I agree, though I think 'LDAP layer' would
be appropriate. I don't think 'stream' can be used when referring to the
service interface.
Ron
As mentioned in the WG meeting today, I
prefer "PDU layer" or "LDAP message layer" over "LDAP sream" for what is being
defined here.
>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
11/9/04 1:41:49 PM >>> An ad-hoc engineering team consisting of
Jim, Roger, Hallvard, Bob, and myself offer the following proposal for WG
consideration to address LDAP session terminology issues (related to the
LDAPBIS I-Ds use of "LDAP exchange", "connection", "LDAP association"
and related terms. The proposal basically(*) replaces the term "LDAP
exchange" as used in [Protocol] with the term "LDAP stream", and
(re)introduces the term "LDAP session". Also, as part of this proposal, the
terms "exchange" and "association" would not take on any LDAPBIS-specific
meaning. That is, they are (and would be) used in the dictionary and/or RFC
2828 sense.
(* It is recognized that in some cases the old terms
cannot (or should not) simply be replaced with new terms. Some
minor tweaking would be needed here and there, and the WG would need to
carefully review that tweaking.)
The terms would be defined as
follows:
"connection" refers to the underlying transport services
used to carry the protocol exchange, as well as associations
established by these services.
"TLS layer" refers to TLS services used
in providing security services, as well as associations established by
these services.
"SASL layer" refers to SASL services used in
providing security services, as well as associations established by
these services.
"LDAP stream" refers to the LDAP Message (PDU)
services used in providing directory services, as well as
associations established by these services.
"LDAP session" refers to
combined services (connection, TLS layer, SASL layer, LDAP stream) and
their associations.
The following diagram illustrates how the component
services of an LDAP session relate to each
other:
+------------------+ | LDAP stream | +------------------+
> LDAP PDUs +------------------+ < data | SASL layer
| +------------------+ > SASL-protected data +------------------+
< data | TLS layer | Application +------------------+ >
TLS-protected data ------------+------------------+ < data Transport
| connection | +------------------+
To further illustrate the use
intended by this proposal, the following is how these terms would be used
in [Protocol, 4.3]:
The function of the Unbind Operation is to
terminate an LDAP session. The Unbind operation is not the antithesis of
the Bind operation as the name implies. The naming of these operations is
historical. The Unbind operation should be thought of as the "quit"
operation.
The Unbind Operation is defined as follows:
UnbindRequest ::= [APPLICATION 2] NULL
The Unbind Operation has
no response defined. The client, upon transmission of the UnbindRequest,
and the server, upon receipt of the UnbindRequest are to close the LDAP
session as follows: 1) close the LDAP stream and cease sending LDAP
messages, 2) close the SASL layer (if installed), 3) close the TLS layer
(if installed), and 4) close the connection. Uncompleted operations are
handled as specified in Section
5.1.
Comments?
|