RFC 4104
Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)
5.18. The Three Reusable Policy Container Classes
The pcelsReusableContainer class represents a container of reusable policy elements. It is mapped from the ReusablePolicyContainer class [PCIM_EXT]. The pcelsReusableContainer class is derived from the pcimRepository class [PCLS]. To maximize flexibility, the pcelsReusableContainer class is defined as abstract. An auxiliary subclass pcelsReusableContainerAuxClass enables the attachment of a reusable policy container to an existing entry, while a structural subclass pcelsReusableContainerInstance permits the representation of a reusable policy container as a standalone entry. The elements contained in a reusable policy container are aggregated via subordination to a pcelsReusableContainer instance (DIT containment). A reusable policy container can include the elements of another reusable policy container by aggregating the container itself. This is realized by DIT containment when the policy containers are subordinated to one another, or by reference when the
aggregating policy container references the aggregated one using the
attribute pcelsReusableContainerList.
The pcelsReusableContainer class is defined as follows:
( 1.3.6.1.1.9.1.48
NAME 'pcelsReusableContainer'
DESC 'Container for reusable policy information'
SUP pcimRepository
ABSTRACT
MAY ( pcelsReusableContainerName
$ pcelsReusableContainerList )
)
The pcelsReusableContainerAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.49
NAME 'pcelsReusableContainerAuxClass '
DESC 'Container for reusable policy information'
SUP pcelsReusableContainer
AUXILIARY
)
The pcelsReusableContainerInstance class is defined as follows:
( 1.3.6.1.1.9.1.50
NAME 'pcelsReusableContainerInstance'
DESC 'Container for reusable policy information'
SUP pcelsReusableContainer
STRUCTURAL
)
The pcelsReusableContainerName attribute type may be used as naming
attribute for pcelsReusableContainer entries. This attribute type is
of syntax Directory String [LDAP_SYNTAX]. It has an equality
matching rule of caseIgnoreMatch, an ordering matching rule of
caseIgnoreOrderingMatch and a substrings matching rule of
caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can
only have a single value.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.27
NAME 'pcelsReusableContainerName'
DESC 'User-friendly name of a reusable policy container'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
The pcelsReusableContainerList attribute type realizes the
ContainedDomain association [PCIM_EXT]. This attribute type is of
syntax DN [LDAP_SYNTAX]. It has an equality matching rule of
distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can
have multiple values. The only allowed values for
pcelsReusableContainerList attributes are DNs of
pcelsReusableContainer entries. In a pcelsReusableContainer, the
pcelsReusableContainerList attribute represents the associations
between this reusable policy container and others for the purpose of
including them as nested containers.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.28
NAME 'pcelsReusableContainerList'
DESC 'Unordered set of DNs of pcelsReusableContainer entries'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
Note: PCELS implementations SHOULD support pcelsReusableContainer and
its two subclasses and MAY also support the two subclasses of
pcimRepository [PCLS].
5.19. The Structural Class pcelsRoleCollection
The pcelsRoleCollection class represents a collection of managed
elements that share a common role. It is mapped from the
PolicyRoleCollection class [PCIM_EXT]. The pcelsRoleCollection class
is a structural object class and it is derived from the pcimPolicy
class [PCLS].
The pcelsRoleCollection class is defined as follows:
( 1.3.6.1.1.9.1.51
NAME 'pcelsRoleCollection'
DESC 'Collection of managed elements that share a common role'
SUP pcimPolicy
STRUCTURAL
MUST ( pcelsRole )
MAY ( pcelsRoleCollectionName
$ pcelsElementList )
)
The pcelsRole attribute type represents the role associated with a collection of managed elements. It is mapped from the PolicyRoleCollection.PolicyRole property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.29 NAME 'pcelsRole' DESC 'String representing a role.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) The pcelsRoleCollectionName attribute type may be used as naming attribute for pcelsRoleCollection entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.30 NAME 'pcelsRoleCollectionName' DESC 'User-friendly name of a role collection' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) The pcelsElementList attribute type realizes the ElementInPolicyRoleCollection association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. In a pcelsRoleCollection, the pcelsElementList attribute represents the associations between this role collection and its members.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.31
NAME 'pcelsElementList'
DESC 'Unordered set of managed elements'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
5.20. The Abstract Class pcelsFilterEntryBase
The pcelsFilterEntryBase class is the base class for defining message
or packet filters. It is mapped from the FilterEntryBase class
[PCIM_EXT]. The pcelsFilterEntryBase class is an abstract object
class and it is derived from the pcimPolicy class [PCLS].
The pcelsFilterEntryBase class is defined as follows:
( 1.3.6.1.1.9.1.52
NAME 'pcelsFilterEntryBase'
DESC 'Base class for message or packet filters'
SUP pcimPolicy
ABSTRACT
MAY ( pcelsFilterName
$ pcelsFilterIsNegated )
)
The pcelsFilterName attribute type may be used as naming attribute
for pcelsFilterEntryBase entries. This attribute type is of syntax
Directory String [LDAP_SYNTAX]. It has an equality matching rule of
caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch
and a substrings matching rule of caseIgnoreSubstringsMatch
[LDAP_SYNTAX]. Attributes of this type can only have a single value.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.32
NAME 'pcelsFilterName'
DESC 'User-friendly name of a filter entry'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
The pcelsFilterIsNegated attribute type indicates whether the match
information specified in a pcelsFilterEntryBase is negated or not.
It is mapped from the FilterEntryBase.IsNegated property [PCIM_EXT]. This attribute type is of syntax Boolean [LDAP_SYNTAX]. It has an equality matching rule of booleanMatch [LDAP_MATCH]. Attributes of this type can only have a single value. If this attribute is missing from a pcelsFilterEntryBase instance, applications MUST assume that the filter is not negated. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.33 NAME 'pcelsFilterIsNegated' DESC 'Indicates whether the filter is negated' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )5.21. The Structural Class pcelsIPHeadersFilter
The pcelsIPHeadersFilter class provides the most commonly required attributes for performing filtering on IP, TCP or UDP headers. It is mapped from the IpHeadersFilter class [PCIM_EXT]. It is a structural object class derived from the pcelsFilterEntryBase class. The pcelsIPHeadersFilter class is defined as follows: ( 1.3.6.1.1.9.1.53 NAME 'pcelsIPHeadersFilter' DESC 'IP header filter' SUP pcelsFilterEntryBase STRUCTURAL MAY ( pcelsIPHdrVersion $ pcelsIPHdrSourceAddress $ pcelsIPHdrSourceAddressEndOfRange $ pcelsIPHdrSourceMask $ pcelsIPHdrDestAddress $ pcelsIPHdrDestAddressEndOfRange $ pcelsIPHdrDestMask $ pcelsIPHdrProtocolID $ pcelsIPHdrSourcePortStart $ pcelsIPHdrSourcePortEnd $ pcelsIPHdrDestPortStart $ pcelsIPHdrDestPortEnd $ pcelsIPHdrDSCPList $ pcelsIPHdrFlowLabel ) )
Applications MUST assume 'all values' for optional (MAY) attributes not present in a pcelsIPHeadersFilter entry. [PCIM_EXT] defines several constraints for the IpHeadersFilter class and its properties. All these constraints (even those that, for brevity, are not reiterated in this document) apply to the pcelsIPHeadersFilter class and its attributes. A pcelsIPHeadersFilter entry that violates any of these constraints SHOULD be treated as invalid and the policy rules or groups associated to this entry SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped. The pcelsIPHdrVersion attribute type indicates the version of the IP addresses to be filtered on. It is mapped from the IpHeadersFilter.HdrIpVersion property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 4 and 6. In a pcelsIPHeadersFilter entry, the pcelsIPHdrVersion attribute type determines the size for the IP version dependent attribute values. These attributes are: pcelsIPHdrSourceAddress, pcelsIPHdrSourceAddressEndOfRange, pcelsIPHdrSourceMask, pcelsIPHdrDestAddress, pcelsIPHdrDestAddressEndOfRange and pcelsIPHdrDestMask. Their valid values are as follows: for IPv4: OctetStrings with a size of 4 for IPv6: OctetStrings with a size of 16 or 20 If the pcelsIPHdrVersion attribute is missing from a pcelsFilterEntryBase instance, then the filter does not consider IP version in selecting matching packets. In this case, the IP version dependent attributes (listed above) must not be present in the filter entry. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.34 NAME 'pcelsIPHdrVersion' DESC 'IP version' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
The pcelsIPHdrSourceAddress attribute type represents a source IP address. It is mapped from the IpHeadersFilter.HdrSrcAddress property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.35 NAME 'pcelsIPHdrSourceAddress' DESC 'Source IP address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) The pcelsIPHdrSourceAddressEndOfRange attribute type represents the end of a range of source IP addresses. It is mapped from the IpHeadersFilter.HdrSrcAddressEndOfRange property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.36 NAME 'pcelsIPHdrSourceAddressEndOfRange' DESC 'End of a range of source IP addresses' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) The pcelsIPHdrSourceMask attribute type represents the mask to be used in comparing the source IP address. It is mapped from the IpHeadersFilter.HdrSrcMask property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule
of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.37 NAME 'pcelsIPHdrSourceMask' DESC 'Mask to be used in comparing the source IP address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) The pcelsIPHdrDestAddress attribute type represents a destination IP address. It is mapped from the IpHeadersFilter.HdrDestAddress property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.38 NAME 'pcelsIPHdrDestAddress' DESC 'Destination IP address' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) The pcelsIPHdrDestAddressEndOfRange attribute type represents the end of a range of destination IP addresses. It is mapped from the IpHeadersFilter.HdrDestAddressEndOfRange property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 4, 16, or 20.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.39
NAME 'pcelsIPHdrDestAddressEndOfRange'
DESC 'End of a range of destination IP addresses'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
)
The pcelsIPHdrDestMask attribute type represents a mask to be used in
comparing the destination IP address. It is mapped from the
IpHeadersFilter.HdrDestMask property [PCIM_EXT]. This attribute type
is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching
rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule
of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type
can only have a single value. The only allowed values for attributes
of this type are octet strings with a size of 4, 16, or 20.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.40
NAME 'pcelsIPHdrDestMask'
DESC 'Mask to be used in comparing the destination IP address'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
)
The pcelsIPHdrProtocolID attribute type indicates an IP protocol
type. It is mapped from the IpHeadersFilter.HdrProtocolID property
[PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX].
It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
ordering matching rule of integerOrderingMatch [LDAP_MATCH].
Attributes of this type can only have a single value. The only
allowed values for attributes of this type are integers in the range
0..255 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.41
NAME 'pcelsIPHdrProtocolID'
DESC 'IP protocol type'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
The pcelsIPHdrSourcePortStart attribute type represents the lower end
of a range of UDP or TCP source ports. It is mapped from the
IpHeadersFilter.HdrSrcPortStart property [PCIM_EXT]. This attribute
type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching
rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only
have a single value. The only allowed values for attributes of this
type are integers in the range 0..65535 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.42
NAME 'pcelsIPHdrSourcePortStart'
DESC 'Lower end of a range of UDP or TCP source ports'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
The pcelsIPHdrSourcePortEnd attribute type represents the upper end
of a range of UDP or TCP source ports. It is mapped from the
IpHeadersFilter.HdrSrcPortEnd property [PCIM_EXT]. This attribute
type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching
rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only
have a single value. The only allowed values for attributes of this
type are integers in the range 0..65535 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.43
NAME 'pcelsIPHdrSourcePortEnd'
DESC 'Upper end of a range of UDP or TCP source ports'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
The pcelsIPHdrDestPortStart attribute type represents the lower end
of a range of UDP or TCP destination ports. It is mapped from the
IpHeadersFilter.HdrDestPortStart property [PCIM_EXT]. This attribute
type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching
rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only
have a single value. The only allowed values for attributes of this
type are integers in the range 0..65535 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.44
NAME 'pcelsIPHdrDestPortStart'
DESC 'Lower end of a range of UDP or TCP destination ports'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
The pcelsIPHdrDestPortEnd attribute type represents the upper end of
a range of UDP or TCP destination ports. It is mapped from the
IpHeadersFilter.HdrDestPortEnd property [PCIM_EXT]. This attribute
type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching
rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only
have a single value. The only allowed values for attributes of this
type are integers in the range 0..65535 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.45
NAME 'pcelsIPHdrDestPortEnd'
DESC 'Upper end of a range of UDP or TCP destination ports'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
The pcelsIPHdrDSCPList attribute type is mapped from the
IpHeadersFilter.HdrDSCP property [PCIM_EXT]. This attribute type is
of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of
integerMatch [LDAP_SYNTAX] and an ordering matching rule of
integerOrderingMatch [LDAP_MATCH]. Attributes of this type can have
multiple values. The only allowed values for attributes of this type
are integers in the range 0..63 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.46
NAME 'pcelsIPHdrDSCPList'
DESC 'DSCP values'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
The pcelsIPHdrFlowLabel attribute type is mapped from the
IpHeadersFilter.HdrFlowLabel property [PCIM_EXT]. This attribute
type is of syntax OctetString [LDAP_SYNTAX]. It has an equality
matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering
matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes
of this type can only have a single value. The only allowed values
for attributes of this type are octet strings of size 3 (that is, 24
bits) that contain a Flow Label value in the rightmost 20 bits padded
on the left with b'0000'.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.47
NAME 'pcelsIPHdrFlowLabel'
DESC 'IP flow label'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
)5.22. The Structural Class pcels8021Filter
The pcels8021Filter class provides 802.1 attributes for performing filtering on 802.1 headers. It is mapped from the 8021Filter class [PCIM_EXT]. The pcels8021Filter class is a structural object class and it is derived from the pcelsFilterEntryBase class. The pcels8021Filter class is defined as follows: ( 1.3.6.1.1.9.1.54 NAME 'pcels8021Filter' DESC '802.1 header filter' SUP pcelsFilterEntryBase STRUCTURAL MAY ( pcels8021HdrSourceMACAddress $ pcels8021HdrSourceMACMask $ pcels8021HdrDestMACAddress $ pcels8021HdrDestMACMask $ pcels8021HdrProtocolID $ pcels8021HdrPriority $ pcels8021HdrVLANID ) ) Applications MUST assume 'all values' for optional (MAY) attributes not present in a pcels8021Filter entry. [PCIM_EXT] defines several constraints for the 8021Filter class and its properties. All these constraints (even those that, for brevity, are not reiterated in this document) apply to the pcels8021Filter class and its attributes. A pcels8021Filter entry that violates any of these constraints SHOULD be treated as invalid and the policy rules or groups associated to this entry SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped. The pcels8021HdrSourceMACAddress attribute type represents a source MAC address. It is mapped from the 8021Filter.8021HdrSrcMACAddr property [PCIM_EXT]. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are octet strings with a size of 6.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.48
NAME 'pcels8021HdrSourceMACAddress'
DESC 'Source MAC address'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
)
The pcels8021HdrSourceMACMask attribute type represents the a mask to
be used in comparing the source MAC address. It is mapped from the
8021Filter.8021HdrSrcMACMask property [PCIM_EXT]. This attribute
type is of syntax OctetString [LDAP_SYNTAX]. It has an equality
matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering
matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes
of this type can only have a single value. The only allowed values
for attributes of this type are octet strings with a size of 6.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.49
NAME 'pcels8021HdrSourceMACMask'
DESC 'Source MAC address mask'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
)
The pcels8021HdrDestMACAddress attribute type represents a
destination MAC address. It is mapped from the
8021Filter.8021HdrDestMACAddr property [PCIM_EXT]. This attribute
type is of syntax OctetString [LDAP_SYNTAX]. It has an equality
matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering
matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes
of this type can only have a single value. The only allowed values
for attributes of this type are octet strings with a size of 6.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.50
NAME 'pcels8021HdrDestMACAddress'
DESC 'Destination MAC address'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
)
The pcels8021HdrDestMACMask attribute type represents the a mask to
be used in comparing the destination MAC address. It is mapped from
the 8021Filter.8021HdrDestMACMask property [PCIM_EXT]. This
attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an
equality matching rule of octetStringMatch [LDAP_SCHEMA] and an
ordering matching rule of octetStringOrderingMatch [LDAP_MATCH].
Attributes of this type can only have a single value. The only
allowed values for attributes of this type are octet strings with a
size of 6.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.51
NAME 'pcels8021HdrDestMACMask'
DESC 'Destination MAC address mask'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE
)
The pcels8021HdrProtocolID attribute type indicates an Ethernet
protocol type. It is mapped from the 8021Filter.8021HdrProtocolID
property [PCIM_EXT]. This attribute type is of syntax Integer
[LDAP_SYNTAX]. It has an equality matching rule of integerMatch
[LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch
[LDAP_MATCH]. Attributes of this type can have multiple values. No
order is implied. The only allowed values for attributes of this
type are integers in the range 0..65535 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.52
NAME 'pcels8021HdrProtocolID'
DESC 'Ethernet protocol ID'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
The pcels8021HdrPriority attribute type indicates an 802.1Q priority.
It is mapped from the 8021Filter.8021HdrPriorityValue property
[PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX].
It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
ordering matching rule of integerOrderingMatch [LDAP_MATCH].
Attributes of this type can have multiple values. No order is
implied. The only allowed values for attributes of this type are
integers in the range 0..7 (inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.53
NAME 'pcels8021HdrPriority'
DESC '802.1Q priority'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
The pcels8021HdrVLANID attribute type indicates an 802.1Q VLAN
Identifier. It is mapped from the 8021Filter.8021HdrVLANID property
[PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX].
It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
ordering matching rule of integerOrderingMatch [LDAP_MATCH].
Attributes of this type can have multiple values. The only allowed
values for attributes of this type are integers in the range 0..4095
(inclusive).
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.54
NAME 'pcels8021HdrVLANID'
DESC '802.1Q VLAN ID'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
5.23. The Auxiliary Class pcelsFilterListAuxClass
The pcelsFilterListAuxClass class represents a collection of device- level filters aggregated in a policy condition. It is mapped from the FilterList class [PCIM_EXT]. pcelsFilterListAuxClass instances can be used as conditions in policy rules or as components in compound conditions. The pcelsFilterListAuxClass class is an auxiliary object class and it is derived from the pcimConditionAuxClass class [PCLS]. The pcelsFilterListAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.55 NAME 'pcelsFilterListAuxClass' DESC 'Collection of pcelsFilterEntryBase filters' SUP pcimConditionAuxClass AUXILIARY MAY ( pcelsFilterListName $ pcelsFilterDirection $ pcelsFilterEntryList ) ) The pcelsFilterListName attribute type may be used as naming attribute for pcelsFilterListAuxClass entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.55 NAME 'pcelsFilterListName' DESC 'User-friendly name of a FilterList' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) The pcelsFilterDirection attribute type indicates the direction of the packets or messages relative to the interface where the filter is applied. It is mapped from the FilterList.Direction property [PCIM_EXT]. This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH].
Attributes of this type can only have a single value. The only
allowed values for attributes of this type are 0 (NotApplicable), 1
(Input), 2 (Output), 3 (Both) and 4 (Mirrored). If this attribute is
missing from a pcelsFilterListAuxClass instance, applications MUST
assume that a direction is not applicable.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.56
NAME 'pcelsFilterDirection'
DESC 'Direction to which this filter is applied'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
The pcelsFilterEntryList attribute type realizes the
EntriesInFilterList association [PCIM_EXT]. This attribute type is
of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of
distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can
have multiple values. The only allowed values for
pcelsFilterEntryList attributes are DNs of pcelsFilterEntryBase
entries. In a pcelsFilterListAuxClass, the pcelsFilterEntryList
attribute represents the associations between this filter collection
and its components.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.57
NAME 'pcelsFilterEntryList'
DESC 'Unordered set of DNs of pcelsFilterEntryBase entries'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
The EntrySequence property of the association EntriesInFilterList is
restricted to a single value ('0') [PCIM_EXT] which makes it
redundant. Therefore, its mapping to an LDAP schema element is
unnecessary.
5.24. The Auxiliary Class pcelsVendorVariableAuxClass
The pcelsVendorVariableAuxClass class provides a general extension mechanism for representing policy variables that have not been specifically modeled. Instead, its two properties are used to define the content and format of the variable, as explained below. This class is intended for vendor-specific extensions that are not amenable to using pcelsVariable; standardized extensions SHOULD NOT use this class. The pcelsVendorVariableAuxClass class is an auxiliary object class and it is derived from the pcelsVariable class. The pcelsVendorVariableAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.56 NAME 'pcelsVendorVariableAuxClass' DESC 'Defines registered means to describe a policy variable' SUP pcelsVariable AUXILIARY MAY ( pcelsVendorVariableData $ pcelsVendorVariableEncoding ) ) The pcelsVendorVariableData attribute provides a general mechanism for representing policy variables that have not been specifically modeled. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can have multiple values. In pcelsVendorVariableAuxClass instances, the format of the values for attributes of this type is identified by the OID stored in the pcelsVendorVariableEncoding attribute. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.58 NAME 'pcelsVendorVariableData' DESC 'Mechanism for representing variables that have not been specifically modeled' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) The pcelsVendorVariableEncoding attribute identifies the format for representing policy variables that have not been specifically modeled. This attribute type is of syntax OID [LDAP_SYNTAX]. It has
an equality matching rule of objectIdentifierMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. In pcelsVendorVariableAuxClass instances, the pcelsVendorVariableEncoding attribute is used to identify the format and semantics for the pcelsVendorVariableData attribute values. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.59 NAME 'pcelsVendorVariableEncoding' DESC 'Identifies the format and semantics for policy variables' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )5.25. The Auxiliary Class pcelsVendorValueAuxClass
The pcelsVendorValueAuxClass class provides a general extension mechanism for representing policy values that have not been specifically modeled. Instead, its two properties are used to define the content and format of the policy value, as explained below. This class is intended for vendor-specific extensions that are not amenable to using pcelsValueAuxClass; standardized extensions SHOULD NOT use this class. The pcelsVendorValueAuxClass class is an auxiliary object class and it is derived from the pcelsValueAuxClass class. The pcelsVendorValueAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.57 NAME 'pcelsVendorValueAuxClass' DESC 'Defines registered means to describe a policy value' SUP pcelsValueAuxClass AUXILIARY MAY ( pcelsVendorValueData $ pcelsVendorValueEncoding ) ) The pcelsVendorValueData attribute provides a general mechanism for representing policy values that have not been specifically modeled. This attribute type is of syntax OctetString [LDAP_SYNTAX]. It has an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule of octetStringOrderingMatch [LDAP_MATCH]. Attributes of this type can have multiple values. In
pcelsVendorValueAuxClass instances, the format of the values for
attributes of this type is identified by the OID stored in the
pcelsVendorValueEncoding attribute.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.60
NAME 'pcelsVendorValueData'
DESC 'Mechanism for representing values that have not been
specifically modeled'
EQUALITY octetStringMatch
ORDERING octetStringOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
)
The pcelsVendorValueEncoding attribute identifies the format for
representing policy values that have not been specifically modeled.
This attribute type is of syntax OID [LDAP_SYNTAX]. It has an
equality matching rule of objectIdentifierMatch [LDAP_SYNTAX].
Attributes of this type can only have a single value. In
pcelsVendorVarlueAuxClass instances, the pcelsVendorValueEncoding
attribute is used to identify the format and semantics for the
pcelsVendorValueData attribute values.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.61
NAME 'pcelsVendorValueEncoding'
DESC 'Identifies the format and semantics for policy values'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
SINGLE-VALUE
)
6. Security Considerations
The Policy Core LDAP Schema [PCLS] describes the general security
considerations related to the general core policy schema. The
extensions defined in this document do not introduce any additional
considerations related to security.
7. IANA Considerations
Refer to RFC 3383, "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)" [LDAP-IANA].7.1. Object Identifiers
The IANA has registered an LDAP Object Identifier for use in this technical specification according to the following template: Subject: Request for LDAP OID Registration Person & e-mail address to contact for further information: Mircea Pana (mpana@metasolv.com) Specification: RFC 4104 Author/Change Controller: IESG Comments: The assigned OID is used as a base for identifying a number of schema elements defined in this document. IANA has assigned an OID of 1.3.6.1.1.9 with the name of pcelsSchema to this registration as recorded in the following registry: http://www.iana.org/assignments/smi-numbers7.2. Object Identifier Descriptors
The IANA has registered the LDAP Descriptors used in this technical specification as detailed in the following template: Subject: Request for LDAP Descriptor Registration Update Descriptor (short name): see comment Object Identifier: see comment Person & e-mail address to contact for further information: Mircea Pana (mpana@metasolv.com) Usage: see comment Specification: RFC 4104 Author/Change Controller: IESG Comments: The following descriptors have been added: NAME Type OID -------------- ---- ------------ pcelsPolicySet O 1.3.6.1.1.9.1.1 pcelsPolicySetAssociation O 1.3.6.1.1.9.1.2 pcelsGroup O 1.3.6.1.1.9.1.3 pcelsGroupAuxClass O 1.3.6.1.1.9.1.4
pcelsGroupInstance O 1.3.6.1.1.9.1.5 pcelsRule O 1.3.6.1.1.9.1.6 pcelsRuleAuxClass O 1.3.6.1.1.9.1.7 pcelsRuleInstance O 1.3.6.1.1.9.1.8 pcelsConditionAssociation O 1.3.6.1.1.9.1.9 pcelsActionAssociation O 1.3.6.1.1.9.1.10 pcelsSimpleConditionAuxClass O 1.3.6.1.1.9.1.11 pcelsCompoundConditionAuxClass O 1.3.6.1.1.9.1.12 pcelsCompoundFilterConditionAuxClass O 1.3.6.1.1.9.1.13 pcelsSimpleActionAuxClass O 1.3.6.1.1.9.1.14 pcelsCompoundActionAuxClass O 1.3.6.1.1.9.1.15 pcelsVariable O 1.3.6.1.1.9.1.16 pcelsExplicitVariableAuxClass O 1.3.6.1.1.9.1.17 pcelsImplicitVariableAuxClass O 1.3.6.1.1.9.1.18 pcelsSourceIPv4VariableAuxClass O 1.3.6.1.1.9.1.19 pcelsSourceIPv6VariableAuxClass O 1.3.6.1.1.9.1.20 pcelsDestinationIPv4VariableAuxClass O 1.3.6.1.1.9.1.21 pcelsDestinationIPv6VariableAuxClass O 1.3.6.1.1.9.1.22 pcelsSourcePortVariableAuxClass O 1.3.6.1.1.9.1.23 pcelsDestinationPortVariableAuxClass O 1.3.6.1.1.9.1.24 pcelsIPProtocolVariableAuxClass O 1.3.6.1.1.9.1.25 pcelsIPVersionVariableAuxClass O 1.3.6.1.1.9.1.26 pcelsIPToSVariableAuxClass O 1.3.6.1.1.9.1.27 pcelsDSCPVariableAuxClass O 1.3.6.1.1.9.1.28 pcelsFlowIdVariableAuxClass O 1.3.6.1.1.9.1.29 pcelsSourceMACVariableAuxClass O 1.3.6.1.1.9.1.30 pcelsDestinationMACVariableAuxClass O 1.3.6.1.1.9.1.31 pcelsVLANVariableAuxClass O 1.3.6.1.1.9.1.32 pcelsCoSVariableAuxClass O 1.3.6.1.1.9.1.33 pcelsEthertypeVariableAuxClass O 1.3.6.1.1.9.1.34 pcelsSourceSAPVariableAuxClass O 1.3.6.1.1.9.1.35 pcelsDestinationSAPVariableAuxClass O 1.3.6.1.1.9.1.36 pcelsSNAPOUIVariableAuxClass O 1.3.6.1.1.9.1.37 pcelsSNAPTypeVariableAuxClass O 1.3.6.1.1.9.1.38 pcelsFlowDirectionVariableAuxClass O 1.3.6.1.1.9.1.39 pcelsValueAuxClass O 1.3.6.1.1.9.1.40 pcelsIPv4AddrValueAuxClass O 1.3.6.1.1.9.1.41 pcelsIPv6AddrValueAuxClass O 1.3.6.1.1.9.1.42 pcelsMACAddrValueAuxClass O 1.3.6.1.1.9.1.43 pcelsStringValueAuxClass O 1.3.6.1.1.9.1.44 pcelsBitStringValueAuxClass O 1.3.6.1.1.9.1.45 pcelsIntegerValueAuxClass O 1.3.6.1.1.9.1.46 pcelsBooleanValueAuxClass O 1.3.6.1.1.9.1.47 pcelsReusableContainer O 1.3.6.1.1.9.1.48 pcelsReusableContainerAuxClass O 1.3.6.1.1.9.1.49 pcelsReusableContainerInstance O 1.3.6.1.1.9.1.50 pcelsRoleCollection O 1.3.6.1.1.9.1.51 pcelsFilterEntryBase O 1.3.6.1.1.9.1.52
pcelsIPHeadersFilter O 1.3.6.1.1.9.1.53 pcels8021Filter O 1.3.6.1.1.9.1.54 pcelsFilterListAuxClass O 1.3.6.1.1.9.1.55 pcelsVendorVariableAuxClass O 1.3.6.1.1.9.1.56 pcelsVendorValueAuxClass O 1.3.6.1.1.9.1.57 pcelsPolicySetName A 1.3.6.1.1.9.2.1 pcelsDecisionStrategy A 1.3.6.1.1.9.2.2 pcelsPolicySetList A 1.3.6.1.1.9.2.3 pcelsPriority A 1.3.6.1.1.9.2.4 pcelsPolicySetDN A 1.3.6.1.1.9.2.5 pcelsConditionListType A 1.3.6.1.1.9.2.6 pcelsConditionList A 1.3.6.1.1.9.2.7 pcelsActionList A 1.3.6.1.1.9.2.8 pcelsSequencedActions A 1.3.6.1.1.9.2.9 pcelsExecutionStrategy A 1.3.6.1.1.9.2.10 pcelsVariableDN A 1.3.6.1.1.9.2.11 pcelsValueDN A 1.3.6.1.1.9.2.12 pcelsIsMirrored A 1.3.6.1.1.9.2.13 pcelsVariableName A 1.3.6.1.1.9.2.14 pcelsExpectedValueList A 1.3.6.1.1.9.2.15 pcelsVariableModelClass A 1.3.6.1.1.9.2.16 pcelsVariableModelProperty A 1.3.6.1.1.9.2.17 pcelsExpectedValueTypes A 1.3.6.1.1.9.2.18 pcelsValueName A 1.3.6.1.1.9.2.19 pcelsIPv4AddrList A 1.3.6.1.1.9.2.20 pcelsIPv6AddrList A 1.3.6.1.1.9.2.21 pcelsMACAddrList A 1.3.6.1.1.9.2.22 pcelsStringList A 1.3.6.1.1.9.2.23 pcelsBitStringList A 1.3.6.1.1.9.2.24 pcelsIntegerList A 1.3.6.1.1.9.2.25 pcelsBoolean A 1.3.6.1.1.9.2.26 pcelsReusableContainerName A 1.3.6.1.1.9.2.27 pcelsReusableContainerList A 1.3.6.1.1.9.2.28 pcelsRole A 1.3.6.1.1.9.2.29 pcelsRoleCollectionName A 1.3.6.1.1.9.2.30 pcelsElementList A 1.3.6.1.1.9.2.31 pcelsFilterName A 1.3.6.1.1.9.2.32 pcelsFilterIsNegated A 1.3.6.1.1.9.2.33 pcelsIPHdrVersion A 1.3.6.1.1.9.2.34 pcelsIPHdrSourceAddress A 1.3.6.1.1.9.2.35 pcelsIPHdrSourceAddressEndOfRange A 1.3.6.1.1.9.2.36 pcelsIPHdrSourceMask A 1.3.6.1.1.9.2.37 pcelsIPHdrDestAddress A 1.3.6.1.1.9.2.38 pcelsIPHdrDestAddressEndOfRange A 1.3.6.1.1.9.2.39 pcelsIPHdrDestMask A 1.3.6.1.1.9.2.40 pcelsIPHdrProtocolID A 1.3.6.1.1.9.2.41 pcelsIPHdrSourcePortStart A 1.3.6.1.1.9.2.42 pcelsIPHdrSourcePortEnd A 1.3.6.1.1.9.2.43
pcelsIPHdrDestPortStart A 1.3.6.1.1.9.2.44
pcelsIPHdrDestPortEnd A 1.3.6.1.1.9.2.45
pcelsIPHdrDSCPList A 1.3.6.1.1.9.2.46
pcelsIPHdrFlowLabel A 1.3.6.1.1.9.2.47
pcels8021HdrSourceMACAddress A 1.3.6.1.1.9.2.48
pcels8021HdrSourceMACMask A 1.3.6.1.1.9.2.49
pcels8021HdrDestMACAddress A 1.3.6.1.1.9.2.50
pcels8021HdrDestMACMask A 1.3.6.1.1.9.2.51
pcels8021HdrProtocolID A 1.3.6.1.1.9.2.52
pcels8021HdrPriority A 1.3.6.1.1.9.2.53
pcels8021HdrVLANID A 1.3.6.1.1.9.2.54
pcelsFilterListName A 1.3.6.1.1.9.2.55
pcelsFilterDirection A 1.3.6.1.1.9.2.56
pcelsFilterEntryList A 1.3.6.1.1.9.2.57
pcelsVendorVariableData A 1.3.6.1.1.9.2.58
pcelsVendorVariableEncoding A 1.3.6.1.1.9.2.59
pcelsVendorValueData A 1.3.6.1.1.9.2.60
pcelsVendorValueEncoding A 1.3.6.1.1.9.2.61
pcelsRuleValidityPeriodList A 1.3.6.1.1.9.2.62
where Type A is Attribute, Type O is ObjectClass
These assignments are recorded in the following registry:
http://www.iana.org/assignments/ldap-parameters
8. Acknowledgements
We would like to thank Kurt Zeilenga, Bert Wijnen, Ryan Moats, John
Strassner, David McTavish, Larry Bartz and all the other members of
the Policy Framework WG for reviewing this document and making many
helpful suggestions and corrections.
We would also like to thank Joel Halpern (co-chair of the Policy
Framework WG) for his support, for bringing this document to the
attention of the Policy Framework WG and for moderating the resulting
interactions.
9. Normative References
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[CIM] Distributed Management Task Force, Inc., "Common
Information Model (CIM) Specification", Version 2.2,
June 14, 1999,
http://www.dmtf.org/standards/documents/CIM/DSP0004.pdf
[CIM_LDAP] Distributed Management Task Force, Inc., "DMTF LDAP Schema for the CIM v2.5 Core Information Model", April 15, 2002, http://www.dmtf.org/standards/documents/DEN/DSP0123.pdf [PCIM] Moore, B., Ellesson, E., Strassner, J., and A. Westerinen, "Policy Core Information Model -- Version 1 Specification", RFC 3060, February 2001. [PCIM_EXT] Moore, B., "Policy Core Information Model (PCIM) Extensions", RFC 3460, January 2003. [PCLS] Strassner, J., Moore, B., Moats, R., and E. Ellesson, "Policy Core Lightweight Directory Access Protocol (LDAP) Schema", RFC 3703, February 2004. [LDAP] Hodges, J. and R. Morgan, "Lightweight Directory Access Protocol (v3): Technical Specification", RFC 3377, September 2002. [LDAP_SYNTAX] Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997. [LDAP_SCHEMA] Wahl, M., "A Summary of the X.500(96) User Schema for use with LDAPv3", RFC 2256, December 1997. [LDAP_MATCH] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Additional Matching Rules", RFC 3698, February 2004. [X.501] The Directory: Models. ITU-T Recommendation X.501, 2001. [X.520] The Directory: Selected Attribute Types. ITU-T Recommendation X.520, 2001.10. Informative References
[LDAP-IANA] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
Authors' Addresses
Mircea Pana MetaSolv Software Inc. 360 Legget Drive Ottawa, Ontario, Canada K2K 3N1 EMail: mpana@metasolv.com Angelica Reyes Department of Computer Architecture Technical University of Catalonia Campus Castelldefels Spain EMail: mreyes@ac.upc.edu Antoni Barba Technical University of Catalonia Jordi-Girona 1-3 08034 Barcelona Spain EMail: telabm@mat.upc.es David Moron Technical University of Catalonia Jordi-Girona 1-3 08034 Barcelona Spain EMail: dmor4477@hotmail.com Marcus Brunner NEC Europe Ltd. Kurfuersten-Anlage 36 D-69115 Heidelberg Germany EMail: brunner@netlab.nec.de
Full Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.