As mentioned in the WG meeting today, I prefer "PDU layer" or "LDAP message layer" over "LDAP sream" for what is being defined here. >>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 11/9/04 1:41:49 PM >>> An ad-hoc engineering team consisting of Jim, Roger, Hallvard, Bob, and myself offer the following proposal for WG consideration to address LDAP session terminology issues (related to the LDAPBIS I-Ds use of "LDAP exchange", "connection", "LDAP association" and related terms. The proposal basically(*) replaces the term "LDAP exchange" as used in [Protocol] with the term "LDAP stream", and (re)introduces the term "LDAP session". Also, as part of this proposal, the terms "exchange" and "association" would not take on any LDAPBIS-specific meaning. That is, they are (and would be) used in the dictionary and/or RFC 2828 sense. (* It is recognized that in some cases the old terms cannot (or should not) simply be replaced with new terms. Some minor tweaking would be needed here and there, and the WG would need to carefully review that tweaking.) The terms would be defined as follows: "connection" refers to the underlying transport services used to carry the protocol exchange, as well as associations established by these services. "TLS layer" refers to TLS services used in providing security services, as well as associations established by these services. "SASL layer" refers to SASL services used in providing security services, as well as associations established by these services. "LDAP stream" refers to the LDAP Message (PDU) services used in providing directory services, as well as associations established by these services. "LDAP session" refers to combined services (connection, TLS layer, SASL layer, LDAP stream) and their associations. The following diagram illustrates how the component services of an LDAP session relate to each other: +------------------+ | LDAP stream | +------------------+ > LDAP PDUs +------------------+ < data | SASL layer | +------------------+ > SASL-protected data +------------------+ < data | TLS layer | Application +------------------+ > TLS-protected data ------------+------------------+ < data Transport | connection | +------------------+ To further illustrate the use intended by this proposal, the following is how these terms would be used in [Protocol, 4.3]: The function of the Unbind Operation is to terminate an LDAP session. The Unbind operation is not the antithesis of the Bind operation as the name implies. The naming of these operations is historical. The Unbind operation should be thought of as the "quit" operation. The Unbind Operation is defined as follows: UnbindRequest ::= [APPLICATION 2] NULL The Unbind Operation has no response defined. The client, upon transmission of the UnbindRequest, and the server, upon receipt of the UnbindRequest are to close the LDAP session as follows: 1) close the LDAP stream and cease sending LDAP messages, 2) close the SASL layer (if installed), 3) close the TLS layer (if installed), and 4) close the connection. Uncompleted operations are handled as specified in Section 5.1. Comments? |