tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

RFC 4104

 
 
 

Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)

Part 4 of 4, p. 60 to 88
Prev RFC Part

 


prevText      Top      Up      ToC       Page 60 
5.18.  The Three Reusable Policy Container Classes

   The pcelsReusableContainer class represents a container of reusable
   policy elements.  It is mapped from the ReusablePolicyContainer class
   [PCIM_EXT].  The pcelsReusableContainer class is derived from the
   pcimRepository class [PCLS].  To maximize flexibility, the
   pcelsReusableContainer class is defined as abstract.  An auxiliary
   subclass pcelsReusableContainerAuxClass enables the attachment of a
   reusable policy container to an existing entry, while a structural
   subclass pcelsReusableContainerInstance permits the representation of
   a reusable policy container as a standalone entry.

   The elements contained in a reusable policy container are aggregated
   via subordination to a pcelsReusableContainer instance (DIT
   containment).  A reusable policy container can include the elements
   of another reusable policy container by aggregating the container
   itself.  This is realized by DIT containment when the policy
   containers are subordinated to one another, or by reference when the

Top      Up      ToC       Page 61 
   aggregating policy container references the aggregated one using the
   attribute pcelsReusableContainerList.

   The pcelsReusableContainer class is defined as follows:

   ( 1.3.6.1.1.9.1.48
     NAME 'pcelsReusableContainer'
     DESC 'Container for reusable policy information'
     SUP pcimRepository
     ABSTRACT
     MAY ( pcelsReusableContainerName
   $ pcelsReusableContainerList )
   )

   The pcelsReusableContainerAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.49
     NAME 'pcelsReusableContainerAuxClass '
     DESC 'Container for reusable policy information'
     SUP pcelsReusableContainer
     AUXILIARY
   )

   The pcelsReusableContainerInstance class is defined as follows:

   ( 1.3.6.1.1.9.1.50
     NAME 'pcelsReusableContainerInstance'
     DESC 'Container for reusable policy information'
     SUP pcelsReusableContainer
     STRUCTURAL
   )

   The pcelsReusableContainerName attribute type may be used as naming
   attribute for pcelsReusableContainer entries.  This attribute type is
   of syntax Directory String [LDAP_SYNTAX].  It has an equality
   matching rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.27
     NAME 'pcelsReusableContainerName'
     DESC 'User-friendly name of a reusable policy container'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch

Top      Up      ToC       Page 62 
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

   The pcelsReusableContainerList attribute type realizes the
   ContainedDomain association [PCIM_EXT].  This attribute type is of
   syntax DN [LDAP_SYNTAX].  It has an equality matching rule of
   distinguishedNameMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for
   pcelsReusableContainerList attributes are DNs of
   pcelsReusableContainer entries.  In a pcelsReusableContainer, the
   pcelsReusableContainerList attribute represents the associations
   between this reusable policy container and others for the purpose of
   including them as nested containers.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.28
     NAME 'pcelsReusableContainerList'
     DESC 'Unordered set of DNs of pcelsReusableContainer entries'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   )

   Note: PCELS implementations SHOULD support pcelsReusableContainer and
   its two subclasses and MAY also support the two subclasses of
   pcimRepository [PCLS].

5.19.  The Structural Class pcelsRoleCollection

   The pcelsRoleCollection class represents a collection of managed
   elements that share a common role.  It is mapped from the
   PolicyRoleCollection class [PCIM_EXT].  The pcelsRoleCollection class
   is a structural object class and it is derived from the pcimPolicy
   class [PCLS].

   The pcelsRoleCollection class is defined as follows:

   ( 1.3.6.1.1.9.1.51
     NAME 'pcelsRoleCollection'
     DESC 'Collection of managed elements that share a common role'
     SUP pcimPolicy
     STRUCTURAL
     MUST ( pcelsRole )
     MAY ( pcelsRoleCollectionName
   $ pcelsElementList )
   )

Top      Up      ToC       Page 63 
   The pcelsRole attribute type represents the role associated with a
   collection of managed elements.  It is mapped from the
   PolicyRoleCollection.PolicyRole property [PCIM_EXT].  This attribute
   type is of syntax Directory String [LDAP_SYNTAX].  It has an equality
   matching rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.29
     NAME 'pcelsRole'
     DESC 'String representing a role.'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

   The pcelsRoleCollectionName attribute type may be used as naming
   attribute for pcelsRoleCollection entries.  This attribute type is of
   syntax Directory String [LDAP_SYNTAX].  It has an equality matching
   rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.30
     NAME 'pcelsRoleCollectionName'
     DESC 'User-friendly name of a role collection'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

   The pcelsElementList attribute type realizes the
   ElementInPolicyRoleCollection association [PCIM_EXT].  This attribute
   type is of syntax DN [LDAP_SYNTAX].  It has an equality matching rule
   of distinguishedNameMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  In a pcelsRoleCollection, the pcelsElementList
   attribute represents the associations between this role collection
   and its members.

Top      Up      ToC       Page 64 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.31
     NAME 'pcelsElementList'
     DESC 'Unordered set of managed elements'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   )

5.20.  The Abstract Class pcelsFilterEntryBase

   The pcelsFilterEntryBase class is the base class for defining message
   or packet filters.  It is mapped from the FilterEntryBase class
   [PCIM_EXT].  The pcelsFilterEntryBase class is an abstract object
   class and it is derived from the pcimPolicy class [PCLS].

   The pcelsFilterEntryBase class is defined as follows:

   ( 1.3.6.1.1.9.1.52
     NAME 'pcelsFilterEntryBase'
     DESC 'Base class for message or packet filters'
     SUP pcimPolicy
     ABSTRACT
     MAY ( pcelsFilterName
         $ pcelsFilterIsNegated )
   )

   The pcelsFilterName attribute type may be used as naming attribute
   for pcelsFilterEntryBase entries.  This attribute type is of syntax
   Directory String [LDAP_SYNTAX].  It has an equality matching rule of
   caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch
   and a substrings matching rule of caseIgnoreSubstringsMatch
   [LDAP_SYNTAX].  Attributes of this type can only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.32
     NAME 'pcelsFilterName'
     DESC 'User-friendly name of a filter entry'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

   The pcelsFilterIsNegated attribute type indicates whether the match
   information specified in a pcelsFilterEntryBase is negated or not.

Top      Up      ToC       Page 65 
   It is mapped from the FilterEntryBase.IsNegated property [PCIM_EXT].
   This attribute type is of syntax Boolean [LDAP_SYNTAX].  It has an
   equality matching rule of booleanMatch [LDAP_MATCH].  Attributes of
   this type can only have a single value.  If this attribute is missing
   from a pcelsFilterEntryBase instance, applications MUST assume that
   the filter is not negated.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.33
     NAME 'pcelsFilterIsNegated'
     DESC 'Indicates whether the filter is negated'
     EQUALITY booleanMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
     SINGLE-VALUE
   )

5.21.  The Structural Class pcelsIPHeadersFilter

   The pcelsIPHeadersFilter class provides the most commonly required
   attributes for performing filtering on IP, TCP or UDP headers.  It is
   mapped from the IpHeadersFilter class [PCIM_EXT].  It is a structural
   object class derived from the pcelsFilterEntryBase class.

   The pcelsIPHeadersFilter class is defined as follows:

   ( 1.3.6.1.1.9.1.53
     NAME 'pcelsIPHeadersFilter'
     DESC 'IP header filter'
     SUP pcelsFilterEntryBase
     STRUCTURAL
     MAY ( pcelsIPHdrVersion
         $ pcelsIPHdrSourceAddress
         $ pcelsIPHdrSourceAddressEndOfRange
         $ pcelsIPHdrSourceMask
         $ pcelsIPHdrDestAddress
         $ pcelsIPHdrDestAddressEndOfRange
         $ pcelsIPHdrDestMask
         $ pcelsIPHdrProtocolID
         $ pcelsIPHdrSourcePortStart
         $ pcelsIPHdrSourcePortEnd
         $ pcelsIPHdrDestPortStart
         $ pcelsIPHdrDestPortEnd
         $ pcelsIPHdrDSCPList
         $ pcelsIPHdrFlowLabel )
   )

Top      Up      ToC       Page 66 
   Applications MUST assume 'all values' for optional (MAY) attributes
   not present in a pcelsIPHeadersFilter entry.

   [PCIM_EXT] defines several constraints for the IpHeadersFilter class
   and its properties.  All these constraints (even those that, for
   brevity, are not reiterated in this document) apply to the
   pcelsIPHeadersFilter class and its attributes.  A
   pcelsIPHeadersFilter entry that violates any of these constraints
   SHOULD be treated as invalid and the policy rules or groups
   associated to this entry SHOULD be treated as being disabled, meaning
   that the execution of such policy rules or groups SHOULD be stopped.

   The pcelsIPHdrVersion attribute type indicates the version of the IP
   addresses to be filtered on.  It is mapped from the
   IpHeadersFilter.HdrIpVersion property [PCIM_EXT].  This attribute
   type is of syntax Integer [LDAP_SYNTAX].  It has an equality matching
   rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can only
   have a single value.  The only allowed values for attributes of this
   type are 4 and 6.

   In a pcelsIPHeadersFilter entry, the pcelsIPHdrVersion attribute type
   determines the size for the IP version dependent attribute values.
   These attributes are: pcelsIPHdrSourceAddress,
   pcelsIPHdrSourceAddressEndOfRange, pcelsIPHdrSourceMask,
   pcelsIPHdrDestAddress, pcelsIPHdrDestAddressEndOfRange and
   pcelsIPHdrDestMask.  Their valid values are as follows:
      for IPv4: OctetStrings with a size of 4
      for IPv6: OctetStrings with a size of 16 or 20

   If the pcelsIPHdrVersion attribute is missing from a
   pcelsFilterEntryBase instance, then the filter does not consider IP
   version in selecting matching packets.  In this case, the IP version
   dependent attributes (listed above) must not be present in the filter
   entry.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.34
     NAME 'pcelsIPHdrVersion'
     DESC 'IP version'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

Top      Up      ToC       Page 67 
   The pcelsIPHdrSourceAddress attribute type represents a source IP
   address.  It is mapped from the IpHeadersFilter.HdrSrcAddress
   property [PCIM_EXT].  This attribute type is of syntax OctetString
   [LDAP_SYNTAX].  It has an equality matching rule of octetStringMatch
   [LDAP_SCHEMA] and an ordering matching rule of
   octetStringOrderingMatch [LDAP_MATCH].  Attributes of this type can
   only have a single value.  The only allowed values for attributes of
   this type are octet strings with a size of 4, 16, or 20.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.35
     NAME 'pcelsIPHdrSourceAddress'
     DESC 'Source IP address'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcelsIPHdrSourceAddressEndOfRange attribute type represents the
   end of a range of source IP addresses.  It is mapped from the
   IpHeadersFilter.HdrSrcAddressEndOfRange property [PCIM_EXT].  This
   attribute type is of syntax OctetString [LDAP_SYNTAX].  It has an
   equality matching rule of octetStringMatch [LDAP_SCHEMA] and an
   ordering matching rule of octetStringOrderingMatch [LDAP_MATCH].
   Attributes of this type can only have a single value.  The only
   allowed values for attributes of this type are octet strings with a
   size of 4, 16, or 20.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.36
     NAME 'pcelsIPHdrSourceAddressEndOfRange'
     DESC 'End of a range of source IP addresses'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcelsIPHdrSourceMask attribute type represents the mask to be
   used in comparing the source IP address.  It is mapped from the
   IpHeadersFilter.HdrSrcMask property [PCIM_EXT].  This attribute type
   is of syntax OctetString [LDAP_SYNTAX].  It has an equality matching
   rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule

Top      Up      ToC       Page 68 
   of octetStringOrderingMatch [LDAP_MATCH].  Attributes of this type
   can only have a single value.  The only allowed values for attributes
   of this type are octet strings with a size of 4, 16, or 20.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.37
     NAME 'pcelsIPHdrSourceMask'
     DESC 'Mask to be used in comparing the source IP address'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcelsIPHdrDestAddress attribute type represents a destination IP
   address.  It is mapped from the IpHeadersFilter.HdrDestAddress
   property [PCIM_EXT].  This attribute type is of syntax OctetString
   [LDAP_SYNTAX].  It has an equality matching rule of octetStringMatch
   [LDAP_SCHEMA] and an ordering matching rule of
   octetStringOrderingMatch [LDAP_MATCH].  Attributes of this type can
   only have a single value.  The only allowed values for attributes of
   this type are octet strings with a size of 4, 16, or 20.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.38
     NAME 'pcelsIPHdrDestAddress'
     DESC 'Destination IP address'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcelsIPHdrDestAddressEndOfRange attribute type represents the end
   of a range of destination IP addresses.  It is mapped from the
   IpHeadersFilter.HdrDestAddressEndOfRange property [PCIM_EXT].  This
   attribute type is of syntax OctetString [LDAP_SYNTAX].  It has an
   equality matching rule of octetStringMatch [LDAP_SCHEMA] and an
   ordering matching rule of octetStringOrderingMatch [LDAP_MATCH].
   Attributes of this type can only have a single value.  The only
   allowed values for attributes of this type are octet strings with a
   size of 4, 16, or 20.

Top      Up      ToC       Page 69 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.39
     NAME 'pcelsIPHdrDestAddressEndOfRange'
     DESC 'End of a range of destination IP addresses'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcelsIPHdrDestMask attribute type represents a mask to be used in
   comparing the destination IP address.  It is mapped from the
   IpHeadersFilter.HdrDestMask property [PCIM_EXT].  This attribute type
   is of syntax OctetString [LDAP_SYNTAX].  It has an equality matching
   rule of octetStringMatch [LDAP_SCHEMA] and an ordering matching rule
   of octetStringOrderingMatch [LDAP_MATCH].  Attributes of this type
   can only have a single value.  The only allowed values for attributes
   of this type are octet strings with a size of 4, 16, or 20.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.40
     NAME 'pcelsIPHdrDestMask'
     DESC 'Mask to be used in comparing the destination IP address'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcelsIPHdrProtocolID attribute type indicates an IP protocol
   type.  It is mapped from the IpHeadersFilter.HdrProtocolID property
   [PCIM_EXT].  This attribute type is of syntax Integer [LDAP_SYNTAX].
   It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
   ordering matching rule of integerOrderingMatch [LDAP_MATCH].
   Attributes of this type can only have a single value.  The only
   allowed values for attributes of this type are integers in the range
   0..255 (inclusive).

Top      Up      ToC       Page 70 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.41
     NAME 'pcelsIPHdrProtocolID'
     DESC 'IP protocol type'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsIPHdrSourcePortStart attribute type represents the lower end
   of a range of UDP or TCP source ports.  It is mapped from the
   IpHeadersFilter.HdrSrcPortStart property [PCIM_EXT].  This attribute
   type is of syntax Integer [LDAP_SYNTAX].  It has an equality matching
   rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can only
   have a single value.  The only allowed values for attributes of this
   type are integers in the range 0..65535 (inclusive).

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.42
     NAME 'pcelsIPHdrSourcePortStart'
     DESC 'Lower end of a range of UDP or TCP source ports'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsIPHdrSourcePortEnd attribute type represents the upper end
   of a range of UDP or TCP source ports.  It is mapped from the
   IpHeadersFilter.HdrSrcPortEnd property [PCIM_EXT].  This attribute
   type is of syntax Integer [LDAP_SYNTAX].  It has an equality matching
   rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can only
   have a single value.  The only allowed values for attributes of this
   type are integers in the range 0..65535 (inclusive).

Top      Up      ToC       Page 71 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.43
     NAME 'pcelsIPHdrSourcePortEnd'
     DESC 'Upper end of a range of UDP or TCP source ports'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsIPHdrDestPortStart attribute type represents the lower end
   of a range of UDP or TCP destination ports.  It is mapped from the
   IpHeadersFilter.HdrDestPortStart property [PCIM_EXT].  This attribute
   type is of syntax Integer [LDAP_SYNTAX].  It has an equality matching
   rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can only
   have a single value.  The only allowed values for attributes of this
   type are integers in the range 0..65535 (inclusive).

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.44
     NAME 'pcelsIPHdrDestPortStart'
     DESC 'Lower end of a range of UDP or TCP destination ports'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsIPHdrDestPortEnd attribute type represents the upper end of
   a range of UDP or TCP destination ports.  It is mapped from the
   IpHeadersFilter.HdrDestPortEnd property [PCIM_EXT].  This attribute
   type is of syntax Integer [LDAP_SYNTAX].  It has an equality matching
   rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can only
   have a single value.  The only allowed values for attributes of this
   type are integers in the range 0..65535 (inclusive).

Top      Up      ToC       Page 72 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.45
     NAME 'pcelsIPHdrDestPortEnd'
     DESC 'Upper end of a range of UDP or TCP destination ports'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsIPHdrDSCPList attribute type is mapped from the
   IpHeadersFilter.HdrDSCP property [PCIM_EXT].  This attribute type is
   of syntax Integer [LDAP_SYNTAX].  It has an equality matching rule of
   integerMatch [LDAP_SYNTAX] and an ordering matching rule of
   integerOrderingMatch [LDAP_MATCH].  Attributes of this type can have
   multiple values.  The only allowed values for attributes of this type
   are integers in the range 0..63 (inclusive).

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.46
     NAME 'pcelsIPHdrDSCPList'
     DESC 'DSCP values'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
   )

   The pcelsIPHdrFlowLabel attribute type is mapped from the
   IpHeadersFilter.HdrFlowLabel property [PCIM_EXT].  This attribute
   type is of syntax OctetString [LDAP_SYNTAX].  It has an equality
   matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering
   matching rule of octetStringOrderingMatch [LDAP_MATCH].  Attributes
   of this type can only have a single value.  The only allowed values
   for attributes of this type are octet strings of size 3 (that is, 24
   bits) that contain a Flow Label value in the rightmost 20 bits padded
   on the left with b'0000'.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.47
     NAME 'pcelsIPHdrFlowLabel'
     DESC 'IP flow label'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE

Top      Up      ToC       Page 73 
   )

5.22.  The Structural Class pcels8021Filter

   The pcels8021Filter class provides 802.1 attributes for performing
   filtering on 802.1 headers.  It is mapped from the 8021Filter class
   [PCIM_EXT].  The pcels8021Filter class is a structural object class
   and it is derived from the pcelsFilterEntryBase class.

   The pcels8021Filter class is defined as follows:

   ( 1.3.6.1.1.9.1.54
     NAME 'pcels8021Filter'
     DESC '802.1 header filter'
     SUP pcelsFilterEntryBase
     STRUCTURAL
     MAY ( pcels8021HdrSourceMACAddress
         $ pcels8021HdrSourceMACMask
         $ pcels8021HdrDestMACAddress
         $ pcels8021HdrDestMACMask
         $ pcels8021HdrProtocolID
         $ pcels8021HdrPriority
         $ pcels8021HdrVLANID )
   )

   Applications MUST assume 'all values' for optional (MAY) attributes
   not present in a pcels8021Filter entry.

   [PCIM_EXT] defines several constraints for the 8021Filter class and
   its properties.  All these constraints (even those that, for brevity,
   are not reiterated in this document) apply to the pcels8021Filter
   class and its attributes.  A pcels8021Filter entry that violates any
   of these constraints SHOULD be treated as invalid and the policy
   rules or groups associated to this entry SHOULD be treated as being
   disabled, meaning that the execution of such policy rules or groups
   SHOULD be stopped.

   The pcels8021HdrSourceMACAddress attribute type represents a source
   MAC address.  It is mapped from the 8021Filter.8021HdrSrcMACAddr
   property [PCIM_EXT].  This attribute type is of syntax OctetString
   [LDAP_SYNTAX].  It has an equality matching rule of octetStringMatch
   [LDAP_SCHEMA] and an ordering matching rule of
   octetStringOrderingMatch [LDAP_MATCH].  Attributes of this type can
   only have a single value.  The only allowed values for attributes of
   this type are octet strings with a size of 6.

Top      Up      ToC       Page 74 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.48
     NAME 'pcels8021HdrSourceMACAddress'
     DESC 'Source MAC address'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcels8021HdrSourceMACMask attribute type represents the a mask to
   be used in comparing the source MAC address.  It is mapped from the
   8021Filter.8021HdrSrcMACMask property [PCIM_EXT].  This attribute
   type is of syntax OctetString [LDAP_SYNTAX].  It has an equality
   matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering
   matching rule of octetStringOrderingMatch [LDAP_MATCH].  Attributes
   of this type can only have a single value.  The only allowed values
   for attributes of this type are octet strings with a size of 6.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.49
     NAME 'pcels8021HdrSourceMACMask'
     DESC 'Source MAC address mask'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcels8021HdrDestMACAddress attribute type represents a
   destination MAC address.  It is mapped from the
   8021Filter.8021HdrDestMACAddr property [PCIM_EXT].  This attribute
   type is of syntax OctetString [LDAP_SYNTAX].  It has an equality
   matching rule of octetStringMatch [LDAP_SCHEMA] and an ordering
   matching rule of octetStringOrderingMatch [LDAP_MATCH].  Attributes
   of this type can only have a single value.  The only allowed values
   for attributes of this type are octet strings with a size of 6.

Top      Up      ToC       Page 75 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.50
     NAME 'pcels8021HdrDestMACAddress'
     DESC 'Destination MAC address'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcels8021HdrDestMACMask attribute type represents the a mask to
   be used in comparing the destination MAC address.  It is mapped from
   the 8021Filter.8021HdrDestMACMask property [PCIM_EXT].  This
   attribute type is of syntax OctetString [LDAP_SYNTAX].  It has an
   equality matching rule of octetStringMatch [LDAP_SCHEMA] and an
   ordering matching rule of octetStringOrderingMatch [LDAP_MATCH].
   Attributes of this type can only have a single value.  The only
   allowed values for attributes of this type are octet strings with a
   size of 6.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.51
     NAME 'pcels8021HdrDestMACMask'
     DESC 'Destination MAC address mask'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
     SINGLE-VALUE
   )

   The pcels8021HdrProtocolID attribute type indicates an Ethernet
   protocol type.  It is mapped from the 8021Filter.8021HdrProtocolID
   property [PCIM_EXT].  This attribute type is of syntax Integer
   [LDAP_SYNTAX].  It has an equality matching rule of integerMatch
   [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch
   [LDAP_MATCH].  Attributes of this type can have multiple values.  No
   order is implied.  The only allowed values for attributes of this
   type are integers in the range 0..65535 (inclusive).

Top      Up      ToC       Page 76 
   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.52
     NAME 'pcels8021HdrProtocolID'
     DESC 'Ethernet protocol ID'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
   )

   The pcels8021HdrPriority attribute type indicates an 802.1Q priority.
   It is mapped from the 8021Filter.8021HdrPriorityValue property
   [PCIM_EXT].  This attribute type is of syntax Integer [LDAP_SYNTAX].
   It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
   ordering matching rule of integerOrderingMatch [LDAP_MATCH].
   Attributes of this type can have multiple values.  No order is
   implied.  The only allowed values for attributes of this type are
   integers in the range 0..7 (inclusive).

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.53
     NAME 'pcels8021HdrPriority'
     DESC '802.1Q priority'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
   )

   The pcels8021HdrVLANID attribute type indicates an 802.1Q VLAN
   Identifier.  It is mapped from the 8021Filter.8021HdrVLANID property
   [PCIM_EXT].  This attribute type is of syntax Integer [LDAP_SYNTAX].
   It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
   ordering matching rule of integerOrderingMatch [LDAP_MATCH].
   Attributes of this type can have multiple values.  The only allowed
   values for attributes of this type are integers in the range 0..4095
   (inclusive).

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.54
     NAME 'pcels8021HdrVLANID'
     DESC '802.1Q VLAN ID'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
   )

Top      Up      ToC       Page 77 
5.23.  The Auxiliary Class pcelsFilterListAuxClass

   The pcelsFilterListAuxClass class represents a collection of device-
   level filters aggregated in a policy condition.  It is mapped from
   the FilterList class [PCIM_EXT].  pcelsFilterListAuxClass instances
   can be used as conditions in policy rules or as components in
   compound conditions.  The pcelsFilterListAuxClass class is an
   auxiliary object class and it is derived from the
   pcimConditionAuxClass class [PCLS].

   The pcelsFilterListAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.55
     NAME 'pcelsFilterListAuxClass'
     DESC 'Collection of pcelsFilterEntryBase filters'
     SUP pcimConditionAuxClass
     AUXILIARY
     MAY ( pcelsFilterListName
         $ pcelsFilterDirection
         $ pcelsFilterEntryList )
   )

   The pcelsFilterListName attribute type may be used as naming
   attribute for pcelsFilterListAuxClass entries.  This attribute type
   is of syntax Directory String [LDAP_SYNTAX].  It has an equality
   matching rule of caseIgnoreMatch, an ordering matching rule of
   caseIgnoreOrderingMatch and a substrings matching rule of
   caseIgnoreSubstringsMatch [LDAP_SYNTAX].  Attributes of this type can
   only have a single value.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.55
     NAME 'pcelsFilterListName'
     DESC 'User-friendly name of a FilterList'
     EQUALITY caseIgnoreMatch
     ORDERING caseIgnoreOrderingMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE
   )

   The pcelsFilterDirection attribute type indicates the direction of
   the packets or messages relative to the interface where the filter is
   applied.  It is mapped from the FilterList.Direction property
   [PCIM_EXT].  This attribute type is of syntax Integer [LDAP_SYNTAX].
   It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an
   ordering matching rule of integerOrderingMatch [LDAP_MATCH].

Top      Up      ToC       Page 78 
   Attributes of this type can only have a single value.  The only
   allowed values for attributes of this type are 0 (NotApplicable), 1
   (Input), 2 (Output), 3 (Both) and 4 (Mirrored).  If this attribute is
   missing from a pcelsFilterListAuxClass instance, applications MUST
   assume that a direction is not applicable.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.56
     NAME 'pcelsFilterDirection'
     DESC 'Direction to which this filter is applied'
     EQUALITY integerMatch
     ORDERING integerOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE
   )

   The pcelsFilterEntryList attribute type realizes the
   EntriesInFilterList association [PCIM_EXT].  This attribute type is
   of syntax DN [LDAP_SYNTAX].  It has an equality matching rule of
   distinguishedNameMatch [LDAP_SYNTAX].  Attributes of this type can
   have multiple values.  The only allowed values for
   pcelsFilterEntryList attributes are DNs of pcelsFilterEntryBase
   entries.  In a pcelsFilterListAuxClass, the pcelsFilterEntryList
   attribute represents the associations between this filter collection
   and its components.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.57
     NAME 'pcelsFilterEntryList'
     DESC 'Unordered set of DNs of pcelsFilterEntryBase entries'
     EQUALITY distinguishedNameMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   )

   The EntrySequence property of the association EntriesInFilterList is
   restricted to a single value ('0') [PCIM_EXT] which makes it
   redundant.  Therefore, its mapping to an LDAP schema element is
   unnecessary.

Top      Up      ToC       Page 79 
5.24.  The Auxiliary Class pcelsVendorVariableAuxClass

   The pcelsVendorVariableAuxClass class provides a general extension
   mechanism for representing policy variables that have not been
   specifically modeled.  Instead, its two properties are used to define
   the content and format of the variable, as explained below.  This
   class is intended for vendor-specific extensions that are not
   amenable to using pcelsVariable; standardized extensions SHOULD NOT
   use this class.

   The pcelsVendorVariableAuxClass class is an auxiliary object class
   and it is derived from the pcelsVariable class.

   The pcelsVendorVariableAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.56
     NAME 'pcelsVendorVariableAuxClass'
     DESC 'Defines registered means to describe a policy variable'
     SUP pcelsVariable
     AUXILIARY
     MAY ( pcelsVendorVariableData $
           pcelsVendorVariableEncoding )
   )

   The pcelsVendorVariableData attribute provides a general mechanism
   for representing policy variables that have not been specifically
   modeled.  This attribute type is of syntax OctetString [LDAP_SYNTAX].
   It has an equality matching rule of octetStringMatch [LDAP_SCHEMA]
   and an ordering matching rule of octetStringOrderingMatch
   [LDAP_MATCH].  Attributes of this type can have multiple values.  In
   pcelsVendorVariableAuxClass instances, the format of the values for
   attributes of this type is identified by the OID stored in the
   pcelsVendorVariableEncoding attribute.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.58
     NAME 'pcelsVendorVariableData'
     DESC 'Mechanism for representing variables that have not
           been specifically modeled'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
   )

   The pcelsVendorVariableEncoding attribute identifies the format for
   representing policy variables that have not been specifically
   modeled.  This attribute type is of syntax OID [LDAP_SYNTAX].  It has

Top      Up      ToC       Page 80 
   an equality matching rule of objectIdentifierMatch [LDAP_SYNTAX].
   Attributes of this type can only have a single value.  In
   pcelsVendorVariableAuxClass instances, the
   pcelsVendorVariableEncoding attribute is used to identify the format
   and semantics for the pcelsVendorVariableData attribute values.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.59
     NAME 'pcelsVendorVariableEncoding'
     DESC 'Identifies the format and semantics for policy variables'
     EQUALITY objectIdentifierMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
     SINGLE-VALUE
   )

5.25.  The Auxiliary Class pcelsVendorValueAuxClass

   The pcelsVendorValueAuxClass class provides a general extension
   mechanism for representing policy values that have not been
   specifically modeled.  Instead, its two properties are used to define
   the content and format of the policy value, as explained below.  This
   class is intended for vendor-specific extensions that are not
   amenable to using pcelsValueAuxClass; standardized extensions SHOULD
   NOT use this class.

   The pcelsVendorValueAuxClass class is an auxiliary object class and
   it is derived from the pcelsValueAuxClass class.

   The pcelsVendorValueAuxClass class is defined as follows:

   ( 1.3.6.1.1.9.1.57
     NAME 'pcelsVendorValueAuxClass'
     DESC 'Defines registered means to describe a policy value'
     SUP pcelsValueAuxClass
     AUXILIARY
     MAY ( pcelsVendorValueData $
           pcelsVendorValueEncoding )
   )

   The pcelsVendorValueData attribute provides a general mechanism for
   representing policy values that have not been specifically modeled.
   This attribute type is of syntax OctetString [LDAP_SYNTAX].  It has
   an equality matching rule of octetStringMatch [LDAP_SCHEMA] and an
   ordering matching rule of octetStringOrderingMatch [LDAP_MATCH].
   Attributes of this type can have multiple values.  In

Top      Up      ToC       Page 81 
   pcelsVendorValueAuxClass instances, the format of the values for
   attributes of this type is identified by the OID stored in the
   pcelsVendorValueEncoding attribute.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.60
     NAME 'pcelsVendorValueData'
     DESC 'Mechanism for representing values that have not been
           specifically modeled'
     EQUALITY octetStringMatch
     ORDERING octetStringOrderingMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
   )

   The pcelsVendorValueEncoding attribute identifies the format for
   representing policy values that have not been specifically modeled.
   This attribute type is of syntax OID [LDAP_SYNTAX].  It has an
   equality matching rule of objectIdentifierMatch [LDAP_SYNTAX].
   Attributes of this type can only have a single value.  In
   pcelsVendorVarlueAuxClass instances, the pcelsVendorValueEncoding
   attribute is used to identify the format and semantics for the
   pcelsVendorValueData attribute values.

   This attribute type is defined as follows:

   ( 1.3.6.1.1.9.2.61
     NAME 'pcelsVendorValueEncoding'
     DESC 'Identifies the format and semantics for policy values'
     EQUALITY objectIdentifierMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
     SINGLE-VALUE
   )

6.  Security Considerations

   The Policy Core LDAP Schema [PCLS] describes the general security
   considerations related to the general core policy schema.  The
   extensions defined in this document do not introduce any additional
   considerations related to security.

Top      Up      ToC       Page 82 
7.  IANA Considerations

   Refer to RFC 3383, "Internet Assigned Numbers Authority (IANA)
   Considerations for the Lightweight Directory Access Protocol (LDAP)"
   [LDAP-IANA].

7.1.  Object Identifiers

   The IANA has registered an LDAP Object Identifier for use in this
   technical specification according to the following template:

   Subject: Request for LDAP OID Registration
   Person & e-mail address to contact for further information:
   Mircea Pana (mpana@metasolv.com)
   Specification: RFC 4104
   Author/Change Controller: IESG
   Comments:
      The assigned OID is used as a base for identifying
      a number of schema elements defined in this document.

   IANA has assigned an OID of 1.3.6.1.1.9 with the name of pcelsSchema
   to this registration as recorded in the following registry:

      http://www.iana.org/assignments/smi-numbers

7.2.  Object Identifier Descriptors

   The IANA has registered the LDAP Descriptors used in this technical
   specification as detailed in the following template:

   Subject: Request for LDAP Descriptor Registration Update
   Descriptor (short name): see comment
   Object Identifier: see comment
   Person & e-mail address to contact for further information:
      Mircea Pana (mpana@metasolv.com)
   Usage: see comment
   Specification: RFC 4104
   Author/Change Controller: IESG
   Comments:

   The following descriptors have been added:

   NAME                                    Type  OID
   --------------                          ----  ------------
   pcelsPolicySet                           O     1.3.6.1.1.9.1.1
   pcelsPolicySetAssociation                O     1.3.6.1.1.9.1.2
   pcelsGroup                               O     1.3.6.1.1.9.1.3
   pcelsGroupAuxClass                       O     1.3.6.1.1.9.1.4

Top      Up      ToC       Page 83 
   pcelsGroupInstance                       O     1.3.6.1.1.9.1.5
   pcelsRule                                O     1.3.6.1.1.9.1.6
   pcelsRuleAuxClass                        O     1.3.6.1.1.9.1.7
   pcelsRuleInstance                        O     1.3.6.1.1.9.1.8
   pcelsConditionAssociation                O     1.3.6.1.1.9.1.9
   pcelsActionAssociation                   O     1.3.6.1.1.9.1.10
   pcelsSimpleConditionAuxClass             O     1.3.6.1.1.9.1.11
   pcelsCompoundConditionAuxClass           O     1.3.6.1.1.9.1.12
   pcelsCompoundFilterConditionAuxClass     O     1.3.6.1.1.9.1.13
   pcelsSimpleActionAuxClass                O     1.3.6.1.1.9.1.14
   pcelsCompoundActionAuxClass              O     1.3.6.1.1.9.1.15
   pcelsVariable                            O     1.3.6.1.1.9.1.16
   pcelsExplicitVariableAuxClass            O     1.3.6.1.1.9.1.17
   pcelsImplicitVariableAuxClass            O     1.3.6.1.1.9.1.18
   pcelsSourceIPv4VariableAuxClass          O     1.3.6.1.1.9.1.19
   pcelsSourceIPv6VariableAuxClass          O     1.3.6.1.1.9.1.20
   pcelsDestinationIPv4VariableAuxClass     O     1.3.6.1.1.9.1.21
   pcelsDestinationIPv6VariableAuxClass     O     1.3.6.1.1.9.1.22
   pcelsSourcePortVariableAuxClass          O     1.3.6.1.1.9.1.23
   pcelsDestinationPortVariableAuxClass     O     1.3.6.1.1.9.1.24
   pcelsIPProtocolVariableAuxClass          O     1.3.6.1.1.9.1.25
   pcelsIPVersionVariableAuxClass           O     1.3.6.1.1.9.1.26
   pcelsIPToSVariableAuxClass               O     1.3.6.1.1.9.1.27
   pcelsDSCPVariableAuxClass                O     1.3.6.1.1.9.1.28
   pcelsFlowIdVariableAuxClass              O     1.3.6.1.1.9.1.29
   pcelsSourceMACVariableAuxClass           O     1.3.6.1.1.9.1.30
   pcelsDestinationMACVariableAuxClass      O     1.3.6.1.1.9.1.31
   pcelsVLANVariableAuxClass                O     1.3.6.1.1.9.1.32
   pcelsCoSVariableAuxClass                 O     1.3.6.1.1.9.1.33
   pcelsEthertypeVariableAuxClass           O     1.3.6.1.1.9.1.34
   pcelsSourceSAPVariableAuxClass           O     1.3.6.1.1.9.1.35
   pcelsDestinationSAPVariableAuxClass      O     1.3.6.1.1.9.1.36
   pcelsSNAPOUIVariableAuxClass             O     1.3.6.1.1.9.1.37
   pcelsSNAPTypeVariableAuxClass            O     1.3.6.1.1.9.1.38
   pcelsFlowDirectionVariableAuxClass       O     1.3.6.1.1.9.1.39
   pcelsValueAuxClass                       O     1.3.6.1.1.9.1.40
   pcelsIPv4AddrValueAuxClass               O     1.3.6.1.1.9.1.41
   pcelsIPv6AddrValueAuxClass               O     1.3.6.1.1.9.1.42
   pcelsMACAddrValueAuxClass                O     1.3.6.1.1.9.1.43
   pcelsStringValueAuxClass                 O     1.3.6.1.1.9.1.44
   pcelsBitStringValueAuxClass              O     1.3.6.1.1.9.1.45
   pcelsIntegerValueAuxClass                O     1.3.6.1.1.9.1.46
   pcelsBooleanValueAuxClass                O     1.3.6.1.1.9.1.47
   pcelsReusableContainer                   O     1.3.6.1.1.9.1.48
   pcelsReusableContainerAuxClass           O     1.3.6.1.1.9.1.49
   pcelsReusableContainerInstance           O     1.3.6.1.1.9.1.50
   pcelsRoleCollection                      O     1.3.6.1.1.9.1.51
   pcelsFilterEntryBase                     O     1.3.6.1.1.9.1.52

Top      Up      ToC       Page 84 
   pcelsIPHeadersFilter                     O     1.3.6.1.1.9.1.53
   pcels8021Filter                          O     1.3.6.1.1.9.1.54
   pcelsFilterListAuxClass                  O     1.3.6.1.1.9.1.55
   pcelsVendorVariableAuxClass              O     1.3.6.1.1.9.1.56
   pcelsVendorValueAuxClass                 O     1.3.6.1.1.9.1.57
   pcelsPolicySetName                       A     1.3.6.1.1.9.2.1
   pcelsDecisionStrategy                    A     1.3.6.1.1.9.2.2
   pcelsPolicySetList                       A     1.3.6.1.1.9.2.3
   pcelsPriority                            A     1.3.6.1.1.9.2.4
   pcelsPolicySetDN                         A     1.3.6.1.1.9.2.5
   pcelsConditionListType                   A     1.3.6.1.1.9.2.6
   pcelsConditionList                       A     1.3.6.1.1.9.2.7
   pcelsActionList                          A     1.3.6.1.1.9.2.8
   pcelsSequencedActions                    A     1.3.6.1.1.9.2.9
   pcelsExecutionStrategy                   A     1.3.6.1.1.9.2.10
   pcelsVariableDN                          A     1.3.6.1.1.9.2.11
   pcelsValueDN                             A     1.3.6.1.1.9.2.12
   pcelsIsMirrored                          A     1.3.6.1.1.9.2.13
   pcelsVariableName                        A     1.3.6.1.1.9.2.14
   pcelsExpectedValueList                   A     1.3.6.1.1.9.2.15
   pcelsVariableModelClass                  A     1.3.6.1.1.9.2.16
   pcelsVariableModelProperty               A     1.3.6.1.1.9.2.17
   pcelsExpectedValueTypes                  A     1.3.6.1.1.9.2.18
   pcelsValueName                           A     1.3.6.1.1.9.2.19
   pcelsIPv4AddrList                        A     1.3.6.1.1.9.2.20
   pcelsIPv6AddrList                        A     1.3.6.1.1.9.2.21
   pcelsMACAddrList                         A     1.3.6.1.1.9.2.22
   pcelsStringList                          A     1.3.6.1.1.9.2.23
   pcelsBitStringList                       A     1.3.6.1.1.9.2.24
   pcelsIntegerList                         A     1.3.6.1.1.9.2.25
   pcelsBoolean                             A     1.3.6.1.1.9.2.26
   pcelsReusableContainerName               A     1.3.6.1.1.9.2.27
   pcelsReusableContainerList               A     1.3.6.1.1.9.2.28
   pcelsRole                                A     1.3.6.1.1.9.2.29
   pcelsRoleCollectionName                  A     1.3.6.1.1.9.2.30
   pcelsElementList                         A     1.3.6.1.1.9.2.31
   pcelsFilterName                          A     1.3.6.1.1.9.2.32
   pcelsFilterIsNegated                     A     1.3.6.1.1.9.2.33
   pcelsIPHdrVersion                        A     1.3.6.1.1.9.2.34
   pcelsIPHdrSourceAddress                  A     1.3.6.1.1.9.2.35
   pcelsIPHdrSourceAddressEndOfRange        A     1.3.6.1.1.9.2.36
   pcelsIPHdrSourceMask                     A     1.3.6.1.1.9.2.37
   pcelsIPHdrDestAddress                    A     1.3.6.1.1.9.2.38
   pcelsIPHdrDestAddressEndOfRange          A     1.3.6.1.1.9.2.39
   pcelsIPHdrDestMask                       A     1.3.6.1.1.9.2.40
   pcelsIPHdrProtocolID                     A     1.3.6.1.1.9.2.41
   pcelsIPHdrSourcePortStart                A     1.3.6.1.1.9.2.42
   pcelsIPHdrSourcePortEnd                  A     1.3.6.1.1.9.2.43

Top      Up      ToC       Page 85 
   pcelsIPHdrDestPortStart                  A     1.3.6.1.1.9.2.44
   pcelsIPHdrDestPortEnd                    A     1.3.6.1.1.9.2.45
   pcelsIPHdrDSCPList                       A     1.3.6.1.1.9.2.46
   pcelsIPHdrFlowLabel                      A     1.3.6.1.1.9.2.47
   pcels8021HdrSourceMACAddress             A     1.3.6.1.1.9.2.48
   pcels8021HdrSourceMACMask                A     1.3.6.1.1.9.2.49
   pcels8021HdrDestMACAddress               A     1.3.6.1.1.9.2.50
   pcels8021HdrDestMACMask                  A     1.3.6.1.1.9.2.51
   pcels8021HdrProtocolID                   A     1.3.6.1.1.9.2.52
   pcels8021HdrPriority                     A     1.3.6.1.1.9.2.53
   pcels8021HdrVLANID                       A     1.3.6.1.1.9.2.54
   pcelsFilterListName                      A     1.3.6.1.1.9.2.55
   pcelsFilterDirection                     A     1.3.6.1.1.9.2.56
   pcelsFilterEntryList                     A     1.3.6.1.1.9.2.57
   pcelsVendorVariableData                  A     1.3.6.1.1.9.2.58
   pcelsVendorVariableEncoding              A     1.3.6.1.1.9.2.59
   pcelsVendorValueData                     A     1.3.6.1.1.9.2.60
   pcelsVendorValueEncoding                 A     1.3.6.1.1.9.2.61
   pcelsRuleValidityPeriodList              A     1.3.6.1.1.9.2.62

   where Type A is Attribute, Type O is ObjectClass

   These assignments are recorded in the following registry:

      http://www.iana.org/assignments/ldap-parameters

8.  Acknowledgements

   We would like to thank Kurt Zeilenga, Bert Wijnen, Ryan Moats, John
   Strassner, David McTavish, Larry Bartz and all the other members of
   the Policy Framework WG for reviewing this document and making many
   helpful suggestions and corrections.

   We would also like to thank Joel Halpern (co-chair of the Policy
   Framework WG) for his support, for bringing this document to the
   attention of the Policy Framework WG and for moderating the resulting
   interactions.

9.  Normative References

   [KEYWORDS]    Bradner, S., "Key words for use in RFCs to Indicate
                 Requirement Levels", BCP 14, RFC 2119, March 1997.

   [CIM]         Distributed Management Task Force, Inc., "Common
                 Information Model (CIM) Specification", Version 2.2,
                 June 14, 1999,
                 http://www.dmtf.org/standards/documents/CIM/DSP0004.pdf

Top      Up      ToC       Page 86 
   [CIM_LDAP]    Distributed Management Task Force, Inc., "DMTF LDAP
                 Schema for the CIM v2.5 Core Information Model", April
                 15, 2002,
                 http://www.dmtf.org/standards/documents/DEN/DSP0123.pdf

   [PCIM]        Moore, B., Ellesson, E., Strassner, J., and A.
                 Westerinen, "Policy Core Information Model -- Version 1
                 Specification", RFC 3060, February 2001.

   [PCIM_EXT]    Moore, B., "Policy Core Information Model (PCIM)
                 Extensions", RFC 3460, January 2003.

   [PCLS]        Strassner, J., Moore, B., Moats, R., and E. Ellesson,
                 "Policy Core Lightweight Directory Access Protocol
                 (LDAP) Schema", RFC 3703, February 2004.

   [LDAP]        Hodges, J. and R. Morgan, "Lightweight Directory Access
                 Protocol (v3): Technical Specification", RFC 3377,
                 September 2002.

   [LDAP_SYNTAX] Wahl, M., Coulbeck, A., Howes, T., and S. Kille,
                 "Lightweight Directory Access Protocol (v3): Attribute
                 Syntax Definitions", RFC 2252, December 1997.

   [LDAP_SCHEMA] Wahl, M., "A Summary of the X.500(96) User Schema for
                 use with LDAPv3", RFC 2256, December 1997.

   [LDAP_MATCH]  Zeilenga, K., "Lightweight Directory Access Protocol
                 (LDAP): Additional Matching Rules", RFC 3698, February
                 2004.

   [X.501]       The Directory: Models. ITU-T Recommendation X.501,
                 2001.

   [X.520]       The Directory: Selected Attribute Types. ITU-T
                 Recommendation X.520, 2001.

10.  Informative References

   [LDAP-IANA]   Zeilenga, K., "Internet Assigned Numbers Authority
                 (IANA) Considerations for the Lightweight Directory
                 Access Protocol (LDAP)", BCP 64, RFC 3383, September
                 2002.

Top      Up      ToC       Page 87 
Authors' Addresses

   Mircea Pana
   MetaSolv Software Inc.
   360 Legget Drive
   Ottawa, Ontario, Canada
   K2K 3N1

   EMail: mpana@metasolv.com


   Angelica Reyes
   Department of Computer Architecture
   Technical University of Catalonia
   Campus Castelldefels
   Spain

   EMail: mreyes@ac.upc.edu


   Antoni Barba
   Technical University of Catalonia
   Jordi-Girona 1-3
   08034 Barcelona
   Spain

   EMail: telabm@mat.upc.es


   David Moron
   Technical University of Catalonia
   Jordi-Girona 1-3
   08034 Barcelona
   Spain

   EMail: dmor4477@hotmail.com


   Marcus Brunner
   NEC Europe Ltd.
   Kurfuersten-Anlage 36
   D-69115 Heidelberg
   Germany

   EMail: brunner@netlab.nec.de

Top      Up      ToC       Page 88 
Full Copyright Statement

   Copyright (C) The Internet Society (2005).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.