Service Location Working Group Leland Wallace Category: INTERNET DRAFT Apple Computer Expires April 1999 October 30 1998 Definition of afp: URLs for use with Service Location draft-ietf-svrloc-afp-service-01.txt Status of this Memo This document is a submission by the Service Location Working Group of the Internet Engineering Task Force (IETF). Comments should be submitted to the srvloc@srvloc.org mailing list. Distribution of this memo is unlimited. This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To view the entire list of current Internet-Drafts, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Abstract This document defines the service:file-sharing:afp scheme and attributes associated with it. This template is designed to be used in conjuction with the Service Location Protocol [1], but may be used with any directory service supporting attribute/value pair registration. Wallace Expires April 30, 1999 [Page 1] INTERNET-DRAFT afp URLs for use with Service Location October 30, 1998 Table of Contents Status of this Memo 1 Abstract 1 Table of Contents 2 1. AFP service URL Scheme 3 1.1. Authorization mechanisms 3 2. The "AFP" Abstract Service 4 2.1. The afp Service Templates 6 2.1.1. The afp-appletalk template 6 2.1.2. The afp-tcpip template 7 3. References: 7 4. Authors Address 7 Wallace Expires April 30, 1999 [Page 2] INTERNET-DRAFT afp URLs for use with Service Location October 30, 1998 1. AFP service URL Scheme The template described in this document is for file sharing services using the AFP (Apple Filing Protocol) protocol [4]. The AFP protocol can use either AppleTalk or TCP/IP as its network protocol. The abstract service type for this service is file-sharing:afp. Other file-sharing services, such as NFS, NCP, or SMB, could be added to an overall file-sharing service template. 1.1. Authorization mechanisms AFP supports an extensible authorization mechanism with plug-in User Authentication Mechanisms (UAM) for the client and server. UAM types are denoted by a string. Current UAM names for AFP are: "X-No User Authent" - This is "Guest" login. "X-Cleartxt passwrd" "X-Randnum exchange" "X-2-Way Randnum exchange" The prepended X- will be removed when the UAM names are standardized. If clients accept a given UAM they SHOULD also accept the UAM name with a prepended 'X-'. The string ";AUTH=*" indicates that the client SHOULD select an appropriate authentication mechanism. It MAY use any mechanism supported in common between the server and client. If no user name or authentication mechanism is supplied, then the "X-No User Authent" mechanism is used. If the URL supplies just a user name, the client SHOULD use the most secure UAM supported in common between the server and client. For the current Macintosh client that would be the "X-2-Way Randnum exchange" method with a password requested from the user. If the specified UAM is not supported by the server the client SHOULD return an error, however it MAY fall back to the most secure UAM supported in common between the server and client. Due to the problems in judging relative security it is safer to return a UAM_NOT_SUPPORTED error. Wallace Expires April 30, 1999 [Page 3] INTERNET-DRAFT afp URLs for use with Service Location October 30, 1998 2. The "AFP" Abstract Service Name of submitter: "Leland Wallace" Language of service template: en Security Considerations: Including the volumes attribute in a registration may give an attacker valuable information to direct an attack. This information would otherwise be difficult to discover without authenticating to the server first. Template Text: --------------------------template begins here----------------------- type = file-sharing:afp version=0.1 language=en description= The 'file-share:afp' abstract service type describes the attributes supported by AppleShare File Servers conforming to the AFP (Apple Filing Protocol) protocol. The AFP protocol can use several different network protocols (see the url-syntax item below). url-syntax= url-path = afptcpurl / afpaturl afptcpurl = url as defined in "afp-tcpip" (below) afpaturl = url as defined in "afp-appletalk" (below) servername=STRING # This attribute is a string that corresponds to the # Servername returned in the AFPGetServerInfo [5] call. description=STRING # This attribute is a free form string that can contain any # site-specific descriptive information about this server. # For example: "Engineering Support File Server" machine=STRING L # This attribute is a simple text string defined by the # manufacturer that contains some reference to the platform # and version of the server software. # For example: "Macintosh ASIP v6.0 " location-description=STRING O # A free form description of this server's physical location # For example: "2nd floor, near the fire escape" location-address=STRING O # Physical/Postal address for this device. Useful for # nailing down a group of servers in a very large corporate # network. # For example: 960 Main Street, San Jose, CA 95130 operator=STRING L M # A person, or persons responsible for administrating the # server on a day-to-day basis Wallace Expires April 30, 1999 [Page 4] INTERNET-DRAFT afp URLs for use with Service Location October 30, 1998 signature=Opaque L # a 16 octet value that uniquely denotes this server # the AppleShare IP server generates the signature # using a MD5 hash of the server serial number. protocol-version=STRING L M # versions of the AFP protocol supported by this server AFPVersion1.1, AFPVersion2.0, AFPVersion2.1, AFP2.2 protocol-family=STRING L M O # A list of strings denoting network protocols supported by # this server AppleTalk, tcp-ip volumes=STRING L M O # names of volume served by this server, may pose a # security risk. # Drop Box, Public ... auth-methods=STRING L M # The list of authorization methods supported by this server # "X-No User Authent" is "Guest" login. # Current known auth-methods for AFP are: "X-No User Authent", "X-Cleartxt passwrd", "X-Randnum exchange", "X-2-Way Randnum exchange", "X-APOP", "X-SPEKE-1", "X-Microsoft V1.0", "X-NetWare password" --------------------------template ends here----------------------- Wallace Expires April 30, 1999 [Page 5] INTERNET-DRAFT afp URLs for use with Service Location October 30, 1998 2.1. The afp Service Templates The afp templates, as defined below, conform to the grammar described in ``Service Templates and service: Schemes''. Please refer to [2] for a detailed explanation of the syntax. 2.1.1. The afp-appletalk template Name of submitter: "Leland Wallace" Language of service template: en Security Considerations: Same considerations as for the abstract type. Template Text: --------------------------template begins here--------------------- type=afp-appletalk version=0.2 language=en description= The "afp-appletalk" template describes the AFP protocol running over AppleTalk. The at-type of the afp server is "AFPServer". Nonterminals mentioned but not defined here are defined in [2] url-syntax= urlpath = atsite atsite = "/at/" [ user-auth "@" ] server [ ":" at-zone ] user-auth = user [ ";AUTH=" auth-type ] auth-type = *uchar server = 1*31apple-char at-zone = 1*31apple-char apple-char = alpha / digit / safe / escaped = ; AppleAscii [3] values that are not = ; from the restricted range must be escaped. = ; NOTE: The escaped values do NOT correspond = ; to UTF8 values here: They are AppleAscii = ; bytes. ---------------------------template ends here----------------------- Wallace Expires April 30, 1999 [Page 6] INTERNET-DRAFT afp URLs for use with Service Location October 30, 1998 2.1.2. The afp-tcpip template Name of submitter: "Leland Wallace" Language of service template: en Security Considerations: Same considerations as for the abstract type. Template Text: ---------------------------template begins here--------------------- type=afp-tcpip version=0.1 language=en description= The "afp-tcpip" template describes the AFP protocol running over TCP/IP. The IANA assigned port for afp-tcpip is 548. Nonterminals mentioned but not defined here are defined in [2] url-syntax= urlpath = ipsite ipsite = "//" [ user-auth "@" ] hostport user-auth = user [ ";AUTH=" auth-type ] auth-type = *uchar ---------------------------template ends here----------------------- 3. References: [1] J. Veizades, E. Guttman, C. Perkins, and S. Kaplan. Service Location Protocol. RFC 2165, July 1997. [2] C. Perkins, E. Guttman, J. Kempf, ``Service Templates and service: Schemes'', Work in Progress, October, 1998 draft-ietf-svrloc-service-scheme-11.txt [3] Apple Computer. Inside Macintosh: Text Addison Wesley, 1993 http://devworld.apple.com/dev/techsupport/insidemac/Text/Text-2.html [4] G. Sidhu, R .Andrews, A. Oppenheimer Inside AppleTalk, Second Edition Addison Wesley, 1990 ISBN 0-201-55021-0 http://www.apple.com/macos/opentransport/docs/Inside_AppleTalk.pdf 4. Authors Address Questions about this memo can be directed to: Leland Wallace Apple Computer 1 Infinite Loop Mail Stop 35-M Cupertino, CA 95014, USA Wallace Expires April 30, 1999 [Page 7]