| draft-ietf-cdni-control-triggers-07.txt | draft-ietf-cdni-control-triggers-08.txt | |||
|---|---|---|---|---|
| Network Working Group R. Murray | Network Working Group R. Murray | |||
| Internet-Draft B. Niven-Jenkins | Internet-Draft B. Niven-Jenkins | |||
| Intended status: Standards Track Velocix (Alcatel-Lucent) | Intended status: Standards Track Velocix (Alcatel-Lucent) | |||
| Expires: January 1, 2016 June 30, 2015 | Expires: January 3, 2016 July 2, 2015 | |||
| CDNI Control Interface / Triggers | CDNI Control Interface / Triggers | |||
| draft-ietf-cdni-control-triggers-07 | draft-ietf-cdni-control-triggers-08 | |||
| Abstract | Abstract | |||
| This document describes the part of the CDN Interconnection Control | This document describes the part of the CDN Interconnection Control | |||
| Interface that allows a CDN to trigger activity in an interconnected | Interface that allows a CDN to trigger activity in an interconnected | |||
| CDN that is configured to deliver content on its behalf. The | CDN that is configured to deliver content on its behalf. The | |||
| upstream CDN can use this mechanism to request that the downstream | upstream CDN can use this mechanism to request that the downstream | |||
| CDN pre-positions metadata or content, or that it invalidates or | CDN pre-positions metadata or content, or that it invalidates or | |||
| purges metadata or content. The upstream CDN can monitor the status | purges metadata or content. The upstream CDN can monitor the status | |||
| of activity that it has triggered in the downstream CDN. | of activity that it has triggered in the downstream CDN. | |||
| skipping to change at page 1, line 42 | skipping to change at page 1, line 42 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 1, 2016. | This Internet-Draft will expire on January 3, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 42, line 39 | skipping to change at page 42, line 39 | |||
| A dCDN implementation of CI/T MUST restrict the actions of a uCDN to | A dCDN implementation of CI/T MUST restrict the actions of a uCDN to | |||
| the data corresponding to that uCDN. Failure to do so would allow | the data corresponding to that uCDN. Failure to do so would allow | |||
| uCDNs to detrimentally affect each other's efficiency by generating | uCDNs to detrimentally affect each other's efficiency by generating | |||
| unnecessary acquisition or re-acquisition load. | unnecessary acquisition or re-acquisition load. | |||
| 8.1. Authentication, Authorization, Confidentiality, Integrity | 8.1. Authentication, Authorization, Confidentiality, Integrity | |||
| Protection | Protection | |||
| A CI/T implementation MUST support TLS transport for HTTP (https) as | A CI/T implementation MUST support TLS transport for HTTP (https) as | |||
| per [RFC2818]. | per [RFC2818] and [RFC7230]. | |||
| The use of TLS for transport of the CI/T interface allows: | The use of TLS for transport of the CI/T interface allows: | |||
| o The dCDN and the uCDN to authenticate each other. | o The dCDN and the uCDN to authenticate each other and, once they | |||
| have mutually authenticated each other, it allows: | ||||
| and, once they have mutually authenticated each other, it allows: | ||||
| o The dCDN and the uCDN to authorize each other (to ensure they are | o The dCDN and the uCDN to authorize each other (to ensure they are | |||
| receiving CI/T Commands from, or reporting status to, an | receiving CI/T Commands from, or reporting status to, an | |||
| authorized CDN). | authorized CDN). | |||
| o CDNI commands and responses to transmitted with confidentiality, | o CDNI commands and responses to be transmitted with | |||
| In an environment where any such protection is required, the use of a | confidentiality. | |||
| mutually authenticated encrypted transport MUST be used to ensure | ||||
| confidentiality of the CI/T information. TLS MUST be used by CI/T, | ||||
| including authentication of the remote end. | ||||
| The general TLS usage guidance in [RFC7525] SHOULD be followed. | o Protection of the integrity of CDNI commands and responses. | |||
| In an environment where any such protection is required, mutually | ||||
| authenticated encrypted transport MUST be used to ensure | ||||
| confidentiality of the CI/T information. To that end, TLS MUST be | ||||
| used by CI/T, including authentication of the remote end. | ||||
| When TLS is used, the general TLS usage guidance in [RFC7525] MUST be | ||||
| followed. | ||||
| HTTP requests that attempt to access or operate on CI/T data | HTTP requests that attempt to access or operate on CI/T data | |||
| belonging to another CDN MUST be rejected using, for example, HTTP | belonging to another CDN MUST be rejected using, for example, HTTP | |||
| "403 Forbidden" or "404 Not Found". This is intended to prevent | "403 Forbidden" or "404 Not Found". This is intended to prevent | |||
| unauthorised users from generating unnecessary load in dCDN or uCDN | unauthorised users from generating unnecessary load in dCDN or uCDN | |||
| due to revalidation, reacquisition, or unnecessary acquisition. | due to revalidation, reacquisition, or unnecessary acquisition. | |||
| Note that in a "diamond" configuration, where one uCDN's content can | Note that in a "diamond" configuration, where one uCDN's content can | |||
| be acquired via more than one directly-connected uCDN, it may not be | be acquired via more than one directly-connected uCDN, it may not be | |||
| possible for the dCDN to determine from which uCDN it acquired | possible for the dCDN to determine from which uCDN it acquired | |||
| skipping to change at page 44, line 22 | skipping to change at page 44, line 24 | |||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data | [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data | |||
| Interchange Format", RFC 7159, March 2014. | Interchange Format", RFC 7159, March 2014. | |||
| [RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol | ||||
| (HTTP/1.1): Message Syntax and Routing", RFC 7230, June | ||||
| 2014. | ||||
| [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol | [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol | |||
| (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. | (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. | |||
| [RFC7232] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol | [RFC7232] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol | |||
| (HTTP/1.1): Conditional Requests", RFC 7232, June 2014. | (HTTP/1.1): Conditional Requests", RFC 7232, June 2014. | |||
| [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
| "Recommendations for Secure Use of Transport Layer | ||||
| Security (TLS) and Datagram Transport Layer Security | ||||
| (DTLS)", BCP 195, RFC 7525, May 2015. | ||||
| 10.2. Informative References | 10.2. Informative References | |||
| [I-D.greevenbosch-appsawg-cbor-cddl] | [I-D.greevenbosch-appsawg-cbor-cddl] | |||
| Vigano, C., Birkholz, H., and R. Sun, "CBOR data | Vigano, C., Birkholz, H., and R. Sun, "CBOR data | |||
| definition language: a notational convention to express | definition language: a notational convention to express | |||
| CBOR data structures.", draft-greevenbosch-appsawg-cbor- | CBOR data structures.", draft-greevenbosch-appsawg-cbor- | |||
| cddl-05 (work in progress), March 2015. | cddl-05 (work in progress), March 2015. | |||
| [I-D.ietf-cdni-metadata] | [I-D.ietf-cdni-metadata] | |||
| Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma, | Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma, | |||
| skipping to change at page 45, line 13 | skipping to change at page 45, line 24 | |||
| Statement", RFC 6707, September 2012. | Statement", RFC 6707, September 2012. | |||
| [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, | [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, | |||
| "Framework for Content Distribution Network | "Framework for Content Distribution Network | |||
| Interconnection (CDNI)", RFC 7336, August 2014. | Interconnection (CDNI)", RFC 7336, August 2014. | |||
| [RFC7337] Leung, K. and Y. Lee, "Content Distribution Network | [RFC7337] Leung, K. and Y. Lee, "Content Distribution Network | |||
| Interconnection (CDNI) Requirements", RFC 7337, August | Interconnection (CDNI) Requirements", RFC 7337, August | |||
| 2014. | 2014. | |||
| [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
| "Recommendations for Secure Use of Transport Layer | ||||
| Security (TLS) and Datagram Transport Layer Security | ||||
| (DTLS)", BCP 195, RFC 7525, May 2015. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Rob Murray | Rob Murray | |||
| Velocix (Alcatel-Lucent) | Velocix (Alcatel-Lucent) | |||
| 3 Ely Road | 3 Ely Road | |||
| Milton, Cambridge CB24 6DD | Milton, Cambridge CB24 6DD | |||
| UK | UK | |||
| Email: rob.murray@alcatel-lucent.com | Email: rob.murray@alcatel-lucent.com | |||
| End of changes. 10 change blocks. | ||||
| 18 lines changed or deleted | 26 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||