We have discussed changing our current draft on the ipp scheme and security
so that it reflects the ideas that Ira presented in a recent email. We need to
complete this discussion at next week's Tucson meeting.
The essence of his idea is that the ipp scheme needs to exist only in those
contexts outside of IPP software. In the context of an IPP server or an IPP
client, an http scheme in the printer-uri and job-uri attributes is clearly
referencing an IPP printer. The ipp scheme is redundant and thus
unnecessary. In the context of a directory service or of an end user
writing a URL, the ipp scheme becomes necessary in order to specify that the
URL is related to printing.
The email that I sent a few minutes ago entitled "RE: IPP> Re: SLP Printer
Service Template" contains ideas related to this discussion.
Bob Herriot
I have enclosed Ira's proposal below.
>
>Here's a proposal for a minor change to future IPP clients and servers.
>This proposal REMOVES ALL redundant security or other parameter(s) in
>the 'ipp:' scheme. The simple premise is that a client who wants to use
>secure printers MUST be installed in a network with directory services.
>
>1) All IPP Clients (in the future):
> a) SHALL accept 'ipp:' scheme printer URL from end-users;
> b) SHALL display 'ipp:' scheme printer URL to end-users;
> c) SHALL translate 'ipp:' URL to 'http:' for use in HTTP headers;
> d) SHALL translate 'ipp:' URL to 'http:' for all IPP attributes in
> 'application/ipp' MIME bodies (ie, IPP requests or responses).
>
>2) Secure IPP Clients (in the future):
> a) SHALL lookup IPP printer URL via the 'ipp:' scheme in SLP, LDAP,
> or other directory service, before accessing the IPP printer;
> b) SHALL read 'printer-uri-supported' and 'uri-security-supported'
> IPP Printer object attributes from the directory service to discover
> security info (eg, using the SLPv2 'printer:' template).
>
>3) All IPP Printers (in the future):
> a) SHALL put 'printer-uri-supported' and 'uri-security-supported' in
> ALL of their directory service registrations (current requirement).
> b) SHALL advertise ONLY 'ipp:' scheme URL in directory services
> (new requirement).
>
--=====================_99796670==_.ALT
Content-Type: text/html; charset="us-ascii"
We have discussed changing our current draft on the ipp
scheme and security
--=====================_99796670==_.ALT--
so that it reflects the ideas that Ira presented in a recent email.
We need to
complete this discussion at next week's Tucson meeting.
The essence of his idea is that the ipp scheme needs to exist only in
those
contexts outside of IPP software. In the context of an IPP server
or an IPP
client, an http scheme in the printer-uri and job-uri attributes is
clearly
referencing an IPP printer. The ipp scheme is redundant and thus
unnecessary. In the context of a directory service or of an end
user
writing a URL, the ipp scheme becomes necessary in order to specify that
the
URL is related to printing.
The email that I sent a few minutes ago entitled "RE:
IPP> Re: SLP Printer
Service Template" contains ideas related to this discussion.
Bob Herriot
I have enclosed Ira's proposal below.
>
>Here's a proposal for a minor change to future IPP clients and
servers.
>This proposal REMOVES ALL redundant security or other parameter(s)
in
>the 'ipp:' scheme. The simple premise is that a client who
wants to use
>secure printers MUST be installed in a network with directory
services.
>
>1) All IPP Clients (in the future):
> a) SHALL accept 'ipp:' scheme printer URL from
end-users;
> b) SHALL display 'ipp:' scheme printer URL to
end-users;
> c) SHALL translate 'ipp:' URL to 'http:' for use
in HTTP headers;
> d) SHALL translate 'ipp:' URL to 'http:' for all
IPP attributes in
> 'application/ipp' MIME bodies (ie, IPP requests or
responses).
>
>2) Secure IPP Clients (in the future):
> a) SHALL lookup IPP printer URL via the 'ipp:'
scheme in SLP, LDAP,
> or other directory service, before accessing the
IPP printer;
> b) SHALL read 'printer-uri-supported' and
'uri-security-supported'
> IPP Printer object attributes from the directory
service to discover
> security info (eg, using the SLPv2 'printer:'
template).
>
>3) All IPP Printers (in the future):
> a) SHALL put 'printer-uri-supported' and
'uri-security-supported' in
> ALL of their directory service registrations
(current requirement).
> b) SHALL advertise ONLY 'ipp:' scheme URL in
directory services
> (new requirement).
>