalized character string
preparation algorithms used by [Syntaxes] and possible other technical
specifications defining LDAP syntaxes and/or matching rules.
1.5. Relationship to X.500
LDAP is defined [Roadmap] in X.500 terms as an X.500 access mechanism.
As such, there is a strong desire for alignment between LDAP and X.500
syntax and semantics. The character string preparation algorithms
described in this document are based upon "Internationalized String
Matching Rules for X.500" [XMATCH] proposal to ITU/ISO Joint Study
Group 2.
2. String Preparation
The following six-step process SHALL be applied to each presented and
attribute value in preparation for character string matching rule
evaluation.
1) Transcode
Zeilenga LDAPprep [Page 4]
�
Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
2) Map
3) Normalize
4) Prohibit
5) Check bidi
6) Insignificant Character Handling
Failure in any step causes the assertion to evaluate to Undefined.
The character repertoire of this process is Unicode 3.2 [Unicode].
Note that this six-step process specification is intended to described
expected matching behavior. Implementations are free use alternative
processes so long as the matching rule evaluation behavior provided is
consistent with the behavior described by this specification.
2.1. Transcode
Each non-Unicode string value is transcoded to Unicode.
PrintableString [X.680] value are transcoded directly to Unicode.
UniversalString, UTF8String, and bmpString [X.680] values need not be
transcoded as they are Unicode-based strings (in the case of
bmpString, a subset of Unicode).
TeletexString [X.680] values are transcoded to Unicode. As there is
no standard for mapping TeletexString values to Unicode, the mapping
is left a local matter.
For these and other reasons, use of TeletexString is NOT RECOMMENDED.
The output is the transcoded string.
2.2. Map
SOFT HYPHEN (U+00AD) and MONGOLIAN TODO SOFT HYPHEN (U+1806) code
points are mapped to nothing. COMBINING GRAPHEME JOINER (U+034F) and
VARIATION SELECTORs (U+180B-180D, FF00-FE0F) code points are also
mapped to nothing. The OBJECT REPLACEMENT CHARACTER (U+FFFC) is
mapped to nothing.
CHARACTER TABULATION (U+0009), LINE FEED (LF) (U+000A), LINE
TABULATION (U+000B), FORM FEED (FF) (U+000C), CARRIAGE RETURN (CR)
(U+000D), and NEXT LINE (NEL) (U+0085) are mapped to SPACE (U+0020).
All other control code (e.g., Cc) points or code points with a control
Zeilenga LDAPprep [Page 5]
�
Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
function (e.g., Cf) are mapped to nothing. The following is a
complete list of these code points: U+0000-0008, 000E-001F, 007F-0084,
0086-009F, 06DD, 070F, 180E, 200C-200F, 202A-202E, 2060-2063,
206A-206F, FEFF, FFF9-FFFB, 1D173-1D17A, E0001, E0020-E007F.
ZERO WIDTH SPACE (U+200B) is mapped to nothing. All other code points
with Separator (space, line, or paragraph) property (e.g, Zs, Zl, or
Zp) are mapped to SPACE (U+0020). The following is a complete list of
these code points: U+0020, 00A0, 1680, 2000-200A, 2028-2029, 202F,
205F, 3000.
For case ignore, numeric, and stored prefix string matching rules,
characters are case folded per B.2 of [RFC3454].
The output is the mapped string.
2.3. Normalize
The input string is be normalized to Unicode Form KC (compatibility
composed) as described in [UAX15]. The output is the normalized
string.
2.4. Prohibit
All Unassigned code points are prohibited. Unassigned code points are
listed in Table A.1 of [RFC3454].
Characters which, per Section 5.8 of [Stringprep], change display
properties or are deprecated are prohibited. These characters are are
listed in Table C.8 of [RFC3454].
Private Use code points are prohibited. These characters are listed
in Table C.3 of [RFC3454].
All non-character code points are prohibited. These code points are
listed in Table C.4 of [RFC3454].
Surrogate codes are prohibited. These characters are listed in Table
C.5 of [RFC3454].
The REPLACEMENT CHARACTER (U+FFFD) code point is prohibited.
The step fails if the input string contains any prohibited code point.
Otherwise, the output is the input string.
Zeilenga LDAPprep [Page 6]
�
Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
2.5. Check bidi
Bidirectional characters are ignored.
2.6. Insignificant Character Handling
In this step, the string is modified to ensure proper handling of
characters insignificant to the matching rule. This modification
differs from matching rule to matching rule.
Section 2.6.1 applies to case ignore and exact string matching.
Section 2.6.2 applies to numericString matching.
Section 2.6.3 applies to telephoneNumber matching.
2.6.1. Insignificant Space Handling
For the purposes of this section, a space is defined to be the SPACE
(U+0020) code point followed by no combining marks.
NOTE - The previous steps ensure that the string cannot contain any
code points in the separator class, other than SPACE (U+0020).
If the input string contains at least one non-space character, then
the string is modified such that the string starts with exactly one
space character, ends with exactly one SPACE character, and that any
inner (non-empty) sequence of space characters is replaced with
exactly two SPACE characters. For instance, the input strings
"foo<SPACE>bar<SPACE><SPACE>", results in the output
"<SPACE>foo<SPACE><SPACE>bar<SPACE>".
Otherwise, if the string being prepared is an initial, any, or final
substring, then the output string is exactly one SPACE character, else
the output string is exactly two SPACEs.
Appendix B discusses the rationale for the behavior.
2.6.2. numericString Insignificant Character Handling
For the purposes of this section, a space is defined to be the SPACE
(U+0020) code point followed by no combining marks.
All spaces are regarded as insignificant and are to be removed.
For example, removal of spaces from the Form KC string:
"<SPACE><SPACE>123<SPACE><SPACE>456<SPACE><SPACE>"
Zeilenga LDAPprep [Page 7]
�
Internet-Draft draft-ietf-ldapbis-strprep-07 23 January 2006
would result in the output string:
"123456"
[387 lines skipped]