draft-ietf-cdni-metadata-12.txt   draft-ietf-cdni-metadata-13.txt 
Network Working Group B. Niven-Jenkins Network Working Group B. Niven-Jenkins
Internet-Draft R. Murray Internet-Draft R. Murray
Intended status: Standards Track Velocix (Alcatel-Lucent) Intended status: Standards Track Velocix (Alcatel-Lucent)
Expires: April 21, 2016 M. Caulfield Expires: September 22, 2016 M. Caulfield
Cisco Systems Cisco Systems
K. Ma K. Ma
Ericsson Ericsson
October 19, 2015 March 21, 2016
CDN Interconnection Metadata CDN Interconnection Metadata
draft-ietf-cdni-metadata-12 draft-ietf-cdni-metadata-13
Abstract Abstract
The Content Delivery Networks Interconnection (CDNI) metadata The Content Delivery Networks Interconnection (CDNI) metadata
interface enables interconnected Content Delivery Networks (CDNs) to interface enables interconnected Content Delivery Networks (CDNs) to
exchange content distribution metadata in order to enable content exchange content distribution metadata in order to enable content
acquisition and delivery. The CDNI metadata associated with a piece acquisition and delivery. The CDNI metadata associated with a piece
of content provides a downstream CDN with sufficient information for of content provides a downstream CDN with sufficient information for
the downstream CDN to service content requests on behalf of an the downstream CDN to service content requests on behalf of an
upstream CDN. This document describes both a base set of CDNI upstream CDN. This document describes both a base set of CDNI
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2016. This Internet-Draft will expire on September 22, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 29 skipping to change at page 2, line 29
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 5 1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 5
2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 6 2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 6
3. CDNI Metadata object model . . . . . . . . . . . . . . . . . 7 3. CDNI Metadata object model . . . . . . . . . . . . . . . . . 7
3.1. HostIndex, HostMatch, HostMetadata, PathMatch, 3.1. HostIndex, HostMatch, HostMetadata, PathMatch,
PatternMatch and PathMetadata objects . . . . . . . . . . 8 PatternMatch and PathMetadata objects . . . . . . . . . . 8
3.2. Generic CDNI Metadata Objects . . . . . . . . . . . . . . 11 3.2. Generic CDNI Metadata Objects . . . . . . . . . . . . . . 10
3.3. Metadata Inheritance and Override . . . . . . . . . . . . 14 3.3. Metadata Inheritance and Override . . . . . . . . . . . . 13
4. CDNI Metadata objects . . . . . . . . . . . . . . . . . . . . 15 4. CDNI Metadata objects . . . . . . . . . . . . . . . . . . . . 14
4.1. Definitions of the CDNI structural metadata objects . . . 16 4.1. Definitions of the CDNI structural metadata objects . . . 15
4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 16 4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 15
4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 17 4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 16
4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 18 4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 17
4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 19 4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 18
4.1.5. PatternMatch . . . . . . . . . . . . . . . . . . . . 20 4.1.5. PatternMatch . . . . . . . . . . . . . . . . . . . . 19
4.1.6. PathMetadata . . . . . . . . . . . . . . . . . . . . 21 4.1.6. PathMetadata . . . . . . . . . . . . . . . . . . . . 20
4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 22 4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 21
4.2. Definitions of the initial set of CDNI Generic Metadata 4.2. Definitions of the initial set of CDNI Generic Metadata
objects . . . . . . . . . . . . . . . . . . . . . . . . . 24 objects . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.2.1. SourceMetadata . . . . . . . . . . . . . . . . . . . 24 4.2.1. SourceMetadata . . . . . . . . . . . . . . . . . . . 23
4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 25 4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 24
4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 26 4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 25
4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 28 4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 27
4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 28 4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 27
4.2.3. TimeWindowACL . . . . . . . . . . . . . . . . . . . . 29 4.2.3. TimeWindowACL . . . . . . . . . . . . . . . . . . . . 28
4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 30 4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 29
4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 31 4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 30
4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 32 4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 31
4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 33 4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 32
4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 34 4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 32
4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 34 4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 33
4.2.7. Auth . . . . . . . . . . . . . . . . . . . . . . . . 35 4.2.7. Auth . . . . . . . . . . . . . . . . . . . . . . . . 34
4.2.8. Grouping . . . . . . . . . . . . . . . . . . . . . . 36 4.2.8. Grouping . . . . . . . . . . . . . . . . . . . . . . 35
4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 37 4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 35
4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 37 4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 36
4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 38 4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 37
4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 38 4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 37
4.3.4. Time . . . . . . . . . . . . . . . . . . . . . . . . 38 4.3.4. Time . . . . . . . . . . . . . . . . . . . . . . . . 38
4.3.5. IPv4CIDR . . . . . . . . . . . . . . . . . . . . . . 39 4.3.5. IPv4CIDR . . . . . . . . . . . . . . . . . . . . . . 38
4.3.6. IPv6CIDR . . . . . . . . . . . . . . . . . . . . . . 39 4.3.6. IPv6CIDR . . . . . . . . . . . . . . . . . . . . . . 38
4.3.7. ASN . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.3.7. ASN . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.3.8. CountryCode . . . . . . . . . . . . . . . . . . . . . 39 4.3.8. CountryCode . . . . . . . . . . . . . . . . . . . . . 39
5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 40 5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 39
6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 40 6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 39
6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 41 6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 40
6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 42 6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 41
6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 43 6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 42
6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 43 6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 42
6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 44 6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 43
6.6. Metadata Enforcement . . . . . . . . . . . . . . . . . . 44 6.6. Metadata Enforcement . . . . . . . . . . . . . . . . . . 44
6.7. Metadata Conflicts . . . . . . . . . . . . . . . . . . . 45 6.7. Metadata Conflicts . . . . . . . . . . . . . . . . . . . 44
6.8. Versioning . . . . . . . . . . . . . . . . . . . . . . . 45 6.8. Versioning . . . . . . . . . . . . . . . . . . . . . . . 45
6.9. Media Types . . . . . . . . . . . . . . . . . . . . . . . 46 6.9. Media Types . . . . . . . . . . . . . . . . . . . . . . . 45
6.10. Complete CDNI Metadata Example . . . . . . . . . . . . . 47 6.10. Complete CDNI Metadata Example . . . . . . . . . . . . . 46
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50
7.1. CDNI Payload Types . . . . . . . . . . . . . . . . . . . 50 7.1. CDNI Payload Types . . . . . . . . . . . . . . . . . . . 50
7.1.1. CDNI MI HostIndex Payload Type . . . . . . . . . . . 51 7.1.1. CDNI MI HostIndex Payload Type . . . . . . . . . . . 50
7.1.2. CDNI MI HostMatch Payload Type . . . . . . . . . . . 51 7.1.2. CDNI MI HostMatch Payload Type . . . . . . . . . . . 51
7.1.3. CDNI MI HostMetadata Payload Type . . . . . . . . . . 52 7.1.3. CDNI MI HostMetadata Payload Type . . . . . . . . . . 51
7.1.4. CDNI MI PathMatch Payload Type . . . . . . . . . . . 52 7.1.4. CDNI MI PathMatch Payload Type . . . . . . . . . . . 51
7.1.5. CDNI MI PatternMatch Payload Type . . . . . . . . . . 52 7.1.5. CDNI MI PatternMatch Payload Type . . . . . . . . . . 51
7.1.6. CDNI MI PathMetadata Payload Type . . . . . . . . . . 52 7.1.6. CDNI MI PathMetadata Payload Type . . . . . . . . . . 51
7.1.7. CDNI MI SourceMetadata Payload Type . . . . . . . . . 52 7.1.7. CDNI MI SourceMetadata Payload Type . . . . . . . . . 52
7.1.8. CDNI MI Source Payload Type . . . . . . . . . . . . . 53 7.1.8. CDNI MI Source Payload Type . . . . . . . . . . . . . 52
7.1.9. CDNI MI LocationACL Payload Type . . . . . . . . . . 53 7.1.9. CDNI MI LocationACL Payload Type . . . . . . . . . . 52
7.1.10. CDNI MI LocationRule Payload Type . . . . . . . . . . 53 7.1.10. CDNI MI LocationRule Payload Type . . . . . . . . . . 52
7.1.11. CDNI MI Footprint Payload Type . . . . . . . . . . . 53 7.1.11. CDNI MI Footprint Payload Type . . . . . . . . . . . 52
7.1.12. CDNI MI TimeWindowACL Payload Type . . . . . . . . . 53 7.1.12. CDNI MI TimeWindowACL Payload Type . . . . . . . . . 53
7.1.13. CDNI MI TimeWindowRule Payload Type . . . . . . . . . 54 7.1.13. CDNI MI TimeWindowRule Payload Type . . . . . . . . . 53
7.1.14. CDNI MI TimeWindow Payload Type . . . . . . . . . . . 54 7.1.14. CDNI MI TimeWindow Payload Type . . . . . . . . . . . 53
7.1.15. CDNI MI ProtocolACL Payload Type . . . . . . . . . . 54 7.1.15. CDNI MI ProtocolACL Payload Type . . . . . . . . . . 53
7.1.16. CDNI MI ProtocolRule Payload Type . . . . . . . . . . 54 7.1.16. CDNI MI ProtocolRule Payload Type . . . . . . . . . . 53
7.1.17. CDNI MI DeliveryAuthorization Payload Type . . . . . 54 7.1.17. CDNI MI DeliveryAuthorization Payload Type . . . . . 54
7.1.18. CDNI MI Cache Payload Type . . . . . . . . . . . . . 55 7.1.18. CDNI MI Cache Payload Type . . . . . . . . . . . . . 54
7.1.19. CDNI MI Auth Payload Type . . . . . . . . . . . . . . 55 7.1.19. CDNI MI Auth Payload Type . . . . . . . . . . . . . . 54
7.1.20. CDNI MI Grouping Payload Type . . . . . . . . . . . . 55 7.1.20. CDNI MI Grouping Payload Type . . . . . . . . . . . . 54
7.2. CDNI Metadata Footprint Types Registry . . . . . . . . . 55 7.2. CDNI Metadata Footprint Types Registry . . . . . . . . . 54
7.3. CDNI Metadata Protocol Types Registry . . . . . . . . . . 56 7.3. CDNI Metadata Protocol Types Registry . . . . . . . . . . 55
7.4. CDNI Metadata Auth Types Registry . . . . . . . . . . . . 56 7.4. CDNI Metadata Auth Types Registry . . . . . . . . . . . . 56
8. Security Considerations . . . . . . . . . . . . . . . . . . . 57 8. Security Considerations . . . . . . . . . . . . . . . . . . . 56
8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 57 8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 56
8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 57 8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 57
8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 58 8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 57
8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 58 8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 57
8.5. Securing the CDNI Metadata interface . . . . . . . . . . 58 8.5. Securing the CDNI Metadata interface . . . . . . . . . . 58
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 59 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 58
10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 59 10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 58
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 59 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 59
11.1. Normative References . . . . . . . . . . . . . . . . . . 59 11.1. Normative References . . . . . . . . . . . . . . . . . . 59
11.2. Informative References . . . . . . . . . . . . . . . . . 60 11.2. Informative References . . . . . . . . . . . . . . . . . 60
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 61 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 61
1. Introduction 1. Introduction
Content Delivery Networks Interconnection (CDNI) [RFC6707] enables a Content Delivery Networks Interconnection (CDNI) [RFC6707] enables a
downstream Content Delivery Network (dCDN) to service content downstream Content Delivery Network (dCDN) to service content
requests on behalf of an upstream CDN (uCDN). requests on behalf of an upstream CDN (uCDN).
The CDNI metadata interface is discussed in [RFC7336] along with four The CDNI metadata interface is discussed in [RFC7336] along with four
other interfaces that may be used to compose a CDNI solution (CDNI other interfaces that can be used to compose a CDNI solution (CDNI
Control interface, CDNI Request Routing Redirection interface, CDNI Control interface, CDNI Request Routing Redirection interface, CDNI
Footprint & Capabilities Advertisement interface and CDNI Logging Footprint & Capabilities Advertisement interface and CDNI Logging
interface). [RFC7336] describes each interface, and the interface). [RFC7336] describes each interface and the relationships
relationships between them. The requirements for the CDNI metadata between them. The requirements for the CDNI metadata interface are
interface are specified in [RFC7337]. specified in [RFC7337].
The CDNI metadata associated with a piece of content (or with a set The CDNI metadata associated with a piece of content (or with a set
of content) provides a dCDN with sufficient information for servicing of content) provides a dCDN with sufficient information for servicing
content requests on behalf of an uCDN in accordance with the policies content requests on behalf of an uCDN, in accordance with the
defined by the uCDN. policies defined by the uCDN.
This document focuses on the CDNI metadata interface which enables a This document defines the CDNI metadata interface which enables a
dCDN to obtain CDNI metadata from an uCDN so that the dCDN can dCDN to obtain CDNI metadata from an uCDN so that the dCDN can
properly process and respond to: properly process and respond to:
o Redirection requests received over the CDNI Request Routing o Redirection requests received over the CDNI Request Routing
Redirection interface [I-D.ietf-cdni-redirection]. Redirection interface [I-D.ietf-cdni-redirection].
o Content requests received directly from User Agents. o Content requests received directly from User Agents.
Specifically, this document specifies: Specifically, this document specifies:
skipping to change at page 6, line 5 skipping to change at page 6, line 5
o Delivery Authorization: Metadata for authorizing dCDN user agent o Delivery Authorization: Metadata for authorizing dCDN user agent
requests. requests.
o Cache Control: Metadata for controlling cache behavior of the o Cache Control: Metadata for controlling cache behavior of the
dCDN. dCDN.
The metadata encoding described by this document is extensible in The metadata encoding described by this document is extensible in
order to allow for future additions to this list. order to allow for future additions to this list.
The set of metadata specified in this document, covering the initial The set of metadata specified in this document covers the initial
capabilities above, is only able to support CDN interconnection for capabilities above. It is only intended to support CDN
the delivery of content by a dCDN using HTTPv1.1 [RFC7230] and for a interconnection for the delivery of content by a dCDN using HTTP/1.1
dCDN to be able to acquire content from a uCDN using either HTTPv1.1 [RFC7230] and for a dCDN to be able to acquire content from a uCDN
or HTTPv1.1 over TLS [RFC2818]. using either HTTP/1.1 or HTTP/1.1 over TLS [RFC2818].
Supporting CDN interconnection for the delivery of content using Supporting CDN interconnection for the delivery of content using
unencrypted HTTPv2.0 [RFC7540] (as well as for a dCDN to acquire unencrypted HTTP/2 [RFC7540] (as well as for a dCDN to acquire
content using unencrypted HTTPv2.0 or HTTPv2.0 over TLS) requires the content using unencrypted HTTP/2 or HTTP/2 over TLS) requires the
registration of these protocol names in the CDNI Metadata Protocol registration of these protocol names in the CDNI Metadata Protocol
Registry. Types registry Section 7.3.
Supporting CDN interconnection for the delivery of content using Supporting CDN interconnection for the delivery of content using
HTTPv1.1 over TLS or HTTPv2.0 over TLS requires specifying additional HTTP/1.1 over TLS or HTTP/2 over TLS requires specifying additional
metadata objects to carry the properties required to establish a TLS metadata objects to carry the properties required to establish a TLS
session, for example metadata to describe the certificate to use as session, for example metadata to describe the certificate to use as
part of the TLS handshake. part of the TLS handshake.
2. Design Principles 2. Design Principles
The CDNI metadata interface was designed to achieve the following The CDNI metadata interface was designed to achieve the following
objectives: objectives:
1. Cacheability of CDNI metadata objects. 1. Cacheability of CDNI metadata objects;
2. Deterministic mapping from redirection requests and content 2. Deterministic mapping from redirection requests and content
requests to CDNI metadata properties. requests to CDNI metadata properties;
3. Support for DNS redirection as well as application-specific 3. Support for DNS redirection as well as application-specific
redirection (for example HTTP redirection). redirection (for example HTTP redirection);
4. Minimal duplication of CDNI metadata. 4. Minimal duplication of CDNI metadata; and
5. Leveraging of existing protocols. 5. Leveraging of existing protocols.
Cacheability improves the latency of acquiring metadata while Cacheability can decrease the latency of acquiring metadata while
maintaining its freshness, and therefore improves the latency of maintaining its freshness, and therefore decrease the latency of
serving content requests and redirection requests, without serving content requests and redirection requests, without
sacrificing accuracy. The CDNI metadata interface uses HTTP and its sacrificing accuracy. The CDNI metadata interface uses HTTP and its
existing caching mechanisms to achieve CDNI metadata cacheability. existing caching mechanisms to achieve CDNI metadata cacheability.
Deterministic mappings from content to metadata properties eliminates Deterministic mappings from content to metadata properties eliminates
ambiguity and ensures that policies are applied consistently by all ambiguity and ensures that policies are applied consistently by all
dCDNs. dCDNs.
Support for both HTTP and DNS redirection ensures that the CDNI Support for both HTTP and DNS redirection ensures that the CDNI
metadata interface can be used for HTTP and DNS redirection and also metadata meets the same design principles for both HTTP and DNS based
meets the same design principles for both HTTP and DNS based
redirection schemes. redirection schemes.
Minimal duplication of CDNI metadata provides space efficiency on Minimal duplication of CDNI metadata improves storage efficiency in
storage in the CDNs, on caches in the network, and across the network the CDNs.
between CDNs.
Leveraging existing protocols avoids reinventing common mechanisms Leveraging existing protocols avoids reinventing common mechanisms
such as data structure encoding (by leveraging I-JSON [RFC7493]) and such as data structure encoding (by leveraging I-JSON [RFC7493]) and
data transport (by leveraging HTTP [RFC7230]). data transport (by leveraging HTTP [RFC7230]).
3. CDNI Metadata object model 3. CDNI Metadata object model
The CDNI metadata object model describes a data structure for mapping The CDNI metadata object model describes a data structure for mapping
redirection requests and content requests to metadata properties. redirection requests and content requests to metadata properties.
Metadata properties describe how to acquire content from an uCDN, Metadata properties describe how to acquire content from an uCDN,
authorize access to content, and deliver content from a dCDN. The authorize access to content, and deliver content from a dCDN. The
object model relies on the assumption that these metadata properties object model relies on the assumption that these metadata properties
may be aggregated based on the hostname of the content and can be aggregated based on the hostname of the content and
subsequently on the resource path (URI) of the content. The object subsequently on the resource path (URI) of the content. The object
model associates a set of CDNI metadata properties with a Hostname to model associates a set of CDNI metadata properties with a Hostname to
form a default set of metadata properties for content delivered on form a default set of metadata properties for content delivered on
behalf of that Hostname. That default set of metadata properties can behalf of that Hostname. That default set of metadata properties can
be overridden by properties that apply to specific paths within a be overridden by properties that apply to specific paths within a
URI. URI.
Different Hostnames and URI paths will be associated with different Different Hostnames and URI paths will be associated with different
sets of CDNI metadata properties in order to describe the required sets of CDNI metadata properties in order to describe the required
behaviour when a dCDN surrogate or request router is processing User behaviour when a dCDN surrogate or request router is processing User
Agent requests for content at that Hostname or URI path. As a result Agent requests for content at that Hostname and URI path. As a
of this structure, significant commonality may exist between the CDNI result of this structure, significant commonality could exist between
metadata properties specified for different Hostnames, different URI the CDNI metadata properties specified for different Hostnames,
paths within a Hostname and different URI paths on different different URI paths within a Hostname and different URI paths on
Hostnames. For example the definition of which User Agent IP different Hostnames. For example the definition of which User Agent
addresses should be treated as being grouped together into a single IP addresses should be grouped together into a single network or
network or geographic location is likely to be common for a number of geographic location is likely to be common for a number of different
different Hostnames. Another example is that although a uCDN is Hostnames; although a uCDN is likely to have several different
likely to have several different policies configured to express geo- policies configured to express geo-blocking rules, it is likely that
blocking rules, it is likely that a single geo-blocking policy would a single geo-blocking policy could be applied to multiple Hostnames
be applied to multiple Hostnames delivered through the CDN. delivered through the CDN.
In order to enable the CDNI metadata for a given Hostname or URI Path In order to enable the CDNI metadata for a given Hostname and URI
to be decomposed into sets of CDNI metadata properties that can be Path to be decomposed into reusable sets of CDNI metadata properties,
reused by multiple Hostnames and URI Paths, the CDNI metadata the CDNI metadata interface splits the CDNI metadata into separate
interface specified in this document splits the CDNI metadata into a objects. Efficiency is improved by enabling a single CDNI metadata
number of objects. Efficiency is improved by enabling a single CDNI object (that is shared across Hostname and/or URI paths) to be
metadata object (that is shared across Hostname and/or URI paths) to retrieved and stored by a dCDN once, even if it is referenced by the
be retrieved and stored by a dCDN once, even if it is referenced by CDNI metadata for multiple Hostnames and/or URI paths.
the CDNI metadata of multiple Hostnames or of multiple URI paths.
Important Note: Any CDNI metadata object A that contains another CDNI Important Note: Any CDNI metadata object A that contains another CDNI
metadata object B may, instead of including the second object B metadata object B can include a Link object specifying a URI that can
embedded within object A, include a Link object that contains a URI be used to retrieve object B, instead of embedding object B within
that can be dereferenced to retrieve the complete serialized object A. The remainder of this document uses the phrase "[Object] A
representation of the second metadata object B. The remainder of contains [Object] B" for simplicity when a strictly accurate phrase
this document uses the phrase "[Object] A contains [Object] B" for would be "[Object] A contains or references (via a Link object)
simplicity when a strictly accurate phrase would be "[Object] A [Object] B". It is generally a deployment choice for the uCDN
contains or references (via a Link object) [Object] B". It is implementation to decide when to embed CDNI metadata objects and when
generally a deployment choice for the uCDN implementation to decide to reference separate resources via Link objects.
when and which CDNI metadata objects to embed and which to make
available as separate resources via Link objects.
Section 3.1 introduces a high level description of the HostIndex, Section 3.1 introduces a high level description of the HostIndex,
HostMatch, HostMetadata, PathMatch, PatternMatch and PathMetadata HostMatch, HostMetadata, PathMatch, PatternMatch and PathMetadata
objects and describes the relationships between those objects. objects, and describes the relationships between them.
Section 3.2 introduces a high level description of the CDNI Section 3.2 introduces a high level description of the CDNI
GenericMetadata object which represents the level at which CDNI GenericMetadata object which represents the level at which CDNI
metadata override occurs between HostMetadata and PathMetadata metadata override occurs between HostMetadata and PathMetadata
objects. objects.
Section 4 describes in detail the specific CDNI metadata objects and Section 4 describes in detail the specific CDNI metadata objects and
properties specified by this document which can be contained within a properties specified by this document which can be contained within a
CDNI GenericMetadata object. CDNI GenericMetadata object.
skipping to change at page 9, line 28 skipping to change at page 9, line 7
| V +------------+ | | V +------------+ |
| +------------+ | | +------------+ |
+--+PathMetadata+-------(*)------+ +--+PathMetadata+-------(*)------+
+------------+ +------------+
Figure 1: Relationships between CDNI Metadata Objects (Diagram Figure 1: Relationships between CDNI Metadata Objects (Diagram
Representation) Representation)
A HostIndex object (see Section 4.1.1) contains a list of HostMatch A HostIndex object (see Section 4.1.1) contains a list of HostMatch
objects (see Section 4.1.2) that contain Hostnames (and/or IP objects (see Section 4.1.2) that contain Hostnames (and/or IP
addresses) for which content requests may be delegated to the dCDN. addresses) for which content requests might be delegated to the dCDN.
The HostIndex is the starting point for accessing the uCDN CDNI The HostIndex is the starting point for accessing the uCDN CDNI
metadata data store. It enables the dCDN to deterministically metadata data store. It enables the dCDN to deterministically
discover, on receipt of a User Agent request for content, which other discover which CDNI metadata objects it requires in order to deliver
CDNI metadata objects it requires in order to deliver the requested a given piece of content.
content.
The HostIndex links Hostnames (and/or IP addresses) to HostMetadata The HostIndex links Hostnames (and/or IP addresses) to HostMetadata
objects (see Section 4.1.3) via HostMatch objects. A HostMatch objects (see Section 4.1.3) via HostMatch objects. A HostMatch
object defines a Hostname (or IP address) to match against a object defines a Hostname (or IP address) to match against a
requested host and contains a HostMetadata object. requested host and contains a HostMetadata object.
HostMetadata objects contain the default CDNI metadata within HostMetadata objects contain the default GenericMetadata objects (see
GenericMetadata objects (see Section 4.1.7) required to serve content Section 4.1.7) required to serve content for that host. When looking
for that host. When looking up CDNI metadata, the dCDN looks up the up CDNI metadata, the dCDN looks up the requested Hostname (or IP
requested Hostname (or IP address) against the HostMatch entries in address) against the HostMatch entries in the HostIndex, from there
the HostIndex, from there it can find HostMetadata which describes it can find HostMetadata which describes the default metadata
the default properties for each host as well as PathMetadata objects properties for each host as well as PathMetadata objects (see
(see Section 4.1.6), via PathMatch objects (see Section 4.1.4), which Section 4.1.6), via PathMatch objects (see Section 4.1.4). PathMatch
may override those properties for given URI paths within the host. objects define patterns, contained inside PatternMatch objects (see
The CDNI metadata contained in HostMetadata objects is applied to Section 4.1.5), to match against the requested URI path.
content requests for which there is not more specific metadata, i.e. PatternMatch objects contain the pattern strings and flags that
for content requests that do not match any of the PathMatch objects describe the URI path that a PathMatch applies to. PathMetadata
contained by that HostMetadata object and its child PathMetadata objects contain the GenericMetadata objects that apply to content
objects. requests matching the defined URI path pattern. PathMetadata
properties override properties previously defined in HostMetadata or
HostMetadata can also contain PathMatch objects. PathMatch objects less specific PathMatch paths. PathMetadata objects can contain
define patterns, contained inside PatternMatch objects (see additional PathMatch objects to recursively define more specific URI
Section 4.1.5), to match against the requested URI path, and contain paths to which GenericMetadata properties might be applied.
PathMetadata objects which contain the GenericMetadata objects to be
applied when a content request matches against the defined URI path
pattern. PatternMatch objects contain the pattern strings and flags
that describe the URI path that a PathMatch applies to.
PathMetadata objects override the CDNI metadata in the HostMetadata
object or one or more parent PathMetadata objects with more specific
CDNI metadata that applies to content requests matching the URI
pattern defined in the PatternMatch object of that PathMatch object.
A PathMetadata object may also contain PathMatch objects in order to
recursively define more specific URI paths that require different
(e.g., more specific) CDNI metadata to this one.
A GenericMetadata object contains individual CDNI metadata objects A GenericMetadata object contains individual CDNI metadata objects
which define the specific policies and attributes needed to properly which define the specific policies and attributes needed to properly
deliver the associated content. For example, a GenericMetadata deliver the associated content. For example, a GenericMetadata
object may describe the source from which a CDN may acquire a piece object could describe the source from which a CDN can acquire a piece
of content. The GenericMetadata object is an atomic unit that may be of content. The GenericMetadata object is an atomic unit that can be
referenced by HostMetadata and/or PathMetadata objects. referenced by HostMetadata or PathMetadata objects.
For example, if "example.com" is a content provider, a HostMatch For example, if "example.com" is a content provider, a HostMatch
object may include an entry for "example.com" with the URI of the object could include an entry for "example.com" with the URI of the
associated HostMetadata object. The HostMetadata object for associated HostMetadata object. The HostMetadata object for
"example.com" describes the metadata properties which apply to "example.com" describes the metadata properties which apply to
"example.com" and could contain PathMatches for "example.com/ "example.com" and could contain PathMatches for "example.com/
movies/*" and "example.com/music/*", which in turn reference movies/*" and "example.com/music/*", which in turn reference
corresponding PathMetadata objects that contain the CDNI metadata corresponding PathMetadata objects that contain the properties for
objects for those more specific URI paths. The PathMetadata object those more specific URI paths. The PathMetadata object for
for "example.com/movies/*" describes CDNI metadata which apply to "example.com/movies/*" describes the properties which apply to that
that URI path and could contain a PathMatch object for URI path. It could also contain a PathMatch object for
"example.com/movies/hd/*" which would reference the corresponding "example.com/movies/hd/*" which would reference the corresponding
PathMetadata object for the "example.com/movies/hd/" path prefix. PathMetadata object for the "example.com/movies/hd/" path prefix.
The relationships in Figure 1 are also represented in tabular format The relationships in Figure 1 are also represented in tabular format
in Table 1 below. in Table 1 below.
+--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+
| Data Object | Objects it contains or references | | Data Object | Objects it contains or references |
+--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+
| HostIndex | 0 or more HostMatch objects. | | HostIndex | 0 or more HostMatch objects. |
skipping to change at page 11, line 27 skipping to change at page 10, line 32
Table 1: Relationships between CDNI Metadata Objects Table 1: Relationships between CDNI Metadata Objects
(Table Representation) (Table Representation)
3.2. Generic CDNI Metadata Objects 3.2. Generic CDNI Metadata Objects
The HostMetadata and PathMetadata objects contain other CDNI metadata The HostMetadata and PathMetadata objects contain other CDNI metadata
objects that contain properties which describe how User Agent objects that contain properties which describe how User Agent
requests for content should be processed, for example where to requests for content should be processed, for example where to
acquire the content from, authorization rules that should be applied, acquire the content from, authorization rules that should be applied,
geo-blocking restrictions and so on. Each such CDNI metadata object geo-blocking restrictions, and so on. Each such CDNI metadata object
is a specialization of a CDNI GenericMetadata object. The is a specialization of a CDNI GenericMetadata object. The
GenericMetadata object abstracts the basic information required for GenericMetadata object abstracts the basic information required for
metadata override and metadata distribution, from the specifics of metadata override and metadata distribution, from the specifics of
any given property (e.g., property semantics, enforcement options, any given property (i.e., property semantics, enforcement options,
etc.). etc.).
The GenericMetadata object defines the type of properties contained The GenericMetadata object defines the properties contained within it
within it as well as whether or not the properties are "mandatory-to- as well as whether or not the properties are "mandatory-to-enforce".
enforce". If the dCDN does not understand or support the property If the dCDN does not understand or support a "mandatory-to-enforce"
type and the property type is "mandatory-to-enforce", the dCDN MUST property, the dCDN MUST NOT serve the content. If the property is
NOT serve the content to the User Agent. If the dCDN does not not "mandatory-to-enforce", then that GenericMetadata object can be
understand or support the property type and the property type is not
"mandatory-to-enforce", then that GenericMetadata object may be
safely ignored and the dCDN MUST process the content request in safely ignored and the dCDN MUST process the content request in
accordance with the rest of the CDNI metadata. accordance with the rest of the CDNI metadata.
Although a CDN MUST NOT serve content to a User Agent if a Although a CDN MUST NOT serve content to a User Agent if a
"mandatory-to-enforce" property cannot be enforced, it may be "safe- "mandatory-to-enforce" property cannot be enforced, it could still be
to-redistribute" that metadata to another CDN without modification. "safe-to-redistribute" that metadata to another CDN without
For example, in the cascaded CDN case, a transit CDN (tCDN) may pass modification. For example, in the cascaded CDN case, a transit CDN
through "mandatory-to-enforce" metadata to a dCDN. For metadata (tCDN) could pass through "mandatory-to-enforce" metadata to a dCDN.
which does not require customization or translation (i.e., metadata
that is "safe-to-redistribute"), the data representation received off
the wire MAY be stored and redistributed without being natively
understood or supported by the transit CDN. However, for metadata
which requires translation, transparent redistribution of the uCDN
metadata values might not be appropriate. Certain metadata may be
safely, though possibly not optimally, redistributed unmodified. For
example, source acquisition address may not be optimal if
transparently redistributed, but might still work.
Redistribution safety MUST be specified for each GenericMetadata. If For metadata which does not require customization or translation
a CDN does not understand or support a given GenericMetadata property (i.e., metadata that is "safe-to-redistribute"), the data
type and the property type is not "safe-to-redistribute", before representation received off the wire MAY be stored and redistributed
redistributing the metadata, the CDN MUST set the "incomprehensible" without being understood or supported by the transit CDN. However,
flag for the GenericMetadata object that it did not understand and for metadata which requires translation, transparent redistribution
was marked as not "safe-to-redistribute". The "incomprehensible" of the uCDN metadata values might not be appropriate. Certain
metadata can be safely, though perhaps not optimally, redistributed
unmodified. For example, source acquisition address might not be
optimal if transparently redistributed, but it might still work.
Redistribution safety MUST be specified for each GenericMetadata
property. If a CDN does not understand or support a given
GenericMetadata property that is not "safe-to-redistribute", the CDN
MUST set the "incomprehensible" flag to true for that GenericMetadata
object before redistributing the metadata. The "incomprehensible"
flag signals to a dCDN that the metadata was not properly transformed flag signals to a dCDN that the metadata was not properly transformed
by the transit CDN. A CDN MUST NOT attempt to use metadata that has by the transit CDN. A CDN MUST NOT attempt to use metadata that has
been marked as "incomprehensible" by a uCDN. been marked as "incomprehensible" by a uCDN.
Transit CDNs MUST NOT change the value of "mandatory-to-enforce" or Transit CDNs MUST NOT change the value of "mandatory-to-enforce" or
"safe-to-redistribute" when propagating metadata to a dCDN. Although "safe-to-redistribute" when propagating metadata to a dCDN. Although
a transit CDN may set the value of "incomprehensible" to true, a a transit CDN can set the value of "incomprehensible" to true, a
transit CDN MUST NOT change the value of "incomprehensible" from true transit CDN MUST NOT change the value of "incomprehensible" from true
to false. to false.
Table 2 describes the action to be taken by a transit CDN (tCDN) for Table 2 describes the action to be taken by a transit CDN (tCDN) for
the different combinations of "mandatory-to-enforce" (MtE) and "safe- the different combinations of "mandatory-to-enforce" (MtE) and "safe-
to-redistribute" (StR) properties, when the tCDN either does or does to-redistribute" (StR) properties, when the tCDN either does or does
not understand the metadata in question: not understand the metadata in question:
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
| MtE | StR | Metadata | Action | | MtE | StR | Metadata | Action |
| | | Understood | | | | | Understood | |
| | | by tCDN | | | | | by tCDN | |
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
| False | True | True | Can serve and redistribute. | | False | True | True | Can serve and redistribute. |
| False | True | False | Can serve and redistribute. | | False | True | False | Can serve and redistribute. |
| False | False | False | Can serve. MUST set | | False | False | False | Can serve. MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
| False | False | True | Can serve. Can redistribute either | | False | False | True | Can serve. Can redistribute after |
| | | | by transforming not StR metadata (if | | | | | transforming the metadata (if the |
| | | | the CDN knows how to do so safely), | | | | | CDN knows how to do so safely), |
| | | | otherwise MUST set | | | | | otherwise MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
| True | True | True | Can serve and redistribute. | | True | True | True | Can serve and redistribute. |
| True | True | False | MUST NOT serve but can redistribute. | | True | True | False | MUST NOT serve but can redistribute. |
| True | False | True | Can serve. Can redistribute either | | True | False | True | Can serve. Can redistribute after |
| | | | by transforming not StR metadata (if | | | | | transforming the metadata (if the |
| | | | the CDN knows how to do so safely), | | | | | CDN knows how to do so safely), |
| | | | otherwise MUST set | | | | | otherwise MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
| True | False | False | MUST NOT serve. MUST set | | True | False | False | MUST NOT serve. MUST set |
| | | | "incomprehensible" to True when | | | | | "incomprehensible" to True when |
| | | | redistributing. | | | | | redistributing. |
+-------+-------+------------+--------------------------------------+ +-------+-------+------------+--------------------------------------+
Table 2: Action to be taken by a tCDN for the different combinations Table 2: Action to be taken by a tCDN for the different combinations
of MtE and StR properties of MtE and StR properties
skipping to change at page 14, line 29 skipping to change at page 13, line 29
| True | True | True | MUST NOT serve. | | True | True | True | MUST NOT serve. |
| True | False | False | MUST NOT serve. | | True | False | False | MUST NOT serve. |
| True | True | False | MUST NOT serve. | | True | True | False | MUST NOT serve. |
+-------+--------+--------------+-----------------------------------+ +-------+--------+--------------+-----------------------------------+
Table 3: Action to be taken by a dCDN for the different combinations Table 3: Action to be taken by a dCDN for the different combinations
of MtE and Incomp properties of MtE and Incomp properties
3.3. Metadata Inheritance and Override 3.3. Metadata Inheritance and Override
In the metadata object model, a HostMetadata object may contain In the metadata object model, a HostMetadata object can contain
multiple PathMetadata objects (via PathMatch objects). Each multiple PathMetadata objects (via PathMatch objects). Each
PathMetadata object may in turn contain other PathMetadata objects. PathMetadata object can in turn contain other PathMetadata objects.
HostMetadata and PathMetadata objects form an inheritance tree where HostMetadata and PathMetadata objects form an inheritance tree where
each node in the tree inherits or overrides the property values set each node in the tree inherits or overrides the property values set
by its parent. by its parent.
GenericMetadata objects of a given type override all GenericMetadata GenericMetadata objects of a given type override all GenericMetadata
objects of the same type previously defined by any parent object in objects of the same type previously defined by any parent object in
the tree. GenericMetadata objects of a given type previously defined the tree. GenericMetadata objects of a given type previously defined
by a parent object in the tree are inherited when no object of the by a parent object in the tree are inherited when no object of the
same type is defined by the child object. For example, if same type is defined by the child object. For example, if
HostMetadata for the host "example.com" contains GenericMetadata HostMetadata for the host "example.com" contains GenericMetadata
skipping to change at page 15, line 14 skipping to change at page 14, line 14
A single HostMetadata or PathMetadata object MUST NOT contain A single HostMetadata or PathMetadata object MUST NOT contain
multiple GenericMetadata objects of the same type. If a list of multiple GenericMetadata objects of the same type. If a list of
GenericMetadata contains objects of duplicate types, the receiver GenericMetadata contains objects of duplicate types, the receiver
MUST ignore all but the first object of each type. MUST ignore all but the first object of each type.
4. CDNI Metadata objects 4. CDNI Metadata objects
Section 4.1 provides the definitions of each metadata object type Section 4.1 provides the definitions of each metadata object type
introduced in Section 3. These metadata objects are described as introduced in Section 3. These metadata objects are described as
structural metadata objects as they provide the structure for the structural metadata objects as they provide the structure for host
inheritance tree and identify which specific GenericMetadata objects and URI path-based inheritance and identify which GenericMetadata
apply to a given User Agent content request. objects apply to a given User Agent content request.
Section 4.2 provides the definitions for a base set of core metadata Section 4.2 provides the definitions for a base set of core metadata
objects which can be contained within a GenericMetadata object. objects which can be contained within a GenericMetadata object.
These metadata objects govern how User Agent requests for content are These metadata objects govern how User Agent requests for content are
handled. GenericMetadata objects can contain other GenericMetadata handled. GenericMetadata objects can contain other GenericMetadata
sub-objects (i.e., GenericMetadata sub-objects contained within the as properties; these can be referred to as sub-objects). As with all
GenericMetadata object that refers to that GenericMetadata sub- CDNI metadata objects, the value of the GenericMetadata sub-objects
object). As with all CDNI metadata objects, the value of the can be either a complete serialized representation of the sub-object,
GenericMetadata sub-objects can be either a complete serialized or a Link object that contains a URI that can be dereferenced to
representation of the sub-object, or a Link object that contains a retrieve the complete serialized representation of the property sub-
URI that can be dereferenced to retrieve the complete serialized object.
representation of the property sub-object.
Section 6.5 discusses the ability to extend the base set of Section 6.5 discusses the ability to extend the base set of
GenericMetadata objects specified in this document with additional GenericMetadata objects specified in this document with additional
standards based or vendor specific GenericMetadata objects that may standards-based or vendor specific GenericMetadata objects that might
be defined in the future in separate documents. be defined in the future in separate documents.
dCDNs and tCDNs MUST support parsing of all CDNI metadata objects dCDNs and tCDNs MUST support parsing of all CDNI metadata objects
specified in this document. A dCDN does not have to implement the specified in this document. A dCDN does not have to implement the
underlying functionality represented by the metadata object, though underlying functionality represented by the metadata object (though
that may restrict the content that a given dCDN can serve. uCDNs as that might restrict the content that a given dCDN will be able to
generators of CDNI metadata only need to support generating the CDNI serve). uCDNs as generators of CDNI metadata only need to support
metadata that they need in order to express the policies and generating the CDNI metadata that they need in order to express the
treatment required by the content they are describing. policies required by the content they are describing.
CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493]
containing a dictionary of (key,value) pairs where the keys are the containing a dictionary of (key,value) pairs where the keys are the
property names and the values are the associated property values. property names and the values are the associated property values.
See Section 6.4 for more details of the specific encoding rules for See Section 6.4 for more details of the specific encoding rules for
CDNI metadata objects. CDNI metadata objects.
Note: In the following sections, the term "mandatory-to-specify" is Note: In the following sections, the term "mandatory-to-specify" is
used to convey which properties MUST be included for a given used to convey which properties MUST be included for a given
structural or GenericMetadata object. When mandatory-to-specify is structural or GenericMetadata object. When mandatory-to-specify is
specified as "Yes" by this document for an individual property, it specified as "Yes" for an individual property, it means that if the
means that if the object containing that property is included in a object containing that property is included in a metadata response,
metadata response, then the mandatory-to-specify property MUST also then the mandatory-to-specify property MUST also be included
be included (directly or by reference) in the response, e.g., a (directly or by reference) in the response, e.g., a HostMatch
HostMatch property object without a host to match against does not property object without a host to match against does not make sense,
make sense, therefore, the host property is mandatory-to-specify therefore, the host property is mandatory-to-specify inside a
inside a HostMatch object. HostMatch object.
4.1. Definitions of the CDNI structural metadata objects 4.1. Definitions of the CDNI structural metadata objects
Each of the sub-sections below describe the structural objects Each of the sub-sections below describe the structural objects
introduced in Section 3.1. introduced in Section 3.1.
4.1.1. HostIndex 4.1.1. HostIndex
The HostIndex object is the entry point into the CDNI metadata The HostIndex object is the entry point into the CDNI metadata
hierarchy. It contains a list of HostMatch objects. An incoming hierarchy. It contains a list of HostMatch objects. An incoming
skipping to change at page 17, line 13 skipping to change at page 16, line 13
} }
4.1.2. HostMatch 4.1.2. HostMatch
The HostMatch object contains a Hostname or IP address to match The HostMatch object contains a Hostname or IP address to match
against content requests. The HostMatch object also contains a against content requests. The HostMatch object also contains a
HostMetadata object to apply if a match is found. HostMetadata object to apply if a match is found.
Property: host Property: host
Description: String (Hostname or IP address) to match against Description: Hostname or IP address to match against the
the requested host. In order for a Hostname or IP address in a requested host. In order for a Hostname or IP address in a
content request to match the Hostname or IP address in the host content request to match the Hostname or IP address in the host
property the value when converted to lowercase in the content property the value from the content request when converted to
request MUST be identical to the value of the host property lowercase MUST be identical to the value of the host property
when converted to lowercase. IPv4 addresses MUST be encoded as when converted to lowercase.
specified by the 'IPv4address' rule in Section 3.2.2 of
[RFC3986]. IPv6 addresses MUST be encoded in one of the IPv6
address formats specified in [RFC5952] although receivers MUST
support all IPv6 address formats specified in [RFC4291].
Type: String Type: Endpoint
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: host-metadata Property: host-metadata
Description: CDNI metadata to apply when delivering content Description: CDNI metadata to apply when delivering content
that matches this host. that matches this host.
Type: HostMetadata Type: HostMetadata
skipping to change at page 18, line 40 skipping to change at page 17, line 32
objects) MUST be evaluated in the order they appear and the objects) MUST be evaluated in the order they appear and the
first PathMatch object that matches the content request being first PathMatch object that matches the content request being
processed MUST be used. processed MUST be used.
Type: List of PathMatch objects Type: List of PathMatch objects
Mandatory-to-Specify: No. Mandatory-to-Specify: No.
Example HostMetadata object containing a number of embedded Example HostMetadata object containing a number of embedded
GenericMetadata objects that will describe the default metadata for GenericMetadata objects that will describe the default metadata for
the host and a single embedded PathMatch object that will describe the host and an embedded PathMatch object that contains a path for
the CDNI metadata for that path which overrides the default metadata which metadata exists that overrides the default metadata for the
for the host: host:
{ {
"metadata": [ "metadata": [
{ {
<Properties of 1st embedded GenericMetadata object> <Properties of 1st embedded GenericMetadata object>
}, },
{ {
<Properties of 2nd embedded GenericMetadata object> <Properties of 2nd embedded GenericMetadata object>
}, },
skipping to change at page 19, line 29 skipping to change at page 18, line 29
], ],
"paths": [ "paths": [
{ {
<Properties of embedded PathMatch object> <Properties of embedded PathMatch object>
} }
] ]
} }
4.1.4. PathMatch 4.1.4. PathMatch
A PathMatch object contains a pattern within a PatternMatch object to A PathMatch object contains PatternMatch object with a path to match
match against a resource's URI path and contains a PathMetadata against a resource's URI path, as well as a PathMetadata object with
object to apply if the resource's URI path matches the pattern within GenericMetadata to apply if the resource's URI path matches the
the PatternMatch object. pattern within the PatternMatch object.
Property: path-pattern Property: path-pattern
Description: Pattern to match against the requested resource's Description: Pattern to match against the requested resource's
URI path, i.e., against the [RFC3986] path-absolute. URI path, i.e., against the [RFC3986] path-absolute.
Type: PatternMatch Type: PatternMatch
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
skipping to change at page 20, line 23 skipping to change at page 19, line 23
}, },
"path-metadata": { "path-metadata": {
"type": "MI.PathMetadata.v1", "type": "MI.PathMetadata.v1",
"href": "http://metadata.ucdn.example/host1234/pathDCE" "href": "http://metadata.ucdn.example/host1234/pathDCE"
} }
} }
4.1.5. PatternMatch 4.1.5. PatternMatch
A PatternMatch object contains the pattern string and flags that A PatternMatch object contains the pattern string and flags that
describe the PathMatch expression. describe the pattern expression.
Property: pattern Property: pattern
Description: A pattern for string matching. The pattern may Description: A pattern for string matching. The pattern can
contain the wildcards * and ?, where * matches any sequence of contain the wildcards * and ?, where * matches any sequence of
characters (including the empty string) and ? matches exactly characters (including the empty string) and ? matches exactly
one character. The three literals $, * and ? should be escaped one character. The three literals $, * and ? should be escaped
as $$, $* and $?. All other characters are treated as literals. as $$, $* and $?. All other characters are treated as literals.
Type: String Type: String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: case-sensitive Property: case-sensitive
skipping to change at page 21, line 36 skipping to change at page 20, line 36
{ {
"pattern": "/movies/*", "pattern": "/movies/*",
"case-sensitive": true, "case-sensitive": true,
"ignore-query-string": ["sessionid"] "ignore-query-string": ["sessionid"]
} }
4.1.6. PathMetadata 4.1.6. PathMetadata
A PathMetadata object contains the CDNI metadata properties for A PathMetadata object contains the CDNI metadata properties for
content requests that match against the associated URI path (defined content requests that match against the associated URI path (defined
in a PathMatch object) and possibly child PathMatch objects. in a PathMatch object).
Note that if DNS-based redirection is employed, then a dCDN will be Note that if DNS-based redirection is employed, then a dCDN will be
unable to evaulate any metadata at the PathMetadata level or below unable to evaulate any metadata at the PathMetadata level or below
against the content redirection request at request routing time
because only the hostname of the content request is available at because only the hostname of the content request is available at
request routing time. dCDNs SHOULD still process any metadata at the request routing time. dCDNs SHOULD still process all PathMetadata for
PathMetadata level or below before responding to the redirection the host before responding to the redirection request to detect if
request in order to detect if any unsupported metadata is specifed. any unsupported metadata is specifed. If any metadata not supported
If any metadata is included and marked as "mandatory-to-enforce" by the dCDN is marked as "mandatory-to-enforce", the dCDN SHOULD NOT
which is not supported by the dCDN then the dCDN SHOULD NOT redirect accept the content redirection request, in order to avoid receiving
the the content redirection request to itself in order to avoid content requests that it will not be able to satisfy/serve.
receiving content requests that it is not able to satisfy/serve.
Property: metadata Property: metadata
Description: List of path related metadata. Description: List of path related metadata.
Type: List of GenericMetadata objects Type: List of GenericMetadata objects
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: paths Property: paths
Description: Path specific rules. First match applies. Description: Path specific rules. First match applies.
Type: List of PathMatch objects Type: List of PathMatch objects
Mandatory-to-Specify: No. Mandatory-to-Specify: No.
skipping to change at page 22, line 19 skipping to change at page 21, line 16
Property: paths Property: paths
Description: Path specific rules. First match applies. Description: Path specific rules. First match applies.
Type: List of PathMatch objects Type: List of PathMatch objects
Mandatory-to-Specify: No. Mandatory-to-Specify: No.
Example PathMetadata object containing a number of embedded Example PathMetadata object containing a number of embedded
GenericMetadata objects that describe the metadata to apply for the GenericMetadata objects that describe the metadata to apply for the
URI path defined in the parent PathMatch object. URI path defined in the parent PathMatch object, as well as a more
specific PathMatch object.
{ {
"metadata": [ "metadata": [
{ {
<Properties of 1st embedded GenericMetadata object> <Properties of 1st embedded GenericMetadata object>
}, },
{ {
<Properties of 2nd embedded GenericMetadata object> <Properties of 2nd embedded GenericMetadata object>
}, },
... ...
{ {
<Properties of Nth embedded GenericMetadata object> <Properties of Nth embedded GenericMetadata object>
} }
], ],
"paths": [
{
<Properties of embedded PathMatch object>
}
]
} }
4.1.7. GenericMetadata 4.1.7. GenericMetadata
A GenericMetadata object is a wrapper for managing individual CDNI A GenericMetadata object is a wrapper for managing individual CDNI
metadata properties in an opaque manner. metadata properties in an opaque manner.
Property: generic-metadata-type Property: generic-metadata-type
Description: Case-insensitive CDNI metadata object type. Description: Case-insensitive CDNI metadata object type.
Type: String containing the CDNI Payload Type of the object Type: String containing the CDNI Payload Type [RFC7736] of the
contained in the generic-metadata-value property. object contained in the generic-metadata-value property (see
Table 4).
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: generic-metadata-value Property: generic-metadata-value
Description: CDNI metadata object. Description: CDNI metadata object.
Type: Format/Type is defined by the value of generic-metadata- Type: Format/Type is defined by the value of generic-metadata-
type property above. type property above. Note: generic-metadata-values MUST NOT
name any properties "href" (see Section 4.3.1).
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: mandatory-to-enforce Property: mandatory-to-enforce
Description: Flag identifying whether or not the enforcement of Description: Flag identifying whether or not the enforcement of
the property metadata is required. the property metadata is required.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is to treat metadata as Mandatory-to-Specify: No. Default is to treat metadata as
mandatory to enforce (i.e., a value of True). mandatory to enforce (i.e., a value of True).
Property: safe-to-redistribute Property: safe-to-redistribute
Description: Flag identifying whether or not the property Description: Flag identifying whether or not the property
metadata may be safely redistributed without modification. metadata can be safely redistributed without modification.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is allow transparent Mandatory-to-Specify: No. Default is allow transparent
redistribution (i.e., a value of True). redistribution (i.e., a value of True).
Property: incomprehensible Property: incomprehensible
Description: Flag identifying whether or not any CDN in the Description: Flag identifying whether or not any CDN in the
chain of delegation has failed to understand and/or failed to chain of delegation has failed to understand and/or failed to
skipping to change at page 23, line 46 skipping to change at page 23, line 7
applies to metadata objects whose safe-to-redistribute property applies to metadata objects whose safe-to-redistribute property
has a value of False. has a value of False.
Type: Boolean Type: Boolean
Mandatory-to-Specify: No. Default is comprehensible (i.e., a Mandatory-to-Specify: No. Default is comprehensible (i.e., a
value of False). value of False).
Example GenericMetadata object containing a metadata object that Example GenericMetadata object containing a metadata object that
applies to the applicable URI path and/or host (within a parent applies to the applicable URI path and/or host (within a parent
PathMetadata and/or HostMetadata object): PathMetadata and/or HostMetadata object, respectively):
{ {
"mandatory-to-enforce": true, "mandatory-to-enforce": true,
"safe-to-redistribute": true, "safe-to-redistribute": true,
"incomprehensible": false, "incomprehensible": false,
"generic-metadata-type": <CDNI Payload Type of this metadata object>, "generic-metadata-type": <CDNI Payload Type of this metadata object>,
"generic-metadata-value": "generic-metadata-value":
{ {
<Properties of this metadata object> <Properties of this metadata object>
} }
skipping to change at page 25, line 28 skipping to change at page 24, line 28
"endpoints": ["origin.service123.example"], "endpoints": ["origin.service123.example"],
"protocol": "http1.1" "protocol": "http1.1"
} }
] ]
} }
} }
4.2.1.1. Source 4.2.1.1. Source
A Source object describes the source to be used by the dCDN for A Source object describes the source to be used by the dCDN for
content acquisition, e.g., a Surrogate within the uCDN or an content acquisition (e.g., a Surrogate within the uCDN or an
alternate Origin Server, the protocol to be used and any alternate Origin Server), the protocol to be used, and any
authentication method to be used when contacting that source. authentication method to be used when contacting that source.
Endpoints within a Source object MUST be treated as equivalent/equal Endpoints within a Source object MUST be treated as equivalent/equal.
so a uCDN can specify a list of sources in preference order and for A uCDN can specify a list of sources in preference order within a
each source/preference rank a uCDN can specify a list of endpoints SourceMetadata objecct, and then for each preference ranked Source
that are equivalent, e.g., a pool of servers that are not behind a object, a uCDN can specify a list of endpoints that are equivalent
load balancer. (e.g., a pool of servers that are not behind a load balancer).
Property: acquisition-auth Property: acquisition-auth
Description: Authentication method to use when requesting Description: Authentication method to use when requesting
content from this source. content from this source.
Type: Auth (see Section 4.2.7) Type: Auth (see Section 4.2.7)
Mandatory-to-Specify: No. Default is no authentication Mandatory-to-Specify: No. Default is no authentication
required. required.
Property: endpoints Property: endpoints
Description: Origins from which the dCDN can acquire content. Description: Origins from which the dCDN can acquire content.
If multiple endpoints are specified they are all equal, i.e., If multiple endpoints are specified they are all equal, i.e.,
the list is not in preference order, for example a pool of the list is not in preference order (e.g., a pool of servers
servers behind a load balancer. behind a load balancer).
Type: List of Endpoint objects (See Section 4.3.3) Type: List of Endpoint objects (See Section 4.3.3)
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: protocol Property: protocol
Description: Network retrieval protocol to use when requesting Description: Network retrieval protocol to use when requesting
content from this source. content from this source.
skipping to change at page 26, line 38 skipping to change at page 25, line 38
], ],
"protocol": "http1.1" "protocol": "http1.1"
} }
4.2.2. LocationACL Metadata 4.2.2. LocationACL Metadata
LocationACL metadata defines which locations a User Agent needs to be LocationACL metadata defines which locations a User Agent needs to be
in, in order to be able to receive the associated content. in, in order to be able to receive the associated content.
A LocationACL which does not include a locations property results in A LocationACL which does not include a locations property results in
an action of allow, meaning that delivery can be performed regardless an action of allow all, meaning that delivery can be performed
of the User Agent's location. The action from the first footprint to regardless of the User Agent's location, otherwise a CDN MUST take
match against the User Agent's location is the action a CDN MUST the action from the first footprint to match against the User Agent's
take. If two or more footprints overlap, the first footprint that location. If two or more footprints overlap, the first footprint
matches against the User Agent's location determines the action a CDN that matches against the User Agent's location determines the action
MUST take. If the locations property is included but is empty, or if a CDN MUST take. If the locations property is included but is empty,
none of the listed footprints matches the User Agent's location, then or if none of the listed footprints matches the User Agent's
the result is an action of deny. location, then the result is an action of deny.
Although the LocationACL, TimeWindowACL (see Section 4.2.3), and Although the LocationACL, TimeWindowACL (see Section 4.2.3), and
ProtocolACL (see Section 4.2.4) are independent GenericMetadata ProtocolACL (see Section 4.2.4) are independent GenericMetadata
objects, they may provide conflicting information to a dCDN, e.g., a objects, they can provide conflicting information to a dCDN, e.g., a
content request which is simultaneously allowed based on the content request which is simultaneously allowed based on the
LocationACL and denied based on the TimeWindowACL. The dCDN MUST use LocationACL and denied based on the TimeWindowACL. The dCDN MUST use
the logical AND of all ACLs (where 'allow' is true and 'deny' is the logical AND of all ACLs (where 'allow' is true and 'deny' is
false) to determine whether or not a request should be allowed. false) to determine whether or not a request should be allowed.
Property: locations Property: locations
Description: Access control list which allows or denies Description: Access control list which allows or denies
(blocks) delivery based on the User Agent's location. (blocks) delivery based on the User Agent's location.
skipping to change at page 28, line 44 skipping to change at page 27, line 44
"footprint-type": "countrycode", "footprint-type": "countrycode",
"footprint-value": ["us"] "footprint-value": ["us"]
} }
] ]
} }
} }
4.2.2.2. Footprint 4.2.2.2. Footprint
A Footprint object describes the footprint to which a LocationRule A Footprint object describes the footprint to which a LocationRule
may be applied to, e.g., an IPv4 address range or a geographic can be applied to, e.g., an IPv4 address range or a geographic
location. location.
Property: footprint-type Property: footprint-type
Description: Registered footprint type. The footprint types Description: Registered footprint type (see Section 7.2). The
specified by this document are: "ipv4cidr" (IPv4CIDR, see footprint types specified by this document are: "ipv4cidr"
Section 4.3.5), "ipv6cidr" (IPv6CIDR, see Section 4.3.6), "asn" (IPv4CIDR, see Section 4.3.5), "ipv6cidr" (IPv6CIDR, see
(Autonomous System Number, see Section 4.3.7) and "countrycode" Section 4.3.6), "asn" (Autonomous System Number, see
(Country Code, see Section 4.3.8). Section 4.3.7) and "countrycode" (Country Code, see
Section 4.3.8).
Type: Lowercase String Type: Lowercase String
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: footprint-value Property: footprint-value
Description: List of footprint values conforming to the Description: List of footprint values conforming to the
specification associated with the registered footprint type. specification associated with the registered footprint type.
Footprint values may be simple strings (e.g., IPv4CIDR, Footprint values can be simple strings (e.g., IPv4CIDR,
IPv5CIDR, ASN, and CountryCode), however, other Footprint IPv6CIDR, ASN, and CountryCode), however, other Footprint
objects may be defined in the future, along with a more complex objects can be defined in the future, along with a more complex
encoding (e.g., GPS coordinate tuples). encoding (e.g., GPS coordinate tuples).
Type: List of footprints Type: List of footprints
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Example Footprint object describing a footprint covering the USA: Example Footprint object describing a footprint covering the USA:
{ {
"footprint-type": "countrycode", "footprint-type": "countrycode",
skipping to change at page 29, line 44 skipping to change at page 28, line 44
{ {
"footprint-type": "ipv4cidr", "footprint-type": "ipv4cidr",
"footprint-value": ["192.0.2.0/24", "198.51.100.0/24"] "footprint-value": ["192.0.2.0/24", "198.51.100.0/24"]
} }
4.2.3. TimeWindowACL 4.2.3. TimeWindowACL
TimeWindowACL metadata defines time-based restrictions. TimeWindowACL metadata defines time-based restrictions.
A TimeWindowACL which does not include a times property results in an A TimeWindowACL which does not include a times property results in an
action of allow, meaning that delivery can be performed regardless of action of allow all, meaning that delivery can be performed
the time of the User Agent's request. The action from the first regardless of the time of the User Agent's request, otherwise a CDN
window to match against the current time is the action a CDN MUST MUST take the action from the first window to match against the
take. If two or more windows overlap, the first window that matches current time. If two or more windows overlap, the first window that
against the current time determines the action a CDN MUST take. If matches against the current time determines the action a CDN MUST
the times property is included but is empty, or if none of the listed take. If the times property is included but is empty, or if none of
windows matches the current time, then the result is an action of the listed windows matches the current time, then the result is an
deny. action of deny.
Although the LocationACL, TimeWindowACL, and ProtocolACL are Although the LocationACL (see Section 4.2.2), TimeWindowACL, and
independent GenericMetadata objects, they may provide conflicting ProtocolACL (see Section 4.2.4) are independent GenericMetadata
information to a dCDN, e.g., a content request which is objects, they can provide conflicting information to a dCDN, e.g., a
simultaneously allowed based on the LocationACL and denied based on content request which is simultaneously allowed based on the
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs LocationACL and denied based on the TimeWindowACL. The dCDN MUST use
(where 'allow' is true and 'deny' is false) to determine whether or the logical AND of all ACLs (where 'allow' is true and 'deny' is
not a request should be allowed. false) to determine whether or not a request should be allowed.
Property: times Property: times
Description: Access control list which allows or denies Description: Access control list which allows or denies
(blocks) delivery based on the time of a User Agent's request. (blocks) delivery based on the time of a User Agent's request.
Type: List of TimeWindowRule objects (see Section 4.2.3.1) Type: List of TimeWindowRule objects (see Section 4.2.3.1)
Mandatory-to-Specify: No. Default is allow all time windows. Mandatory-to-Specify: No. Default is allow all time windows.
Example TimeWIndowACL object (which contains a TimeWindowRule object Example TimeWIndowACL object (which contains a TimeWindowRule object
which itself contains a TimeWIndow object) that only allows the dCDN which itself contains a TimeWIndow object) that only allows the dCDN
to deliver content to clients between 09:00AM 01/01/2000 UTC and to deliver content to clients between 09:00 01/01/2000 UTC and 17:00
17:00AM 01/01/2000 UTC: 01/01/2000 UTC:
{ {
"generic-metadata-type": "MI.TimeWindowACL.v1" "generic-metadata-type": "MI.TimeWindowACL.v1"
"generic-metadata-value": "generic-metadata-value":
{ {
"times": [ "times": [
{ {
"action": "allow", "action": "allow",
"windows": [ "windows": [
{ {
skipping to change at page 31, line 19 skipping to change at page 30, line 19
Property: action Property: action
Description: Defines whether the rule specifies time windows to Description: Defines whether the rule specifies time windows to
allow or deny. allow or deny.
Type: Enumeration [allow|deny] encoded as a lowercase string Type: Enumeration [allow|deny] encoded as a lowercase string
Mandatory-to-Specify: No. Default is deny. Mandatory-to-Specify: No. Default is deny.
Example TimeWIndowRule object (which contains a TimeWIndow object) Example TimeWIndowRule object (which contains a TimeWIndow object)
that only allows the dCDN to deliver content to clients between that only allows the dCDN to deliver content to clients between 09:00
09:00AM 01/01/2000 UTC and 17:00AM 01/01/2000 UTC: 01/01/2000 UTC and 17:00 01/01/2000 UTC:
{ {
"action": "allow", "action": "allow",
"windows": [ "windows": [
{ {
"start": 946717200, "start": 946717200,
"end": 946746000 "end": 946746000
} }
] ]
} }
4.2.3.2. TimeWindow 4.2.3.2. TimeWindow
A TimeWindow object describes a time range which may be applied by an A TimeWindow object describes a time range which can be applied by an
TimeWindowACL, e.g., start 946717200 (i.e., 09:00AM 01/01/2000 UTC), TimeWindowACL, e.g., start 946717200 (i.e., 09:00 01/01/2000 UTC),
end: 946746000 (i.e., 17:00AM 01/01/2000 UTC). end: 946746000 (i.e., 17:00 01/01/2000 UTC).
Property: start Property: start
Description: The start time of the window. Description: The start time of the window.
Type: Time (see Section 4.3.4) Type: Time (see Section 4.3.4)
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: end Property: end
Description: The end time of the window. Description: The end time of the window.
Type: Time (see Section 4.3.4) Type: Time (see Section 4.3.4)
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Example TimeWIndow object that describes a time window from 09:00AM Example TimeWIndow object that describes a time window from 09:00
01/01/2000 UTC to 17:00AM 01/01/2000 UTC: 01/01/2000 UTC to 17:00 01/01/2000 UTC:
{ {
"start": 946717200, "start": 946717200,
"end": 946746000 "end": 946746000
} }
4.2.4. ProtocolACL Metadata 4.2.4. ProtocolACL Metadata
ProtocolACL metadata defines delivery protocol restrictions. ProtocolACL metadata defines delivery protocol restrictions.
A ProtocolACL which does not include a protocol-acl property results A ProtocolACL which does not include a protocol-acl property results
in an action of allow, meaning that delivery can be performed in an action of allow all, meaning that delivery can be performed
regardless of the protocol of the User Agent's request. The action regardless of the protocol in the User Agent's request, otherwise a
from the first protocol to match against the request protocol is the CDN MUST take the action from the first protocol to match against the
action a CDN MUST take. If two or more request protocols overlap, request protocol. If two or more request protocols overlap, the
the first protocol that matches thre request protocol determines the first protocol that matches the request protocol determines the
action a CDN MUST take. If the protocol-acl property is included but action a CDN MUST take. If the protocol-acl property is included but
is empty, or if none of the listed protocol matches the request is empty, or if none of the listed protocol matches the request
protocol, then the result is an action of deny. protocol, then the result is an action of deny.
Although the LocationACL, TimeWindowACL, and ProtocolACL are Although the LocationACL, TimeWindowACL, and ProtocolACL are
independent GenericMetadata objects, they may provide conflicting independent GenericMetadata objects, they can provide conflicting
information to a dCDN, e.g., a content request which is information to a dCDN, e.g., a content request which is
simultaneously allowed based on the ProtocolACL and denied based on simultaneously allowed based on the ProtocolACL and denied based on
the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs
(where 'allow' is true and 'deny' is false) to determine whether or (where 'allow' is true and 'deny' is false) to determine whether or
not a request should be allowed. not a request should be allowed.
Property: protocol-acl Property: protocol-acl
Description: Description: Access control list which allows or Description: Description: Access control list which allows or
denies (blocks) delivery based on delivery protocol. denies (blocks) delivery based on delivery protocol.
skipping to change at page 33, line 20 skipping to change at page 32, line 20
{ {
"action": "allow", "action": "allow",
"protocols": ["http1.1"] "protocols": ["http1.1"]
} }
] ]
} }
} }
4.2.4.1. ProtocolRule 4.2.4.1. ProtocolRule
A ProtocolRule contains or references a list of Protocol objects. A ProtocolRule contains or references a list of Protocol objects and
ProtocolRule objects are used to construct a ProtocolACL to apply the corresponding action.
restrictions to content acquisition or delivery.
Property: protocols Property: protocols
Description: List of protocols to which the rule applies. Description: List of protocols to which the rule applies.
Type: List of Protocols (see Section 4.3.2) Type: List of Protocols (see Section 4.3.2)
Mandatory-to-Specify: Yes. Mandatory-to-Specify: Yes.
Property: action Property: action
Description: Defines whether the rule specifies protocols to Description: Defines whether the rule specifies protocols to
allow or deny. allow or deny.
Type: Enumeration [allow|deny] encoded as a lowercase string Type: Enumeration [allow|deny] encoded as a lowercase string
Mandatory-to-Specify: No. Default is deny. Mandatory-to-Specify: No. Default is deny.
Example ProtocolRule object (which contains a ProtocolRule object) Example ProtocolRule object (which contains a ProtocolRule object)
that includes the protocol HTTP/1.1: that allows the dCDN to deliver content using HTTP/1.1:
{ {
"action": "allow", "action": "allow",
"protocols": ["http1.1"] "protocols": ["http1.1"]
} }
4.2.5. DeliveryAuthorization Metadata 4.2.5. DeliveryAuthorization Metadata
Delivery Authorization defines authorization methods for the delivery Delivery Authorization defines authorization methods for the delivery
of content to User Agents. of content to User Agents.
skipping to change at page 34, line 49 skipping to change at page 33, line 44
4.2.6. Cache 4.2.6. Cache
A Cache object describes the cache control parameters to be applied A Cache object describes the cache control parameters to be applied
to the content by intermediate caches. to the content by intermediate caches.
Property: ignore-query-string Property: ignore-query-string
Description: Allows a Surrogate to ignore URI query string Description: Allows a Surrogate to ignore URI query string
parameters when comparing the requested URI against the URIs in parameters when comparing the requested URI against the URIs in
its cache for equivalence. Matching against query parameters its cache for equivalence. Matching query parameters to ignore
to ignore MUST be case-insensitive. Each query parameter to MUST be case-insensitive. Each query parameter to ignore is
ignore is specified in the list. If all query parameters specified in the list. If all query parameters should be
should be ignored, then the list MUST be specified and MUST be ignored, then the list MUST be specified and MUST be empty.
empty.
Type: List of String Type: List of String
Mandatory-to-Specify: No. Default is to consider query string Mandatory-to-Specify: No. Default is to consider query string
parameters when comparing URIs. parameters when comparing URIs.
Example Cache object that instructs the dCDN to ignore all query Example Cache object that instructs the dCDN to ignore all query
parameters: parameters:
{ {
skipping to change at page 36, line 28 skipping to change at page 35, line 20
"auth-type": <CDNI Payload Type of this Auth object>, "auth-type": <CDNI Payload Type of this Auth object>,
"auth-value": "auth-value":
{ {
<Properties of this Auth object> <Properties of this Auth object>
} }
} }
} }
4.2.8. Grouping 4.2.8. Grouping
A Grouping object identifies a large group of content to which a A Grouping object identifies a group of content to which a given
given asset belongs. asset belongs.
Property: ccid Property: ccid
Description: Content Collection identifier for an application- Description: Content Collection identifier for an application-
specific purpose such as logging. specific purpose such as logging aggregation.
Type: String Type: String
Mandatory-to-Specify: No. Default is an empty string. Mandatory-to-Specify: No. Default is an empty string.
Example Grouping object that specifies a Content Collection Example Grouping object that specifies a Content Collection
Identifier for the content associated with the Grouping object's Identifier for the content associated with the Grouping object's
parent HostMetdata or PathMetadata: parent HostMetdata and PathMetadata:
{ {
"generic-metadata-type": "generic-metadata-type":
"MI.Grouping.v1" "MI.Grouping.v1"
"generic-metadata-value": "generic-metadata-value":
{ {
"ccid": "ABCD", "ccid": "ABCD",
} }
} }
4.3. CDNI Metadata Simple Data Type Descriptions 4.3. CDNI Metadata Simple Data Type Descriptions
This section describes the simple data types that are used for This section describes the simple data types that are used for
properties of CDNI metadata objects. properties of CDNI metadata objects.
4.3.1. Link 4.3.1. Link
A Link object may be used in place of any of the objects or A Link object can be used in place of any of the objects or
properties described above. Link objects can be used to avoid properties described above. Link objects can be used to avoid
duplication if the same metadata information is repeated within the duplication if the same metadata information is repeated within the
metadata tree. When a Link object replaces another object, its href metadata tree. When a Link object replaces another object, its href
property is set to the URI of the resource and its type property is property is set to the URI of the resource and its type property is
set to the CDNI Payload Type of the object it is replacing. set to the CDNI Payload Type of the object it is replacing.
dCDNs can detect the presence of a Link object instead of another dCDNs can detect the presence of a Link object by detecting the
metadata object by detecting the presence of a property named "href" presence of a property named "href" within the object. This means
within the object. This means that GenericMetadata types MUST NOT that GenericMetadata types MUST NOT contain a property named "href"
contain a property named "href" because doing so would conflict with because doing so would conflict with the ability for dCDNs to detect
the ability for dCDNs to detect Link objects being used to reference Link objects being used to reference a GenericMetadata object.
a GenericMetadata object.
Property: href Property: href
Description: The URI of the addressable object being Description: The URI of the addressable object being
referenced. referenced.
Type: String Type: String
Mandatory-to-Specify: Yes Mandatory-to-Specify: Yes.
Property: type Property: type
Description: The type of the object being referenced. Description: The type of the object being referenced.
Type: String Type: String
Mandatory-to-Specify: No Mandatory-to-Specify: No. If the container specifies the type
(e.g., the HostIndex object contains a list of HostMatch
objects, so a Link object in the list of HostMatch objects must
reference a HostMatch), then it is not necessary to explicitly
specify a type.
Example Link object referencing a HostMetadata object: Example Link object referencing a HostMatch object:
{ {
"type": "MI.HostMetadata.v1", "type": "MI.HostMatch.v1",
"href": "http://metadata.ucdn.example/host1234" "href": "http://metadata.ucdn.example/hostmatch1234"
}
Example Link object referencing a HostMatch object, without an
explicit type, inside a HostIndex object:
{
"hosts": [
{
<Properties of embedded HostMatch object>
},
{
"href": "http://metadata.ucdn.example/hostmatch1234"
}
]
} }
4.3.2. Protocol 4.3.2. Protocol
Protocol objects are used to specify registered protocols for content Protocol objects are used to specify registered protocols for content
acquisition or delivery (see Section 7.3). acquisition or delivery (see Section 7.3).
Type: String Type: String
Example: Example:
skipping to change at page 38, line 31 skipping to change at page 37, line 42
Note: All implementations MUST support IPv4 addresses encoded as Note: All implementations MUST support IPv4 addresses encoded as
specified by the 'IPv4address' rule in Section 3.2.2 of [RFC3986]. specified by the 'IPv4address' rule in Section 3.2.2 of [RFC3986].
IPv6 addresses MUST be encoded in one of the IPv6 address formats IPv6 addresses MUST be encoded in one of the IPv6 address formats
specified in [RFC5952] although receivers MUST support all IPv6 specified in [RFC5952] although receivers MUST support all IPv6
address formats specified in [RFC4291]. address formats specified in [RFC4291].
Type: String Type: String
Example Hostname: Example Hostname:
"http://metadata.ucdn.example/host1234" "metadata.ucdn.example"
Example IPv4 address: Example IPv4 address:
"192.0.2.1" "192.0.2.1"
Example IPv6 address (with port number): Example IPv6 address (with port number):
"[2001:db8::1]:81" "[2001:db8::1]:81"
4.3.4. Time 4.3.4. Time
A time value expressed in seconds since Unix epoch in the UTC A time value expressed in seconds since the Unix epoch in the UTC
timezone. timezone.
Type: Integer Type: Integer
Example Time representing 09:00AM 01/01/2000 UTC: Example Time representing 09:00 01/01/2000 UTC:
946717200 946717200
4.3.5. IPv4CIDR 4.3.5. IPv4CIDR
An IPv4address CIDR block encoded as specified by the 'IPv4address' An IPv4address CIDR block encoded as specified by the 'IPv4address'
rule in Section 3.2.2 of [RFC3986] followed by a / followed by an rule in Section 3.2.2 of [RFC3986] followed by a / followed by an
unsigned integer representing the leading bits of the routing prefix unsigned integer representing the leading bits of the routing prefix
(i.e. IPv4 CIDR notation). Single IP addresses can be expressed as (i.e., IPv4 CIDR notation). Single IP addresses can be expressed as
/32. /32.
Type: String Type: String
Example IPv4 CIDR: Example IPv4 CIDR:
"192.0.2.0/24" "192.0.2.0/24"
4.3.6. IPv6CIDR 4.3.6. IPv6CIDR
An IPv6address CIDR block encoded in one of the IPv6 address formats An IPv6address CIDR block encoded in one of the IPv6 address formats
specified in [RFC5952] followed by a / followed by an unsigned specified in [RFC5952] followed by a / followed by an unsigned
integer representing the leading bits of the routing prefix (i.e. integer representing the leading bits of the routing prefix (i.e.,
IPv6 CIDR notation). Single IP addresses can be expressed as /128. IPv6 CIDR notation). Single IP addresses can be expressed as /128.
Type: String Type: String
Example IPv6 CIDR: Example IPv6 CIDR:
"2001:db8::/32" "2001:db8::/32"
4.3.7. ASN 4.3.7. ASN
skipping to change at page 40, line 8 skipping to change at page 39, line 20
Type: String Type: String
Example Country Code representing the USA: Example Country Code representing the USA:
"us" "us"
5. CDNI Metadata Capabilities 5. CDNI Metadata Capabilities
CDNI metadata is used to convey information pertaining to content CDNI metadata is used to convey information pertaining to content
delivery from uCDN to dCDN. For optional metadata, it may be useful delivery from uCDN to dCDN. For optional metadata, it can be useful
for the uCDN to know if the dCDN supports the underlying for the uCDN to know if the dCDN supports the underlying
functionality described by the metadata, prior to delegating any functionality described by the metadata, prior to delegating any
content requests to the dCDN. If some metadata is "mandatory-to- content requests to the dCDN. If some metadata is "mandatory-to-
enforce", and the dCDN does not support it, any delegated requests enforce", and the dCDN does not support it, any delegated requests
for content that requires that metadata will fail. The uCDN will for content that requires that metadata will fail. The uCDN will
likely want to avoid delegating those requests to that dCDN. likely want to avoid delegating those requests to that dCDN.
Likewise, for any metadata which may be assigned optional values, it Likewise, for any metadata which might be assigned optional values,
may be useful for the uCDN to know which values a dCDN supports, it could be useful for the uCDN to know which values a dCDN supports,
prior to delegating any content requests to that dCDN. If the prior to delegating any content requests to that dCDN. If the
optional value assigned to a given piece of content's metadata is not optional value assigned to a given piece of content's metadata is not
supported by the dCDN, any delegated requests for that content may supported by the dCDN, any delegated requests for that content can
fail, so again the uCDN is likely to want to avoid delegating those fail, so again the uCDN is likely to want to avoid delegating those
requests to that dCDN. requests to that dCDN.
The CDNI Footprint and Capabilities Interface (FCI) [RFC7336] The CDNI Footprint and Capabilities Interface (FCI) provides a means
provides a means of advertising capabilities from dCDN to uCDN. of advertising capabilities from dCDN to uCDN [RFC7336]. Support for
Support for optional metadata and support for optional metadata optional metadata types and values can be advertised using the FCI.
values may be advertised using the FCI.
6. CDNI Metadata interface 6. CDNI Metadata interface
This section specifies an interface to enable a dCDN to retrieve CDNI This section specifies an interface to enable a dCDN to retrieve CDNI
metadata objects from a uCDN. metadata objects from a uCDN.
The interface can be used by a dCDN to retrieve CDNI metadata objects The interface can be used by a dCDN to retrieve CDNI metadata objects
either: either:
o Dynamically as required by the dCDN to process received requests. o Dynamically as required by the dCDN to process received requests.
For example in response to a query from an uCDN over the CDNI For example in response to a query from an uCDN over the CDNI
Request Routing Redirection interface (RI) Request Routing Redirection interface (RI)
[I-D.ietf-cdni-redirection] or in response to receiving a request [I-D.ietf-cdni-redirection] or in response to receiving a request
for content from a User Agent. Or; for content from a User Agent. Or;
o In advance of being required. For example in the case of pre- o In advance of being required. For example in the case of pre-
positioned CDNI metadata acquisition. positioned CDNI metadata acquisition, initiated through the "CDNI
Control interface / Triggers" (CI/T) interface
[I-D.ietf-cdni-control-triggers].
The CDNI metadata interface is built on the principles of HTTP web The CDNI metadata interface is built on the principles of HTTP web
services. In particular, this means that requests and responses over services. In particular, this means that requests and responses over
the interface are built around the transfer of representations of the interface are built around the transfer of representations of
hyperlinked resources. A resource in the context of the CDNI hyperlinked resources. A resource in the context of the CDNI
metadata interface is any object in the object model (as described in metadata interface is any object in the object model (as described in
Section 3 and Section 4). Section 3 and Section 4).
To retrieve CDNI metadata, a CDNI metadata client (i.e., a client in To retrieve CDNI metadata, a CDNI metadata client (i.e., a client in
the dCDN) first makes a HTTP GET request for the URI of the HostIndex the dCDN) first makes a HTTP GET request for the URI of the HostIndex
which provides the CDNI metadata client with a list of Hostnames for which provides the CDNI metadata client with a list of Hostnames for
which the uCDN may delegate content delivery to the dCDN. The CDNI which the uCDN can delegate content delivery to the dCDN. The CDNI
metadata client can then obtain any other CDNI metadata objects by metadata client can then obtain any other CDNI metadata objects by
making a HTTP GET requests for any linked metadata objects it making a HTTP GET requests for any linked metadata objects it
requires. requires.
CDNI metadata servers (i.e., servers in the uCDN) are free to assign CDNI metadata servers (i.e., servers in the uCDN) are free to assign
whatever structure they desire to the URIs for CDNI metadata objects whatever structure they desire to the URIs for CDNI metadata objects
and CDNI metadata clients MUST NOT make any assumptions regarding the and CDNI metadata clients MUST NOT make any assumptions regarding the
structure of CDNI metadata URIs or the mapping between CDNI metadata structure of CDNI metadata URIs or the mapping between CDNI metadata
objects and their associated URIs. Therefore any URIs present in the objects and their associated URIs. Therefore any URIs present in the
examples in this document are purely illustrative and are not examples in this document are purely illustrative and are not
skipping to change at page 41, line 33 skipping to change at page 40, line 45
The CDNI metadata interface uses HTTP as the underlying protocol The CDNI metadata interface uses HTTP as the underlying protocol
transport. transport.
The HTTP Method in the request defines the operation the request The HTTP Method in the request defines the operation the request
would like to perform. A server implementation of the CDNI metadata would like to perform. A server implementation of the CDNI metadata
interface MUST support the HTTP GET and HEAD methods. interface MUST support the HTTP GET and HEAD methods.
The corresponding HTTP Response returns the status of the operation The corresponding HTTP Response returns the status of the operation
in the HTTP Status Code and returns the current representation of the in the HTTP Status Code and returns the current representation of the
resource (if appropriate) in the Response Body. HTTP Responses from resource (if appropriate) in the Response Body. HTTP Responses that
servers implementing the CDNI metadata interface that contain a contain a response body SHOULD include an ETag to enable validation
response body SHOULD include an ETag to enable validation of cached of cached versions of returned resources.
versions of returned resources.
The CDNI metadata interface specified in this document is a read-only The CDNI metadata interface specified in this document is a read-only
interface. Therefore support for other HTTP methods such as PUT, interface. Therefore support for other HTTP methods such as PUT,
POST and DELETE etc. is not specified. A server implementation of POST, DELETE, etc. is not specified. A server implementation of the
the CDNI metadata interface SHOULD reject all methods other than GET CDNI metadata interface SHOULD reject all methods other than GET and
and HEAD. HEAD.
As the CDNI metadata interface builds on top of HTTP, CDNI metadata As the CDNI metadata interface builds on top of HTTP, CDNI metadata
server implementations MAY make use of any HTTP feature when server implementations MAY make use of any HTTP feature when
implementing the CDNI metadata interface, for example a CDNI metadata implementing the CDNI metadata interface, for example, a CDNI
server MAY make use of HTTP's caching mechanisms to indicate that the metadata server MAY make use of HTTP's caching mechanisms to indicate
returned response/representation can be reused without re-contacting that the returned response/representation can be reused without re-
the CDNI metadata server. contacting the CDNI metadata server.
6.2. Retrieval of CDNI Metadata resources 6.2. Retrieval of CDNI Metadata resources
In the general case a CDNI metadata server makes CDNI metadata In the general case, a CDNI metadata server makes CDNI metadata
objects available via a unique URIs and therefore in order to objects available via a unique URIs and thus, in order to retrieve
retrieve CDNI metadata, a CDNI metadata client first makes a HTTP GET CDNI metadata, a CDNI metadata client first makes a HTTP GET request
request for the URI of the HostIndex which provides the CDNI metadata for the URI of the HostIndex which provides a list of Hostnames for
client with a list of Hostnames for which the uCDN may delegate which the uCDN can delegate content delivery to the dCDN.
content delivery to the dCDN.
In order to retrieve the CDNI metadata for a particular request the In order to retrieve the CDNI metadata for a particular request the
CDNI metadata client processes the received HostIndex object and CDNI metadata client processes the received HostIndex object and
finds the corresponding HostMetadata entry (by matching the hostname finds the corresponding HostMetadata entry (by matching the hostname
in the request against the hostnames listed in the HostMatch in the request against the hostnames listed in the HostMatch
objects). If the HostMetadata is linked (rather than embedded), the objects). If the HostMetadata is linked (rather than embedded), the
CDNI metadata client then makes a GET request for the URI specified CDNI metadata client then makes a GET request for the URI specified
in the href property of the Link object which points to the in the href property of the Link object which points to the
HostMetadata object itself. HostMetadata object itself.
In order to retrieve the most specific metadata for a particular In order to retrieve the most specific metadata for a particular
request, the CDNI metadata client inspects the HostMetadata for request, the CDNI metadata client inspects the HostMetadata for
references to more specific PathMetadata objects (by matching the URI references to more specific PathMetadata objects (by matching the URI
path in the request against the path-patterns in the PathMatch). If path in the request against the path-patterns in any PathMatch
any PathMetadata match the request (and are linked rather than objects listed in the HostMetadata object). If any PathMetadata are
embedded), the CDNI metadata client makes another GET request for the found to match (and are linked rather than embedded), the CDNI
PathMetadata. Each PathMetadata object may also include references metadata client makes another GET request for the PathMetadata. Each
to yet more specific metadata. If this is the case, the CDNI PathMetadata object can also include references to yet more specific
metadata client continues requesting PathMatch and PathMetadata metadata. If this is the case, the CDNI metadata client continues
objects recursively. The CDNI metadata client repeats this approach requesting PathMatch and PathMetadata objects recursively. The CDNI
of processing metadata objects and retrieving (via HTTP GETs) any metadata client repeats this approach of processing metadata objects
linked objects until it has all the metadata objects it requires in and retrieving (via HTTP GETs) any linked objects until it has all
order to process a redirection request from an uCDN or a content the metadata objects it requires in order to process the redirection
request from a User Agent. request from an uCDN or the content request from a User Agent.
In cases where a dCDN is not able to retrieve the entire set of CDNI In cases where a dCDN is not able to retrieve the entire set of CDNI
metadata associated with a User Agent request, for example because metadata associated with a User Agent request, for example because
the uCDN is uncontactable or returns an HTTP 4xx or 5xx status in the uCDN is unreachable or returns a HTTP 4xx or 5xx status in
response to some or all of the dCDN's CDNI metadata requests, the response to some or all of the dCDN's CDNI metadata requests, the
dCDN MUST NOT serve the requested content unless the dCDN has stale dCDN MUST NOT serve the requested content unless the dCDN has stale
versions of all the required metadata and the stale-if-error Cache- versions of all the required metadata and the stale-if-error Cache-
Control extension [RFC5861] was included in all previous responses Control extension [RFC5861] was included in all previous responses
that are required but cannot currently be retrieved. The dCDN can that are required but cannot currently be retrieved. The dCDN can
continue to serve other content for which it can retrieve (or for continue to serve other content for which it can retrieve (or for
which it has fresh responses cached) all the required metadata even which it has fresh responses cached) all the required metadata even
if some non-applicable part of the metadata tree is missing. if some non-applicable part of the metadata tree is missing.
Where a dCDN is interconnected with multiple uCDNs, the dCDN needs to Where a dCDN is interconnected with multiple uCDNs, the dCDN needs to
determine which uCDN's CDNI metadata should be used to handle a determine which uCDN's CDNI metadata should be used to handle a
particular User Agent request. particular User Agent request.
When application level redirection (e.g., HTTP 302 redirects) is When application level redirection (e.g., HTTP 302 redirects) is
being used between CDNs, it is expected that the dCDN will be able to being used between CDNs, it is expected that the dCDN will be able to
determine the uCDN that redirected a particular request from determine the uCDN that redirected a particular request from
information contained in the received request (e.g., via the URI). information contained in the received request (e.g., via the URI).
With knowledge of which uCDN routed the request, the dCDN can choose With knowledge of which uCDN routed the request, the dCDN can choose
the correct uCDN from which to obtain the HostIndex. Note that the the correct uCDN from which to obtain the HostIndex. Note that the
HostIndex served by each uCDN may be unique. HostIndexes served by each uCDN can be unique.
In the case of DNS redirection there is not always sufficient In the case of DNS redirection there is not always sufficient
information carried in the DNS request from User Agents to determine information carried in the DNS request from User Agents to determine
the uCDN that redirected a particular request (e.g., when content the uCDN that redirected a particular request (e.g., when content
from a given host is redirected to a given dCDN by more than one from a given host is redirected to a given dCDN by more than one
uCDN) and therefore dCDNs may have to apply local policy when uCDN) and therefore dCDNs will have to apply local policy when
deciding which uCDN's metadata to apply. deciding which uCDN's metadata to apply.
6.3. Bootstrapping 6.3. Bootstrapping
The URI for the HostIndex object of a given uCDN needs to be either The URI for the HostIndex object of a given uCDN needs to be either
configured in, or discovered by, the dCDN. All other objects/ configured in, or discovered by, the dCDN. All other objects/
resources are then discoverable from the HostIndex object by resources are then discoverable from the HostIndex object by
following any links in the HostIndex object and the referenced following any links in the HostIndex object and through the
HostMetadata and PathMetadata objects and their GenericMetadata sub- referenced HostMetadata and PathMetadata objects and their
objects. GenericMetadata sub-objects.
If the URI for the HostIndex object is not manually configured in the If the URI for the HostIndex object is not manually configured in the
dCDN then the HostIndex URI could be discovered. A mechanism dCDN then the HostIndex URI could be discovered. A mechanism
allowing the dCDN to discover the URI of the HostIndex is outside the allowing the dCDN to discover the URI of the HostIndex is outside the
scope of this document. scope of this document.
6.4. Encoding 6.4. Encoding
CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493]
containing a dictionary of (key,value) pairs where the keys are the containing a dictionary of (key,value) pairs where the keys are the
skipping to change at page 43, line 51 skipping to change at page 43, line 12
with the object and are therefore dependent on the specific object with the object and are therefore dependent on the specific object
being encoded (i.e., dependent on the CDNI Payload Type of the being encoded (i.e., dependent on the CDNI Payload Type of the
returned resource). Likewise, the values associated with each returned resource). Likewise, the values associated with each
property (dictionary key) are dependent on the specific object being property (dictionary key) are dependent on the specific object being
encoded (i.e., dependent on the CDNI Payload Type of the returned encoded (i.e., dependent on the CDNI Payload Type of the returned
resource). resource).
Dictionary keys (properties) in I-JSON are case sensitive. By Dictionary keys (properties) in I-JSON are case sensitive. By
convention any dictionary key (property) defined by this document convention any dictionary key (property) defined by this document
(for example the names of CDNI metadata object properties) MUST be (for example the names of CDNI metadata object properties) MUST be
represented in lowercase. lowercase.
6.5. Extensibility 6.5. Extensibility
The set of GenericMetadata objects may be extended with additional The set of GenericMetadata objects can be extended with additional
(standards based or vendor specific) metadata objects through the (standards based or vendor specific) metadata objects through the
specification of new GenericMetadata objects. The GenericMetadata specification of new GenericMetadata objects. The GenericMetadata
object defined in Section 4.1.7 specifies a type field and a type- object defined in Section 4.1.7 specifies a type field and a type-
specific value field that allows any metadata to be included in specific value field that allows any metadata to be included in
either the HostMetadata or PathMetadata lists. either the HostMetadata or PathMetadata lists.
As with the initial GenericMetadata types defined in Section 4.2, As with the initial GenericMetadata types defined in Section 4.2,
future GenericMetadata types MUST specify the information necessary future GenericMetadata types MUST specify the information necessary
for constructing and decoding the GenericMetadata object. for constructing and decoding the GenericMetadata object.
Any document which defines a new GenericMetadata type SHOULD: Any document which defines a new GenericMetadata type MUST:
1. Specify the CDNI Payload Type used to identify the new 1. Specify and register the CDNI Payload Type [RFC7736] used to
GenericMetadata type being specified. identify the new GenericMetadata type being specified.
2. Define the set of properties associated with the new type 2. Define the set of properties associated with the new
contained within the GenericMetadata object. GenericMetadata GenericMetadata object. GenericMetadata MUST NOT contain a
types MUST NOT contain a property named "href" because doing so property named "href" because doing so would conflict with the
would conflict with the ability for dCDNs to detect Link objects ability to detect Link objects (see Section 4.3.1).
being used to reference a GenericMetadata object.
3. For each property, define a name, description, type, and whether 3. Define a name, description, type, and whether or not the property
or not the property is mandatory-to-specify. is mandatory-to-specify.
4. Describe the semantics of the new type including its purpose and 4. Describe the semantics of the new type including its purpose and
example of a use case to which it applies including an example example of a use case to which it applies including an example
encoded in I-JSON. encoded in I-JSON.
Note: In the case of vendor specific extensions, identification Note: In the case of vendor specific extensions, vendor-identifying
within the type name defined for a GenericMetadata object, of the CDNI Payload Type names will decrease the possibility of
organization that defined the new GenericMetadata object decreases GenericMetadata type collisions.
the possibility of GenericMetadata type collisions.
6.6. Metadata Enforcement 6.6. Metadata Enforcement
At any given time, the set of GenericMetadata types supported by the At any given time, the set of GenericMetadata types supported by the
uCDN may not match the set of GenericMetadata types supported by the uCDN might not match the set of GenericMetadata types supported by
dCDN. the dCDN.
In the cases where a uCDN sends metadata containing a GenericMetadata In cases where a uCDN sends metadata containing a GenericMetadata
type that a dCDN does not support, the dCDN MUST enforce the type that a dCDN does not support, the dCDN MUST enforce the
semantics of the "mandatory-to-enforce" property. If a dCDN does not semantics of the "mandatory-to-enforce" property. If a dCDN does not
understand or is unable to perform the functions associated with any understand or is unable to perform the functions associated with any
"mandatory-to-enforce" metadata, the dCDN MUST NOT service any "mandatory-to-enforce" metadata, the dCDN MUST NOT service any
requests for the corresponding content. requests for the corresponding content.
Note: Ideally, uCDNs would not delegate content requests to a dCDN Note: Ideally, uCDNs would not delegate content requests to a dCDN
which does not support the "mandatory-to-enforce" metadata associated that does not support the "mandatory-to-enforce" metadata associated
with the content being requested. However, even if the uCDN has a with the content being requested. However, even if the uCDN has a
priori knowledge of the metadata supported by the dCDN (e.g., via the priori knowledge of the metadata supported by the dCDN (e.g., via the
CDNI capabilities interface or through out-of-band negotiation FCI or through out-of-band negotiation between CDN operators),
between CDN operators) metadata support may fluctuate or be metadata support can fluctuate or be inconsistent (e.g., due to mis-
inconsistent (e.g., due to mis-communication, mis-configuration, or communication, mis-configuration, or temporary outage). Thus, the
temporary outage). Thus, the dCDN MUST always evaluate all metadata dCDN MUST always evaluate all metadata associated with redirection
associated with redirection requests and content requests and reject and content requests and reject any requests where "mandatory-to-
any requests where "mandatory-to-enforce" metadata associated with enforce" metadata associated with the content cannot be enforced.
the content cannot be enforced.
6.7. Metadata Conflicts 6.7. Metadata Conflicts
It is possible that new metadata definitions may obsolete or conflict It is possible that new metadata definitions will obsolete or
with existing GenericMetadata (e.g., a future revision of the CDNI conflict with existing GenericMetadata (e.g., a future revision of
metadata interface may redefine the Auth GenericMetadata object or a the CDNI metadata interface could redefine the Auth GenericMetadata
custom vendor extension may implement an alternate Auth metadata object or a custom vendor extension could implement an alternate Auth
option). If multiple metadata (e.g., MI.Auth.v2, vendor1.Auth, and metadata option). If multiple metadata (e.g., MI.Auth.v2,
vendor2.Auth) all conflict with an existing GenericMetadata object vendor1.Auth, and vendor2.Auth) all conflict with an existing
(e.g., MI.Auth.v1) and all are marked as "mandatory-to-enforce", it GenericMetadata object (i.e., MI.Auth.v1) and all are marked as
may be ambiguous which metadata should be applied, especially if the "mandatory-to-enforce", it could be ambiguous which metadata should
functionality of the metadata overlap. be applied, especially if the functionality of the metadata overlap.
As described in Section 3.3, metadata override only applies to As described in Section 3.3, metadata override only applies to
metadata objects of the same exact type, found in HostMetadata and metadata objects of the same exact type found in HostMetadata and
nested PathMetadata structures. The CDNI metadata interface does not nested PathMetadata structures. The CDNI metadata interface does not
support enforcement of dependencies between different metadata types. support enforcement of dependencies between different metadata types.
It is the responsibility of the CSP and the CDN operators to ensure It is the responsibility of the CSP and the CDN operators to ensure
that metadata assigned to a given content do not conflict. that metadata assigned to a given piece of content do not conflict.
Note: Because metadata is inherently ordered in GenericMetadata Note: Because metadata is inherently ordered in HostMetadata and
lists, as well as in the PathMetadata hierarchy and PathMatch lists, PathMetadata lists, as well as in the PathMatch hierarchy, multiple
multiple conflicting metadata types MAY be used, however, metadata conflicting metadata types MAY be used, however, metadata hierarchies
hierarchies MUST ensure that independent PathMatch root objects are SHOULD ensure that independent PathMatch root objects are used to
used to prevent ambiguous or conflicting metadata definitions. prevent ambiguous or conflicting metadata definitions.
6.8. Versioning 6.8. Versioning
The version of CDNI metadata objects is conveyed inside the CDNI The version of CDNI metadata objects is conveyed inside the CDNI
Payload Type that is included in the HTTP Content-Type header. Upon Payload Type that is included in the HTTP Content-Type header, for
responding to a request for an object, a CDNI metadata server MUST example: "Content-Type: application/cdni; ptype=MI.HostIndex.v1".
include a Content-Type header with the CDNI Payload Type containing Upon responding to a request for an object, a CDNI metadata server
the version number of the object. HTTP requests sent to a metadata MUST include a Content-Type header with the CDNI Payload Type
server SHOULD include an Accept header with the CDNI Payload Type containing the version number of the object. HTTP requests sent to a
(which includes the version) of the expected object. Metadata metadata server SHOULD include an Accept header with the CDNI Payload
Type (which includes the version) of the expected object. Metadata
clients can specify multiple CDNI Payload Types in the Accept header, clients can specify multiple CDNI Payload Types in the Accept header,
for example if a metadata client is capable of processing two for example if a metadata client is capable of processing two
different versions of the same type of object (defined by different different versions of the same type of object (defined by different
CDNI Payload Types) it may decide to include both in the Accept CDNI Payload Types) it might decide to include both in the Accept
header. The version of each object defined by this document is header.
version 1. For example: "Content-Type: application/cdni;
ptype=MI.HostIndex.v1".
GenericMetadata objects include a "type" property which specifies the GenericMetadata objects include a "type" property which specifies the
CDNI Payload Type of the GenericMetadata value. This CDNI Payload CDNI Payload Type of the GenericMetadata value. Any document which
Type should also include a version. Any document which defines a new defines a new GenericMetadata type MUST specify the version number
GenericMetadata type MUST specify the version number which it which it describes, for example: "MI.Location.v1". The version of
describes. For example: "MI.Location.v1". each object defined by this document is version 1.
6.9. Media Types 6.9. Media Types
All CDNI metadata objects use the Media Type "application/cdni". The All CDNI metadata objects use the Media Type "application/cdni". The
CDNI Payload Type for each object then contains the object name of CDNI Payload Type for each object then contains the object name of
that object as defined by this document, prefixed with "MI.". that object as defined by this document, prefixed with "MI.".
Table 4 lists the CDNI Paylod Type for the metadata objects Table 4 lists the CDNI Paylod Type for the metadata objects
(resources) that are specified in this document. (resources) specified in this document.
+-----------------------+-----------------------------+ +-----------------------+-----------------------------+
| Data Object | CDNI Payload Type | | Data Object | CDNI Payload Type |
+-----------------------+-----------------------------+ +-----------------------+-----------------------------+
| HostIndex | MI.HostIndex.v1 | | HostIndex | MI.HostIndex.v1 |
| HostMatch | MI.HostMatch.v1 | | HostMatch | MI.HostMatch.v1 |
| HostMetadata | MI.HostMetadata.v1 | | HostMetadata | MI.HostMetadata.v1 |
| PathMatch | MI.PathMatch.v1 | | PathMatch | MI.PathMatch.v1 |
| PatternMatch | MI.PatternMatch.v1 | | PatternMatch | MI.PatternMatch.v1 |
| PathMetadata | MI.PathMetadata.v1 | | PathMetadata | MI.PathMetadata.v1 |
| GenericMetadata | MI.SourceMetadata.v1 | | SourceMetadata | MI.SourceMetadata.v1 |
| Source | MI.Source.v1 | | Source | MI.Source.v1 |
| LocationACL | MI.LocationACL.v1 | | LocationACL | MI.LocationACL.v1 |
| LocationRule | MI.LocationRule.v1 | | LocationRule | MI.LocationRule.v1 |
| Footprint | MI.Footprint.v1 | | Footprint | MI.Footprint.v1 |
| TimeWindowACL | MI.TimeWindowACL.v1 | | TimeWindowACL | MI.TimeWindowACL.v1 |
| TimeWindowRule | MI.TimeWindowRule.v1 | | TimeWindowRule | MI.TimeWindowRule.v1 |
| TimeWindow | MI.TineWindow.v1 | | TimeWindow | MI.TineWindow.v1 |
| ProtocolACL | MI.ProtocolACL.v1 | | ProtocolACL | MI.ProtocolACL.v1 |
| ProtocolRule | MI.ProtocolRule.v1 | | ProtocolRule | MI.ProtocolRule.v1 |
| DeliveryAuthorization | MI.DeliveryAuthorization.v1 | | DeliveryAuthorization | MI.DeliveryAuthorization.v1 |
| Cache | MI.Cache.v1 | | Cache | MI.Cache.v1 |
| Auth | MI.Auth.v1 | | Auth | MI.Auth.v1 |
| Grouping | MI.Grouping.v1 | | Grouping | MI.Grouping.v1 |
+-----------------------+-----------------------------+ +-----------------------+-----------------------------+
Table 4: CDNI Payload Types for CDNI Metadata objects Table 4: CDNI Payload Types for CDNI Metadata objects
6.10. Complete CDNI Metadata Example 6.10. Complete CDNI Metadata Example
A dCDN may request the HostIndex and receive the following object A dCDN requests the HostIndex and receive the following object with a
with a CDNI payload type of "MI.HostIndex.v1": CDNI payload type of "MI.HostIndex.v1":
{ {
"hosts": [ "hosts": [
{ {
"host": "video.example.com", "host": "video.example.com",
"host-metadata" : { "host-metadata" : {
"type": "MI.HostMetadata.v1", "type": "MI.HostMetadata.v1",
"href": "http://metadata.ucdn.example/host1234" "href": "http://metadata.ucdn.example/host1234"
} }
}, },
skipping to change at page 47, line 30 skipping to change at page 47, line 25
"host": "images.example.com", "host": "images.example.com",
"host-metadata" : { "host-metadata" : {
"type": "MI.HostMetadata.v1", "type": "MI.HostMetadata.v1",
"href": "http://metadata.ucdn.example/host5678" "href": "http://metadata.ucdn.example/host5678"
} }
} }
] ]
} }
If the incoming request has a Host header with "video.example.com" If the incoming request has a Host header with "video.example.com"
then the dCDN would fetch the next metadata object from then the dCDN would fetch the HostMetadata object from
"http://metadata.ucdn.example/host1234" expecting a CDNI payload type "http://metadata.ucdn.example/host1234" expecting a CDNI payload type
of "MI.HostMetadata.v1": of "MI.HostMetadata.v1":
{ {
"metadata": [ "metadata": [
{ {
"generic-metadata-type": "generic-metadata-type":
"MI.SourceMetadata.v1", "MI.SourceMetadata.v1",
"generic-metadata-value": { "generic-metadata-value": {
"sources": [ "sources": [
skipping to change at page 48, line 51 skipping to change at page 48, line 46
"type": "MI.PathMetadata.v1", "type": "MI.PathMetadata.v1",
"href": "http://metadata.ucdn.example/host1234/pathABC" "href": "http://metadata.ucdn.example/host1234/pathABC"
} }
}, },
{ {
"path-pattern": { "path-pattern": {
"pattern": "/video/movies/*" "pattern": "/video/movies/*"
}, },
"path-metadata": { "path-metadata": {
"type": "MI.PathMetadata.v1", "type": "MI.PathMetadata.v1",
"href": "http://metadata.ucdn.example/host1234/pathDCE" "href": "http://metadata.ucdn.example/host1234/pathDEF"
} }
} }
] ]
} }
Suppose the path of the requested resource matches the "/video/ Suppose the path of the requested resource matches the "/video/
movies/*" pattern, the next metadata requested would be for movies/*" pattern, the next metadata requested would be for
"http://metadata.ucdn.example/host1234/movies" with an expected CDNI "http://metadata.ucdn.example/host1234/pathDCE" with an expected CDNI
payload type of "MI.PathMetadata.v1": payload type of "MI.PathMetadata.v1":
{ {
"metadata": [], "metadata": [],
"paths": [ "paths": [
{ {
"path-pattern": { "path-pattern": {
"pattern": "/videos/movies/hd/*" "pattern": "/videos/movies/hd/*"
}, },
"path-metadata": { "path-metadata": {
"type": "MI.PathMetadata.v1", "type": "MI.PathMetadata.v1",
"href": "href":
"http://metadata.ucdn.example/host1234/pathABC/path123" "http://metadata.ucdn.example/host1234/pathDEF/path123"
} }
} }
] ]
} }
Finally, if the path of the requested resource also matches the Finally, if the path of the requested resource also matches the
"/videos/movies/hd/*" pattern, the dCDN would also fetch the "/videos/movies/hd/*" pattern, the dCDN would also fetch the
following object from "http://metadata.ucdn.example/host1234/movies/ following object from "http://metadata.ucdn.example/host1234/pathDEF/
hd" with CDNI payload type "MI.PathMetadata.v1": path123" with CDNI payload type "MI.PathMetadata.v1":
{ {
"metadata": [ "metadata": [
{ {
"generic-metadata-type": "generic-metadata-type":
"MI.TimeWindowACL.v1", "MI.TimeWindowACL.v1",
"generic-metadata-value": { "generic-metadata-value": {
"times": [ "times": [
"windows": [ "windows": [
{ {
"start": "1213948800", "start": "1213948800",
"end": "1327393200" "end": "1327393200"
} }
], ],
"action": "allow" "action": "allow"
] ]
} }
} }
] ]
} }
The final set of metadata which applies to the requested resource
includes a SourceMetadata, a LocationACL, a ProtocolACL, and a
TimeWindowACL.
7. IANA Considerations 7. IANA Considerations
7.1. CDNI Payload Types 7.1. CDNI Payload Types
This document requests the registration of the following CDNI Payload This document requests the registration of the following CDNI Payload
Types under the IANA CDNI Payload Type registry: Types under the IANA CDNI Payload Type registry:
+-----------------------------+---------------+ +-----------------------------+---------------+
| Payload Type | Specification | | Payload Type | Specification |
skipping to change at page 55, line 35 skipping to change at page 54, line 45
Purpose: The purpose of this payload type is to distinguish Grouping Purpose: The purpose of this payload type is to distinguish Grouping
MI objects (and any associated capabilitiy advertisement) MI objects (and any associated capabilitiy advertisement)
Interface: MI/FCI Interface: MI/FCI
Encoding: see Section 4.2.8 Encoding: see Section 4.2.8
7.2. CDNI Metadata Footprint Types Registry 7.2. CDNI Metadata Footprint Types Registry
The IANA is requested to create a new "CDNI Metadata Footprint Types" The IANA is requested to create a new "CDNI Metadata Footprint Types"
registry in the "Content Delivery Networks Interconnection (CDNI) subregistry in the "Content Delivery Networks Interconnection (CDNI)
Parameters" category. The "CDNI Metadata Footprint Types" namespace Parameters" registry. The "CDNI Metadata Footprint Types" namespace
defines the valid Footprint object type values used by the Footprint defines the valid Footprint object type values used by the Footprint
object in Section 4.2.2.2. Additions to the Footprint type namespace object in Section 4.2.2.2. Additions to the Footprint type namespace
conform to the "Specification Required" policy as defined in conform to the "Specification Required" policy as defined in
[RFC5226]. The designated expert will verify that new type [RFC5226]. The designated expert will verify that new type
definitions do not duplicate existing type definitions and prevent definitions do not duplicate existing type definitions and prevent
gratuitous additions to the namespace. gratuitous additions to the namespace. New registrations are
required to provide a clear description of how to interpret new
footprint types.
The following table defines the initial Footprint Registry values: The following table defines the initial Footprint Registry values:
+----------------+-------------------------------+---------------+ +----------------+-------------------------------+---------------+
| Footprint Type | Description | Specification | | Footprint Type | Description | Specification |
+----------------+-------------------------------+---------------+ +----------------+-------------------------------+---------------+
| ipv4cidr | IPv4 CIDR address block | RFCthis | | ipv4cidr | IPv4 CIDR address block | RFCthis |
| ipv6cidr | IPv6 CIDR address block | RFCthis | | ipv6cidr | IPv6 CIDR address block | RFCthis |
| asn | Autonomous System (AS) Number | RFCthis | | asn | Autonomous System (AS) Number | RFCthis |
| countrycode | ISO 3166-1 alpha-2 code | RFCthis | | countrycode | ISO 3166-1 alpha-2 code | RFCthis |
+----------------+-------------------------------+---------------+ +----------------+-------------------------------+---------------+
[RFC Editor: Please replace RFCthis with the published RFC number for [RFC Editor: Please replace RFCthis with the published RFC number for
this document.] this document.]
7.3. CDNI Metadata Protocol Types Registry 7.3. CDNI Metadata Protocol Types Registry
The IANA is requested to create a new "CDNI Metadata Protocol Types" The IANA is requested to create a new "CDNI Metadata Protocol Types"
registry in the "Content Delivery Networks Interconnection (CDNI) subregistry in the "Content Delivery Networks Interconnection (CDNI)
Parameters" category. The "CDNI Metadata Protocol Types" namespace Parameters" registry. The "CDNI Metadata Protocol Types" namespace
defines the valid Protocol object values in Section 4.3.2, used by defines the valid Protocol object values in Section 4.3.2, used by
the SourceMetadata and ProtocolACL objects. Additions to the the SourceMetadata and ProtocolACL objects. Additions to the
Protocol namespace conform to the "Specification Required" policy as Protocol namespace conform to the "Specification Required" policy as
defined in [RFC5226], where the specification defines the Protocol defined in [RFC5226], where the specification defines the Protocol
Type and the protocol to which it is associated. The designated Type and the protocol to which it is associated. The designated
expert will verify that new protocol definitions do not duplicate expert will verify that new protocol definitions do not duplicate
existing protocol definitions and prevent gratuitous additions to the existing protocol definitions and prevent gratuitous additions to the
namespace. namespace.
The following table defines the initial Protocol values corresponding The following table defines the initial Protocol values corresponding
skipping to change at page 56, line 49 skipping to change at page 56, line 8
| | Protocol -- HTTP/1.1 | | | | | Protocol -- HTTP/1.1 | | |
| https1.1 | HTTP/1.1 Over TLS | RFCthis | RFC2818 | | https1.1 | HTTP/1.1 Over TLS | RFCthis | RFC2818 |
+----------+-----------------------+---------------+----------------+ +----------+-----------------------+---------------+----------------+
[RFC Editor: Please replace RFCthis with the published RFC number for [RFC Editor: Please replace RFCthis with the published RFC number for
this document.] this document.]
7.4. CDNI Metadata Auth Types Registry 7.4. CDNI Metadata Auth Types Registry
The IANA is requested to create a new "CDNI Metadata Auth Types" The IANA is requested to create a new "CDNI Metadata Auth Types"
registry in the "Content Delivery Networks Interconnection (CDNI) subregistry in the "Content Delivery Networks Interconnection (CDNI)
Parameters" category. The "CDNI Metadata Auth Type" namespace Parameters" registry. The "CDNI Metadata Auth Type" namespace
defines the valid Auth object types used by the Auth object in defines the valid Auth object types used by the Auth object in
Section 4.2.7. Additions to the Auth Type namespace conform to the Section 4.2.7. Additions to the Auth Type namespace conform to the
"Specification Required" policy as defined in [RFC5226]. The "Specification Required" policy as defined in [RFC5226]. The
designated expert will verify that new type definitions do not designated expert will verify that new type definitions do not
duplicate existing type definitions and prevent gratuitous additions duplicate existing type definitions and prevent gratuitous additions
to the namespace. to the namespace. New registrations are required to provide a clear
description of what information the uCDN is required to provide to
the dCDN, as well as the procedures the dCDN is required to perform
to authorize and/or authenticate content requests.
The registry will initially be unpopulated: The registry will initially be unpopulated:
+-----------+-------------+---------------+ +-----------+-------------+---------------+
| Auth Type | Description | Specification | | Auth Type | Description | Specification |
+-----------+-------------+---------------+ +-----------+-------------+---------------+
+-----------+-------------+---------------+ +-----------+-------------+---------------+
8. Security Considerations 8. Security Considerations
8.1. Authentication 8.1. Authentication
Unauthorized access to metadata could result in denial of service. A Unauthorized access to metadata could result in denial of service. A
malicious metadata server, proxy server or an attacker performing a malicious metadata server, proxy server, or an attacker performing a
"man in the middle" attack could provide malicious metadata to a dCDN "man in the middle" attack could provide malicious metadata to a dCDN
that either: that either:
o Denies service for one or more pieces of content to one or more o Denies service for one or more pieces of content to one or more
User Agents; or User Agents; or
o Directs dCDNs to contact malicious origin servers instead of the o Directs dCDNs to contact malicious origin servers instead of the
actual origin servers. actual origin servers.
Unauthorized access to metadata could also enable a malicious Unauthorized access to metadata could also enable a malicious
metadata client to continuously issue large metadata requests in metadata client to continuously issue metadata requests in order to
order to overload a uCDN's metadata server(s). overload a uCDN's metadata server(s).
Unauthorized access to metadata could result in leakage of private Unauthorized access to metadata could result in leakage of private
information. A malicious metadata client could request metadata in information. A malicious metadata client could request metadata in
order to gain access to origin servers, as well as information order to gain access to origin servers, as well as information
pertaining to content restrictions. pertaining to content restrictions.
An implementation of the CDNI metadata interface SHOULD use mutual An implementation of the CDNI metadata interface SHOULD use mutual
authentication to prevent unauthorized access to metadata. authentication to prevent unauthorized access to metadata.
8.2. Confidentiality 8.2. Confidentiality
skipping to change at page 58, line 8 skipping to change at page 57, line 18
information. A third party could intercept metadata transactions in information. A third party could intercept metadata transactions in
order to gain access to origin servers, as well as information order to gain access to origin servers, as well as information
pertaining to content restrictions. pertaining to content restrictions.
An implementation of the CDNI metadata interface SHOULD use strong An implementation of the CDNI metadata interface SHOULD use strong
encryption to prevent unauthorized interception of metadata. encryption to prevent unauthorized interception of metadata.
8.3. Integrity 8.3. Integrity
Unauthorized modification of metadata could result in denial of Unauthorized modification of metadata could result in denial of
service. A malicious metadata server, proxy server or an attacker service. A malicious metadata server, proxy server, or an attacker
performing a "man in the middle" attack" could modify metadata performing a "man in the middle" attack could modify metadata
destined to a dCDN in order to deny service for one or more pieces of destined to a dCDN in order to deny service for one or more pieces of
content to one or more user agents. A malicious metadata server, content to one or more user agents. A malicious metadata server,
proxy server or an attacker performing a "Man in the middle" attack proxy server, or an attacker performing a "Man in the middle" attack
could modify metadata so that dCDNs are directed to contact to could also modify metadata so that dCDNs are directed to contact to
malicious origin servers instead of the actual origin servers. malicious origin servers instead of the actual origin servers.
An implementation of the CDNI metadata interface SHOULD use strong An implementation of the CDNI metadata interface SHOULD use strong
encryption and mutual authentication to prevent unauthorized encryption and mutual authentication to prevent unauthorized
modification of metadata. modification of metadata.
8.4. Privacy 8.4. Privacy
Content provider origin and policy information is conveyed through Content provider origin and policy information is conveyed through
the CDNI metadata interface. The distribution of this information to the CDNI metadata interface. The distribution of this information to
another CDN may introduce potential privacy concerns for some content another CDN could introduce potential privacy concerns for some
providers, for example because dCDNs accepting content requests for a content providers, for example, dCDNs accepting content requests for
content provider's content may be able to obtain additional a content provider's content might be able to obtain additional
information & usage patterns relating to the users of a content information and usage patterns relating to the users of a content
provider's services. Content providers with such concerns can provider's services. Content providers with such concerns can
instruct their CDN partners not to use CDN interconnects when instruct their CDN partners not to use CDN interconnects when
delivering that content provider's content. delivering that content provider's content.
An attacker performing a "man in the middle" attack could monitor and
prevent caching of metadata in order to obtain usage patters relating
to the users of a content provider's services.
An implementation of the CDNI metadata interface SHOULD use strong
encryption and mutual authentication to prevent unauthorized
monitoring of metadata.
8.5. Securing the CDNI Metadata interface 8.5. Securing the CDNI Metadata interface
An implementation of the CDNI metadata interface MUST support TLS An implementation of the CDNI metadata interface MUST support TLS
transport as per [RFC2818] and [RFC7230]. The use of TLS for transport as per [RFC2818] and [RFC7230]. The use of TLS for
transport of the CDNI metadata interface messages allows: transport of the CDNI metadata interface messages allows:
o The dCDN and uCDN to authenticate each other. o The dCDN and uCDN to authenticate each other.
and, once they have mutually authenticated each other, it allows: and, once they have mutually authenticated each other, it allows:
o The dCDN and uCDN to authorize each other (to ensure they are o The dCDN and uCDN to authorize each other (to ensure they are
transmitting/receiving CDNI metadata requests & responses from an transmitting/receiving CDNI metadata requests and responses from
authorized CDN). an authorized CDN);
o CDNI metadata interface requests and responses to be transmitted o CDNI metadata interface requests and responses to be transmitted
with confidentiality. with confidentiality; and
o The integrity of the CDNI metadata interface requests and o The integrity of the CDNI metadata interface requests and
responses to be protected during the exchange. responses to be protected during the exchange.
In an environment where any such protection is required, TLS MUST be In an environment where any such protection is required, TLS MUST be
used (including authentication of the remote end) by the server-side used (including authentication of the remote end) by the server-side
(uCDN) and the client-side (dCDN) of the CDNI metadata interface (uCDN) and the client-side (dCDN) of the CDNI metadata interface
unless alternate methods are used for ensuring the confidentiality of unless alternate methods are used for ensuring the confidentiality of
the information in the CDNI metadata interface requests and responses the information in the CDNI metadata interface requests and responses
(such as setting up an IPsec tunnel between the two CDNs or using a (such as setting up an IPsec tunnel between the two CDNs or using a
skipping to change at page 60, line 10 skipping to change at page 59, line 32
11.1. Normative References 11.1. Normative References
[ISO3166-1] [ISO3166-1]
"https://www.iso.org/obp/ui/#search". "https://www.iso.org/obp/ui/#search".
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <http://www.rfc-editor.org/info/rfc4291>. 2006, <http://www.rfc-editor.org/info/rfc4291>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008, DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>. <http://www.rfc-editor.org/info/rfc5226>.
[RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale [RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale
Content", RFC 5861, DOI 10.17487/RFC5861, May 2010, Content", RFC 5861, DOI 10.17487/RFC5861, May 2010,
<http://www.rfc-editor.org/info/rfc5861>. <http://www.rfc-editor.org/info/rfc5861>.
[RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
Address Text Representation", RFC 5952, Address Text Representation", RFC 5952,
DOI 10.17487/RFC5952, August 2010, DOI 10.17487/RFC5952, August 2010,
<http://www.rfc-editor.org/info/rfc5952>. <http://www.rfc-editor.org/info/rfc5952>.
[RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
Distribution Network Interconnection (CDNI) Problem
Statement", RFC 6707, DOI 10.17487/RFC6707, September
2012, <http://www.rfc-editor.org/info/rfc6707>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014, RFC 7230, DOI 10.17487/RFC7230, June 2014,
<http://www.rfc-editor.org/info/rfc7230>. <http://www.rfc-editor.org/info/rfc7230>.
[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer "Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
2015, <http://www.rfc-editor.org/info/rfc7525>. 2015, <http://www.rfc-editor.org/info/rfc7525>.
11.2. Informative References 11.2. Informative References
[I-D.ietf-cdni-control-triggers]
Murray, R. and B. Niven-Jenkins, "CDNI Control Interface /
Triggers", draft-ietf-cdni-control-triggers-12 (work in
progress), March 2016.
[I-D.ietf-cdni-redirection] [I-D.ietf-cdni-redirection]
Niven-Jenkins, B. and R. Brandenburg, "Request Routing Niven-Jenkins, B. and R. Brandenburg, "Request Routing
Redirection Interface for CDN Interconnection", draft- Redirection interface for CDN Interconnection", draft-
ietf-cdni-redirection-13 (work in progress), October 2015. ietf-cdni-redirection-17 (work in progress), February
2016.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000, DOI 10.17487/RFC2818, May 2000,
<http://www.rfc-editor.org/info/rfc2818>. <http://www.rfc-editor.org/info/rfc2818>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
Distribution Network Interconnection (CDNI) Problem
Statement", RFC 6707, DOI 10.17487/RFC6707, September
2012, <http://www.rfc-editor.org/info/rfc6707>.
[RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed., [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed.,
"Framework for Content Distribution Network "Framework for Content Distribution Network
Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336, Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336,
August 2014, <http://www.rfc-editor.org/info/rfc7336>. August 2014, <http://www.rfc-editor.org/info/rfc7336>.
[RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution [RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution
Network Interconnection (CDNI) Requirements", RFC 7337, Network Interconnection (CDNI) Requirements", RFC 7337,
DOI 10.17487/RFC7337, August 2014, DOI 10.17487/RFC7337, August 2014,
<http://www.rfc-editor.org/info/rfc7337>. <http://www.rfc-editor.org/info/rfc7337>.
[RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493,
DOI 10.17487/RFC7493, March 2015, DOI 10.17487/RFC7493, March 2015,
<http://www.rfc-editor.org/info/rfc7493>. <http://www.rfc-editor.org/info/rfc7493>.
[RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
Transfer Protocol Version 2 (HTTP/2)", RFC 7540, Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
DOI 10.17487/RFC7540, May 2015, DOI 10.17487/RFC7540, May 2015,
<http://www.rfc-editor.org/info/rfc7540>. <http://www.rfc-editor.org/info/rfc7540>.
[RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI)
Media Type Registration", RFC 7736, DOI 10.17487/RFC7736,
December 2015, <http://www.rfc-editor.org/info/rfc7736>.
Authors' Addresses Authors' Addresses
Ben Niven-Jenkins Ben Niven-Jenkins
Velocix (Alcatel-Lucent) Velocix (Alcatel-Lucent)
3 Ely Road 3 Ely Road
Milton, Cambridge CB24 6AA Milton, Cambridge CB24 6AA
UK UK
Email: ben@velocix.com Email: ben@velocix.com
 End of changes. 173 change blocks. 
500 lines changed or deleted 516 lines changed or added

This html diff was produced by rfcdiff 1.44. The latest version is available from http://tools.ietf.org/tools/rfcdiff/