2.9. Protocol Commands
EPP provides commands to manage sessions, retrieve object information, and perform transformation operations on objects. All EPP commands are atomic and designed so that they can be made idempotent, either succeeding completely or failing completely and producing predictable results in case of repeated executions. This section describes each EPP command, including examples with representative server responses.2.9.1. Session Management Commands
EPP provides two commands for session management: <login> to establish a session with a server, and <logout> to end a session with a server. The <login> command establishes an ongoing server session that preserves client identity and authorization information during the duration of the session.2.9.1.1. EPP <login> Command
The EPP <login> command is used to establish a session with an EPP server in response to a greeting issued by the server. A <login> command MUST be sent to a server before any other EPP command to establish an ongoing session. A server operator MAY limit the number of failed login attempts N, 1 <= N <= infinity, after which a login failure results in the connection to the server (if a connection exists) being closed. A client identifier and initial password MUST be created on the server before a client can successfully complete a <login> command. The client identifier and initial password MUST be delivered to the client using an out-of-band method that protects the identifier and password from inadvertent disclosure. In addition to the standard EPP command elements, the <login> command contains the following child elements: - A <clID> element that contains the client identifier assigned to the client by the server. - A <pw> element that contains the client's plain text password. The value of this element is case sensitive. - An OPTIONAL <newPW> element that contains a new plain text password to be assigned to the client for use with subsequent <login> commands. The value of this element is case sensitive.
- An <options> element that contains the following child elements: - A <version> element that contains the protocol version to be used for the command or ongoing server session. - A <lang> element that contains the text response language to be used for the command or ongoing server session commands. The values of the <version> and <lang> elements MUST exactly match one of the values presented in the EPP greeting. - A <svcs> element that contains one or more <objURI> elements that contain namespace URIs representing the objects to be managed during the session. The <svcs> element MAY contain an OPTIONAL <svcExtension> element that contains one or more <extURI> elements that identify object extensions to be used during the session. The PLAIN Simple Authentication and Security Layer (SASL) mechanism presented in [RFC2595] describes a format for providing a user identifier, an authorization identifier, and a password as part of a single plain text string. The EPP authentication mechanism is similar, though EPP does not require a session-level authorization identifier and the user identifier and password are separated into distinct XML elements. Additional identification and authorization schemes MUST be provided at other protocol layers to provide more robust security services.
Example <login> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <login> C: <clID>ClientX</clID> C: <pw>foo-BAR2</pw> C: <newPW>bar-FOO2</newPW> C: <options> C: <version>1.0</version> C: <lang>en</lang> C: </options> C: <svcs> C: <objURI>urn:ietf:params:xml:ns:obj1</objURI> C: <objURI>urn:ietf:params:xml:ns:obj2</objURI> C: <objURI>urn:ietf:params:xml:ns:obj3</objURI> C: <svcExtension> C: <extURI>http://custom/obj1ext-1.0</extURI> C: </svcExtension> C: </svcs> C: </login> C: <clTRID>ABC-12345</clTRID> C: </command> C:</epp> When a <login> command has been processed successfully, a server MUST respond with an EPP response with no <resData> element. If successful, the server will respond by creating and maintaining a new session that SHOULD be terminated by a future <logout> command. Example <login> response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp>
The EPP <login> command is used to establish a session with an EPP server. A <login> command MUST be rejected if received within the bounds of an existing session. This action MUST be open to all authorized clients.2.9.1.2. EPP <logout> Command
The EPP <logout> command is used to end a session with an EPP server. The <logout> command MUST be represented as an empty element with no child elements. A server MAY end a session due to client inactivity or excessive client session longevity. The parameters for determining excessive client inactivity or session longevity are a matter of server policy and are not specified by this protocol. Transport mappings MUST explicitly describe any connection-oriented processing that takes place after processing a <logout> command and ending a session. Example <logout> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <logout/> C: <clTRID>ABC-12345</clTRID> C: </command> C:</epp> When a <logout> command has been processed successfully, a server MUST respond with an EPP response with no <resData> element. If successful, the server MUST also end the current session. Example <logout> response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1500"> S: <msg>Command completed successfully; ending session</msg> S: </result> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp>
The EPP <logout> command is used to end a session with an EPP server. A <logout> command MUST be rejected if the command has not been preceded by a successful <login> command. This action MUST be open to all authorized clients.2.9.2. Query Commands
2.9.2.1. EPP <check> Command
The EPP <check> command is used to determine if an object can be provisioned within a repository. It provides a hint that allows a client to anticipate the success or failure of provisioning an object using the <create> command as object provisioning requirements are ultimately a matter of server policy. The elements needed to identify an object are object-specific, so the child elements of the <check> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <check> command contains the following child elements: - An object-specific <obj:check> element that identifies the objects to be queried. Multiple objects of the same type MAY be queried within a single <check> command. Example <check> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <check> C: <obj:check xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <obj:name>example1</obj:name> C: <obj:name>example2</obj:name> C: <obj:name>example3</obj:name> C: </obj:check> C: </check> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <check> command has been processed successfully, a server MUST respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific, though the EPP <resData> element MUST contain a child <obj:chkData> element that contains one or more <obj:cd> (check data) elements. Each <obj:cd> element contains the following child elements:
- An object-specific element that identifies the queried object. This element MUST contain an "avail" attribute whose value indicates object availability (can it be provisioned or not) at the moment the <check> command was completed. A value of "1" or "true" means that the object can be provisioned. A value of "0" or "false" means that the object cannot be provisioned. - An OPTIONAL <obj:reason> element that MAY be provided when an object cannot be provisioned. If present, this element contains server-specific text to help explain why the object cannot be provisioned. This text MUST be represented in the response language previously negotiated with the client; an OPTIONAL "lang" attribute MAY be present to identify the language if the negotiated value is something other than the default value of "en" (English). Example <check> response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:chkData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <obj:cd> S: <obj:name avail="1">example1</obj:name> S: </obj:cd> S: <obj:cd> S: <obj:name avail="0">example2</obj:name> S: <obj:reason>In use</obj:reason> S: </obj:cd> S: <obj:cd> S: <obj:name avail="1">example3</obj:name> S: </obj:cd> S: </obj:chkData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <check> command is used to determine if an object can be provisioned within a repository. This action MUST be open to all authorized clients.
2.9.2.2. EPP <info> Command
The EPP <info> command is used to retrieve information associated with an existing object. The elements needed to identify an object and the type of information associated with an object are both object-specific, so the child elements of the <info> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <info> command contains the following child elements: - An object-specific <obj:info> element that identifies the object to be queried. Example <info> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <info> C: <obj:info xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:info> C: </info> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When an <info> command has been processed successfully, a server MUST respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace and the Repository Object IDentifier (ROID) that was assigned to the object when the object was created. Other child elements of the <resData> element are object-specific.
Example <info> response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:infData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <obj:roid>EXAMPLE1-REP</obj:roid> S: <!-- Object-specific elements. --> S: </obj:infData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <info> command is used to retrieve information associated with an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED.2.9.2.3. EPP <poll> Command
The EPP <poll> command is used to discover and retrieve service messages queued by a server for individual clients. If the message queue is not empty, a successful response to a <poll> command MUST return the first message from the message queue. Each response returned from the server includes a server-unique message identifier that MUST be provided to acknowledge receipt of the message, and a counter that indicates the number of messages in the queue. After a message has been received by the client, the client MUST respond to the message with an explicit acknowledgement to confirm that the message has been received. A server MUST dequeue the message and decrement the queue counter after receiving acknowledgement from the client, making the next message in the queue (if any) available for retrieval. Servers can occasionally perform actions on objects that are not in direct response to a client request, or an action taken by one client can indirectly involve a second client. Examples of such actions include deletion upon expiration, automatic renewal upon expiration, and transfer coordination; other types of service information MAY be defined as a matter of server policy. Service messages SHOULD be
created for passive clients affected by an action on an object. Service messages MAY also be created for active clients that request an action on an object, though such messages MUST NOT replace the normal protocol response to the request. For example, <transfer> actions SHOULD be reported to the client that has the authority to approve or reject a transfer request. Other methods of server-client action notification, such as offline reporting, are also possible and are beyond the scope of this specification. Message queues can consume server resources if clients do not retrieve and acknowledge messages on a regular basis. Servers MAY implement other mechanisms to dequeue and deliver messages if queue maintenance needs exceed server resource consumption limits. Server operators SHOULD consider time-sensitivity and resource management factors when selecting a delivery method for service information because some message types can be reasonably delivered using non- protocol methods that require fewer server resources. Some of the information returned in response to a <poll> command can be object-specific, so some child elements of the <poll> response MAY be specified using the EPP extension framework. The <poll> command MUST be represented as an empty element with no child elements. An "op" attribute with value "req" is REQUIRED to retrieve the first message from the server message queue. An "op" attribute (with value "ack") and a "msgID" attribute (whose value corresponds to the value of the "id" attribute copied from the <msg> element in the message being acknowledged) are REQUIRED to acknowledge receipt of a message. Example <poll> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <poll op="req"/> C: <clTRID>ABC-12345</clTRID> C: </command> C:</epp> The returned result code notes that a message has been dequeued and returned in response to a <poll> command.
Example <poll> response with object-specific information: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1301"> S: <msg>Command completed successfully; ack to dequeue</msg> S: </result> S: <msgQ count="5" id="12345"> S: <qDate>2000-06-08T22:00:00.0Z</qDate> S: <msg>Transfer requested.</msg> S: </msgQ> S: <resData> S: <obj:trnData S: xmlns:obj="urn:ietf:params:xml:ns:obj-1.0"> S: <obj:name>example.com</obj:name> S: <obj:trStatus>pending</obj:trStatus> S: <obj:reID>ClientX</obj:reID> S: <obj:reDate>2000-06-08T22:00:00.0Z</obj:reDate> S: <obj:acID>ClientY</obj:acID> S: <obj:acDate>2000-06-13T22:00:00.0Z</obj:acDate> S: <obj:exDate>2002-09-08T22:00:00.0Z</obj:exDate> S: </obj:trnData> S: </resData> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp> A client MUST acknowledge each response to dequeue the message and make subsequent messages available for retrieval. Example <poll> acknowledgement command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <poll op="ack" msgID="12345"/> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> A <poll> acknowledgement response notes the ID of the message that has been acknowledged and the number of messages remaining in the queue.
Example <poll> acknowledgement response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <msgQ count="4" id="12345"/> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> Service messages can also be returned without object information. Example <poll> response with mixed message content and without object-specific information: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1301"> S: <msg>Command completed successfully; ack to dequeue</msg> S: </result> S: <msgQ count="4" id="12346"> S: <qDate>2000-06-08T22:10:00.0Z</qDate> S: <msg lang="en">Credit balance low. S: <limit>100</limit><bal>5</bal> S: </msg> S: </msgQ> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp> The returned result code and message is used to note an empty server message queue.
Example <poll> response to note an empty message queue: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1300"> S: <msg>Command completed successfully; no messages</msg> S: </result> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <poll> command is used to discover and retrieve client service messages from a server. This action SHOULD be limited to authorized clients; queuing service messages and limiting queue access on a per-client basis is RECOMMENDED.2.9.2.4. EPP <transfer> Query Command
The EPP <transfer> command provides a query operation that allows a client to determine real-time status of pending and completed transfer requests. The elements needed to identify an object that is the subject of a transfer request are object-specific, so the child elements of the <transfer> query command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <transfer> command contains an "op" attribute with value "query", and the following child elements: - An object-specific <obj:transfer> element that identifies the object whose transfer status is requested. Transfer status is typically considered sensitive information by the clients involved in the operation. Object mappings MUST provide features to restrict transfer queries to authorized clients, such as by requiring authorization information as part of the request.
Example <transfer> query command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <transfer op="query"> C: <obj:transfer xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:transfer> C: </transfer> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <transfer> query command has been processed successfully, a server MUST respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific, but they MUST include elements that identify the object, the status of the transfer, the identifier of the client that requested the transfer, the date and time that the request was made, the identifier of the client that is authorized to act on the request, the date and time by which an action is expected, and an OPTIONAL date and time noting changes in the object's validity period (if applicable) that occur as a result of the transfer.
Example <transfer> query response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:trnData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <obj:name>example</obj:name> S: <obj:trStatus>pending</obj:trStatus> S: <obj:reID>ClientX</obj:reID> S: <obj:reDate>2000-06-08T22:00:00.0Z</obj:reDate> S: <obj:acID>ClientY</obj:acID> S: <obj:acDate>2000-06-13T22:00:00.0Z</obj:acDate> S: <obj:exDate>2002-09-08T22:00:00.0Z</obj:exDate> S: </obj:trnData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <transfer> command provides a query operation that allows a client to determine real-time status of pending and completed transfer requests. This action SHOULD be limited to authorized clients; restricting queries to the requesting and responding clients is RECOMMENDED. Object transfer MAY be unavailable or limited by object-specific policies.2.9.3. Object Transform Commands
EPP provides five commands to transform objects: <create> to create an instance of an object with a server, <delete> to remove an instance of an object from a server, <renew> to extend the validity period of an object, <transfer> to manage changes in client sponsorship of an object, and <update> to change information associated with an object.2.9.3.1. EPP <create> Command
The EPP <create> command is used to create an instance of an object. An object can be created for an indefinite period of time, or an object can be created for a specific validity period. The EPP mapping for an object MUST describe the status of an object with
respect to time, to include expected client and server behavior if a validity period is used. The elements needed to identify an object and associated attributes are object-specific, so the child elements of the <create> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <create> command contains the following child elements: - An object-specific <obj:create> element that identifies the object to be created and the elements that are required to create the object. Example <create> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <create> C: <obj:create xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:create> C: </create> C: <clTRID>ABC-12345</clTRID> C: </command> C:</epp> When a <create> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific.
Example <create> response with <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:creData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <!-- Object-specific elements. --> S: </obj:creData> S: </resData> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <create> command is used to create an instance of an object. This action SHOULD be limited to authorized clients and MAY be restricted on a per-client basis.2.9.3.2. EPP <delete> Command
The EPP <delete> command is used to remove an instance of an existing object. The elements needed to identify an object are object- specific, so the child elements of the <delete> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <delete> command contains the following child elements: - An object-specific <obj:delete> element that identifies the object to be deleted.
Example <delete> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <delete> C: <obj:delete xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:delete> C: </delete> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <delete> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific. Example <delete> response without <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <delete> command is used to remove an instance of an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED.2.9.3.3. EPP <renew> Command
The EPP <renew> command is used to extend the validity period of an existing object. The elements needed to identify and extend the validity period of an object are object-specific, so the child elements of the <renew> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <renew> command contains the following child elements:
- An object-specific <obj:renew> element that identifies the object to be renewed and the elements that are required to extend the validity period of the object. Example <renew> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <renew> C: <obj:renew xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:renew> C: </renew> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <renew> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific. Example <renew> response with <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:renData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <!-- Object-specific elements. --> S: </obj:renData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <renew> command is used to extend the validity period of an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED. Object renewal MAY be unavailable or limited by object- specific policies.
2.9.3.4. EPP <transfer> Command
The EPP <transfer> command is used to manage changes in client sponsorship of an existing object. Clients can initiate a transfer request, cancel a transfer request, approve a transfer request, and reject a transfer request using the "op" command attribute. A client who wishes to assume sponsorship of a known object from another client uses the <transfer> command with the value of the "op" attribute set to "request". Once a transfer has been requested, the same client can cancel the request using a <transfer> command with the value of the "op" attribute set to "cancel". A request to cancel the transfer MUST be sent to the server before the current sponsoring client either approves or rejects the transfer request and before the server automatically processes the request due to responding client inactivity. Once a transfer request has been received by the server, the server MUST notify the current sponsoring client of the requested transfer either by queuing a service message for retrieval via the <poll> command or by using an out-of-band mechanism to inform the client of the request. The current status of a pending <transfer> command for any object can be found using the <transfer> query command. Transfer service messages MUST include the object-specific elements specified for <transfer> command responses. The current sponsoring client MAY explicitly approve or reject the transfer request. The client can approve the request using a <transfer> command with the value of the "op" attribute set to "approve". The client can reject the request using a <transfer> command with the value of the "op" attribute set to "reject". A server MAY automatically approve or reject all transfer requests that are not explicitly approved or rejected by the current sponsoring client within a fixed amount of time. The amount of time to wait for explicit action and the default server behavior are local matters not specified by EPP, but they SHOULD be documented in a server-specific profile document that describes default server behavior for client information. Objects eligible for transfer MUST have associated authorization information that MUST be provided to complete a <transfer> command. The type of authorization information required is object-specific; passwords or more complex mechanisms based on public key cryptography are typical.
The elements needed to identify and complete the transfer of an object are object-specific, so the child elements of the <transfer> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <transfer> command contains the following child elements: - An object-specific <obj:transfer> element that identifies the object to be transferred and the elements that are required to process the transfer command. Example <transfer> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <transfer op="request"> C: <obj:transfer xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:transfer> C: </transfer> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <transfer> command has been processed successfully, a server MUST respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific, but they MUST include elements that identify the object, the status of the transfer, the identifier of the client that requested the transfer, the date and time that the request was made, the identifier of the client that is authorized to act on the request, the date and time by which an action is expected, and an OPTIONAL date and time noting changes in the object's validity period (if applicable) that occur as a result of the transfer.
Example <transfer> response with <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1001"> S: <msg>Command completed successfully; action pending</msg> S: </result> S: <resData> S: <obj:trnData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <obj:name>example</obj:name> S: <obj:trStatus>pending</obj:trStatus> S: <obj:reID>ClientX</obj:reID> S: <obj:reDate>2000-06-08T22:00:00.0Z</obj:reDate> S: <obj:acID>ClientY</obj:acID> S: <obj:acDate>2000-06-13T22:00:00.0Z</obj:acDate> S: <obj:exDate>2002-09-08T22:00:00.0Z</obj:exDate> S: </obj:trnData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <transfer> command is used to manage changes in client sponsorship of an existing object. This action SHOULD be limited to authorized clients; restricting <transfer> requests to a client other than the current sponsoring client, <transfer> approval requests to the current sponsoring client, and <transfer> cancellation requests to the original requesting client is RECOMMENDED. Object transfer MAY be unavailable or limited by object-specific policies.2.9.3.5. EPP <update> Command
The EPP <update> command is used to change information associated with an existing object. The elements needed to identify and modify an object are object-specific, so the child elements of the <update> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <update> command contains the following child elements: - An object-specific <obj:update> element that identifies the object to be updated and the elements that are required to modify the object. Object-specific elements MUST identify values to be added, values to be removed, or values to be changed.
Example <update> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <update> C: <obj:update xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:update> C: </update> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When an <update> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific. Example <update> response without <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <update> command is used to change information associated with an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED.3. Result Codes
EPP result codes are based on the theory of reply codes described in section 4.2.1 of [RFC2821]. EPP uses four decimal digits to describe the success or failure of each EPP command. Each of the digits of the reply have special significance.
The first digit denotes command success or failure. The second digit denotes the response category, such as command syntax or security. The third and fourth digits provide explicit response detail within each response category. There are two values for the first digit of the reply code: 1yzz Positive completion reply. The command was accepted and processed by the system without error. 2yzz Negative completion reply. The command was not accepted, and the requested action did not occur. The second digit groups responses into one of six specific categories: x0zz Protocol Syntax x1zz Implementation-specific Rules x2zz Security x3zz Data Management x4zz Server System x5zz Connection Management The third and fourth digits provide response detail within the categories defined by the first and second digits. Specific result codes are listed in the table below. Every EPP response MUST include a result code and a human-readable description of the result code. The language used to represent the description MAY be identified using an instance of the "lang" attribute within the <msg> element. If not specified, the default language is English, identified as "en". A description of the structure of valid values for the "lang" attribute is described in [RFC3066]. Response text MAY be translated into other languages, though the translation MUST preserve the meaning of the code as described here. Response code values MUST NOT be changed when translating text. Response text in the table below is enclosed in quotes to clearly mark the beginning and ending of each response string. Quotes MUST NOT be used to delimit these strings when returning response text via the protocol. Successful command completion responses:
Code Response text in English ____ ________________________ 1000 "Command completed successfully" This is the usual response code for a successfully completed command that is not addressed by any other 1xxx-series response code. 1001 "Command completed successfully; action pending" This response code MUST be returned when responding to a command that requires offline activity before the requested action can be completed. See Section 2 for a description of other processing requirements. 1300 "Command completed successfully; no messages" This response code MUST be returned when responding to a <poll> request command and the server message queue is empty. 1301 "Command completed successfully; ack to dequeue" This response code MUST be returned when responding to a <poll> request command and a message has been retrieved from the server message queue. 1500 "Command completed successfully; ending session" This response code MUST be returned when responding to a successful <logout> command. Command error responses: Code Response text in English ____ ________________________ 2000 "Unknown command" This response code MUST be returned when a server receives a command element that is not defined by EPP. 2001 "Command syntax error" This response code MUST be returned when a server receives an improperly formed command element. 2002 "Command use error" This response code MUST be returned when a server receives a properly formed command element, but the command cannot be executed due to a sequencing or context error. For example, a <logout> command cannot be executed without having first completed a <login> command.
2003 "Required parameter missing" This response code MUST be returned when a server receives a command for which a required parameter value has not been provided. 2004 "Parameter value range error" This response code MUST be returned when a server receives a command parameter whose value is outside the range of values specified by the protocol. The error value SHOULD be returned via a <value> element in the EPP response. 2005 "Parameter value syntax error" This response code MUST be returned when a server receives a command containing a parameter whose value is improperly formed. The error value SHOULD be returned via a <value> element in the EPP response. 2100 "Unimplemented protocol version" This response code MUST be returned when a server receives a command element specifying a protocol version that is not implemented by the server. 2101 "Unimplemented command" This response code MUST be returned when a server receives a valid EPP command element that is not implemented by the server. For example, a <transfer> command can be unimplemented for certain object types. 2102 "Unimplemented option" This response code MUST be returned when a server receives a valid EPP command element that contains a protocol option that is not implemented by the server. 2103 "Unimplemented extension" This response code MUST be returned when a server receives a valid EPP command element that contains a protocol command extension that is not implemented by the server. 2104 "Billing failure" This response code MUST be returned when a server attempts to execute a billable operation and the command cannot be completed due to a client billing failure. 2105 "Object is not eligible for renewal" This response code MUST be returned when a client attempts to <renew> an object that is not eligible for renewal in accordance with server policy.
2106 "Object is not eligible for transfer" This response code MUST be returned when a client attempts to <transfer> an object that is not eligible for transfer in accordance with server policy. 2200 "Authentication error" This response code MUST be returned when a server notes an error when validating client credentials. 2201 "Authorization error" This response code MUST be returned when a server notes a client authorization error when executing a command. This error is used to note that a client lacks privileges to execute the requested command. 2202 "Invalid authorization information" This response code MUST be returned when a server receives invalid command authorization information required to confirm authorization to execute a command. This error is used to note that a client has the privileges required to execute the requested command, but the authorization information provided by the client does not match the authorization information archived by the server. 2300 "Object pending transfer" This response code MUST be returned when a server receives a command to transfer of an object that is pending transfer due to an earlier transfer request. 2301 "Object not pending transfer" This response code MUST be returned when a server receives a command to confirm, reject, or cancel the transfer an object when no command has been made to transfer the object. 2302 "Object exists" This response code MUST be returned when a server receives a command to create an object that already exists in the repository. 2303 "Object does not exist" This response code MUST be returned when a server receives a command to query or transform an object that does not exist in the repository.
2304 "Object status prohibits operation" This response code MUST be returned when a server receives a command to transform an object that cannot be completed due to server policy or business practices. For example, a server can disallow <transfer> commands under terms and conditions that are matters of local policy, or the server might have received a <delete> command for an object whose status prohibits deletion. 2305 "Object association prohibits operation" This response code MUST be returned when a server receives a command to transform an object that cannot be completed due to dependencies on other objects that are associated with the target object. For example, a server can disallow <delete> commands while an object has active associations with other objects. 2306 "Parameter value policy error" This response code MUST be returned when a server receives a command containing a parameter value that is syntactically valid, but semantically invalid due to local policy. For example, the server can support a subset of a range of valid protocol parameter values. The error value SHOULD be returned via a <value> element in the EPP response. 2307 "Unimplemented object service" This response code MUST be returned when a server receives a command to operate on an object service that is not supported by the server. 2308 "Data management policy violation" This response code MUST be returned when a server receives a command whose execution results in a violation of server data management policies. For example, removing all attribute values or object associations from an object might be a violation of a server's data management policies. 2400 "Command failed" This response code MUST be returned when a server is unable to execute a command due to an internal server error that is not related to the protocol. The failure can be transient. The server MUST keep any ongoing session active.
2500 "Command failed; server closing connection" This response code MUST be returned when a server receives a command that cannot be completed due to an internal server error that is not related to the protocol. The failure is not transient and will cause other commands to fail as well. The server MUST end the active session and close the existing connection. 2501 "Authentication error; server closing connection" This response code MUST be returned when a server notes an error when validating client credentials and a server-defined limit on the number of allowable failures has been exceeded. The server MUST close the existing connection. 2502 "Session limit exceeded; server closing connection" This response code MUST be returned when a server receives a <login> command, and the command cannot be completed because the client has exceeded a system-defined limit on the number of sessions that the client can establish. It might be possible to establish a session by ending existing unused sessions and closing inactive connections.