URNBIS P. Saint-Andre
Internet-Draft Cisco Systems, Inc.
Obsoletes: 3406 (if approved) November 13, 2013
Intended status: Best Current Practice
Expires: May 17, 2014

Uniform Resource Name (URN) Namespace Definition Mechanisms
draft-ietf-urnbis-rfc3406bis-urn-ns-reg-07

Abstract

This document supplements the Uniform Resource Name (URN) syntax specification by defining the concept of a URN namespace, as well as mechanisms for defining and registering such namespaces. This document obsoletes RFC 3406.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on May 17, 2014.

Copyright Notice

Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

A Uniform Resource Name (URN) [I-D.ietf-urnbis-rfc2141bis-urn] is a Uniform Resource Identifier (URI) [RFC3986] that is intended to serve as a persistent, location-independent resource identifier. This document supplements the Uniform Resource Name (URN) syntax specification [I-D.ietf-urnbis-rfc2141bis-urn] by defining:

Syntactically, the NID follows the 'urn' scheme name. For instance, a URN in the 'example' namespace [RFC6963] might be of the form "urn:example:foo".

This document rests on two key assumptions:

  1. Assignment of a URN is a managed process.

    A string that conforms to the URN syntax is not necessarily a valid URN, because a URN needs to be assigned according to the rules of a particular namespace (in terms of syntax, semantics, and process).

  2. The space of URN namespaces is itself managed.

    A string in the namespace identifier slot of the URN syntax is not necessarily a valid URN namespace identifier, because in order to be valid a namespace needs to be defined and registered in accordance with the rules of this document.

URN namespaces were originally defined in [RFC2611], which was obsoleted by [RFC3406]. Based on experience with defining and registering URN namespaces since that time, this document specifies URN namespaces with the smallest reasonable set of changes from [RFC3406], while at the same time simplifying the registration process. This document obsoletes RFC 3406.

2. Terminology

Several important terms used in this document are defined in the URN syntax specification [I-D.ietf-urnbis-rfc2141bis-urn].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

3. What is a URN Namespace?

A URN namespace is a collection of identifiers that are (1) unique, (2) assigned in a consistent way, and (3) assigned according to a common definition.

  1. The "uniqueness" constraint means that an identifier within the namespace is never assigned to more than one resource and never reassigned to a different resource.

  2. The "consistent assignment" constraint means that an identifier within the namespace is assigned by an organization or minted in accordance with a process or algorithm that is always followed.

  3. The "common definition" constraint means that there are clear definitions for the syntax of identifiers within the namespace and the process of assigning or minting them.

A URN namespace is identified by a particular NID in order to ensure the global uniqueness of URNs and, optionally, to provide a cue regarding the structure of URNs assigned within a namespace.

With regard to global uniqueness, using different NIDs for different collections of identifiers ensures that no two URNs will be the same for different resources, since each collection is required to uniquely assign each identifier. However, a single resource can have more than one URN assigned to it for different purposes (e.g., some numbers might be valid identifiers in two different identifier systems, where the namespace identifier differentiates between the resulting URNs).

With regard to the structure of URNs assigned within a namespace, the development of an identifier structure (and thereby a collection of identifiers) depends on the requirements of the community defining the identifiers, how the identifiers will be assigned and used, etc. These issues are beyond the scope of URN syntax and the general rules for URN namespaces, because they are specific to the community defining a namespace (e.g., the bibliographic and publishing communities in the case of the 'ISBN' and 'ISSN' namespaces, or the developers of extensions to the Extensible Messaging and Presence Protocol in the case of the 'XMPP' namespace).

URN namespaces inherit certain rights and responsibilities, e.g.:

4. URN Namespace Types

There are two types of URN namespace: formal and informal. These are distinguished by the expected level of service, the information needed to define the namespace, and the procedures for registration. Because the majority of the namespaces registered so far have been formal, this document concentrates on formal namespaces.

Note: [RFC3406] defined a third type of "experimental namespaces", denoted by prefixing the namespace identifier with the string "X-". Consistent with [RFC6648], this specification removes the experimental category.

4.1. Formal Namespaces

A formal namespace provides benefit to some subset of users on the Internet (i.e., not limited to users in communities or networks not connected to the Internet). For example, it would be inappropriate for a NID to effectively force someone to use a proprietary network or service not open to the general Internet user. The intent is that, while the community of those who might actively use the names assigned within that NID might be small, the potential use of identifiers within that NID is open to any user on the Internet. Formal NIDs might be appropriate when some aspects are not fully open. For example, a namespace might make use of a fee-based, privately managed, or proprietary registry for assignment of URNs in the namespace. However, it might still benefit some Internet users if the associated services have openly-published access protocols.

An organization that will assign URNs within a formal namespace ought to meet the following criteria:

A formal namespace establishes a particular NID, subject to the following constraints (above and beyond the syntax rules specified in [I-D.ietf-urnbis-rfc2141bis-urn]):

All two-letter combinations, and all two-letter combinations followed by "-" and any sequence of valid NID characters, are reserved for potential use as countrycode-based NIDs for eventual national registrations of URN namespaces. The definition and scoping of rules for allocation of responsibility for such countrycode-based namespaces is beyond the scope of this document.

4.2. Informal Namespaces

Informal namespaces are full-fledged URN namespaces, with all the associated rights and responsibilities. Informal namespaces differ from formal namespaces in the process for assigning a NID: IANA will assign an alphanumeric NID (e.g., "urn-7") to informal namespaces, with the following syntax:

    "urn-" <number>
          

The only restrictions on <number> are that it (1) consist strictly of ASCII digits and (2) not cause the NID to exceed the length limitations defined in the URN syntax specification [I-D.ietf-urnbis-rfc2141bis-urn].

5. Defining a URN Namespace

The definition of a formal namespace ought to pay particular attention to:

The following sections explain these matters in greater detail. For convenience, a template for defining and registering a URN namespace is provided under Section 6. This information can be especially helpful to entities that wish to request assignment of a URN in a namespace and to entities that wish to provide URN resolution for a namespace.

5.1. Purpose

The "Purpose" section of the template describes matters such as:

5.2. Syntax

The "Syntax" section of the template describes:

5.3. Assignment

The "Assignment" section of the template describes matters such as:

5.4. Security

The "Security" section of the template describes any potential security-related issues with regard to assignment, use, and resolution of identifiers within the namespace. Examples of such issues include the consequences of producing false negatives and false positives during comparison for equivalence (see also [RFC6943]), leakage of private information when identifiers are communicated on the public Internet, the potential for directory harvesting, and various issues discussed in the guidelines for security considerations in RFCs [RFC3552].

5.5. Resolution

The "Resolution" section specifies the rules for resolution of URNs assigned within the namespace. If such URNs are intended to be resolvable, the namespace needs to be registered in a Resolution Discovery System (RDS, see [RFC2276]) such as DDDS. Resolution then proceeds according to standard URI resolution processes, as well as the mechanisms of the RDS. This section ought to lists the requirements for becoming a recognized resolver of URNs in the relevant namespace (and being so listed in the RDS registry). Answers might include, but are not limited to:

6. Registration Template

6.1. Namespace ID

Requested of IANA (formal) or assigned by IANA (informal).

6.2. Version

The version of the registration, starting with 1 and incrementing by 1 with each new version.

6.3. Date

The date when the registration is requested of IANA, using the format YYYY-MM-DD.

6.4. Registrant

The person or organization that has registered the NID, including the following information:

6.5. Purpose

Described under Section 5.1 of this document.

6.6. Syntax

Described under Section 5.2 of this document.

6.7. Assignment

Described under Section 5.3 of this document.

6.8. Resolution

Described under Section 5.5 of this document.

6.9. Documentation

Any Internet-Draft, RFC, specification, or other published document that defines or explains the namespace.

7. Registering a URN Namespace

7.1. Formal Namespaces

The registration policy for formal namespaces is Expert Review as defined in the "IANA Considerations" document [RFC5226]. The key steps for registration of a formal namespace are:

  1. Fill out the namespace registration template (see Section 6). This can be done as part of an Internet-Draft or a specification in another series, although that is not necessary.
  2. Send the completed template to the urn-nid@ietf.org discussion list for technical review.
  3. If necessary to address comments received, repeat steps 1 and 2.
  4. If the designated experts approve the request, the IANA will register the requested NID.

A formal namespace registration can be revised by updating the registration template, following the same steps outlined above for new registrations.

7.2. Informal Namespaces

The registration policy for informal namespaces is First Come First Served [RFC5226]. The key steps for registration of an informal namespace are:

  1. Write a completed namespace definition template (see Section 6).
  2. Send it to the urn-nid@ietf.org discussion list for feedback.
  3. Once the review period has expired, send the final template to IANA (via the iana@iana.org email address).

An informal namespace registration can be revised by updating the registration template, following the same steps outlined above for new registrations.

8. Guidelines for Designated Experts

Experience to date with NID registration requests has shown that registrants sometimes do not initially understand some of the subtleties of URN namespaces, and that defining the namespace in the form of a specification enables the registrants to clearly formulate their "contract" with the intended user community. Therefore, although the registration policy for formal namespaces is Expert Review and a specification is not required, the designated experts for NID registration requests are encouraged to prefer that a specification exist documenting the namespace definition.

9. IANA Considerations

This document outlines the processes for registering URN namespaces, and has implications for the IANA in terms of registries to be maintained. In all cases, the IANA ought to assign the appropriate NID (formal or informal) once the procedures outlined in this document have been completed.

10. Security Considerations

This document largely focuses on providing mechanisms for the declaration of public information. Nominally, these declarations will be of relatively low security profile, however there is always the danger of "spoofing" and providing misinformation. Information in these declarations ought to be taken as advisory.

The definition of a URN namespace needs to account for potential security issues related to assignment, use, and resolution of identifiers within the namespace.

11. References

11.1. Normative References

[I-D.ietf-urnbis-rfc2141bis-urn] Saint-Andre, P., "Uniform Resource Name (URN) Syntax", Internet-Draft draft-ietf-urnbis-rfc2141bis-urn-06, August 2013.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3986] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

11.2. Informative References

[RFC2276] Sollins, K., "Architectural Principles of Uniform Resource Name Resolution", RFC 2276, January 1998.
[RFC2611] Daigle, L., van Gulik, D., Iannella, R. and P. Faltstrom, "URN Namespace Definition Mechanisms", BCP 33, RFC 2611, June 1999.
[RFC3406] Daigle, L., van Gulik, D., Iannella, R. and P. Faltstrom, "Uniform Resource Names (URN) Namespace Definition Mechanisms", BCP 66, RFC 3406, October 2002.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC6648] Saint-Andre, P., Crocker, D. and M. Nottingham, "Deprecating the "X-" Prefix and Similar Constructs in Application Protocols", BCP 178, RFC 6648, June 2012.
[RFC6943] Thaler, D., "Issues in Identifier Comparison for Security Purposes", RFC 6943, May 2013.
[RFC6963] Saint-Andre, P., "A Uniform Resource Name (URN) Namespace for Examples", BCP 183, RFC 6963, May 2013.

Appendix A. Changes from RFC 3406

This document makes the following substantive changes from [RFC3406]:

In addition, some of the text has been updated to be consistent with the definition of Uniform Resource Identifiers (URIs) [RFC3986] and the processes for registering information with the IANA [RFC5226], as well as more modern guidance with regard to security issues [RFC3552] and identifier comparison [RFC6943].

Appendix B. Contributors

RFC 3406, which provided the basis for this document, was authored by Leslie Daigle, Dirk-Willem van Gulik, Renato Iannella, and Patrik Faltstrom. Their work is gratefully acknowledged.

Appendix C. Acknowledgements

Thanks to Marc Blanchet, Juha Hakala, John Klensin, and Barry Leiba for their input.

Author's Address

Peter Saint-Andre Cisco Systems, Inc. 1899 Wynkoop Street, Suite 600 Denver, CO 80202 USA Phone: +1-303-308-3282 EMail: psaintan@cisco.com