--- 1/draft-ietf-cdni-control-triggers-11.txt 2016-03-18 09:29:29.514796929 -0700 +++ 2/draft-ietf-cdni-control-triggers-12.txt 2016-03-18 09:29:30.154812833 -0700 @@ -1,18 +1,18 @@ Network Working Group R. Murray Internet-Draft B. Niven-Jenkins -Intended status: Standards Track Velocix (Alcatel-Lucent) -Expires: June 9, 2016 December 7, 2015 +Intended status: Standards Track Nokia +Expires: September 19, 2016 March 18, 2016 CDNI Control Interface / Triggers - draft-ietf-cdni-control-triggers-11 + draft-ietf-cdni-control-triggers-12 Abstract This document describes the part of the CDN Interconnection Control Interface that allows a CDN to trigger activity in an interconnected CDN that is configured to deliver content on its behalf. The upstream CDN can use this mechanism to request that the downstream CDN pre-positions metadata or content, or that it invalidates or purges metadata or content. The upstream CDN can monitor the status of activity that it has triggered in the downstream CDN. @@ -31,94 +31,96 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on June 9, 2016. + This Internet-Draft will expire on September 19, 2016. Copyright Notice - Copyright (c) 2015 IETF Trust and the persons identified as the + Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Model for CDNI Triggers . . . . . . . . . . . . . . . . . . . 4 2.1. Timing of Triggered Activity . . . . . . . . . . . . . . 6 2.2. Scope of Triggered Activity . . . . . . . . . . . . . . . 6 - 2.3. Trigger Results . . . . . . . . . . . . . . . . . . . . . 6 - 3. Collections of Trigger Status Resources . . . . . . . . . . . 7 - 4. CDNI Trigger Interface . . . . . . . . . . . . . . . . . . . 8 - 4.1. Creating Triggers . . . . . . . . . . . . . . . . . . . . 9 - 4.2. Checking Status . . . . . . . . . . . . . . . . . . . . . 10 - 4.2.1. Polling Trigger Status Resource collections . . . . . 10 - 4.2.2. Polling Trigger Status Resources . . . . . . . . . . 11 - 4.3. Cancelling Triggers . . . . . . . . . . . . . . . . . . . 11 - 4.4. Deleting Triggers . . . . . . . . . . . . . . . . . . . . 12 - 4.5. Expiry of Trigger Status Resources . . . . . . . . . . . 12 - 4.6. Loop Detection and Prevention . . . . . . . . . . . . . . 13 - 4.7. Error Handling . . . . . . . . . . . . . . . . . . . . . 13 - 4.8. Content URLs . . . . . . . . . . . . . . . . . . . . . . 14 - 5. CI/T Object Properties and Encoding . . . . . . . . . . . . . 14 - 5.1. CI/T Objects . . . . . . . . . . . . . . . . . . . . . . 15 - 5.1.1. CI/T Commands . . . . . . . . . . . . . . . . . . . . 15 - 5.1.2. Trigger Status Resource . . . . . . . . . . . . . . . 16 - 5.1.3. Trigger Collection . . . . . . . . . . . . . . . . . 17 - 5.2. Properties of CI/T Objects . . . . . . . . . . . . . . . 18 - 5.2.1. Trigger Specification . . . . . . . . . . . . . . . . 19 - 5.2.2. Trigger Type . . . . . . . . . . . . . . . . . . . . 20 - 5.2.3. Trigger Status . . . . . . . . . . . . . . . . . . . 21 - 5.2.4. PatternMatch . . . . . . . . . . . . . . . . . . . . 21 - 5.2.5. Absolute Time . . . . . . . . . . . . . . . . . . . . 22 - 5.2.6. Error Description . . . . . . . . . . . . . . . . . . 22 - 5.2.7. Error Code . . . . . . . . . . . . . . . . . . . . . 23 - 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 24 - 6.1. Creating Triggers . . . . . . . . . . . . . . . . . . . . 24 - 6.1.1. Preposition . . . . . . . . . . . . . . . . . . . . . 24 - 6.1.2. Invalidate . . . . . . . . . . . . . . . . . . . . . 25 - 6.2. Examining Trigger Status . . . . . . . . . . . . . . . . 27 - 6.2.1. Collection of All Triggers . . . . . . . . . . . . . 27 - 6.2.2. Filtered Collections of Trigger Status Resources . . 28 - 6.2.3. Individual Trigger Status Resources . . . . . . . . . 29 - 6.2.4. Polling for Change . . . . . . . . . . . . . . . . . 31 - 6.2.5. Deleting Trigger Status Resources . . . . . . . . . . 34 - 6.2.6. Error Reporting . . . . . . . . . . . . . . . . . . . 35 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 - 7.1. CDNI Payload Type Parameter Registrations . . . . . . . . 36 - 8. Security Considerations . . . . . . . . . . . . . . . . . . . 37 + 2.2.1. Multiple Interconnected CDNs . . . . . . . . . . . . 6 + 2.3. Trigger Results . . . . . . . . . . . . . . . . . . . . . 8 + 3. Collections of Trigger Status Resources . . . . . . . . . . . 8 + 4. CDNI Trigger Interface . . . . . . . . . . . . . . . . . . . 9 + 4.1. Creating Triggers . . . . . . . . . . . . . . . . . . . . 10 + 4.2. Checking Status . . . . . . . . . . . . . . . . . . . . . 11 + 4.2.1. Polling Trigger Status Resource collections . . . . . 11 + 4.2.2. Polling Trigger Status Resources . . . . . . . . . . 12 + 4.3. Cancelling Triggers . . . . . . . . . . . . . . . . . . . 12 + 4.4. Deleting Triggers . . . . . . . . . . . . . . . . . . . . 13 + 4.5. Expiry of Trigger Status Resources . . . . . . . . . . . 13 + 4.6. Loop Detection and Prevention . . . . . . . . . . . . . . 14 + 4.7. Error Handling . . . . . . . . . . . . . . . . . . . . . 14 + 4.8. Content URLs . . . . . . . . . . . . . . . . . . . . . . 15 + 5. CI/T Object Properties and Encoding . . . . . . . . . . . . . 16 + 5.1. CI/T Objects . . . . . . . . . . . . . . . . . . . . . . 16 + 5.1.1. CI/T Commands . . . . . . . . . . . . . . . . . . . . 16 + 5.1.2. Trigger Status Resource . . . . . . . . . . . . . . . 17 + 5.1.3. Trigger Collection . . . . . . . . . . . . . . . . . 18 + 5.2. Properties of CI/T Objects . . . . . . . . . . . . . . . 20 + 5.2.1. Trigger Specification . . . . . . . . . . . . . . . . 20 + 5.2.2. Trigger Type . . . . . . . . . . . . . . . . . . . . 21 + 5.2.3. Trigger Status . . . . . . . . . . . . . . . . . . . 22 + 5.2.4. PatternMatch . . . . . . . . . . . . . . . . . . . . 22 + 5.2.5. Absolute Time . . . . . . . . . . . . . . . . . . . . 23 + 5.2.6. Error Description . . . . . . . . . . . . . . . . . . 24 + 5.2.7. Error Code . . . . . . . . . . . . . . . . . . . . . 24 + 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 25 + 6.1. Creating Triggers . . . . . . . . . . . . . . . . . . . . 25 + 6.1.1. Preposition . . . . . . . . . . . . . . . . . . . . . 25 + 6.1.2. Invalidate . . . . . . . . . . . . . . . . . . . . . 27 + + 6.2. Examining Trigger Status . . . . . . . . . . . . . . . . 28 + 6.2.1. Collection of All Triggers . . . . . . . . . . . . . 28 + 6.2.2. Filtered Collections of Trigger Status Resources . . 29 + 6.2.3. Individual Trigger Status Resources . . . . . . . . . 31 + 6.2.4. Polling for Change . . . . . . . . . . . . . . . . . 33 + 6.2.5. Deleting Trigger Status Resources . . . . . . . . . . 36 + 6.2.6. Error Reporting . . . . . . . . . . . . . . . . . . . 37 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38 + 7.1. CDNI Payload Type Parameter Registrations . . . . . . . . 38 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 39 8.1. Authentication, Authorization, Confidentiality, Integrity - Protection . . . . . . . . . . . . . . . . . . . . . . . 37 - 8.2. Denial of Service . . . . . . . . . . . . . . . . . . . . 38 - 8.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 39 - 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 39 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 39 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 39 - 10.2. Informative References . . . . . . . . . . . . . . . . . 40 - Appendix A. Formalization of the JSON Data . . . . . . . . . . . 40 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 + Protection . . . . . . . . . . . . . . . . . . . . . . . 40 + 8.2. Denial of Service . . . . . . . . . . . . . . . . . . . . 41 + 8.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 41 + 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 41 + 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 41 + 10.1. Normative References . . . . . . . . . . . . . . . . . . 41 + 10.2. Informative References . . . . . . . . . . . . . . . . . 42 + Appendix A. Formalization of the JSON Data . . . . . . . . . . . 43 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44 1. Introduction [RFC6707] introduces the problem scope for CDN Interconnection (CDNI) and lists the four categories of interfaces that may be used to compose a CDNI solution (Control, Metadata, Request Routing, Logging). [RFC7336] expands on the information provided in [RFC6707] and describes each of the interfaces and the relationships between them @@ -193,46 +195,46 @@ Trigger Status Resources corresponding to active and completed CI/T Trigger Commands. These collections provide a mechanism for polling the status of multiple jobs. Figure 1 is an example showing the basic message flow used by the uCDN to trigger activity in the dCDN, and for the uCDN to discover the status of that activity. Only successful triggering is shown. Examples of the messages are given in Section 6. uCDN dCDN - | (1) POST http://dcdn.example.com/triggers/uCDN | + | (1) POST https://dcdn.example.com/triggers/uCDN | [ ] --------------------------------------------------> [ ]--+ | [ ] | (2) | (3) HTTP 201 Response [ ]<-+ [ ] <-------------------------------------------------- [ ] - | Loc: http://dcdn.example.com/triggers/uCDN/123 | + | Loc: https://dcdn.example.com/triggers/uCDN/123 | | | . . . . . . . . . | | - | (4) GET http://dcdn.example.com/triggers/uCDN/123 | + | (4) GET https://dcdn.example.com/triggers/uCDN/123 | [ ] --------------------------------------------------> [ ] | [ ] | (5) HTTP 200 Trigger Status Resource [ ] [ ] <-------------------------------------------------- [ ] | | | | Figure 1: Basic CDNI Message Flow for Triggers The steps in Figure 1 are: 1. The uCDN triggers action in the dCDN by posting a CI/T Command to a collection of Trigger Status Resources, - "http://dcdn.example.com/triggers/uCDN". The URL of this was + "https://dcdn.example.com/triggers/uCDN". The URL of this was given to the uCDN when the CI/T interface was established. 2. The dCDN authenticates the request, validates the CI/T Command and, if it accepts the request, creates a new Trigger Status Resource. 3. The dCDN responds to the uCDN with an HTTP 201 response status, and the location of the Trigger Status Resource. 4. The uCDN can poll, possibly repeatedly, the Trigger Status @@ -269,23 +271,76 @@ command is received. 2.2. Scope of Triggered Activity Each CI/T Command can operate on multiple metadata and content URLs. Multiple representations of an HTTP resource may share the same URL. CI/T Trigger Commands that invalidate or purge metadata or content apply to all resource representations with matching URLs. - The dCDN MUST reject CI/T Commands from a uCDN that act on another - uCDN's data. Security considerations are discussed further in - section Section 8. +2.2.1. Multiple Interconnected CDNs + + In a network of interconnected CDNs a single uCDN will originate a + given item of metadata and associated content, it may distribute that + metadata and content to more than one dCDN, which may in-turn + distribute that metadata and content to further-downstream CDNs. + + An "intermediate" CDN is a dCDN that passes on CDNI metadata and + content to further-downstream dCDNs. + + A "diamond configuration" is one where a dCDN can acquire metadata + and content originated in one uCDN from that uCDN itself and an + intermediate CDN, or via more than one intermediate uCDN. + + CI/T commands originating in the single source uCDN affect metadata + and content in all dCDNs but, in a diamond configuration, it may not + be possible for the dCDN to determine which uCDN it acquired content + from. In this case a dCDN MUST allow each uCDN from which it may + have acquired the content to act upon that content using CI/T + Commands. + + In all other cases, a dCDN MUST reject CI/T Commands from a uCDN that + act on another uCDN's data using, for example, HTTP "403 Forbidden". + + Security considerations are discussed further in Section 8. + + The diamond configuration may lead to inefficient interactions, but + the interactions are otherwise harmless. For example: + + o When the uCDN issues an invalidate CI/T command, a dCDN will + receive that command from multiple directly connected uCDNs. The + dCDN may schedule multiple those commands separately, and the last + may affect content already revalidated following execution of the + invalidate command scheduled first. + + o If one of a dCDN's directly-connected uCDNs loses its rights to + distribute content, it may issue a CI/T purge command. That purge + may affect content the dCDN could retain because it's distributed + by another directly-connected uCDN. But, that content can be re- + acquired by the dCDN from the remaining uCDN. + + o When the uCDN originating an item of content issues a CI/T purge + followed by a preposition - two directly connected uCDNs will pass + those commands to a dCDN. That dCDN implementation need not merge + those operations, or notice the repetition. In which case the + purge issued by one uCDN will complete before the other. The + first uCDN to finish its purge may then forward the preposition + trigger, and content pre-positioned as a result might be affected + by the still-running purge issued by the other uCDN. However, the + dCDN will re-acquire that content as needed, or when it's asked to + pre-position the content by the second uCDN. A dCDN + implementation could avoid this interaction by knowing which uCDN + it acquired the content from, or it could minimize the + consequences by recording the time at which the invalidate/purge + command was received and not applying it to content acquired after + that time. 2.3. Trigger Results Possible states for a Trigger Status Resource are defined in section Section 5.2.3. The CI/T Trigger Command MUST NOT be reported as 'complete' until all actions have been completed successfully. The reasons for failure, and URLs or Patterns affected, SHOULD be enumerated in the Trigger Status Resource. For more detail, see section Section 4.7. @@ -310,21 +365,21 @@ A collection of Trigger Status Resources is a resource that contains a reference to each Trigger Status Resource in that collection. The dCDN MUST make a collection of a uCDN's Trigger Status Resources available to that uCDN. This collection includes all of the Trigger Status Resources created for CI/T Commands from the uCDN that have been accepted by the dCDN, and have not yet been deleted by the uCDN, or expired and removed by the dCDN (as described in section Section 4.4). Trigger Status Resources belonging to a uCDN MUST NOT be visible to any other CDN. The dCDN could, for example, achieve - this by offering different collection URLs to each uCDN, and/or by + this by offering different collection URLs to each uCDN, and by filtering the response based on the uCDN with which the HTTP client is associated. To trigger activity in a dCDN, or to cancel triggered activity, the uCDN POSTs a CI/T Command to the dCDN's collection of the uCDN's Trigger Status Resources. In order to allow the uCDN to check the status of multiple jobs in a single request, the dCDN SHOULD also maintain collections representing filtered views of the collection of all Trigger Status @@ -336,21 +391,21 @@ have been accepted, but not yet acted upon. o Active - Trigger Status Resources for CI/T Trigger Commands that are currently being processed in the dCDN. o Complete - Trigger Status Resources representing activity that completed successfully, and 'processed' CI/T Trigger Commands for which no further status updates will be made by the dCDN. o Failed - Trigger Status Resources representing CI/T Commands that - failes or were cancelled by the uCDN. + failed or were cancelled by the uCDN. 4. CDNI Trigger Interface This section describes an interface to enable an upstream CDN to trigger activity in a downstream CDN. The CI/T interface builds on top of HTTP, so dCDNs may make use of any HTTP feature when implementing the CI/T interface. For example, a dCDN SHOULD make use of HTTP's caching mechanisms to indicate that a requested response/representation has not been modified, reducing @@ -408,39 +463,39 @@ This is particularly important in cases where the CI/T Trigger Command has completed immediately. Once a Trigger Status Resource has been created the dCDN MUST NOT re- use its URI, even after that Trigger Status Resource has been removed. The dCDN SHOULD track and report on progress of CI/T Trigger Commands. If the dCDN is not able to do that, it MUST indicate that it has accepted the request but will not be providing further status - updates. To do this, it sets the "status" of the Trigger Status + updates. To do this, it sets the status of the Trigger Status Resource to "processed". In this case, CI/T processing should continue as for a "complete" request, so the Trigger Status Resource MUST be added to the dCDN's collection of Complete Trigger Status Resources. The dCDN SHOULD also provide an estimated completion time for the request, by using the "etime" property of the Trigger Status Resource. This will allow the uCDN to schedule prepositioning after an earlier delete of the same URLs is expected to have finished. If the dCDN is able to track the execution of CI/T Commands and a CI/ - T Command is queued by the dCDN for later action, the "status" - property of the Trigger Status Resource MUST be "pending". Once - processing has started the "status" MUST be "active". Finally, once - the CI/T Command is complete, the status MUST be set to "complete" or + T Command is queued by the dCDN for later action, the status property + of the Trigger Status Resource MUST be "pending". Once processing + has started the "status" MUST be "active". Finally, once the CI/T + Command is complete, the status MUST be set to "complete" or "failed". A CI/T Trigger Command may result in no activity in the dCDN if, for example, it is an invalidate or purge request for data the dCDN has - not yet acquired, or a prepopulate request for data it has already + not yet acquired, or a pre-position request for data it has already acquired and which is still valid. In this case, the "status" of the Trigger Status Resource MUST be "processed" or "complete", and the Trigger Status Resource MUST be added to the dCDN's collection of Complete Trigger Status Resources. Once created, Trigger Status Resources can be cancelled or deleted by the uCDN, but not modified. The dCDN MUST reject PUT and POST requests from the uCDN to Trigger Status Resources by responding with an appropriate HTTP status code, for example 405 "Method Not Allowed". @@ -520,22 +575,22 @@ If the CI/T Command cannot be stopped immediately, the status in the corresponding Trigger Status Resource MUST be set to "cancelling", and the Trigger Status Resource MUST remain in the collection of Trigger Status Resources for active CI/T Commands. If processing is stopped before normal completion, the status value in the Trigger Status Resource MUST be set to "cancelled", and the Trigger Status Resource MUST be included in the collection of failed CT/T Trigger Commands. Cancellation of a "complete" or "failed" Trigger Status Resource - requires no processing in the dCDN, its status MUST NOT be changed to - "cancelled". + requires no processing in the dCDN. Its status MUST NOT be changed + to "cancelled". 4.4. Deleting Triggers The uCDN can delete Trigger Status Resources at any time, using the HTTP DELETE method. The effect is similar to cancellation, but no Trigger Status Resource remains afterwards. Once deleted, the references to a Trigger Status Resource MUST be removed from all Trigger Status Resource collections. Subsequent requests to GET the deleted Trigger Status Resource SHOULD be @@ -712,21 +766,21 @@ Value: A non-empty JSON array of URLs represented as JSON strings. Mandatory: No, but exactly one of "trigger" or "cancel" MUST be present in a CI/T Command. Name: cdn-path Description: The CDN Provider Identifiers of CDNs that have - already accepted the CI/T Command. + already issued the CI/T Command to their dCDNs. Value: A non-empty JSON array of JSON strings, where each string is a CDN Provider Identifier as defined in Section 4.6. Mandatory: Yes. 5.1.2. Trigger Status Resource Trigger Status Resources MUST use a MIME Media Type of 'application/ cdni; ptype=ci-trigger-status'. @@ -1014,24 +1067,24 @@ Value: One of the JSON values 'true' (the full URI including the query part should be compared against the given pattern), or 'false' (the query part of the URI should be dropped before comparison with the given pattern). Mandatory: No, default is 'false', the query part of the URI should be dropped before comparison with the given pattern. Example of case-sensitive prefix match against - "http://www.example.com/trailers/": + "https://www.example.com/trailers/": { - "pattern": "http://www.example.com/trailers/*", + "pattern": "https://www.example.com/trailers/*", "case-sensitive": true } 5.2.5. Absolute Time A JSON number, seconds since the UNIX epoch, 00:00:00 UTC on 1 January 1970. 5.2.6. Error Description @@ -1046,24 +1099,24 @@ Mandatory: Yes. Names: metadata.urls, content.urls, metadata.patterns, content.patterns Description: Metadata and content references copied from the Trigger Specification. Only those URLs and patterns to which the error applies are included in each property, but those URLs and patterns MUST be exactly as they appear in the request, the dCDN MUST NOT generalise the URLs. (For example, if the uCDN - requests prepositioning of URLs "http://content.example.com/a" - and "http://content.example.com/b", the dCDN must not + requests prepositioning of URLs "https://content.example.com/a" + and "https://content.example.com/b", the dCDN must not generalise its error report to Pattern - "http://content.example.com/*".) + "https://content.example.com/*".) Value: A JSON array of JSON strings, where each string is copied from a 'content.*' or 'metadata.*' value in the corresponding Trigger Specification. Mandatory: At least one of these name/value pairs is mandatory in each Error Description object. Name: description @@ -1100,21 +1153,21 @@ 6. Examples The following sections provide examples of different CI/T objects encoded as JSON. Discovery of the triggers interface is out of scope of this document. In an implementation, all CI/T URLs are under the control of the dCDN. The uCDN MUST NOT attempt to ascribe any meaning to individual elements of the path. - In examples in this section, the URL 'http://dcdn.example.com/ + In examples in this section, the URL 'https://dcdn.example.com/ triggers' is used as the location of the collection of all Trigger Status Resources, and the CDN Provider Id of uCDN is "AS64496:1". 6.1. Creating Triggers Examples of the uCDN triggering activity in the dCDN: 6.1.1. Preposition An example of a CI/T preposition command, a POST to the collection of @@ -1123,133 +1176,132 @@ Note that "metadata.patterns" and "content.patterns" are not allowed in a preposition Trigger Specification. REQUEST: POST /triggers HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* Content-Type: application/cdni; ptype=ci-trigger-command - Content-Length: 347 + Content-Length: 352 { "trigger" : { "type": "preposition", - "metadata.urls" : [ "http://metadata.example.com/a/b/c" ], + "metadata.urls" : [ "https://metadata.example.com/a/b/c" ], "content.urls" : [ - "http://www.example.com/a/b/c/1", - "http://www.example.com/a/b/c/2", - "http://www.example.com/a/b/c/3", - "http://www.example.com/a/b/c/4" + "https://www.example.com/a/b/c/1", + "https://www.example.com/a/b/c/2", + "https://www.example.com/a/b/c/3", + "https://www.example.com/a/b/c/4" ] }, "cdn-path" : [ "AS64496:1" ] - } RESPONSE: HTTP/1.1 201 Created - Date: Sun, 06 Dec 2015 17:18:46 GMT - Content-Length: 462 + Date: Thu, 17 Mar 2016 18:56:38 GMT + Content-Length: 467 Content-Type: application/cdni; ptype=ci-trigger-status - Location: http://dcdn.example.com/triggers/0 + Location: https://dcdn.example.com/triggers/0 Server: example-server/0.1 { - "ctime": 1449422326, - "etime": 1449422334, - "mtime": 1449422326, + "ctime": 1458240998, + "etime": 1458241006, + "mtime": 1458240998, "status": "pending", "trigger": { "content.urls": [ - "http://www.example.com/a/b/c/1", - "http://www.example.com/a/b/c/2", - "http://www.example.com/a/b/c/3", - "http://www.example.com/a/b/c/4" + "https://www.example.com/a/b/c/1", + "https://www.example.com/a/b/c/2", + "https://www.example.com/a/b/c/3", + "https://www.example.com/a/b/c/4" ], "metadata.urls": [ - "http://metadata.example.com/a/b/c" + "https://metadata.example.com/a/b/c" ], "type": "preposition" } } 6.1.2. Invalidate An example of a CI/T invalidate command, another POST to the collection of all Trigger Status Resources. This instructs the dCDN - to re-validate the content at "http://www.example.com/a/index.html", + to re-validate the content at "https://www.example.com/a/index.html", as well as any metadata and content whose URLs are prefixed by - "http://metadata.example.com/a/b/" using case-insensitive matching, - and "http://www.example.com/a/b/" respectively, using case-sensitive + "https://metadata.example.com/a/b/" using case-insensitive matching, + and "https://www.example.com/a/b/" respectively, using case-sensitive matching. REQUEST: POST /triggers HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* Content-Type: application/cdni; ptype=ci-trigger-command - Content-Length: 384 + Content-Length: 387 + { "trigger" : { "type": "invalidate", "metadata.patterns" : [ - { "pattern" : "http://metadata.example.com/a/b/*" } + { "pattern" : "https://metadata.example.com/a/b/*" } ], - "content.urls" : [ "http://www.example.com/a/index.html" ], + "content.urls" : [ "https://www.example.com/a/index.html" ], "content.patterns" : [ - { "pattern" : "http://www.example.com/a/b/*", + { "pattern" : "https://www.example.com/a/b/*", "case-sensitive" : true } ] }, "cdn-path" : [ "AS64496:1" ] } RESPONSE: HTTP/1.1 201 Created - Date: Sun, 06 Dec 2015 17:18:46 GMT - Content-Length: 542 + Date: Thu, 17 Mar 2016 18:56:39 GMT + Content-Length: 545 Content-Type: application/cdni; ptype=ci-trigger-status - Location: http://dcdn.example.com/triggers/1 + Location: https://dcdn.example.com/triggers/1 Server: example-server/0.1 { - "ctime": 1449422326, - "etime": 1449422334, - "mtime": 1449422326, + "ctime": 1458240999, + "etime": 1458241007, + "mtime": 1458240999, "status": "pending", "trigger": { "content.patterns": [ { "case-sensitive": true, - "pattern": "http://www.example.com/a/b/*" + "pattern": "https://www.example.com/a/b/*" } ], "content.urls": [ - "http://www.example.com/a/index.html" + "https://www.example.com/a/index.html" ], "metadata.patterns": [ { - "pattern": "http://metadata.example.com/a/b/*" + "pattern": "https://metadata.example.com/a/b/*" } ], "type": "invalidate" - } } 6.2. Examining Trigger Status Once Trigger Status Resources have been created, the uCDN can check their status as shown in these examples. 6.2.1. Collection of All Triggers @@ -1261,92 +1313,92 @@ REQUEST: GET /triggers HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK - Content-Length: 339 - Expires: Sun, 06 Dec 2015 17:19:46 GMT + Content-Length: 341 + Expires: Thu, 17 Mar 2016 18:57:39 GMT Server: example-server/0.1 - ETag: "-8770885545613447380" + ETag: "-936094426920308378" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:46 GMT + Date: Thu, 17 Mar 2016 18:56:39 GMT Content-Type: application/cdni; ptype=ci-trigger-collection { "cdn-id": "AS64496:0", "coll-active": "/triggers/active", "coll-complete": "/triggers/complete", "coll-failed": "/triggers/failed", "coll-pending": "/triggers/pending", "staleresourcetime": 86400, "triggers": [ - "http://dcdn.example.com/triggers/0", - "http://dcdn.example.com/triggers/1" + "https://dcdn.example.com/triggers/0", + "https://dcdn.example.com/triggers/1" ] } 6.2.2. Filtered Collections of Trigger Status Resources The filtered collections are also available to the uCDN. Before the dCDN starts processing the two CI/T Trigger Commands shown above, both will appear in the collection of Pending Triggers, for example: REQUEST: GET /triggers/pending HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK - Content-Length: 150 - Expires: Sun, 06 Dec 2015 17:19:46 GMT + Content-Length: 152 + Expires: Thu, 17 Mar 2016 18:57:39 GMT Server: example-server/0.1 - ETag: "-1475121655268178613" + ETag: "4331492443626270781" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:46 GMT + Date: Thu, 17 Mar 2016 18:56:39 GMT Content-Type: application/cdni; ptype=ci-trigger-collection { "staleresourcetime": 86400, "triggers": [ - "http://dcdn.example.com/triggers/0", - "http://dcdn.example.com/triggers/1" + "https://dcdn.example.com/triggers/0", + "https://dcdn.example.com/triggers/1" ] } At this point, if no other Trigger Status Resources had been created, the other filtered views would be empty. For example: REQUEST: GET /triggers/complete HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK Content-Length: 54 - Expires: Sun, 06 Dec 2015 17:19:46 GMT + Expires: Thu, 17 Mar 2016 18:57:39 GMT Server: example-server/0.1 ETag: "7958041393922269003" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:46 GMT + Date: Thu, 17 Mar 2016 18:56:39 GMT Content-Type: application/cdni; ptype=ci-trigger-collection { "staleresourcetime": 86400, "triggers": [] } 6.2.3. Individual Trigger Status Resources The Trigger Status Resources can also be examined for detail about @@ -1356,292 +1408,290 @@ REQUEST: GET /triggers/0 HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK - Content-Length: 462 - Expires: Sun, 06 Dec 2015 17:19:46 GMT + Content-Length: 467 + Expires: Thu, 17 Mar 2016 18:57:38 GMT Server: example-server/0.1 - ETag: "-256278637448610056" + ETag: "-4577812884843999747" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:46 GMT + Date: Thu, 17 Mar 2016 18:56:38 GMT Content-Type: application/cdni; ptype=ci-trigger-status { - "ctime": 1449422326, - "etime": 1449422334, - "mtime": 1449422326, + "ctime": 1458240998, + "etime": 1458241006, + "mtime": 1458240998, "status": "pending", "trigger": { "content.urls": [ - "http://www.example.com/a/b/c/1", - "http://www.example.com/a/b/c/2", - "http://www.example.com/a/b/c/3", - "http://www.example.com/a/b/c/4" + "https://www.example.com/a/b/c/1", + "https://www.example.com/a/b/c/2", + "https://www.example.com/a/b/c/3", + "https://www.example.com/a/b/c/4" ], "metadata.urls": [ - "http://metadata.example.com/a/b/c" + "https://metadata.example.com/a/b/c" ], "type": "preposition" } } REQUEST: GET /triggers/1 HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK - Content-Length: 542 - Expires: Sun, 06 Dec 2015 17:19:47 GMT + Content-Length: 545 + Expires: Thu, 17 Mar 2016 18:57:39 GMT Server: example-server/0.1 - ETag: "-1202970338696035175" + ETag: "7076408296782046945" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:47 GMT + Date: Thu, 17 Mar 2016 18:56:39 GMT Content-Type: application/cdni; ptype=ci-trigger-status { - "ctime": 1449422326, - "etime": 1449422334, - "mtime": 1449422326, + "ctime": 1458240999, + "etime": 1458241007, + "mtime": 1458240999, "status": "pending", "trigger": { "content.patterns": [ { "case-sensitive": true, - "pattern": "http://www.example.com/a/b/*" + "pattern": "https://www.example.com/a/b/*" } ], "content.urls": [ - "http://www.example.com/a/index.html" + "https://www.example.com/a/index.html" ], "metadata.patterns": [ { - "pattern": "http://metadata.example.com/a/b/*" + "pattern": "https://metadata.example.com/a/b/*" } ], "type": "invalidate" } } 6.2.4. Polling for Change The uCDN SHOULD use the Entity Tags of collections or Trigger Status Resources when polling for change in status, as shown in the following examples: REQUEST: GET /triggers/pending HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* - If-None-Match: "-1475121655268178613" + If-None-Match: "4331492443626270781" RESPONSE: HTTP/1.1 304 Not Modified Content-Length: 0 - Expires: Sun, 06 Dec 2015 17:19:46 GMT + Expires: Thu, 17 Mar 2016 18:57:39 GMT Server: example-server/0.1 - ETag: "-1475121655268178613" + ETag: "4331492443626270781" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:46 GMT + Date: Thu, 17 Mar 2016 18:56:39 GMT Content-Type: application/cdni; ptype=ci-trigger-collection REQUEST: GET /triggers/0 HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* - If-None-Match: "-256278637448610056" + If-None-Match: "-4577812884843999747" RESPONSE: HTTP/1.1 304 Not Modified Content-Length: 0 - Expires: Sun, 06 Dec 2015 17:19:46 GMT + Expires: Thu, 17 Mar 2016 18:57:38 GMT Server: example-server/0.1 - ETag: "-256278637448610056" + ETag: "-4577812884843999747" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:46 GMT + Date: Thu, 17 Mar 2016 18:56:38 GMT Content-Type: application/cdni; ptype=ci-trigger-status When the CI/T Trigger Command is complete, the contents of the filtered collections will be updated along with their Entity Tags. For example, when the two example CI/T Trigger Commands are complete, the collections of pending and complete Trigger Status Resources might look like: REQUEST: - GET /triggers/pending HTTP/1.1 + GET /triggers/complete HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK Content-Length: 54 - Expires: Sun, 06 Dec 2015 17:19:51 GMT + Expires: Thu, 17 Mar 2016 18:57:39 GMT Server: example-server/0.1 - ETag: "1337503181677633762" + ETag: "7958041393922269003" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:51 GMT + Date: Thu, 17 Mar 2016 18:56:39 GMT Content-Type: application/cdni; ptype=ci-trigger-collection { "staleresourcetime": 86400, "triggers": [] } REQUEST: GET /triggers/complete HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK - Content-Length: 150 - Expires: Sun, 06 Dec 2015 17:19:58 GMT + Content-Length: 152 + Expires: Thu, 17 Mar 2016 18:57:50 GMT Server: example-server/0.1 - ETag: "-2588648306194498266" + ETag: "4481489539378529796" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:58 GMT + Date: Thu, 17 Mar 2016 18:56:50 GMT Content-Type: application/cdni; ptype=ci-trigger-collection { "staleresourcetime": 86400, "triggers": [ - "http://dcdn.example.com/triggers/0", - "http://dcdn.example.com/triggers/1" + "https://dcdn.example.com/triggers/0", + "https://dcdn.example.com/triggers/1" ] } 6.2.5. Deleting Trigger Status Resources The dCDN can delete completed and failed Trigger Status Resources to reduce the size of the collections. For example, to delete the "preposition" request from earlier examples: REQUEST: DELETE /triggers/0 HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 204 No Content - Date: Sun, 06 Dec 2015 17:18:59 GMT + Date: Thu, 17 Mar 2016 18:56:50 GMT Content-Length: 0 Content-Type: text/html; charset=UTF-8 Server: example-server/0.1 This would, for example, cause the collection of completed Trigger Status Resources shown in the example above to be updated to: REQUEST: GET /triggers/complete HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK - Content-Length: 104 - Expires: Sun, 06 Dec 2015 17:19:59 GMT + Content-Length: 105 + Expires: Thu, 17 Mar 2016 18:57:50 GMT Server: example-server/0.1 - ETag: "6647924643429037709" + ETag: "-6938620031669085677" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:18:59 GMT + Date: Thu, 17 Mar 2016 18:56:50 GMT Content-Type: application/cdni; ptype=ci-trigger-collection { "staleresourcetime": 86400, "triggers": [ - "http://dcdn.example.com/triggers/1" + "https://dcdn.example.com/triggers/1" ] } 6.2.6. Error Reporting In this example the uCDN has requested prepositioning of - "http://newsite.example.com/index.html", but the dCDN was unable to + "https://newsite.example.com/index.html", but the dCDN was unable to locate metadata for that site: REQUEST: GET /triggers/2 HTTP/1.1 User-Agent: example-user-agent/0.1 Host: dcdn.example.com Accept: */* RESPONSE: HTTP/1.1 200 OK - Content-Length: 484 - Expires: Sun, 06 Dec 2015 17:20:08 GMT + Content-Length: 486 + Expires: Thu, 17 Mar 2016 18:57:54 GMT Server: example-server/0.1 - ETag: "8302815253703938792" + ETag: "-1916002386108948179" Cache-Control: max-age=60 - Date: Sun, 06 Dec 2015 17:19:08 GMT + Date: Thu, 17 Mar 2016 18:56:54 GMT Content-Type: application/cdni; ptype=ci-trigger-status { - "ctime": 1449422340, + "ctime": 1458241010, "errors": [ { "content.urls": [ - "http://newsite.example.com/index.html" + "https://newsite.example.com/index.html" ], "description": "newsite.example.com not in HostIndex", "error": "emeta" } ], - "etime": 1449422348, - "mtime": 1449422344, + "etime": 1458241018, + "mtime": 1458241014, "status": "active", "trigger": { "content.urls": [ - "http://newsite.example.com/index.html" + "https://newsite.example.com/index.html" ], "type": "preposition" } } 7. IANA Considerations 7.1. CDNI Payload Type Parameter Registrations The IANA is requested to register the following new Payload Types in - the CDNI Payload Type Parameter registry defined by - - [I-D.ietf-cdni-media-type], for use with the 'application/cdni' MIME - media type. + the CDNI Payload Type Parameter registry defined by [RFC7736], for + use with the 'application/cdni' MIME media type. RFC Editor Note: Please replace references to [RFCthis] below with this document's RFC number before publication. +-----------------------+---------------+ | Payload Type | Specification | +-----------------------+---------------+ | ci-trigger-command | [RFCthis] | | ci-trigger-status | [RFCthis] | | ci-trigger-collection | [RFCthis] | @@ -1668,61 +1718,73 @@ And so would a man in the middle attacker modifying valid CI/T commands generated by the uCDN. In both cases, that would decrease the dCDN caching efficiency by causing it to unnecessarily acquire or re-acquire content metadata and/or content. A dCDN implementation of CI/T MUST restrict the actions of a uCDN to the data corresponding to that uCDN. Failure to do so would allow uCDNs to detrimentally affect each other's efficiency by generating unnecessary acquisition or re-acquisition load. + An origin that chooses to delegate its delivery to a CDN is trusting + that CDN to deliver content on its behalf, CDN-interconnection is an + extension of that trust to downstream CDNs. That trust relationship + is a commercial arrangement, outside the scope of the CDNi protocols. + So, while a malicious CDN could deliberately generate load on a dCDN + using the CI/T, the protocol does not otherwise attempt to address + malicious behaviour between interconnected CDNs. + 8.1. Authentication, Authorization, Confidentiality, Integrity Protection A CI/T implementation MUST support TLS transport for HTTP (https) as per [RFC2818] and [RFC7230]. + TLS MUST be used by the server-side (dCDN) and the client-side (uCDN) + of the CI/T interface, including authentication of the remote end, + unless alternate methods are used for ensuring the confidentiality of + the information in the CI/T interface requests and responses (such as + setting up an IPsec tunnel between the two CDNs or using a physically + secured internal network between two CDNs that are owned by the same + corporate entity). + The use of TLS for transport of the CI/T interface allows: - o The dCDN and the uCDN to authenticate each other. + o The dCDN and the uCDN to authenticate each other using TLS client + auth and TLS server auth. And, once they have mutually authenticated each other, it allows: o The dCDN and the uCDN to authorize each other (to ensure they are receiving CI/T Commands from, or reporting status to, an authorized CDN). o CDNI commands and responses to be transmitted with confidentiality. o Protection of the integrity of CDNI commands and responses. - In an environment where any such protection is required, mutually - authenticated encrypted transport MUST be used to ensure - confidentiality of the CI/T information. To that end, TLS MUST be - used by CI/T, including authentication of the remote end. - When TLS is used, the general TLS usage guidance in [RFC7525] MUST be followed. + The mechanisms for access control are dCDN-specific, not standardised + as part of this CI/T specification. + HTTP requests that attempt to access or operate on CI/T data belonging to another CDN MUST be rejected using, for example, HTTP "403 Forbidden" or "404 Not Found". This is intended to prevent unauthorised users from generating unnecessary load in dCDN or uCDN due to revalidation, reacquisition, or unnecessary acquisition. - Note that in a "diamond" configuration, where one uCDN's content can - be acquired via more than one directly-connected uCDN, it may not be - possible for the dCDN to determine from which uCDN it acquired - content. In this case, the dCDN MUST allow each uCDN from which the - content could have been acquired to act upon that content using CI/T - Commands. + When deploying a network of interconnected CDNs, the possible + inefficiencies related to the "diamond" configuration discussed in + Section 2.2.1 should be considered. 8.2. Denial of Service This document does not define a specific mechanism to protect against Denial of Service (DoS) attacks on the CI/T. However, CI/T endpoints can be protected against DoS attacks through the use of TLS transport and/or via mechanisms outside the scope of the CI/T interface, such as firewalling or use of Virtual Private Networks (VPNs). Depending on the implementation, triggered activity may consume @@ -1735,24 +1797,23 @@ 8.3. Privacy The CI/T protocol does not carry any information about individual End Users of a CDN, there are no privacy concerns for End Users. The CI/T protocol does carry information which could be considered commercially sensitive by CDN operators and content owners. The use of mutually authenticated TLS to establish a secure session for the transport of CI/T data, as discussed in Section 8.1, provides confidentiality while the CI/T data is in transit, and prevents - parties other party than the authorised dCDN from gaining access to - that data. The dCDN MUST ensure that it only exposes CI/T data - related to a uCDN to clients it has authenticated as belonging to - that uCDN. + parties other than the authorised dCDN from gaining access to that + data. The dCDN MUST ensure that it only exposes CI/T data related to + a uCDN to clients it has authenticated as belonging to that uCDN. 9. Acknowledgements The authors thank Kevin Ma for his input, and Carsten Bormann for his review and formalization of the JSON data. 10. References 10.1. Normative References @@ -1784,42 +1845,43 @@ (DTLS)", BCP 195, RFC 7525, May 2015. 10.2. Informative References [I-D.greevenbosch-appsawg-cbor-cddl] Vigano, C. and H. Birkholz, "CBOR data definition language (CDDL): a notational convention to express CBOR data structures", draft-greevenbosch-appsawg-cbor-cddl-07 (work in progress), October 2015. - [I-D.ietf-cdni-media-type] - Ma, K., "CDNI Media Type Registration", draft-ietf-cdni- - media-type-06 (work in progress), October 2015. - [I-D.ietf-cdni-metadata] Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma, "CDN Interconnection Metadata", draft-ietf-cdni- metadata-12 (work in progress), October 2015. [I-D.ietf-cdni-redirection] Niven-Jenkins, B. and R. Brandenburg, "Request Routing - Redirection Interface for CDN Interconnection", draft- - ietf-cdni-redirection-13 (work in progress), October 2015. + Redirection interface for CDN Interconnection", draft- + ietf-cdni-redirection-17 (work in progress), February + 2016. [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, "Framework for Content Distribution Network Interconnection (CDNI)", RFC 7336, August 2014. [RFC7337] Leung, K. and Y. Lee, "Content Distribution Network Interconnection (CDNI) Requirements", RFC 7337, August 2014. + [RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI) + Media Type Registration", RFC 7736, DOI 10.17487/RFC7736, + December 2015, . + Appendix A. Formalization of the JSON Data This appendix is non-normative. The JSON data described in this document has been formalised using CDDL [I-D.greevenbosch-appsawg-cbor-cddl] as follows: CIT-object = CIT-command / Trigger-Status-Resource / Trigger-Collection CIT-command ; use media type application/cdni; ptype=ci-trigger-command @@ -1887,24 +1948,24 @@ Ccid = tstr ; see I-D.ietf-cdni-metadata Cdn-PID = tstr .regexp "AS[0-9]+:[0-9]+" URI = tstr Authors' Addresses Rob Murray - Velocix (Alcatel-Lucent) + Nokia 3 Ely Road Milton, Cambridge CB24 6DD UK - Email: rob.murray@alcatel-lucent.com + Email: rob.murray@nokia.com Ben Niven-Jenkins - Velocix (Alcatel-Lucent) + Nokia 3 Ely Road Milton, Cambridge CB24 6DD UK - Email: ben.niven-jenkins@alcatel-lucent.com + Email: ben.niven-jenkins@nokia.com