draft-ietf-cdni-metadata-07.txt   draft-ietf-cdni-metadata-08.txt 
Network Working Group B. Niven-Jenkins Network Working Group B. Niven-Jenkins
Internet-Draft R. Murray Internet-Draft R. Murray
Intended status: Standards Track Velocix (Alcatel-Lucent) Intended status: Standards Track Velocix (Alcatel-Lucent)
Expires: January 3, 2015 M. Caulfield Expires: April 30, 2015 M. Caulfield
K. Leung
Cisco Systems Cisco Systems
K. Ma K. Ma
Ericsson Ericsson
July 2, 2014 October 27, 2014
CDN Interconnection Metadata CDN Interconnection Metadata
draft-ietf-cdni-metadata-07 draft-ietf-cdni-metadata-08
Abstract Abstract
The CDNI Metadata interface enables interconnected CDNs to exchange The CDNI Metadata interface enables interconnected CDNs to exchange
content distribution metadata in order to enable content acquisition content distribution metadata in order to enable content acquisition
and delivery. The CDNI metadata associated with a piece of content and delivery. The CDNI metadata associated with a piece of content
provides a downstream CDN with sufficient information for the provides a downstream CDN with sufficient information for the
downstream CDN to service content requests on behalf of an upstream downstream CDN to service content requests on behalf of an upstream
CDN. This document describes both a base set of CDNI metadata and CDN. This document describes both a base set of CDNI metadata and
the protocol for exchanging that metadata. the protocol for exchanging that metadata.
skipping to change at page 1, line 47 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2015. This Internet-Draft will expire on April 30, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 29 skipping to change at page 2, line 29
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 4 1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 4
2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 5 2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 5
3. CDNI Metadata Data Model . . . . . . . . . . . . . . . . . . 6 3. CDNI Metadata Data Model . . . . . . . . . . . . . . . . . . 6
3.1. HostIndex, HostMetadata and PathMetadata objects . . . . 7 3.1. HostIndex, HostMetadata and PathMetadata objects . . . . 7
3.2. Generic CDNI Metadata Object Properties . . . . . . . . . 11 3.2. Generic CDNI Metadata Object Properties . . . . . . . . . 11
3.3. Metadata Inheritance and Override . . . . . . . . . . . . 14 3.3. Metadata Inheritance and Override . . . . . . . . . . . . 13
4. Encoding-Independent CDNI Metadata Object Descriptions . . . 15 4. Encoding-Independent CDNI Metadata Object Descriptions . . . 14
4.1. Descriptions of the CDNI Structural Metadata Objects . . 16 4.1. Descriptions of the CDNI Structural Metadata Objects . . 15
4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 16 4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 15
4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 16 4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 15
4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 17 4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 16
4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 17 4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 16
4.1.5. PathMetadata . . . . . . . . . . . . . . . . . . . . 18 4.1.5. PathMetadata . . . . . . . . . . . . . . . . . . . . 17
4.1.6. PatternMatch . . . . . . . . . . . . . . . . . . . . 18 4.1.6. PatternMatch . . . . . . . . . . . . . . . . . . . . 17
4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 19 4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 18
4.2. Description of the CDNI Generic Metadata Objects . . . . 20 4.2. Description of the CDNI Generic Metadata Objects . . . . 19
4.2.1. Source Metadata . . . . . . . . . . . . . . . . . . . 20 4.2.1. Source Metadata . . . . . . . . . . . . . . . . . . . 19
4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 21 4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 20
4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 21 4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 21
4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 22 4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 21
4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 22 4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 22
4.2.3. TimeWindowACL Metadata . . . . . . . . . . . . . . . 23 4.2.3. TimeWindowACL Metadata . . . . . . . . . . . . . . . 22
4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 23 4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 23
4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 24 4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 23
4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 24 4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 24
4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 24 4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 24
4.2.5. Authorization Metadata . . . . . . . . . . . . . . . 25 4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 25
4.2.6. Auth . . . . . . . . . . . . . . . . . . . . . . . . 25 4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 25
4.2.6.1. Credentials Auth Type . . . . . . . . . . . . . . 26 4.2.7. Grouping . . . . . . . . . . . . . . . . . . . . . . 26
4.2.7. Cache . . . . . . . . . . . . . . . . . . . . . . . . 26 4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 26
4.2.8. Grouping . . . . . . . . . . . . . . . . . . . . . . 26 4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 26
4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 27 4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 27
4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 27 4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 27
4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 28 4.3.4. URI . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 28 4.3.5. Time . . . . . . . . . . . . . . . . . . . . . . . . 27
4.3.4. URI . . . . . . . . . . . . . . . . . . . . . . . . . 28 4.4. Auth . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.3.5. Time . . . . . . . . . . . . . . . . . . . . . . . . 28 4.4.1. CredentialAuth Type . . . . . . . . . . . . . . . . . 28
5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 28 5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 28
5.1. Protocol ACL Capabilities . . . . . . . . . . . . . . . . 29
5.2. Authorization Metadata Capabilities . . . . . . . . . . . 29
6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 29 6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 29
6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 30 6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 30
6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 31 6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 30
6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 32 6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 31
6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 32 6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 32
6.4.1. MIME Media Types . . . . . . . . . . . . . . . . . . 33 6.4.1. MIME Media Types . . . . . . . . . . . . . . . . . . 32
6.4.2. JSON Encoding of Objects . . . . . . . . . . . . . . 33 6.4.2. JSON Encoding of Objects . . . . . . . . . . . . . . 32
6.4.2.1. Encoded CDNI Metadata Example . . . . . . . . . . 34 6.4.2.1. Encoded CDNI Metadata Example . . . . . . . . . . 33
6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 38 6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 37
6.5.1. Metadata Enforcement . . . . . . . . . . . . . . . . 38 6.5.1. Metadata Enforcement . . . . . . . . . . . . . . . . 37
6.5.2. Metadata Override . . . . . . . . . . . . . . . . . . 39 6.5.2. Metadata Conflicts . . . . . . . . . . . . . . . . . 38
6.6. Versioning . . . . . . . . . . . . . . . . . . . . . . . 39 6.6. Versioning . . . . . . . . . . . . . . . . . . . . . . . 38
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39
7.1. GenericMetadata Type Registry . . . . . . . . . . . . . . 40 7.1. GenericMetadata Type Registry . . . . . . . . . . . . . . 40
7.1.1. GenericMetadata Sub-Registries . . . . . . . . . . . 42 7.1.1. GenericMetadata Sub-Registries . . . . . . . . . . . 41
7.1.1.1. Footprint Sub-Registry . . . . . . . . . . . . . 42 7.1.1.1. Footprint Sub-Registry . . . . . . . . . . . . . 42
7.1.1.2. Protocol Sub-Registry . . . . . . . . . . . . . . 42 7.1.1.2. Protocol Sub-Registry . . . . . . . . . . . . . . 42
7.1.1.3. Authentication Sub-Registry . . . . . . . . . . . 43 7.1.1.3. Authentication Type Sub-Registry . . . . . . . . 43
8. Security Considerations . . . . . . . . . . . . . . . . . . . 44 8. Security Considerations . . . . . . . . . . . . . . . . . . . 44
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 44 8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 44
10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 44 8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 44
8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 44
8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 45
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 45
10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 45
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 45 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 45
11.1. Normative References . . . . . . . . . . . . . . . . . . 45 11.1. Normative References . . . . . . . . . . . . . . . . . . 46
11.2. Informative References . . . . . . . . . . . . . . . . . 45 11.2. Informative References . . . . . . . . . . . . . . . . . 46
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction 1. Introduction
Content Delivery Networks Interconnection (CDNI) ([RFC6707]) enables Content Delivery Networks Interconnection (CDNI) ([RFC6707]) enables
a downstream CDN to service content requests on behalf of an upstream a downstream CDN to service content requests on behalf of an upstream
CDN. CDN.
The CDNI Metadata interface is discussed in [I-D.ietf-cdni-framework] The CDNI Metadata interface is discussed in [I-D.ietf-cdni-framework]
along with four other interfaces that may be used to compose a CDNI along with four other interfaces that may be used to compose a CDNI
solution (CDNI Control interface, CDNI Request Routing Redirection solution (CDNI Control interface, CDNI Request Routing Redirection
skipping to change at page 5, line 27 skipping to change at page 5, line 27
* Delivery Protocol * Delivery Protocol
o Delivery Authorization: Metadata for authorizing dCDN user agent o Delivery Authorization: Metadata for authorizing dCDN user agent
requests. requests.
o Cache Control: Metadata for controlling cache behavior of the o Cache Control: Metadata for controlling cache behavior of the
dCDN. dCDN.
The metadata encoding described by this document is extensible in The metadata encoding described by this document is extensible in
order allow for future additions to this list. order to allow for future additions to this list.
This document supports HTTPv1.1 for delivery and both HTTPv1.1 and This document supports HTTPv1.1 for delivery and both HTTPv1.1 and
HTTPv1.1. over TLS for acquisition. All metadata is described in a HTTPv1.1. over TLS for acquisition. All metadata is described in a
protocol-agnostic manner. protocol-agnostic manner.
Supporting unencrypted HTTPv2.0 for delivery (or unencrypted HTTPv2.0 Supporting unencrypted HTTPv2.0 for delivery (or unencrypted HTTPv2.0
or HTTPv2.0 over TLS for acquisition) only requires the registration or HTTPv2.0 over TLS for acquisition) only requires the registration
of these protocol names in the CDNI Metadata Protocol Sub-Registry. of these protocol names in the CDNI Metadata Protocol Sub-Registry.
Supporting HTTPv1.1 over TLS or HTTPv2.0 over TLS for delivery Supporting HTTPv1.1 over TLS or HTTPv2.0 over TLS for delivery
requires specifying additional metadata objects to carry the requires specifying additional metadata objects to carry the
properties required to establish a TLS session, for example metadata properties required to establish a TLS session, for example metadata
to describe the certificate to present as part of the TLS handshake. to describe the certificate to use as part of the TLS handshake.
2. Design Principles 2. Design Principles
The CDNI Metadata interface was designed to achieve the following The CDNI Metadata interface was designed to achieve the following
objectives: objectives:
1. Cacheability of CDNI metadata objects. 1. Cacheability of CDNI metadata objects.
2. Deterministic mapping from redirection requests and content 2. Deterministic mapping from redirection requests and content
requests to CDNI metadata properties. requests to CDNI metadata properties.
skipping to change at page 6, line 32 skipping to change at page 6, line 32
Support for both HTTP and DNS redirection ensures that the CDNI Support for both HTTP and DNS redirection ensures that the CDNI
Metadata interface can be used for HTTP and DNS redirection and also Metadata interface can be used for HTTP and DNS redirection and also
meets the same design principles for both HTTP and DNS based meets the same design principles for both HTTP and DNS based
redirection schemes. redirection schemes.
Minimal duplication of CDNI metadata provides space efficiency on Minimal duplication of CDNI metadata provides space efficiency on
storage in the CDNs, on caches in the network, and across the network storage in the CDNs, on caches in the network, and across the network
between CDNs. between CDNs.
Leveraging existing protocols avoids reinventing common mechanisms Leveraging existing protocols avoids reinventing common mechanisms
such as data structure encoding (e.g. XML, JSON) and data transport such as data structure encoding (e.g., JSON) and data transport
(e.g. HTTP). (e.g., HTTP).
3. CDNI Metadata Data Model 3. CDNI Metadata Data Model
The CDNI Metadata Model describes a data structure for mapping The CDNI Metadata Model describes a data structure for mapping
redirection requests and content requests to metadata properties. redirection requests and content requests to metadata properties.
Metadata properties describe how to acquire content from an upstream Metadata properties describe how to acquire content from an upstream
CDN, authorize access to content, and deliver content from a CDN, authorize access to content, and deliver content from a
downstream CDN. The data model relies on the assumption that these downstream CDN. The data model relies on the assumption that these
metadata properties may be aggregated based on the hostname of the metadata properties may be aggregated based on the hostname of the
content and subsequently on the resource path of the content. The content and subsequently on the resource path of the content. The
skipping to change at page 8, line 10 skipping to change at page 8, line 10
The HostIndex links Hostnames (and/or IP addresses) to HostMetadata The HostIndex links Hostnames (and/or IP addresses) to HostMetadata
objects via HostMatch objects. HostMetadata objects contain (or objects via HostMatch objects. HostMetadata objects contain (or
reference) the default CDNI Metadata required to serve content for reference) the default CDNI Metadata required to serve content for
that host. When looking up CDNI Metadata, the downstream CDN looks that host. When looking up CDNI Metadata, the downstream CDN looks
up the requested Hostname (or IP address) against the HostMatch up the requested Hostname (or IP address) against the HostMatch
entries in the HostIndex, from there it can find HostMetadata which entries in the HostIndex, from there it can find HostMetadata which
describes properties for a host and PathMetadata which may override describes properties for a host and PathMetadata which may override
those properties for given URI paths within the host. those properties for given URI paths within the host.
HostMetadata and PathMetadata objects may also contain PathMatch HostMetadata and PathMetadata objects may also contain PathMatch
objects which in turn contain PathMetadata objects. PathMatch objects which in turn contain PathMetadata objects. PathMetadata
objects override the CDNI Metadata in the HostMetadata object or one objects override the CDNI Metadata in the HostMetadata object or one
or more preceding PathMetadata objects with more specific CDNI or more preceding PathMetadata objects with more specific CDNI
Metadata that applies to content requests matching the pattern Metadata that applies to content requests matching the pattern
defined in that PathMatch object. defined in that PathMatch object.
For the purposes of retrieving CDNI Metadata, all other required CDNI For the purposes of retrieving CDNI Metadata, all other required CDNI
Metadata objects and their properties are discoverable from the Metadata objects and their properties are discoverable from the
appropriate HostMetadata, PathMatch and PathMetadata objects for the appropriate HostMetadata, PathMatch and PathMetadata objects for the
requested content. requested content.
skipping to change at page 9, line 40 skipping to change at page 9, line 40
| | contains (or references) a HostMetadata object | | | contains (or references) a HostMetadata object |
| | which contains (or references) CDNI Metadata | | | which contains (or references) CDNI Metadata |
| | objects to be applied when a request matches | | | objects to be applied when a request matches |
| | against the hostname. For example, if | | | against the hostname. For example, if |
| | "example.com" is a content provider, a | | | "example.com" is a content provider, a |
| | HostMatch object may include an entry for | | | HostMatch object may include an entry for |
| | "example.com" with the URI of the associated | | | "example.com" with the URI of the associated |
| | HostMetadata object. | | | HostMetadata object. |
| HostMetadata | A HostMetadata object contains (or references) | | HostMetadata | A HostMetadata object contains (or references) |
| | the default CDNI Metadata objects for content | | | the default CDNI Metadata objects for content |
| | served from that host, i.e. the CDNI Metadata | | | served from that host, i.e., the CDNI Metadata |
| | objects for content requests that do not match | | | objects for content requests that do not match |
| | any of the PathMatch objects contained (or | | | any of the PathMatch objects contained (or |
| | referenced) by that HostMetadata object. For | | | referenced) by that HostMetadata object. For |
| | example, a HostMetadata object may describe the | | | example, a HostMetadata object may describe the |
| | metadata properties which apply to | | | metadata properties which apply to |
| | "example.com" and may contain PathMatches for | | | "example.com" and may contain PathMatches for |
| | "example.com/movies/*" and | | | "example.com/movies/*" and |
| | "example.com/music/*" which reference | | | "example.com/music/*" which reference |
| | corresponding PathMetadata objects that contain | | | corresponding PathMetadata objects that contain |
| | the CDNI Metadata objects for those more | | | the CDNI Metadata objects for those more |
skipping to change at page 10, line 26 skipping to change at page 10, line 26
| | that path. | | | that path. |
| PatternMatch | A PatternMatch object contains the pattern | | PatternMatch | A PatternMatch object contains the pattern |
| | string and flags that describe the URI path | | | string and flags that describe the URI path |
| | that a PathMatch applies to. | | | that a PathMatch applies to. |
| PathMetadata | A PathMetadata object contains (or references) | | PathMetadata | A PathMetadata object contains (or references) |
| | the CDNI GenericMetadata objects for content | | | the CDNI GenericMetadata objects for content |
| | served with the associated URI path (defined in | | | served with the associated URI path (defined in |
| | a PathMatch object). A PathMetadata object may | | | a PathMatch object). A PathMetadata object may |
| | also contain (or reference) PathMatch objects | | | also contain (or reference) PathMatch objects |
| | in order to recursively define more specific | | | in order to recursively define more specific |
| | URI paths that require different (e.g. more | | | URI paths that require different (e.g., more |
| | specific) CDNI Metadata to this one. For | | | specific) CDNI Metadata to this one. For |
| | example, the PathMetadata object which applies | | | example, the PathMetadata object which applies |
| | to "example.com/movies/*" may describe CDNI | | | to "example.com/movies/*" may describe CDNI |
| | Metadata which apply to that resource path and | | | Metadata which apply to that resource path and |
| | may contain a PathMatch object for | | | may contain a PathMatch object for |
| | "example.com/movies/hd/*" which would reference | | | "example.com/movies/hd/*" which would reference |
| | the corresponding PathMetadata object for the | | | the corresponding PathMetadata object for the |
| | "example.com/movies/hd/" path prefix. | | | "example.com/movies/hd/" path prefix. |
| GenericMetadata | A GenericMetadata object contains (or | | GenericMetadata | A GenericMetadata object contains (or |
| | references) individual CDNI Metadata objects | | | references) individual CDNI Metadata objects |
skipping to change at page 11, line 35 skipping to change at page 11, line 35
understand or support the property type and the property type is not understand or support the property type and the property type is not
"mandatory-to-enforce", then that GenericMetadata object may be "mandatory-to-enforce", then that GenericMetadata object may be
safely ignored and the dCDN MUST process the content request in safely ignored and the dCDN MUST process the content request in
accordance with the rest of the CDNI metadata. accordance with the rest of the CDNI metadata.
Although a CDN MUST NOT serve content to a User Agent if a Although a CDN MUST NOT serve content to a User Agent if a
"mandatory-to-enforce" property cannot be enforced, it may be "safe- "mandatory-to-enforce" property cannot be enforced, it may be "safe-
to-redistribute" that metadata to another CDN without modification. to-redistribute" that metadata to another CDN without modification.
For example, in the cascaded CDN case, a transit CDN may pass through For example, in the cascaded CDN case, a transit CDN may pass through
"mandatory-to-enforce" metadata to a downstream CDN. For Metadata "mandatory-to-enforce" metadata to a downstream CDN. For Metadata
which does not require customization or translation (i.e. metadata which does not require customization or translation (i.e., metadata
that is "safe-to-redistribute"), the data representation received off that is "safe-to-redistribute"), the data representation received off
the wire MAY be stored and redistributed without being natively the wire MAY be stored and redistributed without being natively
understood or supported by the transit CDN.However, for Metadata understood or supported by the transit CDN. However, for Metadata
which requires translation, transparent redistribution of the uCDN which requires translation, transparent redistribution of the uCDN
Metadata values may not be appropriate. Certain Metadata may be Metadata values may not be appropriate. Certain Metadata may be
safely, though possibly not optimally, redistributed unmodified. For safely, though possibly not optimally, redistributed unmodified. For
example, source acquisition address may not be optimal if example, source acquisition address may not be optimal if
transparently redistributed, but may still work. transparently redistributed, but may still work.
Redistribution safety MUST be specified for each GenericMetadata. If Redistribution safety MUST be specified for each GenericMetadata. If
a CDN does not understand or support a given GenericMetadata property a CDN does not understand or support a given GenericMetadata property
type and the property type is not "safe-to-redistribute", before type and the property type is not "safe-to-redistribute", before
redistributing the metadata, the CDN MUST set the "incomprehensible" redistributing the metadata, the CDN MUST set the "incomprehensible"
flag for the GenericMetadata property that it did not understand and flag for the GenericMetadata property that it did not understand and
was marked as not "safe-to-redistribute". The "incomprehensible" was marked as not "safe-to-redistribute". The "incomprehensible"
flag signals to a dCDN that the metadata was not properly transformed flag signals to a dCDN that the metadata was not properly transformed
by the transit CDN. A CDN MUST NOT attempt to use metadata that has by the transit CDN. A CDN MUST NOT attempt to use metadata that has
been marked as "incomprehensible" by a uCDN. been marked as "incomprehensible" by a uCDN.
[[Editors' Note: Do we need to clarify what is meant by
"Redistribution safety MUST be specified"? In Section 4.1.7
(GenericMetadata) we say that StR is not Mandatory-to-Specify and
defaults to StR=True. A strict interpretation of "MUST be specified"
could be that StR is Mandatory-to-Specify and could lead to dCDNs
rejecting requests/metadata that leave it out as the default applies
which would be an issue for interop. Maybe change first sentence to
"If a GenericMetadata object cannot be redistributed safely then it
MUST be marked as not safe-to-redistribute (i.e. Safe-to-
redistribute is set to False).]]
Transit CDNs MUST NOT change the value of "mandatory-to-enforce" or Transit CDNs MUST NOT change the value of "mandatory-to-enforce" or
"safe-to-redistribute" when propogating metadata to a dCDN. Although "safe-to-redistribute" when propagating metadata to a dCDN. Although
a transit CDN may set the value of "incomprehensible" to true, a a transit CDN may set the value of "incomprehensible" to true, a
transit CDN MUST NOT change the value of "incomprehensible" from true transit CDN MUST NOT change the value of "incomprehensible" from true
to false. to false.
[[Editors' Note: Should a transit CDN be allowed to change the value
of "mandatory-to-enforce" or "safe-to-redistribute"? Changing MtE
from false to true should be safe from an enforcement perspective as
it makes delivery more restrictive? Changing StR may be ok,
depending upon what the metadata is (e.g., perhaps URL rewrite is
only needed in certain cases and the transit CDN is the one to make
that decision)? For simplicity, prohibiting transit CDNs from
changing MtE or StR seems like the simplest approach.]]
The following table describes the action to be taken by a transit CDN The following table describes the action to be taken by a transit CDN
(tCDN) for the different "mandatory-to-enforce" (MtE) and "safe-to- (tCDN) for the different "mandatory-to-enforce" (MtE) and "safe-to-
redistribute" (StR) cases, when the tCDN either does or does not redistribute" (StR) cases, when the tCDN either does or does not
understand the metadata in question: understand the metadata in question:
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
| MtE | StR | Metadata | Actions allowed | | MtE | StR | Metadata | Actions |
| | | Understood | | | | | Understood | |
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
| False | True | True | Can serve and redistribute. | | False | True | True | Can serve and redistribute. |
| False | True | False | Can serve and redistribute. | | False | True | False | Can serve and redistribute. |
| False | False | False | Can serve but MUST set | | False | False | False | Can serve. MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
| False | False | True | Can serve. Can redistribute either | | False | False | True | Can serve. Can redistribute either |
| | | | by transforming not StR metadata (if | | | | | by transforming not StR metadata (if |
| | | | the CDN know how to do so safely), | | | | | the CDN know how to do so safely), |
| | | | otherwise MUST set | | | | | otherwise MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
| True | True | True | Can serve and can redistribute. | | True | True | True | Can serve and redistribute. |
| True | True | False | MUST NOT serve but can redistribute. | | True | True | False | MUST NOT serve but can redistribute. |
| True | False | True | Can serve and can redistribute. | | True | False | True | Can serve and redistribute. |
| True | False | False | MUST NOT serve. MUST set | | True | False | False | MUST NOT serve. MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
The following table describes the action to be taken by a dCDN for The following table describes the action to be taken by a dCDN for
the different "mandatory-to-enforce" (MtE), "safe-to-redistribute" the different "mandatory-to-enforce" (MtE) and "incomprehensible"
(StR) and "incomprehensible" (Inc) cases, when the dCDN either does (Incomp) cases, when the dCDN either does or does not understand the
or does not understand the metadata in question: metadata in question:
+-------+-------+------------+------------------+-------------------+ +-------+------------+--------+-------------------------------------+
| MtE | StR | Metadata | Incomprehensible | Actions allowed | | MtE | Metadata | Incomp | Actions |
| | | Understood | | | | | Understood | | |
+-------+-------+------------+------------------+-------------------+ +-------+------------+--------+-------------------------------------+
| False | True | True | False | Can serve. | | False | True | False | Can serve. |
| False | True | True | True | Can serve but | | False | True | True | Can serve but MUST NOT |
| | | | | MUST NOT | | | | | interpret/apply any metadata marked |
| | | | | interpret/apply | | | | | incomprehensible. |
| | | | | any metadata | | False | False | False | Can serve. |
| | | | | marked | | False | False | True | Can serve but MUST NOT |
| | | | | incomprehensible. | | | | | interpret/apply any metadata marked |
| False | True | False | False | Can serve. | | | | | incomprehensible. |
| False | True | False | True | Can serve but | | True | True | False | Can serve. |
| | | | | MUST NOT | | True | True | True | Can serve but MUST NOT |
| | | | | interpret/apply | | | | | interpret/apply any metadata marked |
| | | | | any metadata | | | | | incomprehensible. |
| | | | | marked | | True | False | False | MUST NOT serve. |
| | | | | incomprehensible. | | True | False | True | MUST NOT serve. |
| False | False | True | False | Can serve. | +-------+------------+--------+-------------------------------------+
| False | False | True | True | Can serve but |
| | | | | MUST NOT |
| | | | | interpret/apply |
| | | | | any metadata |
| | | | | marked |
| | | | | incomprehensible. |
| False | False | False | False | Can serve. |
| False | False | False | True | Can serve but |
| | | | | MUST NOT |
| | | | | interpret/apply |
| | | | | any metadata |
| | | | | marked |
| | | | | incomprehensible. |
| True | True | True | False | Can serve. |
| True | True | True | True | Can serve but |
| | | | | MUST NOT |
| | | | | interpret/apply |
| | | | | any metadata |
| | | | | marked |
| | | | | incomprehensible. |
| True | True | False | False | MUST NOT serve. |
| True | True | False | True | MUST NOT serve. |
| True | False | True | False | Can serve. |
| True | False | True | True | Can serve but |
| | | | | MUST NOT |
| | | | | interpret/apply |
| | | | | any metadata |
| | | | | marked |
| | | | | incomprehensible. |
| True | False | False | False | MUST NOT serve. |
| True | False | False | True | MUST NOT serve. |
+-------+-------+------------+------------------+-------------------+
3.3. Metadata Inheritance and Override 3.3. Metadata Inheritance and Override
In the data model, a HostMetadata object may contain (or reference) In the data model, a HostMetadata object may contain (or reference)
multiple PathMetadata objects (via PathMatch objects). Each multiple PathMetadata objects (via PathMatch objects). Each
PathMetadata object may in turn contain (or reference) other PathMetadata object may in turn contain (or reference) other
PathMetadata objects. HostMetadata and PathMetadata objects form an PathMetadata objects. HostMetadata and PathMetadata objects form an
inheritance tree where each node in the tree inherits or overrides inheritance tree where each node in the tree inherits or overrides
the property values set by its parent. the property values set by its parent.
skipping to change at page 15, line 14 skipping to change at page 13, line 51
object which applies to "example.com/movies/*" defines an alternate object which applies to "example.com/movies/*" defines an alternate
GenericMetadata object of type TimeWindowACL, then: GenericMetadata object of type TimeWindowACL, then:
o the TimeWindowACL defined in the PathMetadata would override the o the TimeWindowACL defined in the PathMetadata would override the
TimeWindowACL defined in the HostMetadata for all User Agent TimeWindowACL defined in the HostMetadata for all User Agent
requests for content under "example.com/movies", and requests for content under "example.com/movies", and
o the LocationACL defined in the HostMetadata would be inherited for o the LocationACL defined in the HostMetadata would be inherited for
all User Agent requests for content under "example.com/movies". all User Agent requests for content under "example.com/movies".
o A single HostMetadata or PathMetadata object SHOULD NOT contain
multiple GenericMetadata objects of the same type. If a list of
GenericMetadata contains objects of duplicate types, the receiver
MUST ignore all but the first object of each type.
4. Encoding-Independent CDNI Metadata Object Descriptions 4. Encoding-Independent CDNI Metadata Object Descriptions
Section 4.1 provides the definitions of each object type declared in Section 4.1 provides the definitions of each object type declared in
Section 3. These objects are described as structural objects as they Section 3. These objects are described as structural objects as they
provide the structure for the inheritance tree and identifying which provide the structure for the inheritance tree and identify which
specific properties apply to a given User Agent content request. specific properties apply to a given User Agent content request.
Section 4.2 provides the definitions for a base set of core metadata Section 4.2 provides the definitions for a base set of core metadata
objects which may be contained within a GenericMetadata object. objects which may be contained within a GenericMetadata object.
These objects are described as property objects as they define the These objects are described as property objects, as they define the
structure, semantics, and enforcement options for specific properties structure, semantics, and enforcement options for specific properties
of the metadata being described. Property objects govern how User of the metadata being described. Property objects govern how User
Agent requests for content are handled. Property objects may be Agent requests for content are handled. Property objects may be
composed of or contain references to other property sub-objects (i.e. composed of, or contain references to, other property sub-objects
property objects contained within or referenced by the property (i.e., property objects contained within or referenced by the
object that refers to that property sub-object). In those cases the property object that refers to that property sub-object). In those
value of the property sub-objects can be either a complete serialized cases the value of the property sub-objects can be either a complete
representation of the sub-object, or a Link object that contains a serialized representation of the sub-object, or a Link object that
URI and relationship that can be dereferenced to retrieve the contains a URI and relationship that can be dereferenced to retrieve
complete serialized representation of the property sub-object. the complete serialized representation of the property sub-object.
Section 6.5 discusses the ability to extend the base set of metadata Section 6.5 discusses the ability to extend the base set of metadata
objects specified in this document with additional standards based or objects specified in this document with additional standards based or
vendor specific property objects that may be defined in the future in vendor specific property objects that may be defined in the future in
separate documents. separate documents.
Downstream CDNs MUST support parsing of all CDNI metadata objects Downstream CDNs MUST support parsing of all CDNI metadata objects
specified in this document. A dCDN does not have to implement the specified in this document. A dCDN does not have to implement the
underlying functionality represented by the metadata object, which underlying functionality represented by the metadata object, though
may restrict the content which that dCDN can serve. uCDNs as that may restrict the content that a given dCDN can serve. uCDNs as
generators of CDNI Metadata only need to support generating the CDNI generators of CDNI Metadata only need to support generating the CDNI
metadata that they need in order to express the policies and metadata that they need in order to express the policies and
treatment the content they are describing requires. treatment required by the content they are describing.
Note: In the following sections, the term "mandatory-to-specify" is Note: In the following sections, the term "mandatory-to-specify" is
used to convey which property sub-objects MUST be specified for a used to convey which property sub-objects MUST be specified for a
given structural or property object. When mandatory-to-specify is given structural or property object. When mandatory-to-specify is
set to true on a sub-object, it implies that if the property object set to true on a sub-object, it implies that if the property object
containing that property sub-object is specified, then the mandatory- containing that property sub-object is specified, then the mandatory-
to-specify property sub-object MUST also be specified, e.g., a to-specify property sub-object MUST also be specified, e.g., a
HostMatch property object without a host to match against does not HostMatch property object without a host to match against does not
make sense, therefore, the host is mandatory-to-specify inside a make sense, therefore, the host is mandatory-to-specify inside a
HostMatch property object. HostMatch property object.
4.1. Descriptions of the CDNI Structural Metadata Objects 4.1. Descriptions of the CDNI Structural Metadata Objects
Each of the sub-sections below describe the structural objects Each of the sub-sections below describe the structural objects
defined in Table 2. defined in Table 2.
4.1.1. HostIndex 4.1.1. HostIndex
The HostIndex object is the entry point into the CDNI Metadata The HostIndex object is the entry point into the CDNI Metadata
hierarchy. It contains (or references) a list of HostMatch objects. hierarchy. It contains (or references) a list of HostMatch objects.
An incoming content request is matched against the hostname inside of An incoming content request is checked against the hostname (or IP
each of the listed HostMatch objects to find the HostMatch object address) specified by each of the listed HostMatch objects to find
which applies to the request. the HostMatch object which applies to the request.
Property: hosts Property: hosts
Description: List of HostMatch objects, in priority order. Description: List of HostMatch objects, in priority order.
Type: List of HostMatch objects Type: List of HostMatch objects
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.1.2. HostMatch 4.1.2. HostMatch
skipping to change at page 17, line 4 skipping to change at page 15, line 47
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: host-metadata Property: host-metadata
Description: CDNI Metadata to apply when delivering content Description: CDNI Metadata to apply when delivering content
that matches this host. that matches this host.
Type: HostMetadata Type: HostMetadata
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.1.3. HostMetadata 4.1.3. HostMetadata
The HostMetadata object contains (or references) both Metadata that A HostMetadata object contains (or references) the CDNI Metadata
applies to content requests for a particular host and a list of properties for content served for a particular host (defined in the
pattern matches for finding more specific Metadata based on the HostMatch object) and possibly child PathMatch objects.
resource path in a content request.
Property: metadata Property: metadata
Description: List of host related metadata. Description: List of host related metadata.
Type: List of GenericMetadata objects Type: List of GenericMetadata objects
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: paths Property: paths
skipping to change at page 17, line 36 skipping to change at page 16, line 34
process is applied. process is applied.
Type: List of PathMatch objects Type: List of PathMatch objects
Mandatory-to-Specify: No. Mandatory-to-Specify: No.
4.1.4. PathMatch 4.1.4. PathMatch
The PathMatch object contains (or references) an expression given as The PathMatch object contains (or references) an expression given as
a PatternMatch object to match against a resource URI path and a PatternMatch object to match against a resource URI path and
Metadata objects to apply if a match is found. contains or references a PathMetadata object to apply if a match is
found.
Property: path-pattern Property: path-pattern
Description: Pattern to match against the requested path, i.e. Description: Pattern to match against the requested path, i.e.,
against the [RFC3986] path-absolute. against the [RFC3986] path-absolute.
Type: PatternMatch Type: PatternMatch
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: path-metadata Property: path-metadata
Description: CDNI Metadata to apply when delivering content Description: CDNI Metadata to apply when delivering content
that matches this pattern. that matches this path.
Type: PathMetadata Type: PathMetadata
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.1.5. PathMetadata 4.1.5. PathMetadata
A PathMetadata object contains (or reference) the CDNI Metadata A PathMetadata object contains (or references) the CDNI Metadata
properties for content served with the associated URI path (defined properties for content served with the associated URI path (defined
in a PathMatch object) and possibly children PathMatch objects. in a PathMatch object) and possibly child PathMatch objects.
Note that if DNS-based redirection is employed, then any metadata at Note that if DNS-based redirection is employed, then any metadata at
the PathMetadata level or below will be inaccessible at request the PathMetadata level or below will be inaccessible at request
routing time because only the content request hostname is available routing time because only the content request hostname is available
at request routing time. at request routing time.
Property: metadata Property: metadata
Description: List of path related metadata. Description: List of path related metadata.
skipping to change at page 19, line 34 skipping to change at page 18, line 31
4.1.7. GenericMetadata 4.1.7. GenericMetadata
A GenericMetadata object is an abstraction for managing individual A GenericMetadata object is an abstraction for managing individual
CDNI Metadata properties in an opaque manner. CDNI Metadata properties in an opaque manner.
Property: generic-metadata-type Property: generic-metadata-type
Description: CDNI Metadata property object type. Description: CDNI Metadata property object type.
Type: String Type: MIME Type String (from Section 7.1)
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: generic-metadata-value Property: generic-metadata-value
Description: CDNI Metadata property object. Description: CDNI Metadata property object.
Type: Format/Type is defined by the value of generic-metadata- Type: Format/Type is defined by the value of generic-metadata-
type property above. type property above.
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: mandatory-to-enforce Property: mandatory-to-enforce
Description: Flag identifying whether or not the enforcement of Description: Flag identifying whether or not the enforcement of
the property Metadata is required. the property Metadata is required.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is to treat metadata as Mandatory-to-Specify: No. Default is to treat metadata as
mandatory to enforce. mandatory to enforce (i.e., true).
Property: safe-to-redistribute Property: safe-to-redistribute
Description: Flag identifying whether or not the property Description: Flag identifying whether or not the property
Metadata may be safely redistributed without modification. Metadata may be safely redistributed without modification.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is allow transparent Mandatory-to-Specify: No. Default is allow transparent
redistribution. redistribution (i.e., true).
Property: incomprehensible
Description: Flag identifying whether or not any CDN in the
chain of delegation has failed to understand and/or failed to
properly transform the Metadata.
Type: Boolean
Mandatory-to-Specify: No. Default is comprehensible (i.e.,
false).
4.2. Description of the CDNI Generic Metadata Objects 4.2. Description of the CDNI Generic Metadata Objects
The property objects defined below are intended to be used in the The property objects defined below are intended to be used in the
GenericMetadata object generic-metadata-value field as defined in GenericMetadata object generic-metadata-value field as defined in
Section 4.1.7 and their generic-metadata-type property MUST be set to Section 4.1.7 and their generic-metadata-type property MUST be set to
the appropriate Media Type as defined in [[REF]]. the appropriate Media Type as defined in Section 7.1.
[[Editors' note: We don't specify media types for the Generic
Metadata object we define anywhere. Need to do that - at a minimum
in the IANA section, but should we introduce/explain them elsewhere
in the document too?]]
4.2.1. Source Metadata 4.2.1. Source Metadata
Source Metadata provides the dCDN information about content Source Metadata provides the dCDN information about content
acquisition e.g. how to contact an uCDN Surrogate or an Origin Server acquisition, i.e., how to contact an uCDN Surrogate or an Origin
to obtain the content to be served. The sources are not necessarily Server to obtain the content to be served. The sources are not
the actual Origin Servers operated by the CSP but might be a set of necessarily the actual Origin Servers operated by the CSP but might
Surrogates in the uCDN. be a set of Surrogates in the uCDN.
Endpoints within a source should be treated as equivalent/equal so Endpoints within a source should be treated as equivalent/equal so
one can specify a list of sources in preference order and for each one can specify a list of sources in preference order and for each
source/preference rank one can specify a list of endpoints that are source/preference rank one can specify a list of endpoints that are
equivalent, e.g. a pool of servers that are not behind a load equivalent, e.g., a pool of servers that are not behind a load
balancer. balancer.
Property: sources Property: sources
Description: Sources from which the dCDN can acquire content, Description: Sources from which the dCDN can acquire content,
listed in order of preference. listed in order of preference.
Type: List of Source objects Type: List of Source objects
Mandatory-to-Specify: No. Default is to use static Mandatory-to-Specify: No. Default is to use static
configuration, out of band of the metadata interface. configuration, out-of-band from the metadata interface.
4.2.1.1. Source 4.2.1.1. Source
A Source object describes the Source which should be used by the dCDN A Source object describes the Source which should be used by the dCDN
for content acquisition, e.g. a Surrogate within the uCDN or an for content acquisition, e.g., a Surrogate within the uCDN or an
alternate Origin Server, the protocol to be used and any alternate Origin Server, the protocol to be used and any
authentication method. authentication method.
Property: auth Property: acquisition-auth
Description: Authentication method to use when requesting Description: Authentication method to use when requesting
content from this source. content from this source.
Type: Auth Type: Auth
Mandatory-to-Specify: No. Default is no authentication is Mandatory-to-Specify: No. Default is no authentication
required. required.
Property: endpoints Property: endpoints
Description: Origins from which the dCDN can acquire content. Description: Origins from which the dCDN can acquire content.
If multiple endpoints are specified they are all equal, i.e. If multiple endpoints are specified they are all equal, i.e.,
the list is not in preference order, for example a pool of the list is not in preference order, for example a pool of
servers behind a load balancer. servers behind a load balancer.
Type: List of EndPoint objects Type: List of EndPoint objects
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: protocol Property: protocol
Description: Network retrieval protocol to use when requesting Description: Network retrieval protocol to use when requesting
skipping to change at page 22, line 4 skipping to change at page 21, line 16
LocationACL Metadata defines location-based restrictions. LocationACL Metadata defines location-based restrictions.
A LocationACL which does not include a locations property results in A LocationACL which does not include a locations property results in
an action of allow, meaning that delivery can be performed regardless an action of allow, meaning that delivery can be performed regardless
of the User Agent's location. The action from the first footprint to of the User Agent's location. The action from the first footprint to
match against the User Agent's location is the action a CDN MUST match against the User Agent's location is the action a CDN MUST
take. If two or more footprints overlap, the first footprint that take. If two or more footprints overlap, the first footprint that
matches against the User Agent's location determines the action a CDN matches against the User Agent's location determines the action a CDN
MUST take. If the locations property is included but is empty, or if MUST take. If the locations property is included but is empty, or if
none of the listed footprints matches the User Agent's location then none of the listed footprints matches the User Agent's location, then
the result is an action of deny. the result is an action of deny.
Although the LocationACL, TimeWindowACL, and ProtocolACL are
independent GenericMetadata objects, they may provide conflicting
information to a dCDN, e.g., a content request which is
simultaneously allowed based on the LocationACL and denied based on
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs
(where 'allow' is true and 'deny' is false) to determine whether or
not a request should be allowed. Thus, in the example given, the
request should be denied.
Property: locations Property: locations
Description: Description: Access control list which allows or Description: Access control list which allows or blocks
blocks delivery based on client location. delivery based on client location.
Type: List of LocationRule objects Type: List of LocationRule objects
Mandatory-to-Specify: No. Default is allow all locations. Mandatory-to-Specify: No. Default is allow all locations.
4.2.2.1. LocationRule 4.2.2.1. LocationRule
A LocationRule contains or references a list of Footprint objects and A LocationRule contains or references a list of Footprint objects and
the corresponding action. the corresponding action.
skipping to change at page 22, line 41 skipping to change at page 22, line 14
Description: Defines whether the rule specifies locations to Description: Defines whether the rule specifies locations to
allow or deny. allow or deny.
Type: Enumeration [allow|deny] Type: Enumeration [allow|deny]
Mandatory-to-Specify: No. Default is deny. Mandatory-to-Specify: No. Default is deny.
4.2.2.2. Footprint 4.2.2.2. Footprint
A Footprint object describes the footprint to which a LocationRule A Footprint object describes the footprint to which a LocationRule
may be applied by, e.g. an IPv4 address range or a geographic may be applied by, e.g., an IPv4 address range or a geographic
location. location.
Property: footprint-type Property: footprint-type
Description: Registered footprint type (see Section 7.1.1.1). Description: Registered footprint type (see Section 7.1.1.1).
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
skipping to change at page 23, line 18 skipping to change at page 22, line 38
associated with the registered footprint type. associated with the registered footprint type.
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.2.3. TimeWindowACL Metadata 4.2.3. TimeWindowACL Metadata
TimeWindowACL Metadata defines time-based restrictions. TimeWindowACL Metadata defines time-based restrictions.
A TimeWindowACL which does not include a times property results in an
action of allow, meaning that delivery can be performed regardless of
the time of the User Agent's request. The action from the first
window to match against the current time is the action a CDN MUST
take. If two or more windows overlap, the first window that matches
against the current time determines the action a CDN MUST take. If
the times property is included but is empty, or if none of the listed
windows matches the current time, then the result is an action of
deny.
Although the LocationACL, TimeWindowACL, and ProtocolACL are
independent GenericMetadata objects, they may provide conflicting
information to a dCDN, e.g., a content request which is
simultaneously allowed based on the LocationACL and denied based on
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs
(where 'allow' is true and 'deny' is false) to determine whether or
not a request should be allowed. Thus, in the example given, the
request should be denied.
Property: times Property: times
Description: Description: Access control list which allows or Description: Description: Access control list which allows or
blocks delivery based on request time. blocks delivery based on request time.
Type: List of TimeWindowRule objects Type: List of TimeWindowRule objects
Mandatory-to-Specify: No. Default is allow all time windows. Mandatory-to-Specify: No. Default is allow all time windows.
4.2.3.1. TimeWindowRule 4.2.3.1. TimeWindowRule
skipping to change at page 24, line 8 skipping to change at page 23, line 43
Description: Defines whether the rule specifies time windows to Description: Defines whether the rule specifies time windows to
allow or deny. allow or deny.
Type: Enumeration [allow|deny] Type: Enumeration [allow|deny]
Mandatory-to-Specify: No. Default is deny. Mandatory-to-Specify: No. Default is deny.
4.2.3.2. TimeWindow 4.2.3.2. TimeWindow
A TimeWindow object describes a time range which may be applied by an A TimeWindow object describes a time range which may be applied by an
ACLRule, e.g. Start 09:00AM 01/01/2000 UTC End 17:00PM 01/01/2000 TimeWindowACL, e.g., start 946717200 (i.e., 09:00AM 01/01/2000 UTC),
UTC. end: 946746000 (i.e., 17:00AM 01/01/2000 UTC).
Property: start Property: start
Description: The start time of the window. Description: The start time of the window.
Type: Time Type: Time
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: end Property: end
Description: The end time of the window. Description: The end time of the window.
Type: Time Type: Time
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
skipping to change at page 24, line 31 skipping to change at page 24, line 18
Description: The end time of the window. Description: The end time of the window.
Type: Time Type: Time
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.2.4. ProtocolACL Metadata 4.2.4. ProtocolACL Metadata
ProtocolACL Metadata defines delivery protocol restrictions. ProtocolACL Metadata defines delivery protocol restrictions.
Property: protocols A ProtocolACL which does not include a protocol-acl property results
in an action of allow, meaning that delivery can be performed
regardless of the protocol of the User Agent's request. The action
from the first protocol to match against the request protocol is the
action a CDN MUST take. If two or more request protocols overlap,
the first protocol that matches thre request protocol determines the
action a CDN MUST take. If the protocol-acl property is included but
is empty, or if none of the listed protocol matches the request
protocol, then the result is an action of deny.
Although the LocationACL, TimeWindowACL, and ProtocolACL are
independent GenericMetadata objects, they may provide conflicting
information to a dCDN, e.g., a content request which is
simultaneously allowed based on the LocationACL and denied based on
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs
(where 'allow' is true and 'deny' is false) to determine whether or
not a request should be allowed. Thus, in the example given, the
request should be denied.
Property: protocol-acl
Description: Description: Access control list which allows or Description: Description: Access control list which allows or
blocks delivery based on delivery protocol. blocks delivery based on delivery protocol.
Type: List of ProtocolRule objects Type: List of ProtocolRule objects
Mandatory-to-Specify: No. Default is allow all protocols. Mandatory-to-Specify: No. Default is allow all protocols.
4.2.4.1. ProtocolRule 4.2.4.1. ProtocolRule
skipping to change at page 25, line 12 skipping to change at page 25, line 20
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: action Property: action
Description: Defines whether the rule specifies protocols to Description: Defines whether the rule specifies protocols to
allow or deny. allow or deny.
Type: Enumeration [allow|deny] Type: Enumeration [allow|deny]
Mandatory-to-Specify: No. Default is allow all protocols. Mandatory-to-Specify: No. Default is deny.
4.2.5. Authorization Metadata 4.2.5. DeliveryAuthorization Metadata
Authorization Metadata define content authorization methods. Delivery Authorization defines authorization methods for the delivery
of content to User Agents.
Property: methods Property: delivery-auth-methods
Description: Options for authenticating content requests. All Description: Options for authorizing content requests.
options in the list are equally valid. Delivery for a content request is authorized if any of the
authorization method in the list is satisfied for that request.
Type: List of Auth objects Type: List of Auth objects
Mandatory-to-Specify: No. Default is no authorization Mandatory-to-Specify: No. Default is no authorization
required. required.
4.2.6. Auth 4.2.6. Cache
An Auth object defines authentication and authorization methods to be
used during content delivery and content acquisition.
Property: auth-type
Description: Registered Auth type (see Section 7.1.1.3).
Type: String
Mandatory-to-Specify: Yes.
Property: auth-value
Description: Auth object conforming to the specification
associated with the registered Auth type.
Type: String
Mandatory-to-Specify: Yes.
4.2.6.1. Credentials Auth Type
Credentials Auth is a type of Auth object with type "credentials"
(see Section 7.1.1.3). The CredentialsAuth object contains the
following properties:
Property: username
Description: Identification of user.
Type: String
Mandatory-to-Specify: Yes.
Property: password
Description: Password for user identified by username property.
Type: String
Mandatory-to-Specify: Yes.
4.2.7. Cache
A Cache object describes the cache control parameters to be applied A Cache object describes the cache control parameters to be applied
to the content by intermediate caches. to the content by intermediate caches.
Property: ignore-query-string Property: ignore-query-string
Description: Allows a cache to ignore URI query string Description: Allows a cache to ignore URI query string
parameters while comparing URIs for equivalence. Each query parameters while comparing URIs for equivalence. Each query
parameter to ignore is specified in the list. If all query parameter to ignore is specified in the list. If all query
parameters should be ignored, then the list MUST be empty. parameters should be ignored, then the list MUST be specified
and MUST be empty.
Type: List of String Type: List of String
Mandatory-to-Specify: No. Default is to consider query string Mandatory-to-Specify: No. Default is to consider query string
parameters when comparing URIs. parameters when comparing URIs.
4.2.8. Grouping 4.2.7. Grouping
A Grouping object identifies a large group of content to which this A Grouping object identifies a large group of content to which a
content belongs. given asset belongs.
Property: ccid Property: ccid
Description: Content Collection identifier for an application- Description: Content Collection identifier for an application-
specific purpose such as logging. specific purpose such as logging.
Type: String Type: String
Mandatory-to-Specify: No. Default is an empty string. Mandatory-to-Specify: No. Default is an empty string.
skipping to change at page 27, line 20 skipping to change at page 26, line 32
Description: Session identifier for an application-specific Description: Session identifier for an application-specific
purpose such as logging. purpose such as logging.
Type: String Type: String
Mandatory-to-Specify: No. Default is an empty string. Mandatory-to-Specify: No. Default is an empty string.
4.3. CDNI Metadata Simple Data Type Descriptions 4.3. CDNI Metadata Simple Data Type Descriptions
This section describes the simpler data types that are used for This section describes the simple data types that are used for
properties of CDNI Metadata objects. properties of CDNI Metadata objects.
4.3.1. Link 4.3.1. Link
A link object may be used in place of any of the objects or A link object may be used in place of any of the objects or
properties described above. Links can be used to avoid duplication properties described above. Links can be used to avoid duplication
if the same metadata information is repeated within the metadata if the same metadata information is repeated within the metadata
tree. When a link replaces an object, its href property is set to tree. When a link replaces an object, its href property is set to
the URI of the resource and its type property is set to the type of the URI of the resource and its type property is set to the type of
the object it is replacing. the object it is replacing.
Property: href Property: href
Description: The URI of the of the addressable object being Description: The URI of the addressable object being
referenced. referenced.
Type: URI Type: URI
Mandatory-to-Specify: Yes Mandatory-to-Specify: Yes
Property: metadata-object-type Property: type
Description: The type of the object being referenced. Description: The type of the object being referenced.
Type: String Type: String
Mandatory-to-Specify: No Mandatory-to-Specify: No
4.3.2. Protocol 4.3.2. Protocol
Protocol objects are used to specify registered protocols for content Protocol objects are used to specify registered protocols for content
skipping to change at page 28, line 38 skipping to change at page 27, line 46
Type: String Type: String
4.3.5. Time 4.3.5. Time
A time value expressed in seconds since Unix epoch in the UTC A time value expressed in seconds since Unix epoch in the UTC
timezone. timezone.
Type: Integer Type: Integer
4.4. Auth
An Auth object defines authentication and authorization methods to be
used during content acquisition and content delivery, respectively.
Property: auth-type
Description: Registered Auth type (see Section 7.1.1.3).
Type: String
Mandatory-to-Specify: Yes.
Property: auth-value
Description: An object conforming to the specification
associated with the Registered Auth type.
Type: String
Mandatory-to-Specify: Yes.
4.4.1. CredentialAuth Type
CredentialAuth is a Registered Auth type defining an object for
encapsulating user credentials (i.e., username and password) (see
Section 7.1.1.3). The CredentialAuth object contains the following
properties:
Property: username
Description: Identification of user.
Type: String
Mandatory-to-Specify: Yes.
Property: password
Description: Password for user identified by username property.
Type: String
Mandatory-to-Specify: Yes.
5. CDNI Metadata Capabilities 5. CDNI Metadata Capabilities
CDNI Metadata is used to convey information pertaining to content CDNI Metadata is used to convey information pertaining to content
delivery from uCDN to dCDN. For optional metadata, it may be useful delivery from uCDN to dCDN. For optional metadata, it may be useful
for the uCDN to know if the dCDN supports the metadata, prior to for the uCDN to know if the dCDN supports the metadata, prior to
delegating any content requests to the dCDN. If optional-to- delegating any content requests to the dCDN. If optional-to-
implement metadata is "mandatory-to-enforce" and the dCDN does not implement metadata is "mandatory-to-enforce", and the dCDN does not
support it, any delegated requests for that content will fail, so the support it, any delegated requests for that content will fail. The
uCDN is likely to want to avoid delegating those requests to that uCDN will likely want to avoid delegating those requests to that
dCDN. Likewise, for any metadata which may be assigned optional dCDN. Likewise, for any metadata which may be assigned optional
values, it may be useful for the uCDN to know which values the dCDN values, it may be useful for the uCDN to know which values a dCDN
supports, prior to delegating any content requests to the dCDN. If supports, prior to delegating any content requests to that dCDN. If
the optional value assigned to a given piece of content's metadata is the optional value assigned to a given piece of content's metadata is
not supported by the dCDN, any delegated requests for that content not supported by the dCDN, any delegated requests for that content
may fail, so again the uCDN is likely to want to avoid delegating may fail, so again the uCDN is likely to want to avoid delegating
those requests to that dCDN. those requests to that dCDN.
The CDNI Footprint and Capabilities Interface (FCI) The CDNI Footprint and Capabilities Interface (FCI)
[I-D.ietf-cdni-framework] provides a means of advertising [I-D.ietf-cdni-framework] provides a means of advertising
capabilities from dCDN to uCDN. Support for optional metadata and capabilities from dCDN to uCDN. Support for optional metadata and
support for optional metadata values may be advertised using the FCI. support for optional metadata values may be advertised using the FCI.
This section describes the capabilities advertisement requirements
for the metadata defined in this document.
5.1. Protocol ACL Capabilities
The ProtoclACL object contains a list of Protocol values. The dCDN
MUST advertise which delivery protocols it supports so that the uCDN
knows what type of content requests it can redirect to the dCDN. If
the dCDN does not support a given acquisition or delivery protocol,
the uCDN should not delegate requests requiring those protocols to
the dCDN as the dCDN will not be able to properly acquire or deliver
the content.
ProtocolRules are defined for either acquisition or delivery. For
some CDNs, certain combinations of acquisition and delivery protocols
may not make sense (e.g., RTSP acquisition for HTTP delivery), while
other CDNs may support customized protocol adaptation. ProtocolACL
capabilities are not intended to define which combinations of
protocols should be used. ProtocolACL capabilties are only intended
to describe which protocols the dCDN does or does not support.
Protocol combination restrictions are specified in the metadata
itself and associated with specific groups of content assets.
5.2. Authorization Metadata Capabilities
The Authorization object contains a list of Auth values. The dCDN
MUST advertise in its FCI capabilities which authorization types it
supports.
The definition of the corresponding capabilities and the protocol
used to advertise them are outside the scope of this document and are
expected to be specified as part of the CDNI Footprint and
Capabilities Interface.
6. CDNI Metadata interface 6. CDNI Metadata interface
This section specifies an interface to enable a Downstream CDN to This section specifies an interface to enable a Downstream CDN to
retrieve CDNI Metadata objects from an Upstream CDN. retrieve CDNI Metadata objects from an Upstream CDN.
The interface can be used by a Downstream CDN to retrieve CDNI The interface can be used by a Downstream CDN to retrieve CDNI
Metadata objects either Metadata objects either
o Dynamically as required by the Downstream CDN to process received o Dynamically as required by the Downstream CDN to process received
requests. For example in response to a query from an Upstream CDN requests. For example in response to a query from an Upstream CDN
skipping to change at page 30, line 24 skipping to change at page 29, line 40
o In advance of being required. For example in the case of Pre- o In advance of being required. For example in the case of Pre-
positioned CDNI Metadata acquisition. positioned CDNI Metadata acquisition.
The CDNI Metadata interface is built on the principles of RESTful web The CDNI Metadata interface is built on the principles of RESTful web
services. In particular, this means that requests and responses over services. In particular, this means that requests and responses over
the interface are built around the transfer of representations of the interface are built around the transfer of representations of
hyperlinked resources. A resource in the context of the CDNI hyperlinked resources. A resource in the context of the CDNI
Metadata interface is any object in the Data Model (as described in Metadata interface is any object in the Data Model (as described in
Section 3 through Section 4). Section 3 through Section 4).
To retrieve CDNI metadata, a CDNI Metadata client (i.e. a client in To retrieve CDNI metadata, a CDNI Metadata client (i.e., a client in
the dCDN) first makes a HTTP GET request for the URI of the HostIndex the dCDN) first makes a HTTP GET request for the URI of the HostIndex
which provides the CDNI Metadata client with a list of Hostnames for which provides the CDNI Metadata client with a list of Hostnames for
which the upstream CDN may delegate content delivery to the which the upstream CDN may delegate content delivery to the
downstream CDN. The CDNI Metadata client can then obtain any other downstream CDN. The CDNI Metadata client can then obtain any other
CDNI Metadata objects by making a HTTP GET requests for any linked CDNI Metadata objects by making a HTTP GET requests for any linked
Metadats objects it requires. Metadata objects it requires.
CDNI Metadata servers (i.e. servers in the uCDN) are free to assign CDNI Metadata servers (i.e., servers in the uCDN) are free to assign
whatever structure they desire to the URIs for CDNI Metadata objects whatever structure they desire to the URIs for CDNI Metadata objects
and CDNI Metadata clients MUST NOT make any assumptions regarding the and CDNI Metadata clients MUST NOT make any assumptions regarding the
structure of CDNI Metadata URIs or the mapping between CDNI Metadata structure of CDNI Metadata URIs or the mapping between CDNI Metadata
objects and their associated URIs. Therefore any URIs present in the objects and their associated URIs. Therefore any URIs present in the
examples below are purely illustrative and are not intended to impose examples below are purely illustrative and are not intended to impose
a definitive structure on CDNI Metadata interface implementations. a definitive structure on CDNI Metadata interface implementations.
6.1. Transport 6.1. Transport
The CDNI Metadata interface uses HTTP as the underlying protocol The CDNI Metadata interface uses HTTP as the underlying protocol
skipping to change at page 31, line 9 skipping to change at page 30, line 26
The corresponding HTTP Response returns the status of the operation The corresponding HTTP Response returns the status of the operation
in the HTTP Status Code and returns the current representation of the in the HTTP Status Code and returns the current representation of the
resource (if appropriate) in the Response Body. HTTP Responses from resource (if appropriate) in the Response Body. HTTP Responses from
servers implementing the CDNI Metadata interface that contain a servers implementing the CDNI Metadata interface that contain a
response body SHOULD include an ETag to enable validation of cached response body SHOULD include an ETag to enable validation of cached
versions of returned resources. versions of returned resources.
The CDNI Metadata interface specified in this document is a read-only The CDNI Metadata interface specified in this document is a read-only
interface. Therefore support for other HTTP methods such as PUT, interface. Therefore support for other HTTP methods such as PUT,
POST and DELETE etc. is not specified. An server implementation of POST and DELETE etc. is not specified. A server implementation of
the CDNI Metadata interface SHOULD reject all methods other than GET the CDNI Metadata interface SHOULD reject all methods other than GET
and HEAD. and HEAD.
As the CDNI Metadata interface builds on top of HTTP, CDNI Metadata As the CDNI Metadata interface builds on top of HTTP, CDNI Metadata
server implementations MAY make use of any HTTP feature when server implementations MAY make use of any HTTP feature when
implementing the CDNI Metadata interface, for example a CDNI Metadata implementing the CDNI Metadata interface, for example a CDNI Metadata
server MAY make use of HTTP's caching mechanisms to indicate that the server MAY make use of HTTP's caching mechanisms to indicate that the
returned response/representation can be reused without re-contacting returned response/representation can be reused without re-contacting
the CDNI Metadata server. the CDNI Metadata server.
skipping to change at page 32, line 5 skipping to change at page 31, line 20
PathMetadata match the request (and are linked rather than embedded), PathMetadata match the request (and are linked rather than embedded),
the CDNI metadata client makes another GET request for the the CDNI metadata client makes another GET request for the
PathMetadata. Each PathMetadata object may also include references PathMetadata. Each PathMetadata object may also include references
to yet more specific metadata. If this is the case, the CDNI to yet more specific metadata. If this is the case, the CDNI
metadata client continues requesting PathMetadata recursively. metadata client continues requesting PathMetadata recursively.
Where a downstream CDN is interconnected with multiple upstream CDNs, Where a downstream CDN is interconnected with multiple upstream CDNs,
the downstream CDN needs to determine which upstream CDN's CDNI the downstream CDN needs to determine which upstream CDN's CDNI
metadata should be used to handle a particular User Agent request. metadata should be used to handle a particular User Agent request.
When application level redirection (e.g. HTTP 302 redirects) is When application level redirection (e.g., HTTP 302 redirects) is
being used between CDNs, it is expected that the downstream CDN will being used between CDNs, it is expected that the downstream CDN will
be able to determine the upstream CDN that redirected a particular be able to determine the upstream CDN that redirected a particular
request from information contained in the received request (e.g. via request from information contained in the received request (e.g., via
the URI). With knowledge of which upstream CDN routed the request, the URI). With knowledge of which upstream CDN routed the request,
the downstream CDN can choose the correct metadata server from which the downstream CDN can choose the correct metadata server from which
to obtain the HostIndex. Note that the HostIndex served by each uCDN to obtain the HostIndex. Note that the HostIndex served by each uCDN
may be unique. may be unique.
In the case of DNS redirection there is not always sufficient In the case of DNS redirection there is not always sufficient
information carried in the DNS request from User Agents to determine information carried in the DNS request from User Agents to determine
the upstream CDN that redirected a particular request (e.g. when the upstream CDN that redirected a particular request (e.g., when
content from a given host is redirected to a given downstream CDN by content from a given host is redirected to a given downstream CDN by
more than one upstream CDN) and therefore downstream CDNs may have to more than one upstream CDN) and therefore downstream CDNs may have to
apply local policy when deciding which upstream CDN's metadata to apply local policy when deciding which upstream CDN's metadata to
apply. apply.
6.3. Bootstrapping 6.3. Bootstrapping
The URI for the HostIndex object of a given upstream CDN needs to be The URI for the HostIndex object of a given upstream CDN needs to be
either configured in, or discovered by, the downstream CDN. All either configured in, or discovered by, the downstream CDN. All
other objects/resources are then discoverable from the HostIndex other objects/resources are then discoverable from the HostIndex
object by following the links in the HostIndex object and the object by following the links in the HostIndex object and the
referenced HostMetadata and PathMetadata objects. referenced HostMetadata and PathMetadata objects.
If the URI for the HostIndex object is not manually configured in the If the URI for the HostIndex object is not manually configured in the
downstream CDN then the HostIndex URI could be discovered. A downstream CDN then the HostIndex URI could be discovered. A
mechanism allowing the downstream CDN to discover the URI of the mechanism allowing the downstream CDN to discover the URI of the
HostIndex is outside the scope of this document. HostIndex is outside the scope of this document.
6.4. Encoding 6.4. Encoding
Object are resources that may be: Objects are resources that may be:
o Addressable, where the object is a resource that may be retrieved o Addressable, where the object is a resource that may be retrieved
or referenced via its own URI. or referenced via its own URI.
o Embedded, where the object is contained within a property of an o Embedded, where the object is contained within a property of an
addressable object. addressable object.
In the descriptions of objects we use the term "X contains Y" to mean The descriptions of objects use the phrase "X contains Y" to mean
that Y is either directly embedded in X or is linked to by X. It is that Y is either directly embedded in X or is linked to by X. It is
generally a deployment choice for the uCDN implementation to decide generally a deployment choice for the uCDN implementation to decide
when and which CDNI Metadata objects to embed and which are made when and which CDNI Metadata objects to embed and which are made
separately addressable. separately addressable.
6.4.1. MIME Media Types 6.4.1. MIME Media Types
All MIME types for CDNI Metadata objects are prefixed with All MIME types for CDNI Metadata objects are prefixed with
"application/cdni.". The MIME type for each object then contains the "application/cdni.". The MIME type for each object then contains the
object name of that object as defined by this document. The object object name of that object as defined by this document. The object
type name is followed by ".v" and the version number of the object type name is followed by ".v" and the version number of the object
type (e.g. ".v1"). Finally, the encoding type "+json" is appended. type (e.g., ".v1"). Finally, the encoding type "+json" is appended.
Table 3 3 lists a few examples of the MIME Media Type for some object Table 3 3 lists a few examples of the MIME Media Type for some object
(resource) that are retrievable through the CDNI Metadata interface. (resource) that are retrievable through the CDNI Metadata interface.
+--------------+---------------------------------------+ +--------------+---------------------------------------+
| Data Object | MIME Media Type | | Data Object | MIME Media Type |
+--------------+---------------------------------------+ +--------------+---------------------------------------+
| HostIndex | application/cdni.HostIndex.v1+json | | HostIndex | application/cdni.HostIndex.v1+json |
| HostMatch | application/cdni.HostMatch.v1+json | | HostMatch | application/cdni.HostMatch.v1+json |
| HostMetadata | application/cdni.HostMetadata.v1+json | | HostMetadata | application/cdni.HostMetadata.v1+json |
| PathMatch | application/cdni.PathMatch.v1+json | | PathMatch | application/cdni.PathMatch.v1+json |
| PathMetadata | application/cdni.PathMetadata.v1+json | | PathMetadata | application/cdni.PathMetadata.v1+json |
| Source | application/cdni.Source.v1+json | | Source | application/cdni.Source.v1+json |
| LocationACL | application/cdni.LocationACL.v1+json | | LocationACL | application/cdni.LocationACL.v1+json |
| LocationRule | application/cdni.LocationRule.v1+json | | LocationRule | application/cdni.LocationRule.v1+json |
+--------------+---------------------------------------+ +--------------+---------------------------------------+
Table 3: Example MIME Media Types for CDNI Metadata objects Table 3: Example MIME Media Types for CDNI Metadata objects
6.4.2. JSON Encoding of Objects 6.4.2. JSON Encoding of Objects
A CDNI Metadata objects is encoded as a JSON object containing a A CDNI Metadata object is encoded as a JSON object containing a
dictionary of (key,value) pairs where the keys are the property names dictionary of (key,value) pairs where the keys are the property names
and the values are the associated property values. and the values are the associated property values.
The keys of the dictionary are the names of the properties associated The keys of the dictionary are the names of the properties associated
with the object and are therefore dependent on the specific object with the object and are therefore dependent on the specific object
being encoded (i.e. dependent on the MIME Media Type of the returned being encoded (i.e., dependent on the MIME Media Type of the returned
resource). Likewise, the values associated with each key are resource). Likewise, the values associated with each key are
dependent on the specific object being encoded (i.e. dependent on dependent on the specific object being encoded (i.e., dependent on
the MIME Media Type of the returned resource). the MIME Media Type of the returned resource).
Dictionary keys in JSON are case sensitive. By convention any Dictionary keys in JSON are case sensitive. By convention any
dictionary key defined by this document (for example the names of dictionary key defined by this document (for example the names of
CDNI Metadata object properties) MUST be represented in lowercase. CDNI Metadata object properties) MUST be represented in lowercase.
In addition to the properties specified for each object type, the In addition to the properties specified for each object type, the
keys defined below may be present in any object. keys defined below may be present in any object.
Key: base Key: base
skipping to change at page 34, line 29 skipping to change at page 33, line 46
the properties being replaced. The values of the dictionary the properties being replaced. The values of the dictionary
are Link objects with href set to the URI of the object and are Link objects with href set to the URI of the object and
type set to the MIME type of the object being replaced. type set to the MIME type of the object being replaced.
Type: Dictionary object of Link objects Type: Dictionary object of Link objects
Mandatory: Yes Mandatory: Yes
6.4.2.1. Encoded CDNI Metadata Example 6.4.2.1. Encoded CDNI Metadata Example
[[Editor's Note: We need to double-check that the example(s) below
are correct and use the latest property names/values/structures
defined in the document.]]
A downstream CDN may request the HostIndex and receive the following A downstream CDN may request the HostIndex and receive the following
object of type "application/cdni.HostIndex.v1+json": object of type "application/cdni.HostIndex.v1+json":
{ {
"hosts": [ "hosts": [
{ {
"host": "video.example.com", "host": "video.example.com",
"_links": { "_links": {
"host-metadata" : { "host-metadata" : {
"type": "application/cdni.HostMetadata.v1+json", "type": "application/cdni.HostMetadata.v1+json",
skipping to change at page 35, line 41 skipping to change at page 34, line 41
"application/cdni.HostMetadata.v1+json": "application/cdni.HostMetadata.v1+json":
{ {
"metadata": [ "metadata": [
{ {
"generic-metadata-type": "application/cdni.SourceMetadata.v1+json", "generic-metadata-type": "application/cdni.SourceMetadata.v1+json",
"generic-metadata-value": { "generic-metadata-value": {
"sources": [ "sources": [
{ {
"_links": { "_links": {
"auth": { "acquisition-auth": {
"auth-type": "application/cdni.Auth.v1+json", "auth-type": "application/cdni.Auth.v1+json",
"href": "http://metadata.ucdn.example/auth1234" "href": "http://metadata.ucdn.example/auth1234"
} }
}, },
"endpoint": "acq1.ucdn.example", "endpoint": "acq1.ucdn.example",
"protocol": "ftp" "protocol": "ftp"
}, },
{ {
"_links": { "_links": {
"auth": { "acquisition-auth": {
"auth-type": "application/cdni.Auth.v1+json", "auth-type": "application/cdni.Auth.v1+json",
"href": "http://metadata.ucdn.example/auth1234" "href": "http://metadata.ucdn.example/auth1234"
} }
}, },
"endpoint": "acq2.ucdn.example", "endpoint": "acq2.ucdn.example",
"protocol": "http" "protocol": "http"
} }
] ]
} }
}, },
{ {
"generic-metadata-type": "application/cdni.LocationACL.v1+json", "generic-metadata-type": "application/cdni.LocationACL.v1+json",
"generic-metadata-value": { "generic-metadata-value": {
"locations": [ "locations": [
{ {
"locations": [ "footprints": [
{ {
"footprint-type": "IPv4CIDR", "footprint-type": "IPv4CIDR",
"footprint-value": "192.168.0.0/16" "footprint-value": "192.168.0.0/16"
} }
], ],
"action": "deny" "action": "deny"
} }
] ]
} }
}, },
{ {
"generic-metadata-type": "application/cdni.ProtocolACL.v1+json", "generic-metadata-type": "application/cdni.ProtocolACL.v1+json",
"generic-metadata-value": { "generic-metadata-value": {
"protocols": [ "protocol-acl": [
{ {
"protocols": [ "protocols": [
"ftp" "ftp"
], ],
"action": "deny" "action": "deny"
} }
] ]
} }
} }
], ],
skipping to change at page 37, line 24 skipping to change at page 36, line 24
"type": "application/cdni.PathMetadata.v1+json", "type": "application/cdni.PathMetadata.v1+json",
"href": "http://metadata.ucdn.example/host1234/pathDCE" "href": "http://metadata.ucdn.example/host1234/pathDCE"
} }
} }
} }
] ]
} }
Suppose the path of the requested resource matches the "/video/ Suppose the path of the requested resource matches the "/video/
movies/*" pattern, the next metadata requested would be for movies/*" pattern, the next metadata requested would be for
"http://metadata.ucdn.example/host1234/movies" with an expected type "http://metadata.ucdn.example/host1234/pathDCE" with an expected type
of "application/cdni.PathMetadata.v1+json": of "application/cdni.PathMetadata.v1+json":
{ {
"metadata": [], "metadata": [],
"paths": [ "paths": [
{ {
"path-pattern": { "path-pattern": {
"pattern": "/videos/movies/hd/*" "pattern": "/videos/movies/hd/*"
}, },
"_links": { "_links": {
skipping to change at page 38, line 42 skipping to change at page 37, line 42
Metadata will be registered in the CDNI GenericMetadata Types Metadata will be registered in the CDNI GenericMetadata Types
registry Section 7.1. registry Section 7.1.
Note: Identification, within the type name defined for a property Note: Identification, within the type name defined for a property
Metadata object, of the organization that defined the extension Metadata object, of the organization that defined the extension
property Metadata decreases the possibility of property Metadata type property Metadata decreases the possibility of property Metadata type
collisions. collisions.
6.5.1. Metadata Enforcement 6.5.1. Metadata Enforcement
At any given time, the set of property Metadata supported by the uCDN At any given time, the set of GenericMetadata types supported by the
may not match the set of property Metadata supported by the dCDN. uCDN may not match the set of GenericMetadata types supported by the
The uCDN may or may not know which property Metadata the dCDN dCDN.
supports.
In the cases where the uCDN supports Metadata that the dCDN does not,
the dCDN MUST enforce the semantics of the "mandatory-to-enforce"
property. If a dCDN does not understand or is unable to perform the
functions associated with any "mandatory-to-enforce" Metadata, the
dCDN MUST NOT service any requests for the corresponding content.
Any specification which defines a new GenericMetadata Type MUST also In the cases where a uCDN sends Metadata containing a GenericMetadata
define whether or not the new metadata is "mandatory-to-enforce" and type that a dCDN does not support, the dCDN MUST enforce the
whether or not it is "safe-to-distribute". semantics of the "mandatory-to-enforce" property. If a dCDN does not
understand or is unable to perform the functions associated with any
"mandatory-to-enforce" Metadata, the dCDN MUST NOT service any
requests for the corresponding content.
Note: Ideally, uCDNs would not delegate content requests to a dCDN Note: Ideally, uCDNs would not delegate content requests to a dCDN
which does not support the "mandatory-to-enforce" Metadata associated which does not support the "mandatory-to-enforce" Metadata associated
with the content being requested. However, even if the uCDN has a with the content being requested. However, even if the uCDN has a
priori knowledge of the Metadata supported by the dCDN (e.g., via the priori knowledge of the Metadata supported by the dCDN (e.g., via the
CDNI capabilities interface or through out-of-band negotiation CDNI capabilities interface or through out-of-band negotiation
between CDN operators) Metadata support may fluctuate or be between CDN operators) Metadata support may fluctuate or be
inconsistent (e.g., due to mis-communication, mis-configuration, or inconsistent (e.g., due to mis-communication, mis-configuration, or
temporary outage). Thus, the dCDN MUST always evaluate all Metadata temporary outage). Thus, the dCDN MUST always evaluate all Metadata
associated with content requests and reject any requests where associated with content requests and reject any requests where
"mandatory-to-enforce" Metadata associated with the content cannot be "mandatory-to-enforce" Metadata associated with the content cannot be
enforced. enforced.
6.5.2. Metadata Override 6.5.2. Metadata Conflicts
It is possible that new Metadata definitions may obsolete or override It is possible that new Metadata definitions may obsolete or conflict
existing property Metadata (e.g., a future revision of the CDNI with existing property Metadata (e.g., a future revision of the CDNI
Metadata interface may redefine the Auth Metadata or a custom vendor Metadata interface may redefine the Auth Metadata or a custom vendor
extension may implement an alternate Auth Metadata option). If extension may implement an alternate Auth Metadata option). If
multiple Metadata (e.g., cdni.v2.Auth, vendor1.Auth, and multiple Metadata (e.g., cdni.Auth.v2, vendor1.Auth, and
vendor2.Auth) all override an existing Metadata (e.g., cdni.Auth) and vendor2.Auth) all conflict with an existing Metadata (e.g.,
all are marked as "mandatory-to-enforce", it may be ambiguous which cdni.Auth) and all are marked as "mandatory-to-enforce", it may be
Metadata should be applied, especially if the functionality of the ambiguous which Metadata should be applied, especially if the
Metadata conflict. functionality of the Metadata overlap.
As described in Section 3.3, Metadata override only applies to As described in Section 3.3, Metadata override only applies to
Metadata objects of the same exact type, found in HostMetadata and Metadata objects of the same exact type, found in HostMetadata and
nested PathMetadata structures. The CDNI Metadata interface does not nested PathMetadata structures. The CDNI Metadata interface does not
support enforcement of dependencies between different Metadata types. support enforcement of dependencies between different Metadata types.
It is the responsibility of the CSP and the CDN operators to ensure It is the responsibility of the CSP and the CDN operators to ensure
that Metadata assigned to a given content do not conflict. that Metadata assigned to a given content do not conflict.
Note: Because Metadata is inherently ordered in GenericMetadata Note: Because Metadata is inherently ordered in GenericMetadata
lists, as well as in the PathMetadata hierarchy and PathMatch lists, lists, as well as in the PathMetadata hierarchy and PathMatch lists,
skipping to change at page 40, line 21 skipping to change at page 39, line 17
application/cdni.HostIndex.v1+json". application/cdni.HostIndex.v1+json".
GenericMetadata objects include a "type" property which specifies the GenericMetadata objects include a "type" property which specifies the
MIME-type of the GenericMetadata value. This MIME-type should also MIME-type of the GenericMetadata value. This MIME-type should also
include a version. Any document which defines a new type of include a version. Any document which defines a new type of
GenericMetadata MUST specify the version number which it describes. GenericMetadata MUST specify the version number which it describes.
For example: "application/cdni.Location.v1+json". For example: "application/cdni.Location.v1+json".
7. IANA Considerations 7. IANA Considerations
This document requests the registration of the prefix "application/ This document requests the registration of the following MIME Media
cdni" MIME Media Type under the IANA MIME Media Type registry Type under the IANA MIME Media Type registry
(http://www.iana.org/assignments/media-types/index.html). (http://www.iana.org/assignments/media-types/index.html).
application/cdni.HostIndex.v1
application/cdni.HostMetadata.v1
application/cdni.PathMatch.v1
application/cdni.PathMetadata.v1
application/cdni.PatternMatch.v1
application/cdni.GenericMetadata.v1
application/cdni.SourceMetadata.v1
application/cdni.Source.v1
application/cdni.LocationACL.v1
application/cdni.LocationRule.v1
application/cdni.Footprint.v1
application/cdni.TimeWindowACL.v1
application/cdni.TimeWindowRule.v1
application/cdni.TimeWindow.v1
application/cdni.ProtocolACL.v1
application/cdni.ProtocolRule.v1
application/cdni.Authorization.v1
application/cdni.Auth.v1
application/cdni.CredentialsAuth.v1
application/cdni.Cache.v1
application/cdni.Grouping.v1
7.1. GenericMetadata Type Registry 7.1. GenericMetadata Type Registry
CDNI Metadata is distributed as a list of GenericMetadata objects CDNI Metadata is distributed as a list of GenericMetadata objects
which specify a type field and a type-specific value field, as which specify a type field and a type-specific value field, as
described in Section 4.1.7. In order to prevent namespace collisions described in Section 4.1.7. In order to prevent namespace collisions
for GenericMetadata object types a new IANA registry is requested for for GenericMetadata object types a new IANA registry is requested for
the "CDNI GenericMetadata Types" namespace. The namespace shall be the "CDNI GenericMetadata Types" namespace. The namespace shall be
split into two partitions: standard and optional. split into two partitions: standard and optional.
The standard namespace partition is intended to contain mandatory to The standard namespace partition is intended to contain mandatory-to-
implement capabilities and conforms to the "IETF Review" policy as implement capabilities and conforms to the "IETF Review" policy as
defined in [RFC5226]. The registry contains the generic metadata defined in [RFC5226]. The registry contains the generic metadata
type name, the RFC number of the specification defining the metadata type name, the RFC number of the specification defining the metadata
type, the version number of the GenericMetadata set to which the type, the version number of the GenericMetadata set to which the
standard capability applies, and boolean values indicating whether or standard capability applies, and boolean values indicating whether or
not the new type is considered "mandatory-to-enforce" or "safe-to- not the new type is considered "mandatory-to-enforce" or "safe-to-
redistribute" (as defined in Section 4.1.7). redistribute" (as defined in Section 4.1.7).
The following table defines the initial values for the standard The following table defines the initial values for the standard
partition: partition:
+----------------+---------------+---------+------+------+ +------------------------------+-------------+--------+------+------+
| Type name | Specification | Version | MTE | STR | | Type name | Specificati | Versio | MTE | STR |
+----------------+---------------+---------+------+------+ | | on | n | | |
| SourceMetadata | RFCthis | 1 | true | true | +------------------------------+-------------+--------+------+------+
| LocationACL | RFCthis | 1 | true | true | | application/cdni.SourceMetad | RFCthis | 1 | true | true |
| TimeWindowACL | RFCthis | 1 | true | true | | ata.v1 | | | | |
| ProtocolACL | RFCthis | 1 | true | true | | application/cdni.LocationACL | RFCthis | 1 | true | true |
| Auth | RFCthis | 1 | true | true | | .v1 | | | | |
| Cache | RFCthis | 1 | true | true | | application/cdni.TimeWindowA | RFCthis | 1 | true | true |
| Grouping | RFCthis | 1 | true | true | | CL.v1 | | | | |
+----------------+---------------+---------+------+------+ | application/cdni.ProtocolACL | RFCthis | 1 | true | true |
| .v1 | | | | |
| application/cdni.Auth.v1 | RFCthis | 1 | true | true |
| application/cdni.Cache.v1 | RFCthis | 1 | true | true |
| application/cdni.Grouping.v1 | RFCthis | 1 | true | true |
+------------------------------+-------------+--------+------+------+
The initial MI version number is set to 1. All of the initial The initial MI version number is set to 1. All of the initial
GenericMetadata types are considered mandatory to implement for GenericMetadata types are considered mandatory-to-implement for
version 1. The version field should be incremented when new version 1. The version field should be incremented when new
GenericMetadata type sets are added to the registry. GenericMetadata type sets are added to the registry.
The "optional" namespace partition conforms to the "Expert Review" The "optional" namespace partition conforms to the "Expert Review"
policy as defined in [RFC5226]. The expert review is intended to policy as defined in [RFC5226]. The expert review is intended to
prevent namespace hoarding and to prevent the definition of redundant prevent namespace hoarding and to prevent the definition of redundant
GenericMetadata types. Vendors defining new GenericMetadata types GenericMetadata types. Vendors defining new GenericMetadata types
which conflict with existing GenericMetadata types follow the which conflict with existing GenericMetadata types follow the
guidelines for the "Specification Required" policy as defined in guidelines for the "Specification Required" policy as defined in
[RFC5226]. The Version field in the registry is set to "-1" [RFC5226]. The Version field in the registry is set to "-1"
(negative one) for non-standard GenericMetadata types. (negative one) for non-standard GenericMetadata types.
As with the initial GenericMetadata types defined in Section 4.2, As with the initial GenericMetadata types defined in Section 4.2,
future GenericMetadata type registrations will specify the future GenericMetadata type registrations will specify the
information necessary for constructing and decoding the information necessary for constructing and decoding the
GenericMetadata object. This information includes the list of GenericMetadata object. This information includes the list of
properties contained within the GenericMetadata object, and for each properties contained within the GenericMetadata object, and for each
property, the specification should include a description, a type, and property, the specification should include a description, a type, and
whether or not the given property is mandatory to specify. whether or not the given property is mandatory-to-specify.
Any document which defines a new GenericMetadata has to: Any document which defines a new GenericMetadata has to:
1. Allocate a new type in the GenericMetadata Type Registry 1. Allocate a new type in the GenericMetadata Type Registry
(Section 7). Generic Metadata types should be descriptive and (Section 7). Generic Metadata types should be descriptive and
may be hierarchnical to support aggregating groups of properties may be hierarchnical to support aggregating groups of properties
for the purpose of readability and for avoiding conflicts between for the purpose of readability and for avoiding conflicts between
vendor defined extensions. A dotted alpha-numeric notation is vendor defined extensions. A dotted alpha-numeric notation is
suggested for human readability. suggested for human readability.
skipping to change at page 42, line 21 skipping to change at page 42, line 9
7.1.1. GenericMetadata Sub-Registries 7.1.1. GenericMetadata Sub-Registries
Some of the initial standard GenericMetadata objects contain Some of the initial standard GenericMetadata objects contain
enumerated types which require registration (i.e., LocationACL enumerated types which require registration (i.e., LocationACL
footprint types, ProtocolACL protocols, and Auth protocols). The footprint types, ProtocolACL protocols, and Auth protocols). The
following sections define the initial values for these following sections define the initial values for these
GenericMetadata type sub-registries. GenericMetadata type sub-registries.
7.1.1.1. Footprint Sub-Registry 7.1.1.1. Footprint Sub-Registry
The "CDNI Metadata Footprint Types" namespace defines the valid The IANA is requested to create a new "CDNI Metadata Footprint Types"
Footprint object type values used by the Footprint object in sub-registry under the "CDNI GenericMetadata Types" registry. The
Section 4.2.2.2. Additions to the Footprint type namespace conform "CDNI Metadata Footprint Types" namespace defines the valid Footprint
to the "Expert Review" policy as defined in [RFC5226]. The expert object type values used by the Footprint object in Section 4.2.2.2.
review should verify that new type definitions do not duplicate Additions to the Footprint type namespace conform to the "Expert
existing type definitions and prevent gratuitous additions to the Review" policy as defined in [RFC5226]. The expert review should
namespace. verify that new type definitions do not duplicate existing type
definitions and prevent gratuitous additions to the namespace.
The following table defines the initial Footprint type values: The following table defines the initial Footprint type values:
+-------------+-------------------------------------+---------------+ +-------------+-------------------------------------+---------------+
| Type name | Description | Specification | | Type name | Description | Specification |
+-------------+-------------------------------------+---------------+ +-------------+-------------------------------------+---------------+
| IPv4CIDR | IPv4 address block using slash | RFCthis | | IPv4CIDR | IPv4 address block using slash | RFCthis |
| | prefix length notation (e.g., | | | | prefix length notation (e.g., | |
| | 192.168.0.16/28). Single IP | | | | 192.168.0.16/28). Single IP | |
| | addresses can be expressed as /32. | | | | addresses can be expressed as /32. | |
| IPv6CIDR | IPv6 address block using slash | RFCthis | | IPv6CIDR | IPv6 address block using slash | RFCthis |
| | prefix length notation (e.g., | | | | prefix length notation (e.g., | |
| | fc80::0010/124). Single IP | | | | fc80::0010/124). Single IP | |
| | addresses can be expressed as /128. | | | | addresses can be expressed as /128. | |
| ASN | Autonomous System (AS) Number | RFCthis | | ASN | Autonomous System (AS) Number | RFCthis |
| CountryCode | ISO 3166-1 alpha-2 code | RFCthis | | CountryCode | ISO 3166-1 alpha-2 code | RFCthis |
+-------------+-------------------------------------+---------------+ +-------------+-------------------------------------+---------------+
7.1.1.2. Protocol Sub-Registry 7.1.1.2. Protocol Sub-Registry
The "CDNI Metadata Protocols" namespace defines the valid Protocol The IANA is requested to create a new "CDNI Metadata Protocols" sub-
object values in Section 4.3.2, used by the SourceMetadata and registry under the "CDNI GenericMetadata Types" registry. The "CDNI
ProtocolACL objects. Additions to the Protocol namespace conform to Metadata Protocols" namespace defines the valid Protocol object
the "Expert Review" policy as defined in [RFC5226]. The expert values in Section 4.3.2, used by the SourceMetadata and ProtocolACL
review should verify that new type definitions do not duplicate objects. Additions to the Protocol namespace conform to the "Expert
existing type definitions and prevent gratuitous additions to the Review" policy as defined in [RFC5226]. The expert review should
verify that new protocol definitions do not duplicate existing
protocol definitions and prevent gratuitous additions to the
namespace. namespace.
The following table defines the initial Protocol values: The following table defines the initial Protocol values:
+----------+----------------+---------------------------------------+ +----------+----------------+---------------------------------------+
| Protocol | Description | Specification | | Protocol | Description | Specification |
+----------+----------------+---------------------------------------+ +----------+----------------+---------------------------------------+
| HTTP | Hypertext | RFC2616 | | HTTP | Hypertext | RFC2616 |
| | Transfer | | | | Transfer | |
| | Protocol -- | | | | Protocol -- | |
skipping to change at page 43, line 35 skipping to change at page 43, line 31
| SFTP | SSH File | N/A | | SFTP | SSH File | N/A |
| | Transfer | | | | Transfer | |
| | Protocol | | | | Protocol | |
| SCP | Secure Copy | N/A | | SCP | Secure Copy | N/A |
| fasp | Aspera fast, | N/A | | fasp | Aspera fast, | N/A |
| | adaptive, | | | | adaptive, | |
| | secure | | | | secure | |
| | protocol | | | | protocol | |
+----------+----------------+---------------------------------------+ +----------+----------------+---------------------------------------+
7.1.1.3. Authentication Sub-Registry 7.1.1.3. Authentication Type Sub-Registry
The "CDNI Metadata Auth" namespace defines the valid Auth object The IANA is requested to create a new "CDNI Metadata Auth Types" sub-
types used by the Auth object in Section 4.2.6. Additions to the registry under the "CDNI GenericMetadata Types" registry. The "CDNI
Auth namespace conform to the "Expert Review" policy as defined in Metadata Auth Type" namespace defines the valid Auth object types
used by the Auth object in Section 4.4. Additions to the Auth Type
namespace conform to the "Expert Review" policy as defined in
[RFC5226]. The expert review should verify that new type definitions [RFC5226]. The expert review should verify that new type definitions
do not duplicate existing type definitions and prevent gratuitous do not duplicate existing type definitions and prevent gratuitous
additions to the namespace. additions to the namespace.
The following table defines the initial Auth type values: The following table defines the initial Auth type values:
+-------------+-------------------------------------+---------------+ +----------------+----------------------------------+---------------+
| Type name | Description | Specification | | Type | Description | Specification |
+-------------+-------------------------------------+---------------+ +----------------+----------------------------------+---------------+
| credentials | Simple username and password | RFCthis | | CredentialAuth | Simple username and password | RFCthis |
| | authentication as defined by | | | | authentication as defined by | |
| | Section 4.2.6.1. | | | | Section 4.4.1. | |
+-------------+-------------------------------------+---------------+ +----------------+----------------------------------+---------------+
8. Security Considerations 8. Security Considerations
The CDNI Metadata interface is expected to be secured as a function An implementation of the CDNI Metadata interface MUST support TLS
of the transport protocol (e.g. HTTP authentication [RFC2617], HTTPS transport as per [RFC2818] for message confidentiality and mutual
[RFC2818], or inter-domain IPSec). authentication. An implementation of the CDNI Metadata interface
MUST support the TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite
([RFC2818]). An implementation of the CDNI Metadata interface SHOULD
prefer cipher suites which suppport perfect forward secrecy over
cipher suites that do not.
If a malicious metadata server is contacted by a downstream CDN, the 8.1. Authentication
malicious server may provide metadata to the downstream CDN which
denies service for any piece of content to any user agent. The
malicious server may also provide metadata which directs a downstream
CDN to a malicious origin server instead of the actual origin server.
The dCDN is expected to authenticate the server to prevent this
situation (e.g. by using HTTPS and validating the server's
certificate).
A malicious metadata client could request metadata for a piece of Unauthorized access to metadata could result in denial of service. A
content from an upstream CDN. The metadata information may then be malicious metadata server could provide metadata to a dCDN that
used to glean information regarding the uCDN or to contact an denies service for one or more pieces of content to one or more user
upstream origin server. The uCDN is expected to authenticate client agents. A malicious metadata server could also provide metadata
requests to prevent this situation. directing dCDNs to malicious origin servers instead of the actual
origin servers. A malicious client could continuously issue large
metadata requests to overload the uCDN metadata server.
Unauthorized access to metadata could result in leakage of private
information. A malicious metadata client could request metadata in
order to gain access to origin servers, as well as information
pertaining to content restrictions.
An implementation of the CDNI Metadata interface SHOULD use mutual
authentication to prevent unauthorized access to metadata.
8.2. Confidentiality
Unauthorized viewing of metadata could result in leakage of private
information. A third party could intercept metadata transactions in
order to gain access to origin servers, as well as information
pertaining to content restrictions.
An implementation of the CDNI Metadata interface SHOULD use strong
encryption to prevent unauthorized viewing of metadata.
8.3. Integrity
Unauthorized modification of metadata could result in denial of
service. A malicious proxy server could modify metadata destined to
a dCDN in order to deny service for one or more pieces of content to
one or more user agents. A malicious proxy server could also modify
metadata directing dCDNs to malicious origin servers instead of the
actual origin servers.
An implementation of the CDNI Metadata interface SHOULD use strong
encryption and mutual authentication to prevent unauthorized
modification of metadata.
8.4. Privacy
Content provider origin and policy information is conveyed through
the CDNI Metadata interface. The distribution of this information to
another CDN introduces potential content provider privacy protection
concerns.
The use of TLS for transport of the CDNI Metadata as discussed above
protects the confidentiality of content metadata by preventing any
party other than the authorized dCDN from gaining access to content
metadata.
9. Acknowledgements 9. Acknowledgements
The authors would like to thank David Ferguson and Francois Le The authors would like to thank David Ferguson and Francois Le
Faucheur for their valuable comments and input to this document. Faucheur for their valuable comments and input to this document.
10. Contributing Authors 10. Contributing Authors
[RFC Editor Note: Please move the contents of this section to the [RFC Editor Note: Please move the contents of this section to the
Authors' Addresses section prior to publication as an RFC.] Authors' Addresses section prior to publication as an RFC.]
Grant Watson Grant Watson
Velocix (Alcatel-Lucent) Velocix (Alcatel-Lucent)
3 Ely Road 3 Ely Road
Milton, Cambridge CB24 6AA Milton, Cambridge CB24 6AA
UK UK
Email: gwatson@velocix.com Email: gwatson@velocix.com
11. References Kent Leung
Cisco Systems
3625 Cisco Way
San Jose, 95134
USA
Email: kleung@cisco.com
11. References
11.1. Normative References 11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP Leach, P., Luotonen, A., and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication", Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999. RFC 2617, June 1999.
skipping to change at page 45, line 39 skipping to change at page 46, line 36
11.2. Informative References 11.2. Informative References
[I-D.ietf-cdni-framework] [I-D.ietf-cdni-framework]
Peterson, L., Davie, B., and R. Brandenburg, "Framework Peterson, L., Davie, B., and R. Brandenburg, "Framework
for CDN Interconnection", draft-ietf-cdni-framework-14 for CDN Interconnection", draft-ietf-cdni-framework-14
(work in progress), June 2014. (work in progress), June 2014.
[I-D.ietf-cdni-redirection] [I-D.ietf-cdni-redirection]
Niven-Jenkins, B. and R. Brandenburg, "Request Routing Niven-Jenkins, B. and R. Brandenburg, "Request Routing
Redirection Interface for CDN Interconnection", draft- Redirection Interface for CDN Interconnection", draft-
ietf-cdni-redirection-02 (work in progress), April 2014. ietf-cdni-redirection-04 (work in progress), October 2014.
[I-D.ietf-cdni-requirements] [I-D.ietf-cdni-requirements]
Leung, K. and Y. Lee, "Content Distribution Network Leung, K. and Y. Lee, "Content Distribution Network
Interconnection (CDNI) Requirements", draft-ietf-cdni- Interconnection (CDNI) Requirements", draft-ietf-cdni-
requirements-17 (work in progress), January 2014. requirements-17 (work in progress), January 2014.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005. 3986, January 2005.
skipping to change at page 46, line 36 skipping to change at page 47, line 36
Matt Caulfield Matt Caulfield
Cisco Systems Cisco Systems
1414 Massachusetts Avenue 1414 Massachusetts Avenue
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: +1 978 936 9307 Phone: +1 978 936 9307
Email: mcaulfie@cisco.com Email: mcaulfie@cisco.com
Kent Leung
Cisco Systems
3625 Cisco Way
San Jose 95134
USA
Phone: +1 408 526 5030
Email: kleung@cisco.com
Kevin J. Ma Kevin J. Ma
Ericsson Ericsson
43 Nagog Park 43 Nagog Park
Acton, MA 01720 Acton, MA 01720
USA USA
Phone: +1 978-844-5100 Phone: +1 978-844-5100
Email: kevin.j.ma@ericsson.com Email: kevin.j.ma@ericsson.com
 End of changes. 128 change blocks. 
400 lines changed or deleted 456 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/