RFC 3380
Internet Printing Protocol (IPP): Job and Printer Set Operations
5 New Operation attributes
This section defines new operation attributes for use with the IPP/1.1 operations indicated. As new operations are defined, they will also indicate explicitly whether these operation attributes are defined for use with them.5.1 printer-message-from-operator (text(127))
The Printer SHOULD support this Operation attribute in following operations if it supports the corresponding "printer-message-from- operator" Printer Description attribute. Pause-Printer Resume-Printer Purge-Jobs The client OPTIONALLY supplies this Operation attribute in the above operations. The value of this attribute is a message from the operator about the Printer object on which the operator is performing the operation. If this operation attribute is supported, the Printer copies the value to its "printer-message-from-operator" Printer Description attribute (see [RFC2911], section 4.4.25), even if this Operation attribute is a zero-length text value or consists solely of white space. If the Printer supports this operation attribute, it MUST support both a zero-length text value and the 'no-value' out-of-band value (see [RFC2911] section 4.1) to indicate that the operator has sent no message. In this case, the Printer sets the value of the "printer- message-from-operator" to the zero-length value or 'no-value' out- of-band value, respectively. If the client queries the "printer- message-from-operator" Printer attribute, the Printer returns the attribute with the zero-length value or the 'no-value' value, respectively. In addition, the Printer automatically copies: 1. the value of its "printer-up-time" attribute (see [RFC2911], section 4.4.29) to its "printer-message-time" attribute, 2. the value of its printer-current-time" (dateTime) attribute (see [RFC2911], section 4.4.30) to its "printer-message-date-time" attribute, if supported.
If the client omits this operation attribute, the Printer does not change the value of its "printer-message-from-operator", "printer- message-time" and "printer-message-date-time" Printer Description attributes. The "printer-message-from-operator" operation attribute MUST NOT be supported as an operation attribute for the Set-Printer-Attributes operation. If the operator wants to set the Printer's "printer- message-from-operator" Printer Description attribute when issuing the Set-Printer-Attributes operation, the client supplies the "printer- message-from-operator" explicitly with its new value as one of the Printer Description attributes in Group 2 in the request; the Printer also updates its "printer-message-time" and "printer-message-date- time" Printer Description attributes. If the client does not explicitly supply the "printer-message-from-operator" with its new value in the Set-Printer-Attributes request, the Printer leaves the value of the Printer's "printer-message-from-operator" Printer Description attribute unchanged.5.2 job-message-from-operator (text(127))
The Printer SHOULD support this Operation attribute in following operations if it supports the corresponding "job-message-from- operator" Job Description attribute. Cancel-Job Hold-Job Release-Job Restart-Job The client OPTIONALLY supplies this attribute in the above operations. The value of this attribute is a message from the operator about the Job object on which the operator has just performed an operation. If supported, the Printer copies the value to the Job's "job-message-from-operator" Job Description attribute (see [RFC2911], section 4.3.16) (even if this Operation attribute is a zero-length text value or consists solely of white space). If the Printer supports this operation attribute, it MUST support both a zero-length text value and the 'no-value' out-of-band value (see [RFC2911], section 4.1), to indicate that the operator has sent no message. In this case, the Printer sets the value of the "job- message-from-operator" to the zero-length value or 'no-value' out- of-band value, respectively. If the client queries the "job- message-from-operator" Job attribute, the IPP object returns the attribute with the zero-length value or the 'no-value' value, respectively.
If the client omits this attribute, the Printer does not change the value of its "job-message-from-operator" Job Description attribute. Note: There are no corresponding 'job-message-time" and "job- message-date-time" Job Description attributes, since the usual lifetime of a job is limited. The "job-message-from-operator" operation attribute MUST NOT be supported as an operation attribute for the Set-Job-Attributes operation. If the operator wants to set the Job's "job-message- from-operator" Job Description attribute when issuing the Set-Job- Attributes operation, the client MUST supply the "job-message-from- operator" with its new value as one of the Job Description attributes in Group 2 in the request. Otherwise, the Printer leaves the value of the Job's "job-message-from-operator" Job Description attribute unchanged by not explicitly setting the attribute. If the client does not explicitly supply the "job-message-from-operator" with its new value in the Set-Job-Attributes request, the Printer leaves the value of the Job's "job-message-from-operator" Job Description attribute unchanged.6 New Printer Description Attributes
The following new Printer Description attributes are needed to support the new operations defined in this document.6.1 printer-settable-attributes-supported (1setOf type2 keyword)
This REQUIRED READ-ONLY Printer Description attribute identifies the Printer object attributes that are settable in this implementation, i.e., that are settable using the Set-Printer-Attributes operations (see section 4.1). This attribute MUST be supported if the Set- Printer-Attributes operations is supported. The Printer MUST reject attempts to set any Printer attributes that are not one of the values of this attribute, returning the 'client-error-attributes-not- settable' status code (see section 7.1). The value of this attribute MAY depend on the value of the "document-format" operation attribute supplied in the Get-Printer-Attributes operation (see [RFC2911], section 3.2.5.1). Standard keyword values are: 'none': There are no settable Printer attributes. 'xxx': Where 'xxx' is any of the keyword attribute names allowed by section 4.1.1.
6.2 job-settable-attributes-supported (1setOf type2 keyword)
This REQUIRED READ-ONLY Printer Description attribute identifies the Job object attributes that are settable in this implementation, i.e., that are settable using the Set-Job-Attributes operation (see section 4.2). This attribute MUST be supported if the Set-Job-Attributes operations are supported. The Printer MUST reject attempts to set any Job attributes that are not one of the values of this attribute, returning the 'client-error-attributes-not-settable' status code (see section 7.1). Standard keyword values are: 'none': There are no settable Job attributes. 'xxx': Where 'xxx' is any of the keyword attribute names allowed by section 4.2.1.6.3 document-format-varying-attributes (1setOf type2 keyword)
This OPTIONAL READ-ONLY Printer Description attribute contains a set of attribute name keywords. This attribute SHOULD be supported by a Printer object if the Printer object has Printer attributes whose value vary depending on document format (see [RFC2911], Get-Printer- Attributes operation). This attribute specifies which attribute values can vary by document-format. If an attribute's name, "xxx", is a member of this attribute and the value of attribute "xxx" is changed with the Set-Printer-Attributes operation that included the "document-format" operation attribute, then the Printer MUST change the value for the specified document format and no other document formats (see section 4.1.2). If an attribute's name, "xxx", is not a member of this attribute and the value of attribute "xxx" is changed with the Set-Printer-Attributes operation, then the attribute is changed for all document formats (whether or not the client supplied the "document-format" operation attribute).6.4 printer-message-time (integer(MIN:MAX))
This OPTIONAL READ-ONLY Printer Description attribute contains the time that the Printer's "printer-message-from-operator" was changed by the operator using any operation where the client supplied the "printer-message-from-operator" operation attribute (see section 5.1) or was explicitly set using the Set-Printer-Attributes operation (see section 4.1). This attribute allows the users to know when the "printer-message-from-operator" Printer Description attribute was last set.
The Printer sets the value of this attribute by copying the value of the Printer's "printer-up-time" attribute (see [RFC2911], section 4.3.14). If the Printer resets its "printer-up-time" attribute to 1 on power-up, then it MUST change the value of the "printer-message- time" to 0 or a negative number as specified in [RFC2911], section 4.3.14. Note: This attribute helps users better understand the context for the "printer-message-from-operator" message.6.5 printer-message-date-time (dateTime)
This OPTIONAL READ-ONLY Printer Description attribute contains the date and time that the Printer's "printer-message-from-operator" was changed by the operator, using any operation where the client supplied the "printer-message-from-operator" operation attribute (see section 5.1) or was explicitly set using the Set-Printer-Attributes operation (see section 4.1). This attribute allows the users to know when the "printer-message-from-operator" Printer Description attribute was last set. This attribute MUST be supported if the Printer supports both the "printer-message-time" and the "printer-current-time" (dateTime) attributes (see [RFC2911], section 4.4.30). Note: This attribute helps users better understand the context for the "printer-message-from-operator" message.6.6 printer-xri-supported (1setOf collection)
This OPTIONAL Printer Description attribute is a multi-valued attribute where each value has the 'collection' attribute syntax (see [RFC3382]), containing member attributes with the same semantics as the following IPP/1.1 READ-ONLY Printer Description attributes, except for cardinality: printer-uri-supported (1setOf uri) - see [RFC2911], section 4.4.1 uri-authentication-supported (1setOf type2 keyword) - see [RFC2911], section 4.4.2. uri-security-supported (1setOf type2 keyword) - see [RFC2911], section 4.4.3. When setting the "printer-xri-supported" attribute with a Set- Printer-Attributes request, the Printer MUST also set these three IPP/1.1 READ-ONLY Printer Description attributes as a defined side
effect. Thus, this collection attribute provides the means to set these three IPP/1.1 READ-ONLY attributes atomically so that they are never left in a partially inconsistent state. An IPP Printer MUST NOT provide any other way, using IPP, to set these three IPP/1.1 READ-ONLY Printer Description attributes, since they are READ-ONLY and MUST have consistent values at all times. Note: The "printer-xri-supported" (1setOf collection) attribute can be put into a directory schema that requires a single text string value, such as could be used with SLPv2 [RFC2608], [RFC2609] or LDAPv3 [RFC2251], [RFC2252], [RFC2926], by using suitable delimiting characters to separate member attributes of the collection and/or terminating collection values. The member attributes of the "printer-xri-supported" (1setOf collection) are given in Table 3. Table 3 - Member attributes of "printer-xri-supported" (1setOf collection) Member attribute client Printer MUST MUST supply support xri-uri (uri) yes yes xri-authentication (type2 keyword) yes yes xri-security (type2 keyword) yes yes Other than the uniqueness and the cardinality requirements, the semantics of these three member attributes is given in [RFC2911] sections 4.4.1, 4.4.2, and 4.4.3, respectively. A client can query the current values using the Get-Printer- Attributes operation by supplying either: 1. the three IPP/1.1 attribute names: "printer-uri-supported", "uri- authentication-supported", "uri-security-supported" and getting back the parallel values OR 2. the single attribute name: "printer-xri-supported" and getting back the 1setOf collection which contains the same information semantically, but in a different form. A client can query what member attribute values can be set by supplying the three attribute names: "xri-uri-scheme-supported", "xri-authentication-supported", and "xri-security-supported" in a
Get-Printer-Supported-Values request and getting back the uriScheme and type2 keyword values that can be set. Since the "printer-xri- supported", "uri-authentication-supported", and "uri-security- supported" attributes are READ-ONLY, they are not queriable with the Get-Printer-Supported-Values operation (see section 4.3). See Table 16. For example: "printer-xri-supported = { "xri-uri" = ipp://abc.com/p1 "xri-authentication" = basic "xri-security" = tls }, { "xri-uri" = ipp://abc.com/p2 "xri-authentication" = digest "xri-security" = tls }, { "xri-uri" = ipp://abc.com/p3 "xri-authentication" = none "xri-security" = none } would cause the Printer to set the three corresponding IPP/1.1 READ- ONLY attributes, each with three parallel values as follows: "printer-uri-supported" = { ipp://abc.com/p1, ipp://abc.com/p2, ipp://abc.com/p3 } "uri-authentication-supported" = { basic, digest, none } "uri-security-supported" = { tls, tls, none }6.7 xri-uri-scheme-supported (1setOf uriScheme)
This OPTIONAL READ-ONLY Printer Description attribute identifies the URI schemes that the implementation supports for use in the "printer-uri-supported" (1setOf uri) Printer Description attribute (see [RFC2911] section 4.4.1) and the "xri-uri" member attribute of the "printer-xri-supported" (1setOf collection) Printer Description attribute (see section 6.6). A Printer MUST support this attribute if it supports the setting of the "printer-xri-supported" (1setOf collection) with the Set- Printer-Attributes operation.
6.8 xri-authentication-supported (1setOf type2 keyword)
This OPTIONAL READ-ONLY Printer Description attribute identifies the Client Authentication mechanisms that the implementation supports for use in the "uri-authentication-supported" (1setOf type2 keyword) Printer Description attribute (see [RFC2911], section 4.4.2) and the "xri-authentication" member attribute of the "printer-xri-supported" (1setOf collection) Printer Description attribute (see section 6.6). A Printer MUST support this attribute if it supports setting the "printer-xri-supported" (1setOf collection) with the Set-Printer- Attributes operation.6.9 xri-security-supported (1setOf type2 keyword)
This OPTIONAL READ-ONLY Printer Description attribute identifies the URI schemes that the implementation supports for use in the "uri- security-supported" (1setOf type2 keyword) Printer Description attribute (see [RFC2911], section 4.4.3) and the "xri-security" member attribute of the "printer-xri-supported" (1setOf collection) Printer Description attribute (see section 6.6). A Printer MUST support this attribute if it supports setting the "printer-xri-supported" (1setOf collection) with the Set-Printer- Attributes operation.7 Additional status codes
This section defines new status codes used by the operations defined in this document.7.1 client-error-attributes-not-settable (0x0413)
The Set-Printer-Attributes or Set-Job-Attributes operation failed because one or more of the specified attributes cannot be set, either because the attribute is defined to be READ-ONLY or the attribute is not settable in this implementation (see sections 4.1.3 and 4.2.3). The Printer MUST return this error code and the attribute keyword name(s) and the 'not-settable' out-of-band value (see section 8.1) in the Unsupported Attributes Group (see [RFC2911], section 3.1.7) for all of the attributes that could not be set. When the Printer returns this status, it MUST NOT change any of the attributes supplied in the operation.
8 Additional out-of-band values
This section defines additional out-of-band values. As with all out-of-band values, a client or a Printer MUST NOT use an out-of-band value unless the definition of the attribute in an operation request and/or response explicitly allows such usage. See the beginning of [RFC2911], section 4.1.8.1 'not-settable' out-of-band value
The 'not-settable' out-of-band attribute value is returned by the IPP Printer in the Unsupported Attributes group of a response to indicate that the attribute supplied by the client in the request is READ-ONLY by definition or is not settable in this implementation. The 'not-settable' out-of-band attribute value is defined for use with the Set-Job-Attributes and Set-Printer-Attributes responses only. If a future additional "set" operation allows the 'not- settable' out-of-band value, its definition document MUST indicate such use explicitly, including with which attributes. An IPP object MUST support the 'not-settable' out-of-band value in a Set-Job-Attributes or Set-Printer-Attributes request if it supports those operations. A client MUST NOT supply the 'not-settable' out- of-band value in any request. An IPP object MUST NOT support the 'not-settable' out-of-band value in other operations, unless the operations' definition document explicitly defines such usage. If a Printer receives this out-of-band value in any operation request, the Printer MUST either (1) reject the entire request and return the 'client-error-bad-request' status code or (2) ignore the attribute and return it with the 'unsupported' out-of-band value. See sections 4.1.3 and 4.2.3 in this document for an example definition of the usage of the 'not-settable' out-of-band value in the Set-Printer-Attributes and Set-Job-Attributes responses.8.1.1 Encoding of the 'not-settable' out-of-band attribute value
The encoding of the 'not-settable' out-of-band value is 0x15 (see [RFC2910]). The value-length MUST be 0 and the value empty.8.2 'delete-attribute' out-of-band value
The 'delete-attribute' out-of-band attribute value is supplied by the client in a request to indicate that the Printer is to remove the supplied attribute and all of its values from the target object, if present.
The 'delete-attribute' out-of-band attribute value is defined for use with the Set-Job-Attributes request only. If a future additional "set" operation allows the 'delete-attribute' out-of-band value, its definition document MUST indicate such use explicitly, including with which attributes. An IPP Printer MUST support the 'delete-attribute' out-of-band value if it supports the Set-Job-Attributes operation. A client MUST NOT supply, and an IPP object MUST NOT support, the 'delete-attribute' out-of-band value in other operations, unless the operations' definition document explicitly defines such usage. For example, the 'delete-attribute' out-of-band value MUST NOT be used in the Set- Printer-Attributes operation, where the absence of an attribute from an IPP object indicates that the attribute is not supported. If a Printer receives this out-of-band value in other operation requests, the Printer MUST either (1) reject the entire request and return the 'client-error-bad-request' status code or (2) ignore the attribute and return it with the 'unsupported' out-of-band value. See section 4.2 in this document for the definition of the usage of the 'delete-attribute' out-of-band value in the Set-Job-Attributes request.8.2.1 Encoding of the 'delete-attribute' out-of-band value
The encoding of the 'delete-attribute' out-of-band value is 0x16 (see [RFC2910]). The value-length MUST be 0 and the value empty.8.3 'admin-define' out-of-band attribute value
Section 4.3 defines the Get-Printer-Supported-Values response to contain the values of an "xxx-supported" attribute that are supported by the implementation before any additional values are defined by the administrator. The 'admin-define' out-of-band attribute value is returned as an additional value of an "xxx-supported" attribute in a Get-Printer-Supported-Values response to indicate that the implementation supports allowing an administrator to define additional arbitrary 'name' values for that "xxx-supported" attribute. For example, if the "media-supported" (1setOf (type3 keyword | name)) attribute contains this value, then the Printer MUST permit an administrator to add new media names to the Printer's "media- supported" attribute. In order for an administrator to add new values to a Printer's "xxx-supported" attribute, the client supplies the existing and new values in a Set-Printer-Attributes request for
that attribute. The client MUST supply any such administratively defined values in the Set-Printer-Attributes request, using the 'name' attribute syntax. The 'admin-define' out-of-band attribute value is defined for use with the Get-Printer-Supported-Values response only. A Printer MUST NOT return the 'admin-define' out-of-band value in a Get-Printer- Attributes response, since such a response indicates what an end-user client can supply in a Job Creation operation. If a future additional "get" operation allows the 'admin-define' out-of-band value, its definition document MUST indicate such use explicitly, including with which attributes. An IPP Printer MUST support the 'admin-define' out-of-band value, if it supports a client setting arbitrary 'name' values of an "xxx- supported" Printer attribute using the Set-Printer-Attributes operation. A client MUST NOT supply the 'admin-define' out-of-band value in any request. An IPP object MUST NOT support the 'admin- define' out-of-band value in other operations, unless the operations' definition document explicitly defines such usage. If a Printer receives this out-of-band value in any operation request, the Printer MUST either (1) reject the entire request and return the 'client- error-bad-request' status code or (2) ignore the attribute and return it with the 'unsupported' out-of-band value. This document defines that the 'admin-define' out-of-band value MUST be used only with "xxx-supported" attributes that are defined to include the 'name' attribute syntax. This out-of-band value is not intended to be used with "xxx-supported" attributes of other attribute syntaxes, such as 'uri', even though the administrator defines arbitrary values for such attributes. If other documents extend the use of the 'admin-define' out-of-band value to other attribute syntaxes, such a document MUST define such use explicitly, including with which attributes. See section 4.3 in this document for an example definition of the usage of the 'admin-define' out-of-band attribute value in any "xxx- supported" attribute returned in a Get-Printer-Supported-Values response that is defined to include the 'name' attribute syntax.8.3.1 Encoding of the 'admin-define' out-of-band attribute value
The encoding of the 'admin-define' out-of-band attribute value is 0x17 (see [RFC2910]). The value-length MUST be 0 and the value empty.
9 New Values for Existing Printer Description Attributes
This section contains those attributes for which additional values are added.9.1 operations-supported (1setOf type2 enum)
The following "operation-id" values are added in order to support the new operations defined in this document: Table 4 - Operation-id assignments Value Operation Name 0x0013 Set-Printer-Attributes 0x0014 Set-Job-Attributes 0x0015 Get-Printer-Supported-Values10 Conformance Requirements
This section specifies the conformance requirements for clients and IPP objects. Both the Set-Job-Attributes and the Set-Printer-Attributes operations defined in the document are OPTIONAL for an IPP object to support. Either one MAY be supported without the other or both MAY be supported. However, if the Set-Printer-Attributes operation is supported, then the Get-Printer-Supported-Values operation MUST be supported if any "xxx-supported" attributes are settable. Otherwise, the Get-Printer-Supported-Values operation is OPTIONAL for an IPP Printer to support. If the Set-Printer-Attributes operation is supported, then the Printer MUST support the following additional items: 1. the Get-Printer-Supported-Values operation (see section 5), if any "xxx-supported" attributes are settable. 2. the "printer-settable-attributes-supported" Printer Description attribute (see section 6.1). 3. the 'not-settable' out-of-band value in responses (see section 8.1). 4. the 'client-error-not-settable' status code (see section 7.1).
5. if the "printer-message-from-operator" Printer Description
attribute is supported (see [RFC2911], section 4.4.25), then it
MUST be settable.
6. the Get-Printer-Supported-Values operation (see section 4.3),
if any "xxx-supported" attributes are settable.
7. If a client can set a value with the 'name' attribute syntax
for one or more "xxx-supported" attributes, then the 'admin-
define' out-of-band attribute value (see section 8.3) MUST be
supported in the Get-Printer-Supported-Values response for each
such settable attribute (see section 4.3)
If the Set-Job-Attributes operation is supported, then the Printer
MUST support the following additional items:
1. the "job-settable-attributes-supported" Printer Description
attribute (see section 6.2).
2. the 'not-settable' out-of-band value in responses (see section
8.1).
3. the 'delete-attribute' out-of-band value in requests (see
section 8.2).
4. the 'client-error-not-settable' status code (see section 7.1).
5. if the "job-message-from-operator" Printer Description
attribute is supported (see [RFC2911], 4.3.16), then it MUST be
settable.
It is OPTIONAL for the Printer object to support the "printer-
message-time" (integer) and "printer-message-date-time" (dateTime)
Printer Description attributes. If both the "printer-message-time"
(integer) and the "printer-current-time" (dateTime) (see [RFC2911],
section 4.4.30) attributes are supported, then the "printer-message-
date-time" (dateTime) Printer Description attribute MUST be
supported.
As with all out-of-band values, a client or a Printer MUST NOT use an
out-of-band value, unless the definition document for the attribute
in an operation request and/or response explicitly allows such usage.
11 IANA Considerations
This section contains registration information for IANA to add to the various IPP Registries according to the procedures defined in RFC 2911 [RFC2911], section 6. The resulting registrations will be published in the http://www.iana.org/assignments/ipp-registrations registry.11.1 Operation Registrations
The following table lists all of the operations defined in this document. These are to be registered according to the procedures defined in RFC 2911 [RFC2911], section 6.4. Operations: Ref. Section: Set-Printer-Attributes RFC 3380 4.1 Set-Job-Attributes RFC 3380 4.2 Get-Printer-Supported-Values RFC 3380 4.311.2 Additional Enum Attribute Value Registrations for the "operations-supported" Printer Attribute
The following table lists all the new enum attribute values defined in this document as additional type2 enum values for use with the "operations-supported" Printer Description attribute. These are to be registered according to the procedures defined in RFC 2911 [RFC 2911], section 6.1. Enum Attribute Values: Value Ref. Section: Set-Printer-Attributes 0x0013 RFC 3380 4 Set-Job-Attributes 0x0014 RFC 3380 4 Get-Printer-Supported-Values 0x0015 RFC 3380 4
11.3 Keyword attribute value registrations
The following table lists all of the attributes defined in this standard which have keywords values defined: printer-settable-attributes-supported (1setOf type2 keyword) RFC 3380 6.1 none RFC 3380 6.1 <Any other Printer attribute keyword name> job-settable-attributes-supported (1setOf type2 keyword) RFC 3380 6.2 none RFC 3380 6.2 <Any other Job attribute keyword name> document-format-varying-attributes (1setOf type2 keyword) RFC 3380 6.3 none <Any Printer attribute keyword name> xri-security-supported (1setOf type2 keyword) RFC 3380 6.9 none RFC 2911 4.4.3 ssl3 RFC 2911 4.4.3 tls' RFC 2911 4.4.3 xri-authentication-supported (1setOf type2 keyword) none RFC 2911 4.4.2 requesting-user-name RFC 2911 4.4.2 basic RFC 2911 4.4.2 digest RFC 2911 4.4.2 certificate RFC 2911 4.4.2
11.4 Attribute Registrations
The following table lists all of the attributes defined in this document. These are to be registered according to the procedures in RFC 2911 [RFC2911], section 6.2. Operation attributes: Ref. Section: printer-message-from-operator (text(127)) RFC 3380 5.1 job-message-from-operator (text(127)) RFC 3380 5.2 Printer Description attributes: Ref. Section: printer-settable-attributes-supported (1setOf type2 keyword) RFC 3380 6.1 job-settable-attributes-supported (1setOf type2 keyword) RFC 3380 6.2 document-format-varying-attributes (1setOf type2 keyword) RFC 3380 6.3 printer-message-time (integer(MIN:MAX)) RFC 3380 6.4 printer-message-date-time (dateTime) RFC 3380 6.5 printer-xri-supported (1setOf collection) RFC 3380 6.6 xri-uri (uri) RFC 3380 6.6 xri-authentication (type2 keyword) RFC 3380 6.6 xri-security (type2 keyword) RFC 3380 6.6 xri-uri-scheme-supported (1setOf uriScheme) RFC 3380 6.7 xri-authentication-supported (1setOf type2 keyword) 6.8 xri-security-supported (1setOf type2 keyword) RFC 3380 6.911.5 Status code Registrations
The following table lists the status code defined in this document. This is to be registered according to the procedures in RFC 2911 [RFC2911], section 6.6. Status codes: Ref. Section: client-error-attributes-not-settable (0x0413) RFC 3380 7.111.6 Out-of-band Attribute Value Registrations
The following table lists all of the out-of-band attribute values defined in this document. These are to be registered according to the procedures in RFC 2911 [RFC2911] section 6.7. Value: Out-of-band Attribute value name: Ref. Section: 0x15 not-settable RFC 3380 8.1 0x16 delete-attribute RFC 3380 8.2 0x17 admin-define RFC 3380 8.3
12 Internationalization Considerations
This document has the same localization considerations as [RFC2911].13 Security Considerations
The IPP Model and Semantics document ([RFC2911], section 8) discusses high level security requirements (Client Authentication, Server Authentication and Operation Privacy). Client Authentication is the mechanism by which the client proves its identity to the server in a secure manner. Server Authentication is the mechanism by which the server proves its identity to the client in a secure manner. Operation Privacy is defined as a mechanism for protecting operations from eavesdropping. In addition, the introduction of the Set-Printer-Attributes and Set- Job-Attributes operations creates another security threat, since the client is able to modify the Printer and Job attributes stored in the Printer. Such modifications could lead to denial of service. A malicious user could alter the policy established by the system administrator and stored in the Printer attributes. Such alteration could either grant access to more resources or deny access to resources that the system administrator has established. For example, the malicious user could remove all of the document-format values from the "document-format-supported" Printer attribute so that the Printer would refuse to accept all jobs. The general remedy for such malicious user actions against Printer attributes is to have strong Client Authentication coupled with Printer access control, to limit the users who have System Administrator or Operator privileges. A malicious user could modify the Job Template attributes of another user's Job, such as the "copies" attribute. For example, setting the number of copies to a large number. The general remedy for such malicious user actions against another user's job is to have strong Client Authentication coupled with Printer access control to limit the users who have System Administrator or Operator privileges who can modify any job and, in addition, store the Client Authentication with each Job so that only the job owner End User can modify his/her own job.
14 References
14.1 Normative References
[RFC2565] Herriot, R., Butler, S., Moore, P. and R. Tuner, "Internet Printing Protocol/1.0: Encoding and Transport", RFC 2565, April 1999. [RFC2566] deBry, R., Hastings, T., Herriot, R., Isaacson, S. and P. Powell, "Internet Printing Protocol/1.0: Model and Semantics", RFC 2566, April 1999. [RFC2910] Herriot, R., Butler, S., Moore, P. and R. Turner, "Internet Printing Protocol/1.1: Encoding and Transport", RFC 2910, September 2000. [RFC2911] Hastings, T., Herriot, R., deBry, R., Isaacson, S. and P. Powell, "Internet Printing Protocol/1.0: Model and Semantics", RFC 2911, September 2000. [RFC3382] deBry, R., Hastings, T., Herriot, R., Ocke, K. and P. Zehler, "Internet Printing Protocol (IPP): The 'collection' attribute syntax", RFC 3382, September 2002.14.2 Informative References
[RFC2251] Wahl, M., Howes, T. abd S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997. [RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997. [RFC2608] Guttman, E., Perkins, C., Veizades, J. and M. Day, "Service Location Protocol, Version 2", RFC 2608, June 1999. [RFC2609] Guttman, E., Perkins, C. and J. Kempf, "Service Templates and service: Schemes", RFC 2609, June 1999. [RFC3196] Hastings, T., Manros, C., Zehler, P., Kugler, C. and H. Holst, "Internet Printing Protocol/1.1: Implementor's Guide", RFC 3196, November 2001.
(next page on part 3)
