RFC 5730
Extensible Provisioning Protocol (EPP)
Pages: 67
Internet Standard: 69
→ Errata
STD 69 is also: 5731 5732 5733 5734
Obsoletes: 4930
Internet Standard: 69
→ Errata
STD 69 is also: 5731 5732 5733 5734
Obsoletes: 4930
Part 2 of 3 – Pages 19 to 45
2.9. Protocol Commands
EPP provides commands to manage sessions, retrieve object information, and perform transformation operations on objects. All EPP commands are atomic and designed so that they can be made idempotent, either succeeding completely or failing completely and producing predictable results in case of repeated executions. This section describes each EPP command, including examples with representative server responses.2.9.1. Session Management Commands
EPP provides two commands for session management: <login> to establish a session with a server and <logout> to end a session with a server. The <login> command establishes an ongoing server session that preserves client identity and authorization information during the duration of the session.
2.9.1.1. EPP <login> Command
The EPP <login> command is used to establish a session with an EPP server in response to a greeting issued by the server. A <login> command MUST be sent to a server before any other EPP command to establish an ongoing session. A server operator MAY limit the number of failed login attempts N, 1 <= N <= infinity, after which a login failure results in the connection to the server (if a connection exists) being closed. A client identifier and initial password MUST be created on the server before a client can successfully complete a <login> command. The client identifier and initial password MUST be delivered to the client using an out-of-band method that protects the identifier and password from inadvertent disclosure. In addition to the standard EPP command elements, the <login> command contains the following child elements: - A <clID> element that contains the client identifier assigned to the client by the server. - A <pw> element that contains the client's plain text password. The value of this element is case sensitive. - An OPTIONAL <newPW> element that contains a new plain text password to be assigned to the client for use with subsequent <login> commands. The value of this element is case sensitive. - An <options> element that contains the following child elements: - A <version> element that contains the protocol version to be used for the command or ongoing server session. - A <lang> element that contains the text response language to be used for the command or ongoing server session commands. The values of the <version> and <lang> elements MUST exactly match one of the values presented in the EPP greeting. - A <svcs> element that contains one or more <objURI> elements that contain namespace URIs representing the objects to be managed during the session. The <svcs> element MAY contain an OPTIONAL <svcExtension> element that contains one or more <extURI> elements that identify object extensions to be used during the session.
The PLAIN Simple Authentication and Security Layer (SASL) mechanism presented in [RFC4616] describes a format for providing a user identifier, an authorization identifier, and a password as part of a single plain-text string. The EPP authentication mechanism is similar, though EPP does not require a session-level authorization identifier and the user identifier and password are separated into distinct XML elements. Additional identification and authorization schemes MUST be provided at other protocol layers to provide more robust security services. Example <login> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <login> C: <clID>ClientX</clID> C: <pw>foo-BAR2</pw> C: <newPW>bar-FOO2</newPW> C: <options> C: <version>1.0</version> C: <lang>en</lang> C: </options> C: <svcs> C: <objURI>urn:ietf:params:xml:ns:obj1</objURI> C: <objURI>urn:ietf:params:xml:ns:obj2</objURI> C: <objURI>urn:ietf:params:xml:ns:obj3</objURI> C: <svcExtension> C: <extURI>http://custom/obj1ext-1.0</extURI> C: </svcExtension> C: </svcs> C: </login> C: <clTRID>ABC-12345</clTRID> C: </command> C:</epp> When a <login> command has been processed successfully, a server MUST respond with an EPP response with no <resData> element. If successful, the server will respond by creating and maintaining a new session that SHOULD be terminated by a future <logout> command. Example <login> response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg>
S: </result> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <login> command is used to establish a session with an EPP server. A <login> command MUST be rejected if received within the bounds of an existing session. This command MUST be available to all clients.2.9.1.2. EPP <logout> Command
The EPP <logout> command is used to end a session with an EPP server. The <logout> command MUST be represented as an empty element with no child elements. A server MAY end a session due to client inactivity or excessive client-session longevity. The parameters for determining excessive client inactivity or session longevity are a matter of server policy and are not specified by this protocol. Transport mappings MUST explicitly describe any connection-oriented processing that takes place after processing a <logout> command and ending a session. Example <logout> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <logout/> C: <clTRID>ABC-12345</clTRID> C: </command> C:</epp> When a <logout> command has been processed successfully, a server MUST respond with an EPP response with no <resData> element. If successful, the server MUST also end the current session. Example <logout> response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1500">
S: <msg>Command completed successfully; ending session</msg> S: </result> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <logout> command is used to end a session with an EPP server. A <logout> command MUST be rejected if the command has not been preceded by a successful <login> command. This command MUST be available to all clients.2.9.2. Query Commands
2.9.2.1. EPP <check> Command
The EPP <check> command is used to determine if an object can be provisioned within a repository. It provides a hint that allows a client to anticipate the success or failure of provisioning an object using the <create> command as object-provisioning requirements are ultimately a matter of server policy. The elements needed to identify an object are object-specific, so the child elements of the <check> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <check> command contains the following child elements: - An object-specific <obj:check> element that identifies the objects to be queried. Multiple objects of the same type MAY be queried within a single <check> command. Example <check> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <check> C: <obj:check xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <obj:name>example1</obj:name> C: <obj:name>example2</obj:name> C: <obj:name>example3</obj:name> C: </obj:check> C: </check> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp>
When a <check> command has been processed successfully, a server MUST
respond with an EPP <resData> element that MUST contain a child
element that identifies the object namespace. The child elements of
the <resData> element are object-specific, though the EPP <resData>
element MUST contain a child <obj:chkData> element that contains one
or more <obj:cd> (check data) elements. Each <obj:cd> element
contains the following child elements:
- An object-specific element that identifies the queried object.
This element MUST contain an "avail" attribute whose value
indicates object availability (can it be provisioned or not) at
the moment the <check> command was completed. A value of "1" or
"true" means that the object can be provisioned. A value of "0"
or "false" means that the object cannot be provisioned.
- An OPTIONAL <obj:reason> element that MAY be provided when an
object cannot be provisioned. If present, this element contains
server-specific text to help explain why the object cannot be
provisioned. This text MUST be represented in the response
language previously negotiated with the client; an OPTIONAL "lang"
attribute MAY be present to identify the language if the
negotiated value is something other than the default value of "en"
(English).
Example <check> response:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response>
S: <result code="1000">
S: <msg>Command completed successfully</msg>
S: </result>
S: <resData>
S: <obj:chkData xmlns:obj="urn:ietf:params:xml:ns:obj">
S: <obj:cd>
S: <obj:name avail="1">example1</obj:name>
S: </obj:cd>
S: <obj:cd>
S: <obj:name avail="0">example2</obj:name>
S: <obj:reason>In use</obj:reason>
S: </obj:cd>
S: <obj:cd>
S: <obj:name avail="1">example3</obj:name>
S: </obj:cd>
S: </obj:chkData>
S: </resData>
S: <trID>
S: <clTRID>ABC-12346</clTRID>
S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <check> command is used to determine if an object can be provisioned within a repository. This action MUST be open to all authorized clients.2.9.2.2. EPP <info> Command
The EPP <info> command is used to retrieve information associated with an existing object. The elements needed to identify an object and the type of information associated with an object are both object-specific, so the child elements of the <info> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <info> command contains the following child elements: - An object-specific <obj:info> element that identifies the object to be queried. Example <info> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <info> C: <obj:info xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:info> C: </info> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When an <info> command has been processed successfully, a server MUST respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace and the Repository Object IDentifier (ROID) that was assigned to the object when the object was created. Other child elements of the <resData> element are object-specific. Example <info> response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response>
S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:infData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <obj:roid>EXAMPLE1-REP</obj:roid> S: <!-- Object-specific elements. --> S: </obj:infData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <info> command is used to retrieve information associated with an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED.2.9.2.3. EPP <poll> Command
The EPP <poll> command is used to discover and retrieve service messages queued by a server for individual clients. If the message queue is not empty, a successful response to a <poll> command MUST return the first message from the message queue. Each response returned from the server includes a server-unique message identifier that MUST be provided to acknowledge receipt of the message, and a counter that indicates the number of messages in the queue. After a message has been received by the client, the client MUST respond to the message with an explicit acknowledgement to confirm that the message has been received. A server MUST dequeue the message and decrement the queue counter after receiving acknowledgement from the client, making the next message in the queue (if any) available for retrieval. Servers can occasionally perform actions on objects that are not in direct response to a client request, or an action taken by one client can indirectly involve a second client. Examples of such actions include deletion upon expiration, automatic renewal upon expiration, and transfer coordination; other types of service information MAY be defined as a matter of server policy. Service messages SHOULD be created for passive clients affected by an action on an object. Service messages MAY also be created for active clients that request an action on an object, though such messages MUST NOT replace the normal protocol response to the request. For example, <transfer> actions SHOULD be reported to the client that has the authority to
approve or reject a transfer request. Other methods of server-client
action notification, such as offline reporting, are also possible and
are beyond the scope of this specification.
Message queues can consume server resources if clients do not
retrieve and acknowledge messages on a regular basis. Servers MAY
implement other mechanisms to dequeue and deliver messages if queue
maintenance needs exceed server resource consumption limits. Server
operators SHOULD consider time-sensitivity and resource management
factors when selecting a delivery method for service information
because some message types can be reasonably delivered using non-
protocol methods that require fewer server resources.
Some of the information returned in response to a <poll> command can
be object-specific, so some child elements of the <poll> response MAY
be specified using the EPP extension framework. The <poll> command
MUST be represented as an empty element with no child elements. An
"op" attribute with value "req" is REQUIRED to retrieve the first
message from the server message queue. An "op" attribute (with value
"ack") and a "msgID" attribute (whose value corresponds to the value
of the "id" attribute copied from the <msg> element in the message
being acknowledged) are REQUIRED to acknowledge receipt of a message.
Example <poll> command:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <poll op="req"/>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
The returned result code notes that a message has been dequeued and
returned in response to a <poll> command.
Example <poll> response with object-specific information:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response>
S: <result code="1301">
S: <msg>Command completed successfully; ack to dequeue</msg>
S: </result>
S: <msgQ count="5" id="12345">
S: <qDate>2000-06-08T22:00:00.0Z</qDate>
S: <msg>Transfer requested.</msg>
S: </msgQ>
S: <resData>
S: <obj:trnData
S: xmlns:obj="urn:ietf:params:xml:ns:obj-1.0">
S: <obj:name>example.com</obj:name>
S: <obj:trStatus>pending</obj:trStatus>
S: <obj:reID>ClientX</obj:reID>
S: <obj:reDate>2000-06-08T22:00:00.0Z</obj:reDate>
S: <obj:acID>ClientY</obj:acID>
S: <obj:acDate>2000-06-13T22:00:00.0Z</obj:acDate>
S: <obj:exDate>2002-09-08T22:00:00.0Z</obj:exDate>
S: </obj:trnData>
S: </resData>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54321-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
A client MUST acknowledge each response to dequeue the message and
make subsequent messages available for retrieval.
Example <poll> acknowledgement command:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <poll op="ack" msgID="12345"/>
C: <clTRID>ABC-12346</clTRID>
C: </command>
C:</epp>
A <poll> acknowledgement response notes the ID of the message that
has been acknowledged and the number of messages remaining in the
queue.
Example <poll> acknowledgement response:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response>
S: <result code="1000">
S: <msg>Command completed successfully</msg>
S: </result>
S: <msgQ count="4" id="12345"/>
S: <trID>
S: <clTRID>ABC-12346</clTRID>
S: <svTRID>54322-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
Service messages can also be returned without object information.
Example <poll> response with mixed message content and without
object-specific information:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response>
S: <result code="1301">
S: <msg>Command completed successfully; ack to dequeue</msg>
S: </result>
S: <msgQ count="4" id="12346">
S: <qDate>2000-06-08T22:10:00.0Z</qDate>
S: <msg lang="en">Credit balance low.
S: <limit>100</limit><bal>5</bal>
S: </msg>
S: </msgQ>
S: <trID>
S: <clTRID>ABC-12346</clTRID>
S: <svTRID>54321-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
The returned result code and message is used to note an empty server
message queue.
Example <poll> response to note an empty message queue:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response>
S: <result code="1300">
S: <msg>Command completed successfully; no messages</msg>
S: </result>
S: <trID>
S: <clTRID>ABC-12346</clTRID>
S: <svTRID>54321-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
The EPP <poll> command is used to discover and retrieve client service messages from a server. This action SHOULD be limited to authorized clients; queuing service messages and limiting queue access on a per-client basis is RECOMMENDED.2.9.2.4. EPP <transfer> Query Command
The EPP <transfer> command provides a query operation that allows a client to determine real-time status of pending and completed transfer requests. The elements needed to identify an object that is the subject of a transfer request are object-specific, so the child elements of the <transfer> query command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <transfer> command contains an "op" attribute with value "query" and the following child elements: - An object-specific <obj:transfer> element that identifies the object whose transfer status is requested. Transfer status is typically considered sensitive information by the clients involved in the operation. Object mappings MUST provide features to restrict transfer queries to authorized clients, such as by requiring authorization information as part of the request. Example <transfer> query command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <transfer op="query"> C: <obj:transfer xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:transfer> C: </transfer> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <transfer> query command has been processed successfully, a server MUST respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific, but they MUST include elements that identify the object, the status of the transfer, the identifier of the client that requested the transfer, the date and time that the request was made, the identifier of the client that is authorized to act on the request, the date and time by
which an action is expected, and an OPTIONAL date and time noting changes in the object's validity period (if applicable) that occur as a result of the transfer. Example <transfer> query response: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:trnData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <obj:name>example</obj:name> S: <obj:trStatus>pending</obj:trStatus> S: <obj:reID>ClientX</obj:reID> S: <obj:reDate>2000-06-08T22:00:00.0Z</obj:reDate> S: <obj:acID>ClientY</obj:acID> S: <obj:acDate>2000-06-13T22:00:00.0Z</obj:acDate> S: <obj:exDate>2002-09-08T22:00:00.0Z</obj:exDate> S: </obj:trnData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <transfer> command provides a query operation that allows a client to determine real-time status of pending and completed transfer requests. This action SHOULD be limited to authorized clients; restricting queries to the requesting and responding clients is RECOMMENDED. Object transfer MAY be unavailable or limited by object-specific policies.2.9.3. Object Transform Commands
EPP provides five commands to transform objects: <create> to create an instance of an object with a server, <delete> to remove an instance of an object from a server, <renew> to extend the validity period of an object, <transfer> to manage changes in client sponsorship of an object, and <update> to change information associated with an object.
2.9.3.1. EPP <create> Command
The EPP <create> command is used to create an instance of an object. An object can be created for an indefinite period of time, or an object can be created for a specific validity period. The EPP mapping for an object MUST describe the status of an object with respect to time in order to include expected client and server behavior if a validity period is used. The elements needed to identify an object and associated attributes are object-specific, so the child elements of the <create> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <create> command contains the following child elements: - An object-specific <obj:create> element that identifies the object to be created and the elements that are required to create the object. Example <create> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <create> C: <obj:create xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:create> C: </create> C: <clTRID>ABC-12345</clTRID> C: </command> C:</epp> When a <create> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific. Example <create> response with <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:creData xmlns:obj="urn:ietf:params:xml:ns:obj">
S: <!-- Object-specific elements. --> S: </obj:creData> S: </resData> S: <trID> S: <clTRID>ABC-12345</clTRID> S: <svTRID>54321-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <create> command is used to create an instance of an object. This action SHOULD be limited to authorized clients and MAY be restricted on a per-client basis.2.9.3.2. EPP <delete> Command
The EPP <delete> command is used to remove an instance of an existing object. The elements needed to identify an object are object- specific, so the child elements of the <delete> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <delete> command contains the following child elements: - An object-specific <obj:delete> element that identifies the object to be deleted. Example <delete> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <delete> C: <obj:delete xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:delete> C: </delete> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <delete> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific.
Example <delete> response without <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <delete> command is used to remove an instance of an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED.2.9.3.3. EPP <renew> Command
The EPP <renew> command is used to extend the validity period of an existing object. The elements needed to identify and extend the validity period of an object are object-specific, so the child elements of the <renew> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <renew> command contains the following child elements: - An object-specific <obj:renew> element that identifies the object to be renewed and the elements that are required to extend the validity period of the object. Example <renew> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <renew> C: <obj:renew xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:renew> C: </renew> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp>
When a <renew> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific. Example <renew> response with <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <resData> S: <obj:renData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <!-- Object-specific elements. --> S: </obj:renData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <renew> command is used to extend the validity period of an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED. Object renewal MAY be unavailable or limited by object- specific policies.2.9.3.4. EPP <transfer> Command
The EPP <transfer> command is used to manage changes in client sponsorship of an existing object. Clients can initiate a transfer request, cancel a transfer request, approve a transfer request, and reject a transfer request using the "op" command attribute. A client who wishes to assume sponsorship of a known object from another client uses the <transfer> command with the value of the "op" attribute set to "request". Once a transfer has been requested, the same client can cancel the request using a <transfer> command with the value of the "op" attribute set to "cancel". A request to cancel the transfer MUST be sent to the server before the current sponsoring client either approves or rejects the transfer request and before the server automatically processes the request due to responding client inactivity.
Once a transfer request has been received by the server, the server
MUST notify the current sponsoring client of the requested transfer
either by queuing a service message for retrieval via the <poll>
command or by using an out-of-band mechanism to inform the client of
the request. The current status of a pending <transfer> command for
any object can be found using the <transfer> query command. Transfer
service messages MUST include the object-specific elements specified
for <transfer> command responses.
The current sponsoring client MAY explicitly approve or reject the
transfer request. The client can approve the request using a
<transfer> command with the value of the "op" attribute set to
"approve". The client can reject the request using a <transfer>
command with the value of the "op" attribute set to "reject".
A server MAY automatically approve or reject all transfer requests
that are not explicitly approved or rejected by the current
sponsoring client within a fixed amount of time. The amount of time
to wait for explicit action and the default server behavior are local
matters not specified by EPP, but they SHOULD be documented in a
server-specific profile document that describes default server
behavior for client information.
Objects eligible for transfer MUST have associated authorization
information that MUST be provided to complete a <transfer> command.
The type of authorization information required is object-specific;
passwords or more complex mechanisms based on public key cryptography
are typical.
The elements needed to identify and complete the transfer of an
object are object-specific, so the child elements of the <transfer>
command are specified using the EPP extension framework. In addition
to the standard EPP command elements, the <transfer> command contains
the following child elements:
- An object-specific <obj:transfer> element that identifies the
object to be transferred and the elements that are required to
process the transfer command.
Example <transfer> command:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <transfer op="request">
C: <obj:transfer xmlns:obj="urn:ietf:params:xml:ns:obj">
C: <!-- Object-specific elements. -->
C: </obj:transfer>
C: </transfer> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When a <transfer> command has been processed successfully, a server MUST respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific, but they MUST include elements that identify the object, the status of the transfer, the identifier of the client that requested the transfer, the date and time that the request was made, the identifier of the client that is authorized to act on the request, the date and time by which an action is expected, and an OPTIONAL date and time noting changes in the object's validity period (if applicable) that occur as a result of the transfer. Example <transfer> response with <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1001"> S: <msg>Command completed successfully; action pending</msg> S: </result> S: <resData> S: <obj:trnData xmlns:obj="urn:ietf:params:xml:ns:obj"> S: <obj:name>example</obj:name> S: <obj:trStatus>pending</obj:trStatus> S: <obj:reID>ClientX</obj:reID> S: <obj:reDate>2000-06-08T22:00:00.0Z</obj:reDate> S: <obj:acID>ClientY</obj:acID> S: <obj:acDate>2000-06-13T22:00:00.0Z</obj:acDate> S: <obj:exDate>2002-09-08T22:00:00.0Z</obj:exDate> S: </obj:trnData> S: </resData> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID> S: </trID> S: </response> S:</epp> The EPP <transfer> command is used to manage changes in client sponsorship of an existing object. This action SHOULD be limited to authorized clients; restricting <transfer> requests to a client other than the current sponsoring client, <transfer> approval requests to
the current sponsoring client, and <transfer> cancellation requests to the original requesting client is RECOMMENDED. Object transfer MAY be unavailable or limited by object-specific policies.2.9.3.5. EPP <update> Command
The EPP <update> command is used to change information associated with an existing object. The elements needed to identify and modify an object are object-specific, so the child elements of the <update> command are specified using the EPP extension framework. In addition to the standard EPP command elements, the <update> command contains the following child elements: - An object-specific <obj:update> element that identifies the object to be updated and the elements that are required to modify the object. Object-specific elements MUST identify values to be added, values to be removed, or values to be changed. Example <update> command: C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> C: <command> C: <update> C: <obj:update xmlns:obj="urn:ietf:params:xml:ns:obj"> C: <!-- Object-specific elements. --> C: </obj:update> C: </update> C: <clTRID>ABC-12346</clTRID> C: </command> C:</epp> When an <update> command has been processed successfully, a server MAY respond with an EPP <resData> element that MUST contain a child element that identifies the object namespace. The child elements of the <resData> element are object-specific. Example <update> response without <resData>: S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> S: <response> S: <result code="1000"> S: <msg>Command completed successfully</msg> S: </result> S: <trID> S: <clTRID>ABC-12346</clTRID> S: <svTRID>54322-XYZ</svTRID>
S: </trID> S: </response> S:</epp> The EPP <update> command is used to change information associated with an existing object. This action SHOULD be limited to authorized clients; restricting this action to the sponsoring client is RECOMMENDED.3. Result Codes
EPP result codes are based on the theory of reply codes described in section 4.2.1 of [RFC5321]. EPP uses four decimal digits to describe the success or failure of each EPP command. Each of the digits of the reply have special significance. The first digit denotes command success or failure. The second digit denotes the response category, such as command syntax or security. The third and fourth digits provide explicit response detail within each response category. There are two values for the first digit of the reply code: 1yzz Positive completion reply. The command was accepted and processed by the system without error. 2yzz Negative completion reply. The command was not accepted, and the requested action did not occur. The second digit groups responses into one of six specific categories: x0zz Protocol Syntax x1zz Implementation-specific Rules x2zz Security x3zz Data Management x4zz Server System x5zz Connection Management The third and fourth digits provide response detail within the categories defined by the first and second digits. The complete list of valid result codes is enumerated below and in the normative schema.
Every EPP response MUST include a result code and a human-readable description of the result code. The language used to represent the description MAY be identified using an instance of the "lang" attribute within the <msg> element. If not specified, the default language is English, identified as "en". A description of the structure of valid values for the "lang" attribute is described in [RFC4646]. Response text MAY be translated into other languages, though the translation MUST preserve the meaning of the code as described here. Response code values MUST NOT be changed when translating text. Response text in the table below is enclosed in quotes to clearly mark the beginning and ending of each response string. Quotes MUST NOT be used to delimit these strings when returning response text via the protocol. Successful command completion responses: Code Response text in English ____ ________________________ 1000 "Command completed successfully" This is the usual response code for a successfully completed command that is not addressed by any other 1xxx-series response code. 1001 "Command completed successfully; action pending" This response code MUST be returned when responding to a command that requires offline activity before the requested action can be completed. See Section 2 for a description of other processing requirements. 1300 "Command completed successfully; no messages" This response code MUST be returned when responding to a <poll> request command and the server message queue is empty. 1301 "Command completed successfully; ack to dequeue" This response code MUST be returned when responding to a <poll> request command and a message has been retrieved from the server message queue.
1500 "Command completed successfully; ending session"
This response code MUST be returned when responding to a
successful <logout> command.
Command error responses:
Code Response text in English
____ ________________________
2000 "Unknown command"
This response code MUST be returned when a server receives
a command element that is not defined by EPP.
2001 "Command syntax error"
This response code MUST be returned when a server receives
an improperly formed command element.
2002 "Command use error"
This response code MUST be returned when a server receives
a properly formed command element but the command cannot
be executed due to a sequencing or context error. For
example, a <logout> command cannot be executed without
having first completed a <login> command.
2003 "Required parameter missing"
This response code MUST be returned when a server receives
a command for which a required parameter value has not
been provided.
2004 "Parameter value range error"
This response code MUST be returned when a server receives
a command parameter whose value is outside the range of
values specified by the protocol. The error value SHOULD
be returned via a <value> element in the EPP response.
2005 "Parameter value syntax error"
This response code MUST be returned when a server receives
a command containing a parameter whose value is improperly
formed. The error value SHOULD be returned via a <value>
element in the EPP response.
2100 "Unimplemented protocol version"
This response code MUST be returned when a server receives
a command element specifying a protocol version that is
not implemented by the server.
2101 "Unimplemented command"
This response code MUST be returned when a server receives
a valid EPP command element that is not implemented by the
server. For example, a <transfer> command can be
unimplemented for certain object types.
2102 "Unimplemented option"
This response code MUST be returned when a server receives
a valid EPP command element that contains a protocol
option that is not implemented by the server.
2103 "Unimplemented extension"
This response code MUST be returned when a server receives
a valid EPP command element that contains a protocol
command extension that is not implemented by the server.
2104 "Billing failure"
This response code MUST be returned when a server attempts
to execute a billable operation and the command cannot be
completed due to a client-billing failure.
2105 "Object is not eligible for renewal"
This response code MUST be returned when a client attempts
to <renew> an object that is not eligible for renewal in
accordance with server policy.
2106 "Object is not eligible for transfer"
This response code MUST be returned when a client attempts
to <transfer> an object that is not eligible for transfer
in accordance with server policy.
2200 "Authentication error"
This response code MUST be returned when a server notes an
error when validating client credentials.
2201 "Authorization error"
This response code MUST be returned when a server notes a
client-authorization error when executing a command. This
error is used to note that a client lacks privileges to
execute the requested command.
2202 "Invalid authorization information"
This response code MUST be returned when a server receives
invalid command authorization information when attempting
to confirm authorization to execute a command. This error
is used to note that a client has the privileges required
to execute the requested command, but the authorization
information provided by the client does not match the
authorization information archived by the server.
2300 "Object pending transfer"
This response code MUST be returned when a server receives
a command to transfer of an object that is pending
transfer due to an earlier transfer request.
2301 "Object not pending transfer"
This response code MUST be returned when a server receives
a command to confirm, reject, or cancel the transfer of an
object when no command has been made to transfer the
object.
2302 "Object exists"
This response code MUST be returned when a server receives
a command to create an object that already exists in the
repository.
2303 "Object does not exist"
This response code MUST be returned when a server receives
a command to query or transform an object that does not
exist in the repository.
2304 "Object status prohibits operation"
This response code MUST be returned when a server receives
a command to transform an object that cannot be completed
due to server policy or business practices. For example,
a server can disallow <transfer> commands under terms and
conditions that are matters of local policy, or the server
might have received a <delete> command for an object whose
status prohibits deletion.
2305 "Object association prohibits operation"
This response code MUST be returned when a server receives
a command to transform an object that cannot be completed
due to dependencies on other objects that are associated
with the target object. For example, a server can
disallow <delete> commands while an object has active
associations with other objects.
2306 "Parameter value policy error"
This response code MUST be returned when a server receives
a command containing a parameter value that is
syntactically valid but semantically invalid due to local
policy. For example, the server can support a subset of a
range of valid protocol parameter values. The error value
SHOULD be returned via a <value> element in the EPP
response.
2307 "Unimplemented object service"
This response code MUST be returned when a server receives
a command to operate on an object service that is not
supported by the server.
2308 "Data management policy violation"
This response code MUST be returned when a server receives
a command whose execution results in a violation of server
data management policies. For example, removing all
attribute values or object associations from an object
might be a violation of a server's data management
policies.
2400 "Command failed"
This response code MUST be returned when a server is
unable to execute a command due to an internal server
error that is not related to the protocol. The failure
can be transient. The server MUST keep any ongoing
session active.
2500 "Command failed; server closing connection"
This response code MUST be returned when a server receives
a command that cannot be completed due to an internal
server error that is not related to the protocol. The
failure is not transient and will cause other commands to
fail as well. The server MUST end the active session and
close the existing connection.
2501 "Authentication error; server closing connection"
This response code MUST be returned when a server notes an
error when validating client credentials and a
server-defined limit on the number of allowable failures
has been exceeded. The server MUST close the existing
connection.
2502 "Session limit exceeded; server closing connection"
This response code MUST be returned when a server receives
a <login> command and the command cannot be completed
because the client has exceeded a system-defined limit on
the number of sessions that the client can establish. It
might be possible to establish a session by ending
existing unused sessions and closing inactive connections.
(page 45 continued on part 3)