draft-ietf-cdni-uri-signing-08.txt   draft-ietf-cdni-uri-signing-09.txt 
CDNI K. Leung CDNI K. Leung
Internet-Draft F. Le Faucheur Internet-Draft F. Le Faucheur
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: December 22, 2016 R. van Brandenburg Expires: December 30, 2016 R. van Brandenburg
TNO TNO
B. Downey B. Downey
Verizon Labs Verizon Labs
M. Fisher M. Fisher
Limelight Networks Limelight Networks
June 20, 2016 June 28, 2016
URI Signing for CDN Interconnection (CDNI) URI Signing for CDN Interconnection (CDNI)
draft-ietf-cdni-uri-signing-08 draft-ietf-cdni-uri-signing-09
Abstract Abstract
This document describes how the concept of URI signing supports the This document describes how the concept of URI signing supports the
content access control requirements of CDNI and proposes a URI content access control requirements of CDNI and proposes a URI
signing scheme. signing scheme.
The proposed URI signing method specifies the information needed to The proposed URI signing method specifies the information needed to
be included in the URI and the algorithm used to authorize and to be included in the URI and the algorithm used to authorize and to
validate access requests for the content referenced by the URI. The validate access requests for the content referenced by the URI. The
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 22, 2016. This Internet-Draft will expire on December 30, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 12 skipping to change at page 3, line 12
6.1. HTTP Redirection . . . . . . . . . . . . . . . . . . . . 33 6.1. HTTP Redirection . . . . . . . . . . . . . . . . . . . . 33
6.2. DNS Redirection . . . . . . . . . . . . . . . . . . . . . 36 6.2. DNS Redirection . . . . . . . . . . . . . . . . . . . . . 36
7. HTTP Adaptive Streaming . . . . . . . . . . . . . . . . . . . 39 7. HTTP Adaptive Streaming . . . . . . . . . . . . . . . . . . . 39
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39
8.1. CDNI Payload Type . . . . . . . . . . . . . . . . . . . . 39 8.1. CDNI Payload Type . . . . . . . . . . . . . . . . . . . . 39
8.1.1. CDNI UriSigning Payload Type . . . . . . . . . . . . 39 8.1.1. CDNI UriSigning Payload Type . . . . . . . . . . . . 39
8.2. CDNI Logging Record Type . . . . . . . . . . . . . . . . 40 8.2. CDNI Logging Record Type . . . . . . . . . . . . . . . . 40
8.2.1. CDNI Logging Record Version 2 for HTTP . . . . . . . 40 8.2.1. CDNI Logging Record Version 2 for HTTP . . . . . . . 40
8.3. CDNI Logging Field Names . . . . . . . . . . . . . . . . 40 8.3. CDNI Logging Field Names . . . . . . . . . . . . . . . . 40
8.4. CDNI URI Signing Enforcement Information Elements . . . . 40 8.4. CDNI Metadata Auth Type . . . . . . . . . . . . . . . . . 40
8.5. CDNI URI Signing Signature Computation Information 8.5. CDNI URI Signing Enforcement Information Elements . . . . 41
8.6. CDNI URI Signing Signature Computation Information
Elements . . . . . . . . . . . . . . . . . . . . . . . . 41 Elements . . . . . . . . . . . . . . . . . . . . . . . . 41
8.6. CDNI URI Signing Signature Information Elements . . . . . 42 8.7. CDNI URI Signing Signature Information Elements . . . . . 42
9. Security Considerations . . . . . . . . . . . . . . . . . . . 43 9. Security Considerations . . . . . . . . . . . . . . . . . . . 43
10. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 10. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 44 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 44
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 44 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 44
12.1. Normative References . . . . . . . . . . . . . . . . . . 44 12.1. Normative References . . . . . . . . . . . . . . . . . . 44
12.2. Informative References . . . . . . . . . . . . . . . . . 45 12.2. Informative References . . . . . . . . . . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction 1. Introduction
skipping to change at page 11, line 4 skipping to change at page 11, line 4
part of the URI Signing Package Attribute. If the Original URI part of the URI Signing Package Attribute. If the Original URI
Container information element is used, the URI Pattern Sequence Container information element is used, the URI Pattern Sequence
information element MUST NOT be used. information element MUST NOT be used.
o URI Pattern Container (UPC) [optional] - Percent-encoded container o URI Pattern Container (UPC) [optional] - Percent-encoded container
for one or more URI Patterns that describes for which content the for one or more URI Patterns that describes for which content the
Signed URI is valid. The URI Pattern Container contains an Signed URI is valid. The URI Pattern Container contains an
expression to match against the requested URI to check whether the expression to match against the requested URI to check whether the
requested content is allowed to be requested. Multiple URI requested content is allowed to be requested. Multiple URI
Patterns may be concatenated in a single URI Pattern Container Patterns may be concatenated in a single URI Pattern Container
information element by seperating them with a semi-colon (';') information element by separating them with a semi-colon (';')
character. Each URI Pattern follows the [RFC3986] URI format, character. Each URI Pattern follows the [RFC3986] URI format,
including the '://' that delimits the URI scheme from the including the '://' that delimits the URI scheme from the
hierarchy part. The pattern may include the wildcards '*' and hierarchy part. The pattern may include the wildcards '*' and
'?', where '*' matches any sequence of characters (including the '?', where '*' matches any sequence of characters (including the
empty string) and '?' matches exactly one character. The three empty string) and '?' matches exactly one character. The three
literals '$', '*' and '?' should be escaped as '$$', '$*' and literals '$', '*' and '?' should be escaped as '$$', '$*' and
'$?'. All other characters are treated as literals. The '$?'. All other characters are treated as literals. The
following is an example of a valid URI Pattern: '*://*/folder/ following is an example of a valid URI Pattern: '*://*/folder/
content-83112371/quality_*/segment????.mp4'. In its final content-83112371/quality_*/segment????.mp4'. In its final
percent-encoded form, this is equal to percent-encoded form, this is equal to
skipping to change at page 40, line 48 skipping to change at page 40, line 48
+---------------------------+-----------+ +---------------------------+-----------+
| Field Name | Reference | | Field Name | Reference |
+---------------------------+-----------+ +---------------------------+-----------+
| s-uri-signing | RFCthis | | s-uri-signing | RFCthis |
| s-uri-signing-deny-reason | RFCthis | | s-uri-signing-deny-reason | RFCthis |
+---------------------------+-----------+ +---------------------------+-----------+
[RFC Editor: Please replace RFCthis with the published RFC number for [RFC Editor: Please replace RFCthis with the published RFC number for
this document.] this document.]
8.4. CDNI URI Signing Enforcement Information Elements 8.4. CDNI Metadata Auth Type
This document requests the registration of the following CDNI
Metadata Auth type under the IANA "CDNI Metadata Auth Types"
registry:
+------------------+-----------------------+---------------+
| Auth type | Description | Specification |
+------------------+-----------------------+---------------+
| MI.UriSigning.v1 | URI Signing version 1 | RFCthis |
+------------------+-----------------------+---------------+
[RFC Editor: Please replace RFCthis with the published RFC number for
this document.]
8.5. CDNI URI Signing Enforcement Information Elements
The IANA is requested to create a new "CDNI URI Signing Enforcement The IANA is requested to create a new "CDNI URI Signing Enforcement
Information Elements" subregistry in the "Content Delivery Networks Information Elements" subregistry in the "Content Delivery Networks
Interconnection (CDNI) Parameters" registry. The "CDNI URI Signing Interconnection (CDNI) Parameters" registry. The "CDNI URI Signing
Enforcement Information Elements" namespace defines the valid Enforcement Information Elements" namespace defines the valid
Enforcement Information Elements that may be included in a URI Enforcement Information Elements that may be included in a URI
Signing token. Additions to the Enforcement Information Elements Signing token. Additions to the Enforcement Information Elements
namespace conform to the "Specification Required" policy as defined namespace conform to the "Specification Required" policy as defined
in [RFC5226]. in [RFC5226].
skipping to change at page 41, line 28 skipping to change at page 41, line 43
| OUC | Original URI Container | RFCthis | | OUC | Original URI Container | RFCthis |
| URI Pattern Container | Client IP Address | RFCthis | | URI Pattern Container | Client IP Address | RFCthis |
+-----------------------+------------------------+---------+ +-----------------------+------------------------+---------+
[RFC Editor: Please replace RFCthis with the published RFC number for [RFC Editor: Please replace RFCthis with the published RFC number for
this document.] this document.]
[Ed Note: are there any special instructions to the designated expert [Ed Note: are there any special instructions to the designated expert
reviewer?] reviewer?]
8.5. CDNI URI Signing Signature Computation Information Elements 8.6. CDNI URI Signing Signature Computation Information Elements
The IANA is requested to create a new "CDNI URI Signing Signature The IANA is requested to create a new "CDNI URI Signing Signature
Computation Information Elements" subregistry in the "Content Computation Information Elements" subregistry in the "Content
Delivery Networks Interconnection (CDNI) Parameters" registry. The Delivery Networks Interconnection (CDNI) Parameters" registry. The
"CDNI URI Signing Signature Computation Information Elements" "CDNI URI Signing Signature Computation Information Elements"
namespace defines the valid Signature Computation Information namespace defines the valid Signature Computation Information
Elements that may be included in a URI Signing token. Additions to Elements that may be included in a URI Signing token. Additions to
the Signature Computation Information Elements namespace conform to the Signature Computation Information Elements namespace conform to
the "Specification Required" policy as defined in [RFC5226]. the "Specification Required" policy as defined in [RFC5226].
skipping to change at page 42, line 23 skipping to change at page 42, line 26
| CEA | Client IP Encryption Algorithm | RFCthis | | CEA | Client IP Encryption Algorithm | RFCthis |
| CKI | Client IP Encryption Key Identifier | RFCthis | | CKI | Client IP Encryption Key Identifier | RFCthis |
+---------+-------------------------------------+---------+ +---------+-------------------------------------+---------+
[RFC Editor: Please replace RFCthis with the published RFC number for [RFC Editor: Please replace RFCthis with the published RFC number for
this document.] this document.]
[Ed Note: are there any special instructions to the designated expert [Ed Note: are there any special instructions to the designated expert
reviewer?] reviewer?]
8.6. CDNI URI Signing Signature Information Elements 8.7. CDNI URI Signing Signature Information Elements
The IANA is requested to create a new "CDNI URI Signing Signature The IANA is requested to create a new "CDNI URI Signing Signature
Information Elements" subregistry in the "Content Delivery Networks Information Elements" subregistry in the "Content Delivery Networks
Interconnection (CDNI) Parameters" registry. The "CDNI URI Signing Interconnection (CDNI) Parameters" registry. The "CDNI URI Signing
Signature Information Elements" namespace defines the valid Signature Signature Information Elements" namespace defines the valid Signature
Information Elements that may be included in a URI Signing token. Information Elements that may be included in a URI Signing token.
Additions to the Signature Information Elements namespace conform to Additions to the Signature Information Elements namespace conform to
the "Specification Required" policy as defined in [RFC5226]. the "Specification Required" policy as defined in [RFC5226].
The following table defines the initial Signature Information The following table defines the initial Signature Information
 End of changes. 10 change blocks. 
11 lines changed or deleted 27 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/