draft-ietf-cdni-metadata-08.txt   draft-ietf-cdni-metadata-09.txt 
Network Working Group B. Niven-Jenkins Network Working Group B. Niven-Jenkins
Internet-Draft R. Murray Internet-Draft R. Murray
Intended status: Standards Track Velocix (Alcatel-Lucent) Intended status: Standards Track Velocix (Alcatel-Lucent)
Expires: April 30, 2015 M. Caulfield Expires: September 5, 2015 M. Caulfield
Cisco Systems Cisco Systems
K. Ma K. Ma
Ericsson Ericsson
October 27, 2014 March 4, 2015
CDN Interconnection Metadata CDN Interconnection Metadata
draft-ietf-cdni-metadata-08 draft-ietf-cdni-metadata-09
Abstract Abstract
The CDNI Metadata interface enables interconnected CDNs to exchange The CDNI Metadata interface enables interconnected CDNs to exchange
content distribution metadata in order to enable content acquisition content distribution metadata in order to enable content acquisition
and delivery. The CDNI metadata associated with a piece of content and delivery. The CDNI metadata associated with a piece of content
provides a downstream CDN with sufficient information for the provides a downstream CDN with sufficient information for the
downstream CDN to service content requests on behalf of an upstream downstream CDN to service content requests on behalf of an upstream
CDN. This document describes both a base set of CDNI metadata and CDN. This document describes both a base set of CDNI metadata and
the protocol for exchanging that metadata. the protocol for exchanging that metadata.
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 30, 2015. This Internet-Draft will expire on September 5, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 4 1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 5
2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 5 2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 6
3. CDNI Metadata Data Model . . . . . . . . . . . . . . . . . . 6 3. CDNI Metadata model . . . . . . . . . . . . . . . . . . . . . 6
3.1. HostIndex, HostMetadata and PathMetadata objects . . . . 7 3.1. HostIndex, HostMatch, HostMetadata, PathMatch,
PatternMatch and PathMetadata objects . . . . . . . . . . 8
3.2. Generic CDNI Metadata Object Properties . . . . . . . . . 11 3.2. Generic CDNI Metadata Object Properties . . . . . . . . . 11
3.3. Metadata Inheritance and Override . . . . . . . . . . . . 13 3.3. Metadata Inheritance and Override . . . . . . . . . . . . 14
4. Encoding-Independent CDNI Metadata Object Descriptions . . . 14 4. Encoding-Independent CDNI Metadata Object Descriptions . . . 14
4.1. Descriptions of the CDNI Structural Metadata Objects . . 15 4.1. Descriptions of the CDNI Structural Metadata Objects . . 15
4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 15 4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 15
4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 15 4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 16
4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 16 4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 16
4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 16 4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 17
4.1.5. PathMetadata . . . . . . . . . . . . . . . . . . . . 17 4.1.5. PatternMatch . . . . . . . . . . . . . . . . . . . . 17
4.1.6. PatternMatch . . . . . . . . . . . . . . . . . . . . 17 4.1.6. PathMetadata . . . . . . . . . . . . . . . . . . . . 18
4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 18 4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 19
4.2. Description of the CDNI Generic Metadata Objects . . . . 19 4.2. Description of the CDNI Generic Metadata Objects . . . . 20
4.2.1. Source Metadata . . . . . . . . . . . . . . . . . . . 19 4.2.1. SourceMetadata . . . . . . . . . . . . . . . . . . . 20
4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 20 4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 21
4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 21 4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 21
4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 21 4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 22
4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 22 4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 23
4.2.3. TimeWindowACL Metadata . . . . . . . . . . . . . . . 22 4.2.3. TimeWindowACL Metadata . . . . . . . . . . . . . . . 23
4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 23 4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 24
4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 23 4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 24
4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 24 4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 25
4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 24 4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 25
4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 25 4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 26
4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 25 4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 26
4.2.7. Grouping . . . . . . . . . . . . . . . . . . . . . . 26 4.2.7. Grouping . . . . . . . . . . . . . . . . . . . . . . 27
4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 27
4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 26 4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 27
4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 26 4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 28
4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 27 4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 28
4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 27 4.3.4. URI . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.3.4. URI . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.3.5. Time . . . . . . . . . . . . . . . . . . . . . . . . 28
4.3.5. Time . . . . . . . . . . . . . . . . . . . . . . . . 27 4.3.6. Auth . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4. Auth . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.3.6.1. CredentialAuth Type . . . . . . . . . . . . . . . 29
4.4.1. CredentialAuth Type . . . . . . . . . . . . . . . . . 28 4.3.7. IPv4CIDR . . . . . . . . . . . . . . . . . . . . . . 29
5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 28 4.3.8. IPv6CIDR . . . . . . . . . . . . . . . . . . . . . . 30
6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 29 4.3.9. ASN . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 30 4.3.10. CountryCode . . . . . . . . . . . . . . . . . . . . . 30
6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 30 5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 30
6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 31 6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 31
6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 32 6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 31
6.4.1. MIME Media Types . . . . . . . . . . . . . . . . . . 32 6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 32
6.4.2. JSON Encoding of Objects . . . . . . . . . . . . . . 32 6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 33
6.4.2.1. Encoded CDNI Metadata Example . . . . . . . . . . 33 6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 34
6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 37 6.4.1. MIME Media Types . . . . . . . . . . . . . . . . . . 34
6.5.1. Metadata Enforcement . . . . . . . . . . . . . . . . 37 6.4.2. JSON Encoding of Objects . . . . . . . . . . . . . . 35
6.5.2. Metadata Conflicts . . . . . . . . . . . . . . . . . 38 6.4.2.1. Encoded CDNI Metadata Example . . . . . . . . . . 36
6.6. Versioning . . . . . . . . . . . . . . . . . . . . . . . 38 6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 40
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 6.6. Metadata Enforcement . . . . . . . . . . . . . . . . . . 41
7.1. GenericMetadata Type Registry . . . . . . . . . . . . . . 40 6.7. Metadata Conflicts . . . . . . . . . . . . . . . . . . . 41
7.1.1. GenericMetadata Sub-Registries . . . . . . . . . . . 41 6.8. Versioning . . . . . . . . . . . . . . . . . . . . . . . 42
7.1.1.1. Footprint Sub-Registry . . . . . . . . . . . . . 42 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42
7.1.1.2. Protocol Sub-Registry . . . . . . . . . . . . . . 42 7.1. CDNI Metadata Footprint Types Registry . . . . . . . . . 43
7.1.1.3. Authentication Type Sub-Registry . . . . . . . . 43 7.2. CDNI Metadata Protocol Types Registry . . . . . . . . . . 44
8. Security Considerations . . . . . . . . . . . . . . . . . . . 44 7.3. CDNI Metadata Auth Types Registry . . . . . . . . . . . . 44
8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 44 8. Security Considerations . . . . . . . . . . . . . . . . . . . 45
8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 44 8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 45
8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 44 8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 46
8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 45 8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 46
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 45 8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 46
10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 45 8.5. Securing the CDNI Metadata interface . . . . . . . . . . 46
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 45 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 47
11.1. Normative References . . . . . . . . . . . . . . . . . . 46 10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 47
11.2. Informative References . . . . . . . . . . . . . . . . . 46 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 48
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47 11.1. Normative References . . . . . . . . . . . . . . . . . . 48
11.2. Informative References . . . . . . . . . . . . . . . . . 48
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 49
1. Introduction 1. Introduction
Content Delivery Networks Interconnection (CDNI) ([RFC6707]) enables Content Delivery Networks Interconnection (CDNI) ([RFC6707]) enables
a downstream CDN to service content requests on behalf of an upstream a downstream CDN to service content requests on behalf of an upstream
CDN. CDN.
The CDNI Metadata interface is discussed in [I-D.ietf-cdni-framework] The CDNI Metadata interface is discussed in [RFC7336] along with four
along with four other interfaces that may be used to compose a CDNI other interfaces that may be used to compose a CDNI solution (CDNI
solution (CDNI Control interface, CDNI Request Routing Redirection Control interface, CDNI Request Routing Redirection interface, CDNI
interface, CDNI Footprint & Capabilities Advertisement interface and Footprint & Capabilities Advertisement interface and CDNI Logging
CDNI Logging interface). [I-D.ietf-cdni-framework] describes each interface). [RFC7336] describes each interface, and the
interface, and the relationships between them. The requirements for relationships between them. The requirements for the CDNI metadata
the CDNI metadata interface are specified in interface are specified in [RFC7337].
[I-D.ietf-cdni-requirements].
The CDNI metadata associated with a piece of content (or with a set The CDNI metadata associated with a piece of content (or with a set
of content) provides a downstream CDN with sufficient information for of content) provides a downstream CDN with sufficient information for
servicing content requests on behalf of an upstream CDN in accordance servicing content requests on behalf of an upstream CDN in accordance
with the policies defined by the upstream CDN. with the policies defined by the upstream CDN.
This document focuses on the CDNI Metadata interface which enables a This document focuses on the CDNI Metadata interface which enables a
downstream CDN to obtain CDNI Metadata from an upstream CDN so that downstream CDN to obtain CDNI Metadata from an upstream CDN so that
the downstream CDN can properly process and respond to: the downstream CDN can properly process and respond to:
skipping to change at page 4, line 41 skipping to change at page 4, line 44
o A RESTful web service for the transfer of CDNI Metadata o A RESTful web service for the transfer of CDNI Metadata
(Section 6). (Section 6).
1.1. Terminology 1.1. Terminology
This document reuses the terminology defined in [RFC6707]. This document reuses the terminology defined in [RFC6707].
Additionally, the following terms are used throughout this document Additionally, the following terms are used throughout this document
and are defined as follows: and are defined as follows:
o Object - a collection of properties o Object - a collection of properties.
o Property - a key and value pair where the key is a property name o Property - a key and value pair where the key is a property name
and the value is the property value or an object. and the value is the property value or an object.
1.2. Supported Metadata Capabilities 1.2. Supported Metadata Capabilities
Only the metadata for a small set of initial capabilities is Only the metadata for a small set of initial capabilities is
specified in this document. This set provides the minimum amount of specified in this document. This set provides the minimum amount of
metadata for basic CDN interoperability while still meeting the metadata for basic CDN interoperability while still meeting the
requirements set forth by [I-D.ietf-cdni-requirements]. requirements set forth by [RFC7337].
The following high-level functionality is configured via the metadata The following high-level functionality is configured via the metadata
described in Section 4: described in Section 4:
o Acquisition Source: Metadata for allowing a dCDN to fetch content o Acquisition Source: Metadata for allowing a dCDN to fetch content
from a uCDN. from a uCDN.
o Delivery Access Control: Metadata for restricting (or permitting) o Delivery Access Control: Metadata for restricting (or permitting)
access to content based on any of the following factors: access to content based on any of the following factors:
skipping to change at page 5, line 29 skipping to change at page 5, line 36
o Delivery Authorization: Metadata for authorizing dCDN user agent o Delivery Authorization: Metadata for authorizing dCDN user agent
requests. requests.
o Cache Control: Metadata for controlling cache behavior of the o Cache Control: Metadata for controlling cache behavior of the
dCDN. dCDN.
The metadata encoding described by this document is extensible in The metadata encoding described by this document is extensible in
order to allow for future additions to this list. order to allow for future additions to this list.
This document supports HTTPv1.1 for delivery and both HTTPv1.1 and The set of metadata specified in this document, covering the initial
HTTPv1.1. over TLS for acquisition. All metadata is described in a capabilities above, is only able to support CDN interconnection for
protocol-agnostic manner. the delivery of content by a dCDN using HTTPv1.1 and for a dCDN to be
able to acquire content from a uCDN using either HTTPv1.1 or HTTPv1.1
over TLS.
Supporting unencrypted HTTPv2.0 for delivery (or unencrypted HTTPv2.0 Supporting CDN interconnection for the delivery of content using
or HTTPv2.0 over TLS for acquisition) only requires the registration unencrypted HTTPv2.0 (as well as for a dCDN to acquire content using
of these protocol names in the CDNI Metadata Protocol Sub-Registry. unencrypted HTTPv2.0 or HTTPv2.0 over TLS) requires the registration
of these protocol names in the CDNI Metadata Protocol Registry.
Supporting HTTPv1.1 over TLS or HTTPv2.0 over TLS for delivery Supporting CDN interconnection for the delivery of content using
requires specifying additional metadata objects to carry the HTTPv1.1 over TLS or HTTPv2.0 over TLS requires specifying additional
properties required to establish a TLS session, for example metadata metadata objects to carry the properties required to establish a TLS
to describe the certificate to use as part of the TLS handshake. session, for example metadata to describe the certificate to use as
part of the TLS handshake.
2. Design Principles 2. Design Principles
The CDNI Metadata interface was designed to achieve the following The CDNI Metadata interface was designed to achieve the following
objectives: objectives:
1. Cacheability of CDNI metadata objects. 1. Cacheability of CDNI metadata objects.
2. Deterministic mapping from redirection requests and content 2. Deterministic mapping from redirection requests and content
requests to CDNI metadata properties. requests to CDNI metadata properties.
skipping to change at page 6, line 35 skipping to change at page 6, line 45
redirection schemes. redirection schemes.
Minimal duplication of CDNI metadata provides space efficiency on Minimal duplication of CDNI metadata provides space efficiency on
storage in the CDNs, on caches in the network, and across the network storage in the CDNs, on caches in the network, and across the network
between CDNs. between CDNs.
Leveraging existing protocols avoids reinventing common mechanisms Leveraging existing protocols avoids reinventing common mechanisms
such as data structure encoding (e.g., JSON) and data transport such as data structure encoding (e.g., JSON) and data transport
(e.g., HTTP). (e.g., HTTP).
3. CDNI Metadata Data Model 3. CDNI Metadata model
The CDNI Metadata Model describes a data structure for mapping The CDNI Metadata model describes a data structure for mapping
redirection requests and content requests to metadata properties. redirection requests and content requests to metadata properties.
Metadata properties describe how to acquire content from an upstream Metadata properties describe how to acquire content from an upstream
CDN, authorize access to content, and deliver content from a CDN, authorize access to content, and deliver content from a
downstream CDN. The data model relies on the assumption that these downstream CDN. The data model relies on the assumption that these
metadata properties may be aggregated based on the hostname of the metadata properties may be aggregated based on the hostname of the
content and subsequently on the resource path of the content. The content and subsequently on the resource path of the content. The
data model associates a set of CDNI Metadata properties with a data model associates a set of CDNI Metadata properties with a
Hostname to form a default set of metadata properties for content Hostname to form a default set of metadata properties for content
delivered on behalf of that Hostname. That default set of metadata delivered on behalf of that Hostname. That default set of metadata
properties can be overridden by properties that apply to specific properties can be overridden by properties that apply to specific
skipping to change at page 7, line 26 skipping to change at page 7, line 36
In order to enable the CDNI Metadata for a given Hostname or URI Path In order to enable the CDNI Metadata for a given Hostname or URI Path
to be decomposed into sets of CDNI Metadata properties that can be to be decomposed into sets of CDNI Metadata properties that can be
reused by multiple Hostnames and URI Paths, the CDNI Metadata reused by multiple Hostnames and URI Paths, the CDNI Metadata
interface specified in this document splits the CDNI Metadata into a interface specified in this document splits the CDNI Metadata into a
number of objects. Efficiency is improved by enabling a single CDNI number of objects. Efficiency is improved by enabling a single CDNI
Metadata object (that is shared across Hostname and/or URI paths) to Metadata object (that is shared across Hostname and/or URI paths) to
be retrieved and stored by a dCDN once, even if it is referenced by be retrieved and stored by a dCDN once, even if it is referenced by
the CDNI Metadata of multiple Hostnames or of multiple URI paths. the CDNI Metadata of multiple Hostnames or of multiple URI paths.
Section 3.1 introduces a high level description of the HostIndex, Section 3.1 introduces a high level description of the HostIndex,
HostMetadata and PathMetadata objects and describes the relationships HostMatch, HostMetadata, PathMatch, PatternMatch and PathMetadata
between those objects. objects and describes the relationships between those objects.
Section 3.2 introduces a high level description of the CDNI Section 3.2 introduces a high level description of the CDNI
GenericMetadata object which represents the level at which CDNI GenericMetadata object which represents the level at which CDNI
Metadata override occurs between HostMetadata and PathMetadata Metadata override occurs between HostMetadata and PathMetadata
objects. objects.
Section 4 describes in detail the specific CDNI Metadata objects and Section 4 describes in detail the specific CDNI Metadata objects and
properties which may be contained within a CDNI GenericMetadata properties which may be contained within a CDNI GenericMetadata
object. object.
3.1. HostIndex, HostMetadata and PathMetadata objects 3.1. HostIndex, HostMatch, HostMetadata, PathMatch, PatternMatch and
PathMetadata objects
A HostIndex object contains (or references) a list of Hostnames (and/ A HostIndex object contains (or references) a list of Hostnames (and/
or IP addresses) for which content requests may be delegated to the or IP addresses) for which content requests may be delegated to the
downstream CDN. The HostIndex is the starting point for accessing downstream CDN. The HostIndex is the starting point for accessing
the uCDN CDNI Metadata data store. It enables the dCDN to the uCDN CDNI Metadata data store. It enables the dCDN to
deterministically discover, on receipt of a User Agent request for deterministically discover, on receipt of a User Agent request for
content, which other CDNI Metadata objects it requires in order to content, which other CDNI Metadata objects it requires in order to
deliver the requested content. deliver the requested content.
The HostIndex links Hostnames (and/or IP addresses) to HostMetadata The HostIndex links Hostnames (and/or IP addresses) to HostMetadata
skipping to change at page 8, line 14 skipping to change at page 8, line 30
up the requested Hostname (or IP address) against the HostMatch up the requested Hostname (or IP address) against the HostMatch
entries in the HostIndex, from there it can find HostMetadata which entries in the HostIndex, from there it can find HostMetadata which
describes properties for a host and PathMetadata which may override describes properties for a host and PathMetadata which may override
those properties for given URI paths within the host. those properties for given URI paths within the host.
HostMetadata and PathMetadata objects may also contain PathMatch HostMetadata and PathMetadata objects may also contain PathMatch
objects which in turn contain PathMetadata objects. PathMetadata objects which in turn contain PathMetadata objects. PathMetadata
objects override the CDNI Metadata in the HostMetadata object or one objects override the CDNI Metadata in the HostMetadata object or one
or more preceding PathMetadata objects with more specific CDNI or more preceding PathMetadata objects with more specific CDNI
Metadata that applies to content requests matching the pattern Metadata that applies to content requests matching the pattern
defined in that PathMatch object. defined in the PatternMatch object of that PathMatch object.
For the purposes of retrieving CDNI Metadata, all other required CDNI For the purposes of retrieving CDNI Metadata, all other required CDNI
Metadata objects and their properties are discoverable from the Metadata objects and their properties are discoverable from the
appropriate HostMetadata, PathMatch and PathMetadata objects for the appropriate HostMetadata, PathMatch and PathMetadata objects for the
requested content. requested content.
The relationships between the HostIndex, HostMatch, HostMetadata, The relationships between the HostIndex, HostMatch, HostMetadata,
PathMatch and PathMetadata objects are described in Figure 1. PathMatch, PatternMatch and PathMetadata objects are described in
Figure 1.
+---------+ +---------+ +------------+ +---------+ +---------+ +------------+
|HostIndex+-(*)->|HostMatch+-(1)->|HostMetadata+-------(*)------+ |HostIndex+-(*)->|HostMatch+-(1)->|HostMetadata+-------(*)------+
+---------+ +---------+ +------+-----+ | +---------+ +---------+ +------+-----+ |
| | | |
(*) | (*) |
| V | V
--> Contains or References V ****************** --> Contains or References V ******************
(1) One and only one +---------+ *Generic Metadata* (1) One and only one +---------+ *Generic Metadata*
(*) Zero or more +--->|PathMatch| * Objects * (*) Zero or more +--->|PathMatch| * Objects *
skipping to change at page 9, line 21 skipping to change at page 9, line 45
| | GenericMetadata objects. | | | GenericMetadata objects. |
| PathMatch | 1 PatternMatch object. 1 PathMetadata object. | | PathMatch | 1 PatternMatch object. 1 PathMetadata object. |
| PatternMatch | Does not contain or reference any other objects. | | PatternMatch | Does not contain or reference any other objects. |
| PathMetadata | 0 or more PathMatch objects. 0 or more | | PathMetadata | 0 or more PathMatch objects. 0 or more |
| | GenericMetadata objects. | | | GenericMetadata objects. |
+--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+
Table 1: Relationships between CDNI Metadata Objects Table 1: Relationships between CDNI Metadata Objects
(Table Representation) (Table Representation)
The table below describes the HostIndex, HostMetadata and The table below describes the HostIndex, HostMatch, HostMetadata,
PathMetadata objects in more detail. PathMatch, PatternMatch and PathMetadata objects in more detail.
+-----------------+-------------------------------------------------+ +-----------------+-------------------------------------------------+
| Data Object | Description | | Data Object | Description |
+-----------------+-------------------------------------------------+ +-----------------+-------------------------------------------------+
| HostIndex | A HostIndex object lists HostMatch objects | | HostIndex | A HostIndex object lists HostMatch objects |
| HostMatch | A HostMatch object defines a hostname (or IP | | HostMatch | A HostMatch object defines a hostname (or IP |
| | address) to match against a requested host, and | | | address) to match against a requested host, and |
| | contains (or references) a HostMetadata object | | | contains (or references) a HostMetadata object |
| | which contains (or references) CDNI Metadata | | | which contains (or references) CDNI Metadata |
| | objects to be applied when a request matches | | | objects to be applied when a request matches |
skipping to change at page 9, line 48 skipping to change at page 10, line 23
| HostMetadata | A HostMetadata object contains (or references) | | HostMetadata | A HostMetadata object contains (or references) |
| | the default CDNI Metadata objects for content | | | the default CDNI Metadata objects for content |
| | served from that host, i.e., the CDNI Metadata | | | served from that host, i.e., the CDNI Metadata |
| | objects for content requests that do not match | | | objects for content requests that do not match |
| | any of the PathMatch objects contained (or | | | any of the PathMatch objects contained (or |
| | referenced) by that HostMetadata object. For | | | referenced) by that HostMetadata object. For |
| | example, a HostMetadata object may describe the | | | example, a HostMetadata object may describe the |
| | metadata properties which apply to | | | metadata properties which apply to |
| | "example.com" and may contain PathMatches for | | | "example.com" and may contain PathMatches for |
| | "example.com/movies/*" and | | | "example.com/movies/*" and |
| | "example.com/music/*" which reference | | | "example.com/music/*" which in turn reference |
| | corresponding PathMetadata objects that contain | | | corresponding PathMetadata objects that contain |
| | the CDNI Metadata objects for those more | | | the CDNI Metadata objects for those more |
| | specific URI paths. | | | specific URI paths. |
| PathMatch | A PathMatch object defines a pattern (inside a | | PathMatch | A PathMatch object defines a pattern (inside a |
| | PatternMatch object which PathMatch object | | | PatternMatch object which the PathMatch object |
| | contains or references) to match against the | | | contains or references) to match against the |
| | requested URI path, and contains (or | | | requested URI path, and contains (or |
| | references) a PathMetadata object which | | | references) a PathMetadata object which |
| | contains (or references) the CDNI Metadata | | | contains (or references) the CDNI Metadata |
| | objects to be applied when a content request | | | objects to be applied when a content request |
| | matches against the defined URI path pattern. | | | matches against the defined URI path pattern. |
| | For example, a PathMatch object may include a | | | For example, a PathMatch object may include a |
| | PatternMatch object containing a pattern for | | | PatternMatch object containing a pattern for |
| | the path "/movies/*" and may reference a | | | the path "/movies/*" and may reference a |
| | PathMetadata object which contains (or | | | PathMetadata object which contains (or |
skipping to change at page 10, line 30 skipping to change at page 11, line 6
| PathMetadata | A PathMetadata object contains (or references) | | PathMetadata | A PathMetadata object contains (or references) |
| | the CDNI GenericMetadata objects for content | | | the CDNI GenericMetadata objects for content |
| | served with the associated URI path (defined in | | | served with the associated URI path (defined in |
| | a PathMatch object). A PathMetadata object may | | | a PathMatch object). A PathMetadata object may |
| | also contain (or reference) PathMatch objects | | | also contain (or reference) PathMatch objects |
| | in order to recursively define more specific | | | in order to recursively define more specific |
| | URI paths that require different (e.g., more | | | URI paths that require different (e.g., more |
| | specific) CDNI Metadata to this one. For | | | specific) CDNI Metadata to this one. For |
| | example, the PathMetadata object which applies | | | example, the PathMetadata object which applies |
| | to "example.com/movies/*" may describe CDNI | | | to "example.com/movies/*" may describe CDNI |
| | Metadata which apply to that resource path and | | | Metadata which apply to that URI path and may |
| | may contain a PathMatch object for | | | contain a PathMatch object for |
| | "example.com/movies/hd/*" which would reference | | | "example.com/movies/hd/*" which would reference |
| | the corresponding PathMetadata object for the | | | the corresponding PathMetadata object for the |
| | "example.com/movies/hd/" path prefix. | | | "example.com/movies/hd/" path prefix. |
| GenericMetadata | A GenericMetadata object contains (or | | GenericMetadata | A GenericMetadata object contains (or |
| | references) individual CDNI Metadata objects | | | references) individual CDNI Metadata objects |
| | which define the specific policies and | | | which define the specific policies and |
| | attributes needed to properly deliver the | | | attributes needed to properly deliver the |
| | associated content. For example, a | | | associated content. For example, a |
| | GenericMetadata object may describe the source | | | GenericMetadata object may describe the source |
| | from which a CDN may acquire a piece of | | | from which a CDN may acquire a piece of |
| | content. The GenericMetadata object is an | | | content. The GenericMetadata object is an |
| | atomic unit that may be referenced by | | | atomic unit that may be referenced by |
| | HostMetadata and/or PathMetadata objects, but | | | HostMetadata and/or PathMetadata objects, but |
| | SHOULD NOT contain references to other CDNI | | | SHOULD NOT contain references to other CDNI |
| | Metadata objects. The member objects of a | | | Metadata objects. The member objects of a |
| | specific CDNI Metadata object MAY be referenced | | | specific CDNI Metadata object MAY be referenced |
| | by the GenericMetadata object. | | | by the GenericMetadata object. |
+-----------------+-------------------------------------------------+ +-----------------+-------------------------------------------------+
Table 2: HostIndex, HostMetadata and PathMetadata CDNI Metadata
Objects Table 2: HostIndex, HostMatch, HostMetadata, PathMatch, PatternMatch
and PathMetadata CDNI Metadata Objects
3.2. Generic CDNI Metadata Object Properties 3.2. Generic CDNI Metadata Object Properties
The HostMetadata and PathMetadata objects contain or can reference The HostMetadata and PathMetadata objects contain or can reference
other CDNI Metadata objects that contain properties which describe other CDNI Metadata objects that contain properties which describe
how User Agent requests for content should be processed, for example how User Agent requests for content should be processed, for example
where to acquire the content, authorization rules that should be where to acquire the content, authorization rules that should be
applied, delivery location restrictions and so on. Each such CDNI applied, delivery location restrictions and so on. Each such CDNI
Metadata object is a specialization of a CDNI GenericMetadata object. Metadata object is a specialization of a CDNI GenericMetadata object.
The GenericMetadata object abstracts the basic information required The GenericMetadata object abstracts the basic information required
skipping to change at page 11, line 40 skipping to change at page 12, line 15
Although a CDN MUST NOT serve content to a User Agent if a Although a CDN MUST NOT serve content to a User Agent if a
"mandatory-to-enforce" property cannot be enforced, it may be "safe- "mandatory-to-enforce" property cannot be enforced, it may be "safe-
to-redistribute" that metadata to another CDN without modification. to-redistribute" that metadata to another CDN without modification.
For example, in the cascaded CDN case, a transit CDN may pass through For example, in the cascaded CDN case, a transit CDN may pass through
"mandatory-to-enforce" metadata to a downstream CDN. For Metadata "mandatory-to-enforce" metadata to a downstream CDN. For Metadata
which does not require customization or translation (i.e., metadata which does not require customization or translation (i.e., metadata
that is "safe-to-redistribute"), the data representation received off that is "safe-to-redistribute"), the data representation received off
the wire MAY be stored and redistributed without being natively the wire MAY be stored and redistributed without being natively
understood or supported by the transit CDN. However, for Metadata understood or supported by the transit CDN. However, for Metadata
which requires translation, transparent redistribution of the uCDN which requires translation, transparent redistribution of the uCDN
Metadata values may not be appropriate. Certain Metadata may be Metadata values might not be appropriate. Certain Metadata may be
safely, though possibly not optimally, redistributed unmodified. For safely, though possibly not optimally, redistributed unmodified. For
example, source acquisition address may not be optimal if example, source acquisition address may not be optimal if
transparently redistributed, but may still work. transparently redistributed, but might still work.
Redistribution safety MUST be specified for each GenericMetadata. If Redistribution safety MUST be specified for each GenericMetadata. If
a CDN does not understand or support a given GenericMetadata property a CDN does not understand or support a given GenericMetadata property
type and the property type is not "safe-to-redistribute", before type and the property type is not "safe-to-redistribute", before
redistributing the metadata, the CDN MUST set the "incomprehensible" redistributing the metadata, the CDN MUST set the "incomprehensible"
flag for the GenericMetadata property that it did not understand and flag for the GenericMetadata property that it did not understand and
was marked as not "safe-to-redistribute". The "incomprehensible" was marked as not "safe-to-redistribute". The "incomprehensible"
flag signals to a dCDN that the metadata was not properly transformed flag signals to a dCDN that the metadata was not properly transformed
by the transit CDN. A CDN MUST NOT attempt to use metadata that has by the transit CDN. A CDN MUST NOT attempt to use metadata that has
been marked as "incomprehensible" by a uCDN. been marked as "incomprehensible" by a uCDN.
skipping to change at page 12, line 29 skipping to change at page 13, line 16
| MtE | StR | Metadata | Actions | | MtE | StR | Metadata | Actions |
| | | Understood | | | | | Understood | |
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
| False | True | True | Can serve and redistribute. | | False | True | True | Can serve and redistribute. |
| False | True | False | Can serve and redistribute. | | False | True | False | Can serve and redistribute. |
| False | False | False | Can serve. MUST set | | False | False | False | Can serve. MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
| False | False | True | Can serve. Can redistribute either | | False | False | True | Can serve. Can redistribute either |
| | | | by transforming not StR metadata (if | | | | | by transforming not StR metadata (if |
| | | | the CDN know how to do so safely), | | | | | the CDN knows how to do so safely), |
| | | | otherwise MUST set | | | | | otherwise MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
| True | True | True | Can serve and redistribute. | | True | True | True | Can serve and redistribute. |
| True | True | False | MUST NOT serve but can redistribute. | | True | True | False | MUST NOT serve but can redistribute. |
| True | False | True | Can serve and redistribute. | | True | False | True | Can serve and redistribute. |
| True | False | False | MUST NOT serve. MUST set | | True | False | False | MUST NOT serve. MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
skipping to change at page 13, line 18 skipping to change at page 13, line 46
+-------+------------+--------+-------------------------------------+ +-------+------------+--------+-------------------------------------+
| False | True | False | Can serve. | | False | True | False | Can serve. |
| False | True | True | Can serve but MUST NOT | | False | True | True | Can serve but MUST NOT |
| | | | interpret/apply any metadata marked | | | | | interpret/apply any metadata marked |
| | | | incomprehensible. | | | | | incomprehensible. |
| False | False | False | Can serve. | | False | False | False | Can serve. |
| False | False | True | Can serve but MUST NOT | | False | False | True | Can serve but MUST NOT |
| | | | interpret/apply any metadata marked | | | | | interpret/apply any metadata marked |
| | | | incomprehensible. | | | | | incomprehensible. |
| True | True | False | Can serve. | | True | True | False | Can serve. |
| True | True | True | Can serve but MUST NOT | | True | True | True | MUST NOT serve. |
| | | | interpret/apply any metadata marked |
| | | | incomprehensible. |
| True | False | False | MUST NOT serve. | | True | False | False | MUST NOT serve. |
| True | False | True | MUST NOT serve. | | True | False | True | MUST NOT serve. |
+-------+------------+--------+-------------------------------------+ +-------+------------+--------+-------------------------------------+
3.3. Metadata Inheritance and Override 3.3. Metadata Inheritance and Override
In the data model, a HostMetadata object may contain (or reference) In the Metadata model, a HostMetadata object may contain (or
multiple PathMetadata objects (via PathMatch objects). Each reference) multiple PathMetadata objects (via PathMatch objects).
PathMetadata object may in turn contain (or reference) other Each PathMetadata object may in turn contain (or reference) other
PathMetadata objects. HostMetadata and PathMetadata objects form an PathMetadata objects. HostMetadata and PathMetadata objects form an
inheritance tree where each node in the tree inherits or overrides inheritance tree where each node in the tree inherits or overrides
the property values set by its parent. the property values set by its parent.
GenericMetadata objects of a given type override all GenericMetadata GenericMetadata objects of a given type override all GenericMetadata
objects of the same type previously defined by any parent object in objects of the same type previously defined by any parent object in
the tree. GenericMetadata objects of a given type previously defined the tree. GenericMetadata objects of a given type previously defined
by a parent object in the tree are inherited when no object of the by a parent object in the tree are inherited when no object of the
same type is defined by the child object. For example, if same type is defined by the child object. For example, if
HostMetadata for the host "example.com" contains GenericMetadata HostMetadata for the host "example.com" contains GenericMetadata
objects of type LocationACL and TimeWindowACL, while a PathMetadata objects of type LocationACL and TimeWindowACL, while a PathMetadata
object which applies to "example.com/movies/*" defines an alternate object which applies to "example.com/movies/*" defines an alternate
GenericMetadata object of type TimeWindowACL, then: GenericMetadata object of type TimeWindowACL, then:
o the TimeWindowACL defined in the PathMetadata would override the o the TimeWindowACL defined in the PathMetadata would override the
TimeWindowACL defined in the HostMetadata for all User Agent TimeWindowACL defined in the HostMetadata for all User Agent
requests for content under "example.com/movies", and requests for content under "example.com/movies/", and
o the LocationACL defined in the HostMetadata would be inherited for o the LocationACL defined in the HostMetadata would be inherited for
all User Agent requests for content under "example.com/movies". all User Agent requests for content under "example.com/movies/".
o A single HostMetadata or PathMetadata object SHOULD NOT contain o A single HostMetadata or PathMetadata object SHOULD NOT contain
multiple GenericMetadata objects of the same type. If a list of multiple GenericMetadata objects of the same type. If a list of
GenericMetadata contains objects of duplicate types, the receiver GenericMetadata contains objects of duplicate types, the receiver
MUST ignore all but the first object of each type. MUST ignore all but the first object of each type.
4. Encoding-Independent CDNI Metadata Object Descriptions 4. Encoding-Independent CDNI Metadata Object Descriptions
Section 4.1 provides the definitions of each object type declared in Section 4.1 provides the definitions of each metadata object type
Section 3. These objects are described as structural objects as they declared in Section 3. These metadata objects are described as
provide the structure for the inheritance tree and identify which structural objects as they provide the structure for the inheritance
specific properties apply to a given User Agent content request. tree and identify which specific properties apply to a given User
Agent content request.
Section 4.2 provides the definitions for a base set of core metadata Section 4.2 provides the definitions for a base set of core metadata
objects which may be contained within a GenericMetadata object. objects which may be contained within a GenericMetadata object.
These objects are described as property objects, as they define the These metadata objects are described as property objects, as they
structure, semantics, and enforcement options for specific properties define the structure, semantics, and enforcement options for specific
of the metadata being described. Property objects govern how User properties of the metadata being described. Property objects govern
Agent requests for content are handled. Property objects may be how User Agent requests for content are handled. Property objects
composed of, or contain references to, other property sub-objects may be composed of, or contain references to, other property sub-
(i.e., property objects contained within or referenced by the objects (i.e., property objects contained within or referenced by the
property object that refers to that property sub-object). In those property object that refers to that property sub-object). In those
cases the value of the property sub-objects can be either a complete cases the value of the property sub-objects can be either a complete
serialized representation of the sub-object, or a Link object that serialized representation of the sub-object, or a Link object that
contains a URI and relationship that can be dereferenced to retrieve contains a URI that can be dereferenced to retrieve the complete
the complete serialized representation of the property sub-object. serialized representation of the property sub-object.
Section 6.5 discusses the ability to extend the base set of metadata Section 6.5 discusses the ability to extend the base set of metadata
objects specified in this document with additional standards based or objects specified in this document with additional standards based or
vendor specific property objects that may be defined in the future in vendor specific property objects that may be defined in the future in
separate documents. separate documents.
Downstream CDNs MUST support parsing of all CDNI metadata objects Downstream CDNs MUST support parsing of all CDNI metadata objects
specified in this document. A dCDN does not have to implement the specified in this document. A dCDN does not have to implement the
underlying functionality represented by the metadata object, though underlying functionality represented by the metadata object, though
that may restrict the content that a given dCDN can serve. uCDNs as that may restrict the content that a given dCDN can serve. uCDNs as
generators of CDNI Metadata only need to support generating the CDNI generators of CDNI Metadata only need to support generating the CDNI
metadata that they need in order to express the policies and metadata that they need in order to express the policies and
treatment required by the content they are describing. treatment required by the content they are describing.
Note: In the following sections, the term "mandatory-to-specify" is Note: In the following sections, the term "mandatory-to-specify" is
used to convey which property sub-objects MUST be specified for a used to convey which property sub-objects MUST be specified for a
given structural or property object. When mandatory-to-specify is given structural or property object. When mandatory-to-specify is
set to true on a sub-object, it implies that if the property object specified as "Yes" by this document for an individual property or
containing that property sub-object is specified, then the mandatory- sub-object, it means that if the property object containing that
to-specify property sub-object MUST also be specified, e.g., a property or sub-object is included in a metadata response, then the
HostMatch property object without a host to match against does not mandatory-to-specify property or sub-object MUST also be included
make sense, therefore, the host is mandatory-to-specify inside a (directly or by reference) in the response, e.g., a HostMatch
HostMatch property object. property object without a host to match against does not make sense,
therefore, the host is mandatory-to-specify inside a HostMatch
property object.
4.1. Descriptions of the CDNI Structural Metadata Objects 4.1. Descriptions of the CDNI Structural Metadata Objects
Each of the sub-sections below describe the structural objects Each of the sub-sections below describe the structural objects
defined in Table 2. defined in Table 2.
4.1.1. HostIndex 4.1.1. HostIndex
The HostIndex object is the entry point into the CDNI Metadata The HostIndex object is the entry point into the CDNI Metadata
hierarchy. It contains (or references) a list of HostMatch objects. hierarchy. It contains (or references) a list of HostMatch objects.
An incoming content request is checked against the hostname (or IP An incoming content request is checked against the hostname (or IP
address) specified by each of the listed HostMatch objects to find address) specified by each of the listed HostMatch objects to find
the HostMatch object which applies to the request. the HostMatch object which applies to the request.
Property: hosts Property: hosts
Description: List of HostMatch objects, in priority order. Description: List of HostMatch objects. Hosts (HostMatch
objects) MUST be evaluated in the order they appear and the
first HostMatch object that matches the content request being
processed MUST be used.
Type: List of HostMatch objects Type: List of HostMatch objects
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.1.2. HostMatch 4.1.2. HostMatch
The HostMatch object contains a hostname or IP address to match The HostMatch object contains a hostname or IP address to match
against content requests. The HostMatch object also contains or against content requests. The HostMatch object also contains or
references a HostMetadata object to apply if a match is found. references a HostMetadata object to apply if a match is found.
Property: host Property: host
Description: String (hostname or IP address) to match against Description: String (hostname or IP address) to match against
the requested host. the requested host. In order for a hostname or IP address in a
content request to match the hostname or IP address in the host
property the value when converted to lowercase in the content
request MUST be identical to the value of the host property
when converted to lowercase.
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: host-metadata Property: host-metadata
Description: CDNI Metadata to apply when delivering content Description: CDNI Metadata to apply when delivering content
that matches this host. that matches this host.
skipping to change at page 16, line 24 skipping to change at page 17, line 10
Type: List of GenericMetadata objects Type: List of GenericMetadata objects
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: paths Property: paths
Description: Path specific rules. Path patterns (PathMatch Description: Path specific rules. Path patterns (PathMatch
objects) MUST be evaluated in the order they appear and the objects) MUST be evaluated in the order they appear and the
first PathMatch object that matches the content request being first PathMatch object that matches the content request being
process is applied. processed MUST be used.
Type: List of PathMatch objects Type: List of PathMatch objects
Mandatory-to-Specify: No. Mandatory-to-Specify: No.
4.1.4. PathMatch 4.1.4. PathMatch
The PathMatch object contains (or references) an expression given as The PathMatch object contains (or references) an expression given as
a PatternMatch object to match against a resource URI path and a PatternMatch object to match against a resource URI path and
contains or references a PathMetadata object to apply if a match is contains or references a PathMetadata object to apply if a match is
skipping to change at page 17, line 4 skipping to change at page 17, line 38
Type: PatternMatch Type: PatternMatch
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: path-metadata Property: path-metadata
Description: CDNI Metadata to apply when delivering content Description: CDNI Metadata to apply when delivering content
that matches this path. that matches this path.
Type: PathMetadata Type: PathMetadata
Mandatory-to-Specify: Yes.
4.1.5. PathMetadata
A PathMetadata object contains (or references) the CDNI Metadata
properties for content served with the associated URI path (defined
in a PathMatch object) and possibly child PathMatch objects.
Note that if DNS-based redirection is employed, then any metadata at
the PathMetadata level or below will be inaccessible at request
routing time because only the content request hostname is available
at request routing time.
Property: metadata
Description: List of path related metadata.
Type: List of GenericMetadata objects
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: paths 4.1.5. PatternMatch
Description: Path specific rules. First match applies.
Type: List of PathMatch objects
Mandatory-to-Specify: No.
4.1.6. PatternMatch
A PatternMatch object contains the pattern string and flags that A PatternMatch object contains the pattern string and flags that
describe the PathMatch expression. describe the PathMatch expression.
Property: pattern Property: pattern
Description: A pattern for string matching. The pattern may Description: A pattern for string matching. The pattern may
contain the wildcards * and ?, where * matches any sequence of contain the wildcards * and ?, where * matches any sequence of
characters (including the empty string) and ? matches exactly characters (including the empty string) and ? matches exactly
one character. The three literals \ , * and ? should be one character. The three literals \ , * and ? should be
skipping to change at page 18, line 14 skipping to change at page 18, line 23
Description: Flag indicating whether or not case-sensitive Description: Flag indicating whether or not case-sensitive
matching should be used. matching should be used.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is case-insensitive match. Mandatory-to-Specify: No. Default is case-insensitive match.
Property: ignore-query-string Property: ignore-query-string
Description: List of query parameters which should be ignored Description: List of query parameters which should be ignored
when searching for a pattern match. If all query parameters when searching for a pattern match. Matching against query
should be ignored then the list MUST be empty. parameters to ignore MUST be case-insensitive. If all query
parameters should be ignored then the list MUST be empty.
Type: List of String Type: List of String
Mandatory-to-Specify: No. Default is to include query strings Mandatory-to-Specify: No. Default is to include query strings
when matching. when matching.
4.1.6. PathMetadata
A PathMetadata object contains (or references) the CDNI Metadata
properties for content served with the associated URI path (defined
in a PathMatch object) and possibly child PathMatch objects.
Note that if DNS-based redirection is employed, then a dCDN will be
unable to evaulate any metadata at the PathMetadata level or below
against the content redirection request at request routing time
because only the content request hostname is available at request
routing time. dCDNs SHOULD still process any metadata at the
PathMetadata level or below before responding to the redirection
request in order to detect if any unsupported metadata is specifed.
If any metadata is included that is not supported by the dCDN then
the dCDN SHOULD NOT redirect the the content redirection request to
itself in order to avoid receiving content requests that it is not
able to satisfy/serve.
Property: metadata
Description: List of path related metadata.
Type: List of GenericMetadata objects
Mandatory-to-Specify: Yes.
Property: paths
Description: Path specific rules. First match applies.
Type: List of PathMatch objects
Mandatory-to-Specify: No.
4.1.7. GenericMetadata 4.1.7. GenericMetadata
A GenericMetadata object is an abstraction for managing individual A GenericMetadata object is an abstraction for managing individual
CDNI Metadata properties in an opaque manner. CDNI Metadata properties in an opaque manner.
Property: generic-metadata-type Property: generic-metadata-type
Description: CDNI Metadata property object type. Description: Case-insensitive CDNI Metadata property object
type.
Type: MIME Type String (from Section 7.1) Type: String containing a MIME Media Type
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: generic-metadata-value Property: generic-metadata-value
Description: CDNI Metadata property object. Description: CDNI Metadata property object.
Type: Format/Type is defined by the value of generic-metadata- Type: Format/Type is defined by the value of generic-metadata-
type property above. type property above.
skipping to change at page 19, line 4 skipping to change at page 19, line 47
type property above. type property above.
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: mandatory-to-enforce Property: mandatory-to-enforce
Description: Flag identifying whether or not the enforcement of Description: Flag identifying whether or not the enforcement of
the property Metadata is required. the property Metadata is required.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is to treat metadata as Mandatory-to-Specify: No. Default is to treat metadata as
mandatory to enforce (i.e., true). mandatory to enforce (i.e., a value of True).
Property: safe-to-redistribute Property: safe-to-redistribute
Description: Flag identifying whether or not the property Description: Flag identifying whether or not the property
Metadata may be safely redistributed without modification. Metadata may be safely redistributed without modification.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is allow transparent Mandatory-to-Specify: No. Default is allow transparent
redistribution (i.e., true). redistribution (i.e., a value of True).
Property: incomprehensible Property: incomprehensible
Description: Flag identifying whether or not any CDN in the Description: Flag identifying whether or not any CDN in the
chain of delegation has failed to understand and/or failed to chain of delegation has failed to understand and/or failed to
properly transform the Metadata. properly transform this metadata object. Note: This flag only
applies to metadata objects whose safe-to-redistribute property
has a value of False.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is comprehensible (i.e., Mandatory-to-Specify: No. Default is comprehensible (i.e., a
false). value of False).
4.2. Description of the CDNI Generic Metadata Objects 4.2. Description of the CDNI Generic Metadata Objects
The property objects defined below are intended to be used in the The property objects defined below are intended to be used in the
GenericMetadata object generic-metadata-value field as defined in GenericMetadata object generic-metadata-value field as defined in
Section 4.1.7 and their generic-metadata-type property MUST be set to Section 4.1.7 and their generic-metadata-type property MUST be set to
the appropriate Media Type as defined in Section 7.1. the appropriate Media Type as defined in Table 3.
4.2.1. Source Metadata 4.2.1. SourceMetadata
Source Metadata provides the dCDN information about content Source Metadata provides the dCDN information about content
acquisition, i.e., how to contact an uCDN Surrogate or an Origin acquisition, i.e., how to contact an uCDN Surrogate or an Origin
Server to obtain the content to be served. The sources are not Server to obtain the content to be served. The sources are not
necessarily the actual Origin Servers operated by the CSP but might necessarily the actual Origin Servers operated by the CSP but might
be a set of Surrogates in the uCDN. be a set of Surrogates in the uCDN.
Endpoints within a source should be treated as equivalent/equal so Endpoints within a source should be treated as equivalent/equal so
one can specify a list of sources in preference order and for each one can specify a list of sources in preference order and for each
source/preference rank one can specify a list of endpoints that are source/preference rank one can specify a list of endpoints that are
skipping to change at page 21, line 30 skipping to change at page 22, line 21
independent GenericMetadata objects, they may provide conflicting independent GenericMetadata objects, they may provide conflicting
information to a dCDN, e.g., a content request which is information to a dCDN, e.g., a content request which is
simultaneously allowed based on the LocationACL and denied based on simultaneously allowed based on the LocationACL and denied based on
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs
(where 'allow' is true and 'deny' is false) to determine whether or (where 'allow' is true and 'deny' is false) to determine whether or
not a request should be allowed. Thus, in the example given, the not a request should be allowed. Thus, in the example given, the
request should be denied. request should be denied.
Property: locations Property: locations
Description: Access control list which allows or blocks Description: Access control list which allows or denies
delivery based on client location. (blocks) delivery based on client location.
Type: List of LocationRule objects Type: List of LocationRule objects
Mandatory-to-Specify: No. Default is allow all locations. Mandatory-to-Specify: No. Default is allow all locations.
4.2.2.1. LocationRule 4.2.2.1. LocationRule
A LocationRule contains or references a list of Footprint objects and A LocationRule contains or references a list of Footprint objects and
the corresponding action. the corresponding action.
skipping to change at page 22, line 14 skipping to change at page 23, line 8
Description: Defines whether the rule specifies locations to Description: Defines whether the rule specifies locations to
allow or deny. allow or deny.
Type: Enumeration [allow|deny] Type: Enumeration [allow|deny]
Mandatory-to-Specify: No. Default is deny. Mandatory-to-Specify: No. Default is deny.
4.2.2.2. Footprint 4.2.2.2. Footprint
A Footprint object describes the footprint to which a LocationRule A Footprint object describes the footprint to which a LocationRule
may be applied by, e.g., an IPv4 address range or a geographic may be applied to, e.g., an IPv4 address range or a geographic
location. location.
Property: footprint-type Property: footprint-type
Description: Registered footprint type (see Section 7.1.1.1). Description: Registered footprint type. The footprint types
specified by this document are: IPv4CIDR (see Section 4.3.7),
IPv6CIDR (see Section 4.3.8), Autonomous System Number (see
Section 4.3.9) and Country Code (see Section 4.3.10).
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: footprint-value Property: footprint-value
Description: Footprint object conforming to the specification Description: Footprint object conforming to the specification
associated with the registered footprint type. associated with the registered footprint type.
skipping to change at page 23, line 12 skipping to change at page 24, line 8
information to a dCDN, e.g., a content request which is information to a dCDN, e.g., a content request which is
simultaneously allowed based on the LocationACL and denied based on simultaneously allowed based on the LocationACL and denied based on
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs
(where 'allow' is true and 'deny' is false) to determine whether or (where 'allow' is true and 'deny' is false) to determine whether or
not a request should be allowed. Thus, in the example given, the not a request should be allowed. Thus, in the example given, the
request should be denied. request should be denied.
Property: times Property: times
Description: Description: Access control list which allows or Description: Description: Access control list which allows or
blocks delivery based on request time. denies (blocks) delivery based on request time.
Type: List of TimeWindowRule objects Type: List of TimeWindowRule objects
Mandatory-to-Specify: No. Default is allow all time windows. Mandatory-to-Specify: No. Default is allow all time windows.
4.2.3.1. TimeWindowRule 4.2.3.1. TimeWindowRule
A TimeWindowRule contains or references a list of TimeWindow objects A TimeWindowRule contains or references a list of TimeWindow objects
and the corresponding action. and the corresponding action.
skipping to change at page 24, line 31 skipping to change at page 25, line 26
from the first protocol to match against the request protocol is the from the first protocol to match against the request protocol is the
action a CDN MUST take. If two or more request protocols overlap, action a CDN MUST take. If two or more request protocols overlap,
the first protocol that matches thre request protocol determines the the first protocol that matches thre request protocol determines the
action a CDN MUST take. If the protocol-acl property is included but action a CDN MUST take. If the protocol-acl property is included but
is empty, or if none of the listed protocol matches the request is empty, or if none of the listed protocol matches the request
protocol, then the result is an action of deny. protocol, then the result is an action of deny.
Although the LocationACL, TimeWindowACL, and ProtocolACL are Although the LocationACL, TimeWindowACL, and ProtocolACL are
independent GenericMetadata objects, they may provide conflicting independent GenericMetadata objects, they may provide conflicting
information to a dCDN, e.g., a content request which is information to a dCDN, e.g., a content request which is
simultaneously allowed based on the LocationACL and denied based on simultaneously allowed based on the ProtocolACL and denied based on
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs
(where 'allow' is true and 'deny' is false) to determine whether or (where 'allow' is true and 'deny' is false) to determine whether or
not a request should be allowed. Thus, in the example given, the not a request should be allowed. Thus, in the example given, the
request should be denied. request should be denied.
Property: protocol-acl Property: protocol-acl
Description: Description: Access control list which allows or Description: Description: Access control list which allows or
blocks delivery based on delivery protocol. denies (blocks) delivery based on delivery protocol.
Type: List of ProtocolRule objects Type: List of ProtocolRule objects
Mandatory-to-Specify: No. Default is allow all protocols. Mandatory-to-Specify: No. Default is allow all protocols.
4.2.4.1. ProtocolRule 4.2.4.1. ProtocolRule
A ProtocolRule contains or references a list of Protocol objects. A ProtocolRule contains or references a list of Protocol objects.
ProtocolRule objects are used to construct a ProtocolACL to apply ProtocolRule objects are used to construct a ProtocolACL to apply
restrictions to content acquisition or delivery. restrictions to content acquisition or delivery.
skipping to change at page 25, line 46 skipping to change at page 26, line 39
required. required.
4.2.6. Cache 4.2.6. Cache
A Cache object describes the cache control parameters to be applied A Cache object describes the cache control parameters to be applied
to the content by intermediate caches. to the content by intermediate caches.
Property: ignore-query-string Property: ignore-query-string
Description: Allows a cache to ignore URI query string Description: Allows a cache to ignore URI query string
parameters while comparing URIs for equivalence. Each query parameters while comparing URIs for equivalence. Matching
parameter to ignore is specified in the list. If all query against query parameters to ignore MUST be case-insensitive.
parameters should be ignored, then the list MUST be specified Each query parameter to ignore is specified in the list. If
and MUST be empty. all query parameters should be ignored, then the list MUST be
specified and MUST be empty.
Type: List of String Type: List of String
Mandatory-to-Specify: No. Default is to consider query string Mandatory-to-Specify: No. Default is to consider query string
parameters when comparing URIs. parameters when comparing URIs.
4.2.7. Grouping 4.2.7. Grouping
A Grouping object identifies a large group of content to which a A Grouping object identifies a large group of content to which a
given asset belongs. given asset belongs.
Property: ccid Property: ccid
skipping to change at page 27, line 6 skipping to change at page 28, line 4
Property: href Property: href
Description: The URI of the addressable object being Description: The URI of the addressable object being
referenced. referenced.
Type: URI Type: URI
Mandatory-to-Specify: Yes Mandatory-to-Specify: Yes
Property: type Property: type
Description: The type of the object being referenced. Description: The type of the object being referenced.
Type: String Type: String
Mandatory-to-Specify: No Mandatory-to-Specify: No
4.3.2. Protocol 4.3.2. Protocol
Protocol objects are used to specify registered protocols for content Protocol objects are used to specify registered protocols for content
acquisition or delivery (see Section 7.1.1.2). acquisition or delivery (see Section 7.2).
Type: String Type: String
4.3.3. Endpoint 4.3.3. Endpoint
A hostname (with optional port) or an IP address (with optional A hostname (with optional port) or an IP address (with optional
port). port).
Note: All implementations MUST support IPv4 addresses encoded as Note: All implementations MUST support IPv4 addresses encoded as
specified by the 'IPv4address' rule in Section 3.2.2 of [RFC3986] and specified by the 'IPv4address' rule in Section 3.2.2 of [RFC3986] and
skipping to change at page 27, line 46 skipping to change at page 28, line 43
Type: String Type: String
4.3.5. Time 4.3.5. Time
A time value expressed in seconds since Unix epoch in the UTC A time value expressed in seconds since Unix epoch in the UTC
timezone. timezone.
Type: Integer Type: Integer
4.4. Auth 4.3.6. Auth
An Auth object defines authentication and authorization methods to be An Auth object defines authentication and authorization methods to be
used during content acquisition and content delivery, respectively. used during content acquisition and content delivery, respectively.
Property: auth-type Property: auth-type
Description: Registered Auth type (see Section 7.1.1.3).
Description: Registered Auth type (see Section 4.3.6.1 and
Section 7.3).
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: auth-value Property: auth-value
Description: An object conforming to the specification Description: An object conforming to the specification
associated with the Registered Auth type. associated with the Registered Auth type.
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.4.1. CredentialAuth Type 4.3.6.1. CredentialAuth Type
CredentialAuth is a Registered Auth type defining an object for CredentialAuth is a Registered Auth type defining an object for
encapsulating user credentials (i.e., username and password) (see encapsulating user credentials (i.e., username and password) (see
Section 7.1.1.3). The CredentialAuth object contains the following Section 7.3). The CredentialAuth object contains the following
properties: properties:
Property: username Property: username
Description: Identification of user. Description: Identification of user.
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: password Property: password
Description: Password for user identified by username property. Description: Password for user identified by username property.
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
4.3.7. IPv4CIDR
An IPv4address CIDR block encoded as specified by the 'IPv4address'
rule in Section 3.2.2 of [RFC3986] followed by a / followed by an
unsigned integer representing the leading bits of the routing prefix
(i.e. IPv4 CIDR notation). Single IP addresses can be expressed as
/32.
Type: String
4.3.8. IPv6CIDR
An IPv6address CIDR block encoded in one of the IPv6 address formats
specified in [RFC5952] followed by a / followed by an unsigned
integer representing the leading bits of the routing prefix (i.e.
IPv6 CIDR notation). Single IP addresses can be expressed as /128.
Type: String
4.3.9. ASN
An Autonomous System Number encoded as a string consisting of the
characters AS (in uppercase) followed by the Autonomous System
number. For example "AS64496".
Type: String
4.3.10. CountryCode
An ISO 3166-1 alpha-2 code [ISO3166-1] in lowercase.
Type: String
5. CDNI Metadata Capabilities 5. CDNI Metadata Capabilities
CDNI Metadata is used to convey information pertaining to content CDNI Metadata is used to convey information pertaining to content
delivery from uCDN to dCDN. For optional metadata, it may be useful delivery from uCDN to dCDN. For optional metadata, it may be useful
for the uCDN to know if the dCDN supports the metadata, prior to for the uCDN to know if the dCDN supports the metadata, prior to
delegating any content requests to the dCDN. If optional-to- delegating any content requests to the dCDN. If optional-to-
implement metadata is "mandatory-to-enforce", and the dCDN does not implement metadata is "mandatory-to-enforce", and the dCDN does not
support it, any delegated requests for that content will fail. The support it, any delegated requests for that content will fail. The
uCDN will likely want to avoid delegating those requests to that uCDN will likely want to avoid delegating those requests to that
dCDN. Likewise, for any metadata which may be assigned optional dCDN. Likewise, for any metadata which may be assigned optional
values, it may be useful for the uCDN to know which values a dCDN values, it may be useful for the uCDN to know which values a dCDN
supports, prior to delegating any content requests to that dCDN. If supports, prior to delegating any content requests to that dCDN. If
the optional value assigned to a given piece of content's metadata is the optional value assigned to a given piece of content's metadata is
not supported by the dCDN, any delegated requests for that content not supported by the dCDN, any delegated requests for that content
may fail, so again the uCDN is likely to want to avoid delegating may fail, so again the uCDN is likely to want to avoid delegating
those requests to that dCDN. those requests to that dCDN.
The CDNI Footprint and Capabilities Interface (FCI) The CDNI Footprint and Capabilities Interface (FCI) [RFC7336]
[I-D.ietf-cdni-framework] provides a means of advertising provides a means of advertising capabilities from dCDN to uCDN.
capabilities from dCDN to uCDN. Support for optional metadata and Support for optional metadata and support for optional metadata
support for optional metadata values may be advertised using the FCI. values may be advertised using the FCI.
6. CDNI Metadata interface 6. CDNI Metadata interface
This section specifies an interface to enable a Downstream CDN to This section specifies an interface to enable a Downstream CDN to
retrieve CDNI Metadata objects from an Upstream CDN. retrieve CDNI Metadata objects from an Upstream CDN.
The interface can be used by a Downstream CDN to retrieve CDNI The interface can be used by a Downstream CDN to retrieve CDNI
Metadata objects either Metadata objects either:
o Dynamically as required by the Downstream CDN to process received o Dynamically as required by the Downstream CDN to process received
requests. For example in response to a query from an Upstream CDN requests. For example in response to a query from an Upstream CDN
over the CDNI Request Routing Redirection interface (RI) over the CDNI Request Routing Redirection interface (RI)
[I-D.ietf-cdni-redirection] or in response to receiving a request [I-D.ietf-cdni-redirection] or in response to receiving a request
for content from a User Agent. Or; for content from a User Agent. Or;
o In advance of being required. For example in the case of Pre- o In advance of being required. For example in the case of Pre-
positioned CDNI Metadata acquisition. positioned CDNI Metadata acquisition.
The CDNI Metadata interface is built on the principles of RESTful web The CDNI Metadata interface is built on the principles of RESTful web
services. In particular, this means that requests and responses over services. In particular, this means that requests and responses over
the interface are built around the transfer of representations of the interface are built around the transfer of representations of
hyperlinked resources. A resource in the context of the CDNI hyperlinked resources. A resource in the context of the CDNI
Metadata interface is any object in the Data Model (as described in Metadata interface is any object in the Data Model (as described in
Section 3 through Section 4). Section 3 and Section 4).
To retrieve CDNI metadata, a CDNI Metadata client (i.e., a client in To retrieve CDNI metadata, a CDNI Metadata client (i.e., a client in
the dCDN) first makes a HTTP GET request for the URI of the HostIndex the dCDN) first makes a HTTP GET request for the URI of the HostIndex
which provides the CDNI Metadata client with a list of Hostnames for which provides the CDNI Metadata client with a list of Hostnames for
which the upstream CDN may delegate content delivery to the which the upstream CDN may delegate content delivery to the
downstream CDN. The CDNI Metadata client can then obtain any other downstream CDN. The CDNI Metadata client can then obtain any other
CDNI Metadata objects by making a HTTP GET requests for any linked CDNI Metadata objects by making a HTTP GET requests for any linked
Metadata objects it requires. Metadata objects it requires.
CDNI Metadata servers (i.e., servers in the uCDN) are free to assign CDNI Metadata servers (i.e., servers in the uCDN) are free to assign
skipping to change at page 30, line 49 skipping to change at page 32, line 37
In the general case a CDNI Metadata server makes each instance of an In the general case a CDNI Metadata server makes each instance of an
addressable CDNI Metadata object available via a unique URI and addressable CDNI Metadata object available via a unique URI and
therefore in order to retrieve CDNI Metadata, a CDNI Metadata client therefore in order to retrieve CDNI Metadata, a CDNI Metadata client
first makes a HTTP GET request for the URI of the HostIndex which first makes a HTTP GET request for the URI of the HostIndex which
provides the CDNI Metadata client with a list of Hostnames for which provides the CDNI Metadata client with a list of Hostnames for which
the upstream CDN may delegate content delivery to the downstream CDN. the upstream CDN may delegate content delivery to the downstream CDN.
In order to retrieve the CDNI Metadata for a particular request the In order to retrieve the CDNI Metadata for a particular request the
CDNI Metadata client processes the received HostIndex object and CDNI Metadata client processes the received HostIndex object and
finds the corresponding HostMetadata entry (by matching the hostname finds the corresponding HostMetadata entry (by matching the hostname
in the request against the hostnames in the HostMatch). If the in the request against the hostnames listed in the HostMatch
HostMetadata is linked (rather than embedded), the CDNI metadata objects). If the HostMetadata is linked (rather than embedded), the
client then makes a GET request for the URI specified in the href CDNI metadata client then makes a GET request for the URI specified
property of the Link object which points to the HostMetadata object in the href property of the Link object which points to the
itself. HostMetadata object itself.
In order to retrieve the most specific metadata for a particular In order to retrieve the most specific metadata for a particular
request, the CDNI metadata client inspects the HostMetadata for request, the CDNI metadata client inspects the HostMetadata for
references to more specific PathMetadata objects. If any references to more specific PathMetadata objects (by matching the URI
PathMetadata match the request (and are linked rather than embedded), path in the request against the path-patterns in the PathMatch). If
the CDNI metadata client makes another GET request for the any PathMetadata match the request (and are linked rather than
embedded), the CDNI metadata client makes another GET request for the
PathMetadata. Each PathMetadata object may also include references PathMetadata. Each PathMetadata object may also include references
to yet more specific metadata. If this is the case, the CDNI to yet more specific metadata. If this is the case, the CDNI
metadata client continues requesting PathMetadata recursively. metadata client continues requesting PathMatch and PathMetadata
objects recursively.
In cases where a dCDN is not able to retrieve the entire set of CDNI
metadata associated with a User Agent request, for example because
the uCDN is uncontactable or returns an HTTP 4xx or 5xx status in
response to some or all of the dCDN's CDNI metadata requests, the
dCDN MUST NOT serve the requested content unless the dCDN has stale
versions of all the required metadata and the stale-if-error Cache-
Control extension [RFC5861] was included in all previous responses
that are required but cannot currently be retrieved. The dCDN can
continue to serve other content for which it can retrieve (or for
which it has fresh responses cached) all the required metadata even
if some non-applicable part of the metadata tree is missing.
Where a downstream CDN is interconnected with multiple upstream CDNs, Where a downstream CDN is interconnected with multiple upstream CDNs,
the downstream CDN needs to determine which upstream CDN's CDNI the downstream CDN needs to determine which upstream CDN's CDNI
metadata should be used to handle a particular User Agent request. metadata should be used to handle a particular User Agent request.
When application level redirection (e.g., HTTP 302 redirects) is When application level redirection (e.g., HTTP 302 redirects) is
being used between CDNs, it is expected that the downstream CDN will being used between CDNs, it is expected that the downstream CDN will
be able to determine the upstream CDN that redirected a particular be able to determine the upstream CDN that redirected a particular
request from information contained in the received request (e.g., via request from information contained in the received request (e.g., via
the URI). With knowledge of which upstream CDN routed the request, the URI). With knowledge of which upstream CDN routed the request,
skipping to change at page 32, line 23 skipping to change at page 34, line 23
addressable object. addressable object.
The descriptions of objects use the phrase "X contains Y" to mean The descriptions of objects use the phrase "X contains Y" to mean
that Y is either directly embedded in X or is linked to by X. It is that Y is either directly embedded in X or is linked to by X. It is
generally a deployment choice for the uCDN implementation to decide generally a deployment choice for the uCDN implementation to decide
when and which CDNI Metadata objects to embed and which are made when and which CDNI Metadata objects to embed and which are made
separately addressable. separately addressable.
6.4.1. MIME Media Types 6.4.1. MIME Media Types
All MIME types for CDNI Metadata objects are prefixed with All MIME media types for CDNI Metadata objects are prefixed with
"application/cdni.". The MIME type for each object then contains the "application/cdni.". The MIME media type for each object then
object name of that object as defined by this document. The object contains the object name of that object as defined by this document.
type name is followed by ".v" and the version number of the object The object type name is followed by ".v" and the version number of
type (e.g., ".v1"). Finally, the encoding type "+json" is appended. the object type (e.g., ".v1"). Finally, the encoding type "+json" is
Table 3 3 lists a few examples of the MIME Media Type for some object appended. Table 3 lists the MIME media type for the metadata objects
(resource) that are retrievable through the CDNI Metadata interface. (resources) that are specified in this document.
+--------------+---------------------------------------+ +-----------------------+-------------------------------------------+
| Data Object | MIME Media Type | | Data Object | MIME Media Type |
+--------------+---------------------------------------+ +-----------------------+-------------------------------------------+
| HostIndex | application/cdni.HostIndex.v1+json | | HostIndex | application/cdni.HostIndex.v1+json |
| HostMatch | application/cdni.HostMatch.v1+json | | HostMatch | application/cdni.HostMatch.v1+json |
| HostMetadata | application/cdni.HostMetadata.v1+json | | HostMetadata | application/cdni.HostMetadata.v1+json |
| PathMatch | application/cdni.PathMatch.v1+json | | PathMatch | application/cdni.PathMatch.v1+json |
| PathMetadata | application/cdni.PathMetadata.v1+json | | PatternMatch | application/cdni.PatternMatch.v1+json |
| Source | application/cdni.Source.v1+json | | PathMetadata | application/cdni.PathMetadata.v1+json |
| LocationACL | application/cdni.LocationACL.v1+json | | GenericMetadata | application/cdni.GenericMetadata.v1+json |
| LocationRule | application/cdni.LocationRule.v1+json | | SourceMetadata | application/cdni.SourceMetadata.v1+json |
+--------------+---------------------------------------+ | Source | application/cdni.Source.v1+json |
| LocationACL | application/cdni.LocationACL.v1+json |
| LocationRule | application/cdni.LocationRule.v1+json |
| Footprint | application/cdni.Footprint.v1+json |
| TimeWindowACL | application/cdni.TimeWindowACL.v1+json |
| TimeWindowRule | application/cdni.TimeWindowRule.v1+json |
| TimeWindow | application/cdni.TineWindow.v1+json |
| ProtocolACL | application/cdni.ProtocolACL.v1+json |
| ProtocolRule | application/cdni.ProtocolRule.v1+json |
| DeliveryAuthorization | application/ |
| | cdni.DeliveryAuthorization.v1+json |
| Cache | application/cdni.Cache.v1+json |
| Grouping | application/cdni.Grouping.v1+json |
| Auth | application/cdni.Auth.v1+json |
| CredentialsAuth | application/cdni.CredentialAuth.v1+json |
+-----------------------+-------------------------------------------+
Table 3: Example MIME Media Types for CDNI Metadata objects Table 3: MIME Media Types for CDNI Metadata objects
6.4.2. JSON Encoding of Objects 6.4.2. JSON Encoding of Objects
A CDNI Metadata object is encoded as a JSON object containing a A CDNI Metadata object is encoded as a JSON object containing a
dictionary of (key,value) pairs where the keys are the property names dictionary of (key,value) pairs where the keys are the property names
and the values are the associated property values. and the values are the associated property values.
The keys of the dictionary are the names of the properties associated The keys of the dictionary are the names of the properties associated
with the object and are therefore dependent on the specific object with the object and are therefore dependent on the specific object
being encoded (i.e., dependent on the MIME Media Type of the returned being encoded (i.e., dependent on the MIME Media Type of the returned
skipping to change at page 33, line 38 skipping to change at page 36, line 27
Mandatory: No Mandatory: No
Key: _links Key: _links
Description: The links from this object to other addressable Description: The links from this object to other addressable
objects. Any property whose value is an object may be replaced objects. Any property whose value is an object may be replaced
by a link to an object with the same type as the property it by a link to an object with the same type as the property it
replaces. The keys of the _links dictionary are the names of replaces. The keys of the _links dictionary are the names of
the properties being replaced. The values of the dictionary the properties being replaced. The values of the dictionary
are Link objects with href set to the URI of the object and are Link objects with href set to the URI of the object and
type set to the MIME type of the object being replaced. type set to the MIME media type of the object being replaced.
Type: Dictionary object of Link objects Type: Dictionary object of Link objects
Mandatory: Yes Mandatory: Yes
6.4.2.1. Encoded CDNI Metadata Example 6.4.2.1. Encoded CDNI Metadata Example
A downstream CDN may request the HostIndex and receive the following A downstream CDN may request the HostIndex and receive the following
object of type "application/cdni.HostIndex.v1+json": object of type "application/cdni.HostIndex.v1+json":
skipping to change at page 34, line 30 skipping to change at page 37, line 30
"type": "application/cdni.HostMetadata.v1+json", "type": "application/cdni.HostMetadata.v1+json",
"href": "http://metadata.ucdn.example/host5678" "href": "http://metadata.ucdn.example/host5678"
} }
} }
} }
] ]
} }
If the incoming request has a Host header with "video.example.com" If the incoming request has a Host header with "video.example.com"
then the downstream CDN would fetch the next metadata object from then the downstream CDN would fetch the next metadata object from
"http://metadata.ucdn.example/host1234" expecting a MIME type of "http://metadata.ucdn.example/host1234" expecting a MIME media type
"application/cdni.HostMetadata.v1+json": of "application/cdni.HostMetadata.v1+json":
{
"metadata": [
{
"generic-metadata-type": "application/cdni.SourceMetadata.v1+json",
"generic-metadata-value": {
"sources": [
{
"_links": {
"acquisition-auth": {
"auth-type": "application/cdni.Auth.v1+json",
"href": "http://metadata.ucdn.example/auth1234"
}
},
"endpoint": "acq1.ucdn.example",
"protocol": "ftp"
},
{
"_links": {
"acquisition-auth": {
"auth-type": "application/cdni.Auth.v1+json",
"href": "http://metadata.ucdn.example/auth1234"
}
},
"endpoint": "acq2.ucdn.example",
"protocol": "http"
}
]
}
},
{
"generic-metadata-type": "application/cdni.LocationACL.v1+json",
"generic-metadata-value": {
"locations": [
{
"footprints": [
{
"footprint-type": "IPv4CIDR",
"footprint-value": "192.168.0.0/16"
}
],
"action": "deny"
}
]
}
},
{
"generic-metadata-type": "application/cdni.ProtocolACL.v1+json",
"generic-metadata-value": {
"protocol-acl": [
{
"protocols": [
"ftp"
],
"action": "deny"
}
]
}
}
],
"paths": [
{
"path-pattern": {
"pattern": "/video/trailers/*"
},
"_links": {
"path-metadata": {
"type": "application/cdni.PathMetadata.v1+json",
"href": "http://metadata.ucdn.example/host1234/pathABC"
} {
} "metadata": [
}, {
{ "generic-metadata-type":
"path-pattern": { "application/cdni.SourceMetadata.v1+json",
"pattern": "/video/movies/*" "generic-metadata-value": {
}, "sources": [
"_links": { {
"path-metadata": { "_links": {
"type": "application/cdni.PathMetadata.v1+json", "acquisition-auth": {
"href": "http://metadata.ucdn.example/host1234/pathDCE" "auth-type": "application/cdni.Auth.v1+json",
} "href": "http://metadata.ucdn.example/auth1234"
} }
} },
] "endpoint": "acq1.ucdn.example",
} "protocol": "ftp"
},
{
"_links": {
"acquisition-auth": {
"auth-type": "application/cdni.Auth.v1+json",
"href": "http://metadata.ucdn.example/auth1234"
}
},
"endpoint": "acq2.ucdn.example",
"protocol": "http"
}
]
}
},
{
"generic-metadata-type":
"application/cdni.LocationACL.v1+json",
"generic-metadata-value": {
"locations": [
{
"footprints": [
{
"footprint-type": "IPv4CIDR",
"footprint-value": "192.0.2.0/24"
}
],
"action": "deny"
}
]
}
},
{
"generic-metadata-type":
"application/cdni.ProtocolACL.v1+json",
"generic-metadata-value": {
"protocol-acl": [
{
"protocols": [
"ftp"
],
"action": "deny"
}
]
}
}
],
"paths": [
{
"path-pattern": {
"pattern": "/video/trailers/*"
},
"_links": {
"path-metadata": {
"type": "application/cdni.PathMetadata.v1+json",
"href": "http://metadata.ucdn.example/host1234/pathABC"
}
}
},
{
"path-pattern": {
"pattern": "/video/movies/*"
},
"_links": {
"path-metadata": {
"type": "application/cdni.PathMetadata.v1+json",
"href": "http://metadata.ucdn.example/host1234/pathDCE"
}
}
}
]
}
Suppose the path of the requested resource matches the "/video/ Suppose the path of the requested resource matches the "/video/
movies/*" pattern, the next metadata requested would be for movies/*" pattern, the next metadata requested would be for
"http://metadata.ucdn.example/host1234/pathDCE" with an expected type "http://metadata.ucdn.example/host1234/movies" with an expected type
of "application/cdni.PathMetadata.v1+json": of "application/cdni.PathMetadata.v1+json":
{ {
"metadata": [], "metadata": [],
"paths": [ "paths": [
{ {
"path-pattern": { "path-pattern": {
"pattern": "/videos/movies/hd/*" "pattern": "/videos/movies/hd/*"
}, },
"_links": { "_links": {
skipping to change at page 36, line 48 skipping to change at page 39, line 50
"http://metadata.ucdn.example/host1234/pathABC/path123" "http://metadata.ucdn.example/host1234/pathABC/path123"
} }
} }
} }
] ]
} }
Finally, if the path of the requested resource also matches the Finally, if the path of the requested resource also matches the
"/videos/movies/hd/*" pattern, the downstream CDN would also fetch "/videos/movies/hd/*" pattern, the downstream CDN would also fetch
the following object from the following object from
"http://metadata.ucdn.example/host1234/movies/hd" with MIME type "http://metadata.ucdn.example/host1234/movies/hd" with MIME media
"application/cdni.PathMetadata.v1+json": type "application/cdni.PathMetadata.v1+json":
{ {
"metadata": [ "metadata": [
{ {
"generic-metadata-type": "application/cdni.TimeWindowACL.v1+json", "generic-metadata-type":
"generic-metadata-value": { "application/cdni.TimeWindowACL.v1+json",
"times": [ "generic-metadata-value": {
"windows": [ "times": [
{ "windows": [
"start": "1213948800", {
"end": "1327393200" "start": "1213948800",
} "end": "1327393200"
], }
"action": "allow" ],
] "action": "allow"
} ]
} }
] }
} ]
}
6.5. Extensibility 6.5. Extensibility
The set of property Metadata may be extended with additional The set of property Metadata may be extended with additional
(standards based or vendor specific) property Metadata. The (standards based or vendor specific) property Metadata through the
GenericMetadata object defined in Section 4.1.7 allows any Metadata specification of new GenericMetadata objects. The GenericMetadata
property to be included in either the HostMetadata or PathMetadata object defined in Section 4.1.7 specifies a type field and a type-
lists. It is expected that additional property Metadata will be specific value field that allows any Metadata property to be included
defined in the future and that the documents defining those property in either the HostMetadata or PathMetadata lists.
Metadata will be registered in the CDNI GenericMetadata Types
registry Section 7.1. As with the initial GenericMetadata types defined in Section 4.2,
future GenericMetadata types MUST specify the information necessary
for constructing and decoding the GenericMetadata object. This
information includes the list of properties contained within the
GenericMetadata object, and for each property, the specification
should include a description, a type, and whether or not the given
property is mandatory-to-specify.
Any document which defines a new GenericMetadata type has to:
1. Specify the MIME Media Type used to identify the new
GenericMetadata type being specified.
2. Define the set of properties associated with the new type.
3. For each property, define a name, description, type, and whether
or not the property is mandatory-to-specify.
4. Describe the semantics of the new type including its purpose and
example of a use case to which it applies.
Note: Identification, within the type name defined for a property Note: Identification, within the type name defined for a property
Metadata object, of the organization that defined the extension Metadata object, of the organization that defined the extension
property Metadata decreases the possibility of property Metadata type property Metadata decreases the possibility of property Metadata type
collisions. collisions.
6.5.1. Metadata Enforcement 6.6. Metadata Enforcement
At any given time, the set of GenericMetadata types supported by the At any given time, the set of GenericMetadata types supported by the
uCDN may not match the set of GenericMetadata types supported by the uCDN may not match the set of GenericMetadata types supported by the
dCDN. dCDN.
In the cases where a uCDN sends Metadata containing a GenericMetadata In the cases where a uCDN sends Metadata containing a GenericMetadata
type that a dCDN does not support, the dCDN MUST enforce the type that a dCDN does not support, the dCDN MUST enforce the
semantics of the "mandatory-to-enforce" property. If a dCDN does not semantics of the "mandatory-to-enforce" property. If a dCDN does not
understand or is unable to perform the functions associated with any understand or is unable to perform the functions associated with any
"mandatory-to-enforce" Metadata, the dCDN MUST NOT service any "mandatory-to-enforce" Metadata, the dCDN MUST NOT service any
skipping to change at page 38, line 17 skipping to change at page 41, line 38
with the content being requested. However, even if the uCDN has a with the content being requested. However, even if the uCDN has a
priori knowledge of the Metadata supported by the dCDN (e.g., via the priori knowledge of the Metadata supported by the dCDN (e.g., via the
CDNI capabilities interface or through out-of-band negotiation CDNI capabilities interface or through out-of-band negotiation
between CDN operators) Metadata support may fluctuate or be between CDN operators) Metadata support may fluctuate or be
inconsistent (e.g., due to mis-communication, mis-configuration, or inconsistent (e.g., due to mis-communication, mis-configuration, or
temporary outage). Thus, the dCDN MUST always evaluate all Metadata temporary outage). Thus, the dCDN MUST always evaluate all Metadata
associated with content requests and reject any requests where associated with content requests and reject any requests where
"mandatory-to-enforce" Metadata associated with the content cannot be "mandatory-to-enforce" Metadata associated with the content cannot be
enforced. enforced.
6.5.2. Metadata Conflicts 6.7. Metadata Conflicts
It is possible that new Metadata definitions may obsolete or conflict It is possible that new Metadata definitions may obsolete or conflict
with existing property Metadata (e.g., a future revision of the CDNI with existing property Metadata (e.g., a future revision of the CDNI
Metadata interface may redefine the Auth Metadata or a custom vendor Metadata interface may redefine the Auth Metadata or a custom vendor
extension may implement an alternate Auth Metadata option). If extension may implement an alternate Auth Metadata option). If
multiple Metadata (e.g., cdni.Auth.v2, vendor1.Auth, and multiple Metadata (e.g., cdni.Auth.v2, vendor1.Auth, and
vendor2.Auth) all conflict with an existing Metadata (e.g., vendor2.Auth) all conflict with an existing Metadata (e.g.,
cdni.Auth) and all are marked as "mandatory-to-enforce", it may be cdni.Auth) and all are marked as "mandatory-to-enforce", it may be
ambiguous which Metadata should be applied, especially if the ambiguous which Metadata should be applied, especially if the
functionality of the Metadata overlap. functionality of the Metadata overlap.
skipping to change at page 38, line 42 skipping to change at page 42, line 14
support enforcement of dependencies between different Metadata types. support enforcement of dependencies between different Metadata types.
It is the responsibility of the CSP and the CDN operators to ensure It is the responsibility of the CSP and the CDN operators to ensure
that Metadata assigned to a given content do not conflict. that Metadata assigned to a given content do not conflict.
Note: Because Metadata is inherently ordered in GenericMetadata Note: Because Metadata is inherently ordered in GenericMetadata
lists, as well as in the PathMetadata hierarchy and PathMatch lists, lists, as well as in the PathMetadata hierarchy and PathMatch lists,
multiple conflicting Metadata types MAY be used, however, Metadata multiple conflicting Metadata types MAY be used, however, Metadata
hierarchies MUST ensure that independent PathMatch root objects are hierarchies MUST ensure that independent PathMatch root objects are
used to prevent ambiguous or conflicting Metadata definitions. used to prevent ambiguous or conflicting Metadata definitions.
6.6. Versioning 6.8. Versioning
The version of CDNI Metadata Structural objects is conveyed inside The version of CDNI Metadata Structural objects is conveyed inside
the MIME-Type that is included in the HTTP Content-Type header. Upon the MIME media type that is included in the HTTP Content-Type header.
responding to a request for an object, a metadata server MUST include Upon responding to a request for an object, a metadata server MUST
a Content-Type header with the MIME-type containing the version include a Content-Type header with the MIME media type containing the
number of the object. HTTP requests sent to a metadata server SHOULD version number of the object. HTTP requests sent to a metadata
include an Accept header with the MIME-type (which includes the server SHOULD include an Accept header with the MIME media type
version) of the expected object. Metadata clients can specify (which includes the version) of the expected object. Metadata
multiple MIME-types in the Accept header, for example if a metadata clients can specify multiple MIME media types in the Accept header,
client is capable of processing two different versions of the same for example if a metadata client is capable of processing two
type of object (defined by different MIME-types) it may decide to different versions of the same type of object (defined by different
include both in the Accept header. The version of each object MIME media types) it may decide to include both in the Accept header.
defined by this document is version 1. For example: "Content-Type: The version of each object defined by this document is version 1.
application/cdni.HostIndex.v1+json". For example: "Content-Type: application/cdni.HostIndex.v1+json".
GenericMetadata objects include a "type" property which specifies the GenericMetadata objects include a "type" property which specifies the
MIME-type of the GenericMetadata value. This MIME-type should also MIME media type of the GenericMetadata value. This MIME media type
include a version. Any document which defines a new type of should also include a version. Any document which defines a new type
GenericMetadata MUST specify the version number which it describes. of GenericMetadata MUST specify the version number which it
For example: "application/cdni.Location.v1+json". describes. For example: "application/cdni.Location.v1+json".
7. IANA Considerations 7. IANA Considerations
This document requests the registration of the following MIME Media This document requests the registration of the following MIME Media
Type under the IANA MIME Media Type registry Type under the IANA MIME Media Type registry
(http://www.iana.org/assignments/media-types/index.html). (http://www.iana.org/assignments/media-types/index.html).
application/cdni.HostIndex.v1 application/cdni.HostIndex.v1+json
application/cdni.HostMetadata.v1
application/cdni.PathMatch.v1
application/cdni.PathMetadata.v1
application/cdni.PatternMatch.v1
application/cdni.GenericMetadata.v1
application/cdni.SourceMetadata.v1
application/cdni.Source.v1
application/cdni.LocationACL.v1
application/cdni.LocationRule.v1
application/cdni.Footprint.v1
application/cdni.TimeWindowACL.v1
application/cdni.TimeWindowRule.v1
application/cdni.TimeWindow.v1
application/cdni.ProtocolACL.v1
application/cdni.ProtocolRule.v1 application/cdni.HostMatch.v1+json
application/cdni.Authorization.v1
application/cdni.Auth.v1 application/cdni.HostMetadata.v1+json
application/cdni.CredentialsAuth.v1 application/cdni.PathMatch.v1+json
application/cdni.Cache.v1 application/cdni.PatternMatch.v1+json
application/cdni.PathMetadata.v1+json
application/cdni.Grouping.v1 application/cdni.GenericMetadata.v1+json
7.1. GenericMetadata Type Registry application/cdni.SourceMetadata.v1+json
CDNI Metadata is distributed as a list of GenericMetadata objects application/cdni.Source.v1+json
which specify a type field and a type-specific value field, as
described in Section 4.1.7. In order to prevent namespace collisions
for GenericMetadata object types a new IANA registry is requested for
the "CDNI GenericMetadata Types" namespace. The namespace shall be
split into two partitions: standard and optional.
The standard namespace partition is intended to contain mandatory-to- application/cdni.LocationACL.v1+json
implement capabilities and conforms to the "IETF Review" policy as
defined in [RFC5226]. The registry contains the generic metadata
type name, the RFC number of the specification defining the metadata
type, the version number of the GenericMetadata set to which the
standard capability applies, and boolean values indicating whether or
not the new type is considered "mandatory-to-enforce" or "safe-to-
redistribute" (as defined in Section 4.1.7).
The following table defines the initial values for the standard application/cdni.LocationRule.v1+json
partition:
+------------------------------+-------------+--------+------+------+ application/cdni.Footprint.v1+json
| Type name | Specificati | Versio | MTE | STR |
| | on | n | | |
+------------------------------+-------------+--------+------+------+
| application/cdni.SourceMetad | RFCthis | 1 | true | true |
| ata.v1 | | | | |
| application/cdni.LocationACL | RFCthis | 1 | true | true |
| .v1 | | | | |
| application/cdni.TimeWindowA | RFCthis | 1 | true | true |
| CL.v1 | | | | |
| application/cdni.ProtocolACL | RFCthis | 1 | true | true |
| .v1 | | | | |
| application/cdni.Auth.v1 | RFCthis | 1 | true | true |
| application/cdni.Cache.v1 | RFCthis | 1 | true | true |
| application/cdni.Grouping.v1 | RFCthis | 1 | true | true |
+------------------------------+-------------+--------+------+------+
The initial MI version number is set to 1. All of the initial
GenericMetadata types are considered mandatory-to-implement for
version 1. The version field should be incremented when new
GenericMetadata type sets are added to the registry.
The "optional" namespace partition conforms to the "Expert Review" application/cdni.TimeWindowACL.v1+json
policy as defined in [RFC5226]. The expert review is intended to
prevent namespace hoarding and to prevent the definition of redundant
GenericMetadata types. Vendors defining new GenericMetadata types
which conflict with existing GenericMetadata types follow the
guidelines for the "Specification Required" policy as defined in
[RFC5226]. The Version field in the registry is set to "-1"
(negative one) for non-standard GenericMetadata types.
As with the initial GenericMetadata types defined in Section 4.2, application/cdni.TimeWindowRule.v1+json
future GenericMetadata type registrations will specify the
information necessary for constructing and decoding the
GenericMetadata object. This information includes the list of
properties contained within the GenericMetadata object, and for each
property, the specification should include a description, a type, and
whether or not the given property is mandatory-to-specify.
Any document which defines a new GenericMetadata has to: application/cdni.TimeWindow.v1+json
1. Allocate a new type in the GenericMetadata Type Registry application/cdni.ProtocolACL.v1+json
(Section 7). Generic Metadata types should be descriptive and
may be hierarchnical to support aggregating groups of properties
for the purpose of readability and for avoiding conflicts between
vendor defined extensions. A dotted alpha-numeric notation is
suggested for human readability.
2. Define the set of properties associated with the new type. application/cdni.ProtocolRule.v1+json
3. For each property, define a name, description, type, and whether application/cdni.DeliveryAuthorization.v1+json
or not the property is mandatory-to-specify.
4. Specify whether or not the new type is "mandatory-to-enforce" (vs application/cdni.Cache.v1+json
optional-to-enforce).
5. Describe the semantics of the new type including its purpose and application/cdni.Grouping.v1+json
example of a use case to which it applies.
7.1.1. GenericMetadata Sub-Registries application/cdni.Auth.v1+json
Some of the initial standard GenericMetadata objects contain application/cdni.CredentialsAuth.v1+json
enumerated types which require registration (i.e., LocationACL
footprint types, ProtocolACL protocols, and Auth protocols). The
following sections define the initial values for these
GenericMetadata type sub-registries.
7.1.1.1. Footprint Sub-Registry 7.1. CDNI Metadata Footprint Types Registry
The IANA is requested to create a new "CDNI Metadata Footprint Types" The IANA is requested to create a new "CDNI Metadata Footprint Types"
sub-registry under the "CDNI GenericMetadata Types" registry. The registry. The "CDNI Metadata Footprint Types" namespace defines the
"CDNI Metadata Footprint Types" namespace defines the valid Footprint valid Footprint object type values used by the Footprint object in
object type values used by the Footprint object in Section 4.2.2.2. Section 4.2.2.2. Additions to the Footprint type namespace conform
Additions to the Footprint type namespace conform to the "Expert to the "Expert Review" policy as defined in [RFC5226]. The expert
Review" policy as defined in [RFC5226]. The expert review should reviewer should verify that new type definitions do not duplicate
verify that new type definitions do not duplicate existing type existing type definitions and prevent gratuitous additions to the
definitions and prevent gratuitous additions to the namespace. namespace.
The following table defines the initial Footprint type values: The following table defines the initial Footprint Registry values:
+-------------+-------------------------------------+---------------+ +----------------+-------------------------------+---------------+
| Type name | Description | Specification | | Footprint Type | Description | Specification |
+-------------+-------------------------------------+---------------+ +----------------+-------------------------------+---------------+
| IPv4CIDR | IPv4 address block using slash | RFCthis | | IPv4CIDR | IPv4 CIDR address block | RFCthis |
| | prefix length notation (e.g., | | | IPv6CIDR | IPv6 CIDR address block | RFCthis |
| | 192.168.0.16/28). Single IP | | | ASN | Autonomous System (AS) Number | RFCthis |
| | addresses can be expressed as /32. | | | CountryCode | ISO 3166-1 alpha-2 code | RFCthis |
| IPv6CIDR | IPv6 address block using slash | RFCthis | +----------------+-------------------------------+---------------+
| | prefix length notation (e.g., | |
| | fc80::0010/124). Single IP | |
| | addresses can be expressed as /128. | |
| ASN | Autonomous System (AS) Number | RFCthis |
| CountryCode | ISO 3166-1 alpha-2 code | RFCthis |
+-------------+-------------------------------------+---------------+
7.1.1.2. Protocol Sub-Registry 7.2. CDNI Metadata Protocol Types Registry
The IANA is requested to create a new "CDNI Metadata Protocols" sub- The IANA is requested to create a new "CDNI Metadata Protocol Types"
registry under the "CDNI GenericMetadata Types" registry. The "CDNI registry. The "CDNI Metadata Protocol Types" namespace defines the
Metadata Protocols" namespace defines the valid Protocol object valid Protocol object values in Section 4.3.2, used by the
values in Section 4.3.2, used by the SourceMetadata and ProtocolACL SourceMetadata and ProtocolACL objects. Additions to the Protocol
objects. Additions to the Protocol namespace conform to the "Expert namespace conform to the "Expert Review" policy as defined in
Review" policy as defined in [RFC5226]. The expert review should [RFC5226]. The expert review should verify that new protocol
verify that new protocol definitions do not duplicate existing definitions do not duplicate existing protocol definitions and
protocol definitions and prevent gratuitous additions to the prevent gratuitous additions to the namespace.
namespace.
The following table defines the initial Protocol values: The following table defines the initial Protocol values:
+----------+----------------+---------------------------------------+ +--------------+------------------------------------+---------------+
| Protocol | Description | Specification | | Protocol | Description | Specification |
+----------+----------------+---------------------------------------+ | Type | | |
| HTTP | Hypertext | RFC2616 | +--------------+------------------------------------+---------------+
| | Transfer | | | HTTP1.1 | Hypertext Transfer Protocol -- | RFC7230 |
| | Protocol -- | | | | HTTP/1.1 | |
| | HTTP/1.1 | | | HTTPS1.1 | HTTP/1.1 Over TLS | RFC2818 |
| HTTPS | HTTP Over TLS | RFC2818 | +--------------+------------------------------------+---------------+
| RTSP | Real Time | RFC2326 |
| | Streaming | |
| | Protocol | |
| RTMP | Real-Time | http://www.adobe.com/devnet/rtmp.html |
| | Messaging | |
| | Protocol | |
| FTP | FILE TRANSFER | RFC959 |
| | PROTOCOL | |
| SFTP | SSH File | N/A |
| | Transfer | |
| | Protocol | |
| SCP | Secure Copy | N/A |
| fasp | Aspera fast, | N/A |
| | adaptive, | |
| | secure | |
| | protocol | |
+----------+----------------+---------------------------------------+
7.1.1.3. Authentication Type Sub-Registry 7.3. CDNI Metadata Auth Types Registry
The IANA is requested to create a new "CDNI Metadata Auth Types" sub- The IANA is requested to create a new "CDNI Metadata Auth Types"
registry under the "CDNI GenericMetadata Types" registry. The "CDNI registry. The "CDNI Metadata Auth Type" namespace defines the valid
Metadata Auth Type" namespace defines the valid Auth object types Auth object types used by the Auth object in Section 4.3.6.
used by the Auth object in Section 4.4. Additions to the Auth Type Additions to the Auth Type namespace conform to the "Expert Review"
namespace conform to the "Expert Review" policy as defined in policy as defined in [RFC5226]. The expert review should verify that
[RFC5226]. The expert review should verify that new type definitions new type definitions do not duplicate existing type definitions and
do not duplicate existing type definitions and prevent gratuitous prevent gratuitous additions to the namespace.
additions to the namespace.
The following table defines the initial Auth type values: The following table defines the initial Auth type values:
+----------------+----------------------------------+---------------+ +----------------+----------------------------------+---------------+
| Type | Description | Specification | | Auth Type | Description | Specification |
+----------------+----------------------------------+---------------+ +----------------+----------------------------------+---------------+
| CredentialAuth | Simple username and password | RFCthis | | CredentialAuth | Simple username and password | RFCthis |
| | authentication as defined by | | | | authentication. | |
| | Section 4.4.1. | |
+----------------+----------------------------------+---------------+ +----------------+----------------------------------+---------------+
8. Security Considerations 8. Security Considerations
An implementation of the CDNI Metadata interface MUST support TLS
transport as per [RFC2818] for message confidentiality and mutual
authentication. An implementation of the CDNI Metadata interface
MUST support the TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite
([RFC2818]). An implementation of the CDNI Metadata interface SHOULD
prefer cipher suites which suppport perfect forward secrecy over
cipher suites that do not.
8.1. Authentication 8.1. Authentication
Unauthorized access to metadata could result in denial of service. A Unauthorized access to metadata could result in denial of service. A
malicious metadata server could provide metadata to a dCDN that malicious metadata server, proxy server or an attacker performing a
"man in the middle" attack" could provide metadata to a dCDN that
denies service for one or more pieces of content to one or more user denies service for one or more pieces of content to one or more user
agents. A malicious metadata server could also provide metadata agents. A malicious metadata server (or an attacker performing a
directing dCDNs to malicious origin servers instead of the actual "Man in the middle" attack") could modify metadata so that dCDNs are
origin servers. A malicious client could continuously issue large directed to contact to malicious origin servers instead of the actual
metadata requests to overload the uCDN metadata server. origin servers. A malicious metadata client could continuously issue
large metadata requests to overload a uCDN's metadata server(s).
Unauthorized access to metadata could result in denial of service. A
malicious metadata server, proxy server or an attacker performing a
"man in the middle" attack could provide metadata to a dCDN that
either:
o Denies service for one or more pieces of content to one or more
User Agents; or
o Directs dCDNs to contact malicious origin servers instead of the
actual origin servers.
Unauthorized access to metadata could also enable a malicious
metadata client to continuously issue large metadata requests in
order to overload a uCDN's metadata server(s).
Unauthorized access to metadata could result in leakage of private Unauthorized access to metadata could result in leakage of private
information. A malicious metadata client could request metadata in information. A malicious metadata client could request metadata in
order to gain access to origin servers, as well as information order to gain access to origin servers, as well as information
pertaining to content restrictions. pertaining to content restrictions.
An implementation of the CDNI Metadata interface SHOULD use mutual An implementation of the CDNI Metadata interface SHOULD use mutual
authentication to prevent unauthorized access to metadata. authentication to prevent unauthorized access to metadata.
8.2. Confidentiality 8.2. Confidentiality
skipping to change at page 44, line 46 skipping to change at page 46, line 18
information. A third party could intercept metadata transactions in information. A third party could intercept metadata transactions in
order to gain access to origin servers, as well as information order to gain access to origin servers, as well as information
pertaining to content restrictions. pertaining to content restrictions.
An implementation of the CDNI Metadata interface SHOULD use strong An implementation of the CDNI Metadata interface SHOULD use strong
encryption to prevent unauthorized viewing of metadata. encryption to prevent unauthorized viewing of metadata.
8.3. Integrity 8.3. Integrity
Unauthorized modification of metadata could result in denial of Unauthorized modification of metadata could result in denial of
service. A malicious proxy server could modify metadata destined to service. A malicious metadata server, proxy server or an attacker
a dCDN in order to deny service for one or more pieces of content to performing a "man in the middle" attack" could modify metadata
one or more user agents. A malicious proxy server could also modify destined to a dCDN in order to deny service for one or more pieces of
metadata directing dCDNs to malicious origin servers instead of the content to one or more user agents. A malicious metadata server,
actual origin servers. proxy server or an attacker performing a "Man in the middle" attack"
could modify metadata so that dCDNs are directed to contact to
malicious origin servers instead of the actual origin servers.
An implementation of the CDNI Metadata interface SHOULD use strong An implementation of the CDNI Metadata interface SHOULD use strong
encryption and mutual authentication to prevent unauthorized encryption and mutual authentication to prevent unauthorized
modification of metadata. modification of metadata.
8.4. Privacy 8.4. Privacy
Content provider origin and policy information is conveyed through Content provider origin and policy information is conveyed through
the CDNI Metadata interface. The distribution of this information to the CDNI Metadata interface. The distribution of this information to
another CDN introduces potential content provider privacy protection another CDN may introduce potential privacy concerns for some content
concerns. providers, for example because dCDNs accepting content requests for a
content provider's content may be able to obtain additional
information & usage patterns relating to the users of a content
provider's services. Content providers with such concerns can
instruct their CDN partners not to use CDN interconnects when
delivering that content provider's content.
The use of TLS for transport of the CDNI Metadata as discussed above 8.5. Securing the CDNI Metadata interface
protects the confidentiality of content metadata by preventing any
party other than the authorized dCDN from gaining access to content An implementation of the CDNI Metadata interface MUST support TLS
metadata. transport as per [RFC2818] and [RFC7230]. The use of TLS for
transport of the CDNI Metadata interface messages allows:
o The dCDN and uCDN to authenticate each other (to ensure they are
transmitting/receiving CDNI Metadata requests & responses from an
authenticated CDN).
o CDNI Metadata interface requests and responses to be transmitted
with confidentiality.
o The integrity of the CDNI Metadata interface requests and
responses to be protected during the exchange.
In an environment where any such protection is required, TLS SHOULD
be used (including authentication of the remote end) by the server-
side (uCDN) and the client-side (dCDN) of the CDNI Metadata interface
unless alternate methods are used for ensuring the confidentiality of
the information in the CDNI Metadata interface requests and responses
(such as setting up an IPsec tunnel between the two CDNs or using a
physically secured internal network between two CDNs that are owned
by the same corporate entity).
An implementation of the CDNI Metadata interface MUST support the
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite ([RFC5288]). An
implementation of the CDNI Metadata interface SHOULD prefer cipher
suites which support perfect forward secrecy over cipher suites that
don't.
9. Acknowledgements 9. Acknowledgements
The authors would like to thank David Ferguson and Francois Le The authors would like to thank David Ferguson and Francois Le
Faucheur for their valuable comments and input to this document. Faucheur for their valuable comments and input to this document.
10. Contributing Authors 10. Contributing Authors
[RFC Editor Note: Please move the contents of this section to the [RFC Editor Note: Please move the contents of this section to the
Authors' Addresses section prior to publication as an RFC.] Authors' Addresses section prior to publication as an RFC.]
skipping to change at page 46, line 4 skipping to change at page 48, line 6
Kent Leung Kent Leung
Cisco Systems Cisco Systems
3625 Cisco Way 3625 Cisco Way
San Jose, 95134 San Jose, 95134
USA USA
Email: kleung@cisco.com Email: kleung@cisco.com
11. References 11. References
11.1. Normative References 11.1. Normative References
[ISO3166-1]
"https://www.iso.org/obp/ui/#search", .
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A., and L. Stewart, "HTTP
Authentication: Basic and Digest Access Authentication",
RFC 2617, June 1999.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006. Architecture", RFC 4291, February 2006.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois
Counter Mode (GCM) Cipher Suites for TLS", RFC 5288,
August 2008.
[RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale
Content", RFC 5861, May 2010.
[RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
Address Text Representation", RFC 5952, August 2010. Address Text Representation", RFC 5952, August 2010.
11.2. Informative References 11.2. Informative References
[I-D.ietf-cdni-framework]
Peterson, L., Davie, B., and R. Brandenburg, "Framework
for CDN Interconnection", draft-ietf-cdni-framework-14
(work in progress), June 2014.
[I-D.ietf-cdni-redirection] [I-D.ietf-cdni-redirection]
Niven-Jenkins, B. and R. Brandenburg, "Request Routing Niven-Jenkins, B. and R. Brandenburg, "Request Routing
Redirection Interface for CDN Interconnection", draft- Redirection Interface for CDN Interconnection", draft-
ietf-cdni-redirection-04 (work in progress), October 2014. ietf-cdni-redirection-08 (work in progress), February
2015.
[I-D.ietf-cdni-requirements] [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
Leung, K. and Y. Lee, "Content Distribution Network
Interconnection (CDNI) Requirements", draft-ietf-cdni-
requirements-17 (work in progress), January 2014.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005. 3986, January 2005.
[RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content [RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
Distribution Network Interconnection (CDNI) Problem Distribution Network Interconnection (CDNI) Problem
Statement", RFC 6707, September 2012. Statement", RFC 6707, September 2012.
[RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Message Syntax and Routing", RFC 7230, June
2014.
[RFC7336] Peterson, L., Davie, B., and R. van Brandenburg,
"Framework for Content Distribution Network
Interconnection (CDNI)", RFC 7336, August 2014.
[RFC7337] Leung, K. and Y. Lee, "Content Distribution Network
Interconnection (CDNI) Requirements", RFC 7337, August
2014.
[XML-BASE] [XML-BASE]
Marsh, J., Ed. and R. Tobin, Ed., "XML Base (Second Marsh, J., Ed. and R. Tobin, Ed., "XML Base (Second
Edition) - http://www.w3.org/TR/xmlbase/", January 2009. Edition) - http://www.w3.org/TR/xmlbase/", January 2009.
Authors' Addresses Authors' Addresses
Ben Niven-Jenkins Ben Niven-Jenkins
Velocix (Alcatel-Lucent) Velocix (Alcatel-Lucent)
3 Ely Road 3 Ely Road
Milton, Cambridge CB24 6AA Milton, Cambridge CB24 6AA
 End of changes. 137 change blocks. 
578 lines changed or deleted 636 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/