| draft-ietf-opes-protocol-reqs-03.txt | rfc3836.txt | |||
|---|---|---|---|---|
| Open Pluggable Edge Services A. Beck | Network Working Group A. Beck | |||
| Internet-Draft M. Hofmann | Request for Comments: 3836 M. Hofmann | |||
| Expires: June 12, 2003 Lucent Technologies | Category: Informational Lucent Technologies | |||
| H. Orman | H. Orman | |||
| Purple Streak Development | Purple Streak Development | |||
| R. Penno | R. Penno | |||
| Nortel Networks | Nortel Networks | |||
| A. Terzis | A. Terzis | |||
| Individual Consultant | Johns Hopkins University | |||
| December 12, 2002 | August 2004 | |||
| Requirements for OPES Callout Protocols | Requirements for Open Pluggable Edge Services (OPES) | |||
| draft-ietf-opes-protocol-reqs-03 | Callout Protocols | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This memo provides information for the Internet community. It does | |||
| all provisions of Section 10 of RFC2026. | not specify an Internet standard of any kind. Distribution of this | |||
| memo is unlimited. | ||||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF), its areas, and its working groups. Note that | ||||
| other groups may also distribute working documents as | ||||
| Internet-Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | ||||
| and may be updated, replaced, or obsoleted by other documents at any | ||||
| time. It is inappropriate to use Internet-Drafts as reference | ||||
| material or to cite them other than as "work in progress." | ||||
| The list of current Internet-Drafts can be accessed at http:// | ||||
| www.ietf.org/ietf/1id-abstracts.txt. | ||||
| The list of Internet-Draft Shadow Directories can be accessed at | ||||
| http://www.ietf.org/shadow.html. | ||||
| This Internet-Draft will expire on June 12, 2003. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2002). All Rights Reserved. | Copyright (C) The Internet Society (2004). | |||
| Abstract | Abstract | |||
| This document specifies the requirements that the OPES (Open | This document specifies the requirements that the OPES (Open | |||
| Pluggable Edge Services) callout protocol must satisfy in order to | Pluggable Edge Services) callout protocol must satisfy in order to | |||
| support the remote execution of OPES services. The requirements are | support the remote execution of OPES services. The requirements are | |||
| intended to help evaluating possible protocol candidates as well as | intended to help evaluate possible protocol candidates, as well as to | |||
| to guide the development of such protocols. | guide the development of such protocols. | |||
| Table of Contents | Table of Contents | |||
| 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Functional Requirements . . . . . . . . . . . . . . . . . . 5 | 3. Functional Requirements . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1 Reliability . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. Reliability . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.2 Congestion Avoidance . . . . . . . . . . . . . . . . . . . . 5 | 3.2. Congestion Avoidance . . . . . . . . . . . . . . . . . 3 | |||
| 3.3 Callout Transactions . . . . . . . . . . . . . . . . . . . . 5 | 3.3. Callout Transactions . . . . . . . . . . . . . . . . . 3 | |||
| 3.4 Callout Connections . . . . . . . . . . . . . . . . . . . . 6 | 3.4. Callout Connections . . . . . . . . . . . . . . . . . . 4 | |||
| 3.5 Asynchronous Message Exchange . . . . . . . . . . . . . . . 6 | 3.5. Asynchronous Message Exchange . . . . . . . . . . . . . 5 | |||
| 3.6 Message Segmentation . . . . . . . . . . . . . . . . . . . . 7 | 3.6. Message Segmentation . . . . . . . . . . . . . . . . . 5 | |||
| 3.7 Support for Keep-Alive Mechanism . . . . . . . . . . . . . . 7 | 3.7. Support for Keep-Alive Mechanism . . . . . . . . . . . 6 | |||
| 3.8 Operation in NAT Environments . . . . . . . . . . . . . . . 8 | 3.8. Operation in NAT Environments . . . . . . . . . . . . . 6 | |||
| 3.9 Multiple Callout Servers . . . . . . . . . . . . . . . . . . 8 | 3.9. Multiple Callout Servers . . . . . . . . . . . . . . . 6 | |||
| 3.10 Multiple OPES Processors . . . . . . . . . . . . . . . . . . 8 | 3.10. Multiple OPES Processors . . . . . . . . . . . . . . . 6 | |||
| 3.11 Support for Different Application Protocols . . . . . . . . 8 | 3.11. Support for Different Application Protocols . . . . . . 7 | |||
| 3.12 Capability and Parameter Negotiations . . . . . . . . . . . 8 | 3.12. Capability and Parameter Negotiations . . . . . . . . . 7 | |||
| 3.13 Meta Data and Instructions . . . . . . . . . . . . . . . . . 9 | 3.13. Meta Data and Instructions . . . . . . . . . . . . . . 8 | |||
| 4. Performance Requirements . . . . . . . . . . . . . . . . . . 11 | 4. Performance Requirements . . . . . . . . . . . . . . . . . . 9 | |||
| 4.1 Protocol Efficiency . . . . . . . . . . . . . . . . . . . . 11 | 4.1. Protocol Efficiency . . . . . . . . . . . . . . . . . . 9 | |||
| 5. Security Requirements . . . . . . . . . . . . . . . . . . . 12 | 5. Security Requirements . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5.1 Authentication, Confidentiality, and Integrity . . . . . . . 12 | 5.1. Authentication, Confidentiality, and Integrity . . . . 9 | |||
| 5.2 Hop-by-Hop Confidentiality . . . . . . . . . . . . . . . . . 12 | 5.2. Hop-by-Hop Confidentiality. . . . . . . . . . . . . . . 10 | |||
| 5.3 Operation Across Un-trusted Domains . . . . . . . . . . . . 12 | 5.3. Operation Across Untrusted Domains. . . . . . . . . . . 10 | |||
| 5.4 Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | 5.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . 14 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | |||
| Normative References . . . . . . . . . . . . . . . . . . . . 15 | 7. References. . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| Informative References . . . . . . . . . . . . . . . . . . . 16 | 7.1. Normative References. . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 16 | 7.2. Informative References. . . . . . . . . . . . . . . . . 11 | |||
| A. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 18 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| B. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 9. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 12 | |||
| Intellectual Property and Copyright Statements . . . . . . . 21 | 10. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 13 | |||
| 1. Terminology | 1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [2]. | document are to be interpreted as described in BCP 14, RFC 2119 [2]. | |||
| 2. Introduction | 2. Introduction | |||
| The Open Pluggable Edge Services (OPES) architecture [1] enables | The Open Pluggable Edge Services (OPES) architecture [1] enables | |||
| cooperative application services (OPES services) between a data | cooperative application services (OPES services) between a data | |||
| provider, a data consumer, and zero or more OPES processors. The | provider, a data consumer, and zero or more OPES processors. The | |||
| application services under consideration analyze and possibly | application services under consideration analyze, and possibly | |||
| transform application-level messages exchanged between the data | transform, application-level messages exchanged between the data | |||
| provider and the data consumer. | provider and the data consumer. | |||
| The execution of such services is governed by a set of rules | The execution of such services is governed by a set of rules | |||
| installed on the OPES processor. The rules enforcement can trigger | installed on the OPES processor. The enforcement of rules can | |||
| the execution of service applications local to the OPES processor. | trigger the execution of service applications local to the OPES | |||
| Alternatively, the OPES processor can distribute the responsibility | processor. Alternatively, the OPES processor can distribute the | |||
| of service execution by communicating and collaborating with one or | responsibility of service execution by communicating and | |||
| more remote callout servers. As described in [1], an OPES processor | collaborating with one or more remote callout servers. As described | |||
| communicates with and invokes services on a callout server by using a | in [1], an OPES processor communicates with and invokes services on a | |||
| callout protocol. This document presents the requirements for such a | callout server by using a callout protocol. This document presents | |||
| protocol. | the requirements for such a protocol. | |||
| The requirements in this document are divided into three categories - | The requirements in this document are divided into three categories - | |||
| functional requirements, performance requirements, and security | functional requirements, performance requirements, and security | |||
| requirements. Each requirement is presented as one or more | requirements. Each requirement is presented as one or more | |||
| statements, followed by brief explanatory material as appropriate. | statements, followed by brief explanatory material as appropriate. | |||
| 3. Functional Requirements | 3. Functional Requirements | |||
| 3.1 Reliability | 3.1. Reliability | |||
| The OPES callout protocol MUST be able to provide ordered reliability | The OPES callout protocol MUST be able to provide ordered reliability | |||
| for the communication between OPES processor and callout server. | for the communication between an OPES processor and callout server. | |||
| Additionally, the callout protocol SHOULD be able to provide | Additionally, the callout protocol SHOULD be able to provide | |||
| unordered reliability. | unordered reliability. | |||
| In order to satisfy the reliability requirements, the callout | In order to satisfy the reliability requirements, the callout | |||
| protocol SHOULD specify that it must be used with a transport | protocol SHOULD specify that it must be used with a transport | |||
| protocol which provides ordered/unordered reliability at the | protocol that provides ordered/unordered reliability at the | |||
| transport-layer, for example TCP [6] or SCTP [7]. | transport-layer, for example TCP [6] or SCTP [7]. | |||
| 3.2 Congestion Avoidance | 3.2. Congestion Avoidance | |||
| The OPES callout protocol MUST ensure that congestion avoidance that | The OPES callout protocol MUST ensure that congestion avoidance | |||
| matches the standard of RFC 2914 [4] is applied on all communication | matching the standard of RFC 2914 [4] is applied on all communication | |||
| between OPES processor and callout server. For this purpose, the | between the OPES processor and callout server. For this purpose, the | |||
| callout protocol SHOULD use a congestion-controlled transport-layer | callout protocol SHOULD use a congestion-controlled transport-layer | |||
| protocol, presumably either TCP [6] or SCTP [7]. | protocol, presumably either TCP [6] or SCTP [7]. | |||
| 3.3 Callout Transactions | 3.3. Callout Transactions | |||
| The OPES callout protocol MUST enable an OPES processor and a callout | The OPES callout protocol MUST enable an OPES processor and a callout | |||
| server to perform callout transactions with the purpose of exchanging | server to perform callout transactions with the purpose of exchanging | |||
| partial or complete application-level protocol messages (or | partial or complete application-level protocol messages (or | |||
| modifications thereof). More specifically, the callout protocol MUST | modifications thereof). More specifically, the callout protocol MUST | |||
| enable an OPES processor to forward a partial or complete application | enable an OPES processor to forward a partial or complete application | |||
| message to a callout server so that one or more OPES services can | message to a callout server so that one or more OPES services can | |||
| process the forwarded application message (or parts thereof). The | process the forwarded application message (or parts thereof). The | |||
| result of the service operation may be a modified application | result of the service operation may be a modified application | |||
| message. The callout protocol MUST therefore enable the callout | message. The callout protocol MUST therefore enable the callout | |||
| server to return a modified application message or the modified parts | server to return a modified application message or the modified parts | |||
| of an application message to the OPES processor. Additionally, the | of an application message to the OPES processor. Additionally, the | |||
| callout protocol MUST enable a callout server to report back to the | callout protocol MUST enable a callout server to report the result of | |||
| OPES processor the result of a callout transaction, e.g. in the form | a callout transaction (e.g., in the form of a status code) back to | |||
| of a status code. | the OPES processor. | |||
| A callout transaction is defined as a message exchange between an | A callout transaction is defined as a message exchange between an | |||
| OPES processor and a callout server consisting of a callout request | OPES processor and a callout server consisting of a callout request | |||
| and a callout response. Both, the callout request as well as the | and a callout response. Both, the callout request and the callout | |||
| callout response, MAY each consist of one or more callout protocol | response MAY each consist of one or more callout protocol messages, | |||
| messages, i.e. a series of protocol messages. A callout request | i.e. a series of protocol messages. A callout request MUST always | |||
| MUST always contain a partial or complete application message. A | contain a partial or complete application message. A callout | |||
| callout response MUST always indicate the result of the callout | response MUST always indicate the result of the callout transaction. | |||
| transaction. A callout response MAY contain a modified application | A callout response MAY contain a modified application message. | |||
| message. | ||||
| Callout transactions are always initiated by a callout request from | Callout transactions are always initiated by a callout request from | |||
| an OPES processor and typically terminated by a callout response from | an OPES processor and are typically terminated by a callout response | |||
| a callout server. The OPES callout protocol MUST, however, also | from a callout server. The OPES callout protocol MUST, however, also | |||
| provide a mechanism that allows either endpoint of a callout | provide a mechanism that allows either endpoint of a callout | |||
| transaction to terminate a callout transaction before a callout | transaction to terminate a callout transaction before a callout | |||
| request or response has been completely received by the corresponding | request or response has been completely received by the corresponding | |||
| callout endpoint. Such a mechanism MUST ensure that a premature | callout endpoint. Such a mechanism MUST ensure that a premature | |||
| termination of a callout transaction does not result in the loss of | termination of a callout transaction does not result in the loss of | |||
| application message data. | application message data. | |||
| A premature termination of a callout transaction is required to | A premature termination of a callout transaction is required to | |||
| support OPES services which may terminate even before they have | support OPES services, which may terminate even before they have | |||
| processed the entire application message. Content analysis services, | processed the entire application message. Content analysis services, | |||
| for example, may be able to classify a Web object after having | for example, may be able to classify a Web object after having | |||
| processed just the first few bytes of a Web object. | processed just the first few bytes of a Web object. | |||
| 3.4 Callout Connections | 3.4. Callout Connections | |||
| The OPES callout protocol MUST enable an OPES processor and a callout | The OPES callout protocol MUST enable an OPES processor and a callout | |||
| server to perform multiple callout transactions over a callout | server to perform multiple callout transactions over a callout | |||
| connection. Additionally, the callout protocol MUST provide a method | connection. Additionally, the callout protocol MUST provide a method | |||
| to associate callout transactions with callout connections. A | of associating callout transactions with callout connections. A | |||
| callout connection is defined as a logical connection at the | callout connection is defined as a logical connection at the | |||
| application-layer between an OPES processor and a callout server. A | application-layer between an OPES processor and a callout server. A | |||
| callout connection MAY have certain parameters associated with it, | callout connection MAY have certain parameters associated with it, | |||
| for example parameters that control the fail-over behavior of | for example parameters that control the fail-over behavior of | |||
| connection endpoints. Callout connection-specific parameters MAY be | connection endpoints. Callout connection-specific parameters MAY be | |||
| negotiated between OPES processors and callout servers (see Section | negotiated between OPES processors and callout servers (see Section | |||
| 3.12). | 3.12). | |||
| The OPES callout protocol MAY choose to multiplex multiple callout | The OPES callout protocol MAY choose to multiplex multiple callout | |||
| connections over a single transport-layer connection so long as a | connections over a single transport-layer connection if a flow | |||
| flow control mechanism is applied which guarantees fairness among | control mechanism that guarantees fairness among multiplexed callout | |||
| multiplexed callout connections. | connections is applied. | |||
| Callout connections MUST always be initiated by an OPES processor. A | Callout connections MUST always be initiated by an OPES processor. A | |||
| callout connection MAY be closed by either endpoint of the connection | callout connection MAY be closed by either endpoint of the | |||
| provided that doing so does not affect the normal operation of | connection, provided that doing so does not affect the normal | |||
| on-going callout transactions associated with the callout connection. | operation of on-going callout transactions associated with the | |||
| callout connection. | ||||
| 3.5 Asynchronous Message Exchange | 3.5. Asynchronous Message Exchange | |||
| The OPES callout protocol MUST support an asynchronous message | The OPES callout protocol MUST support an asynchronous message | |||
| exchange over callout connections. | exchange over callout connections. | |||
| In order to allow asynchronous processing on the OPES processor and | In order to allow asynchronous processing on the OPES processor and | |||
| callout server, it MUST be possible to separate request issuance from | callout server, it MUST be possible to separate request issuance from | |||
| response processing. The protocol MUST therefore allow multiple | response processing. The protocol MUST therefore allow multiple | |||
| outstanding callout requests and provide a method to correlate | outstanding callout requests and provide a method of correlating | |||
| callout responses to callout requests. | callout responses with callout requests. | |||
| Additionally, the callout protocol MUST enable a callout server to | Additionally, the callout protocol MUST enable a callout server to | |||
| respond to a callout request before it has received the entire | respond to a callout request before it has received the entire | |||
| request. | request. | |||
| 3.6 Message Segmentation | 3.6. Message Segmentation | |||
| The OPES callout protocol MUST allow an OPES processor to forward an | The OPES callout protocol MUST allow an OPES processor to forward an | |||
| application message to a callout server in a series of smaller | application message to a callout server in a series of smaller | |||
| message fragments. The callout protocol MUST further enable the | message fragments. The callout protocol MUST further enable the | |||
| receiving callout server to re-assemble the fragmented application | receiving callout server to re-assemble the fragmented application | |||
| message. | message. | |||
| Likewise, the callout protocol MUST enable a callout server to return | Likewise, the callout protocol MUST enable a callout server to return | |||
| an application message to an OPES processor in a series of smaller | an application message to an OPES processor in a series of smaller | |||
| message fragments. The callout protocol MUST enable the receiving | message fragments. The callout protocol MUST enable the receiving | |||
| skipping to change at page 7, line 40 | skipping to change at page 6, line 13 | |||
| fragments or chunks of an application message to a callout server as | fragments or chunks of an application message to a callout server as | |||
| it receives them from the data provider or consumer. Likewise, the | it receives them from the data provider or consumer. Likewise, the | |||
| callout server MUST be able to process and return application message | callout server MUST be able to process and return application message | |||
| fragments as it receives them from the OPES processor. | fragments as it receives them from the OPES processor. | |||
| Application message segmentation is also required if the OPES callout | Application message segmentation is also required if the OPES callout | |||
| protocol provides a flow control mechanism in order to multiplex | protocol provides a flow control mechanism in order to multiplex | |||
| multiple callout connections over a single transport-layer connection | multiple callout connections over a single transport-layer connection | |||
| (see Section 3.4). | (see Section 3.4). | |||
| 3.7 Support for Keep-Alive Mechanism | 3.7. Support for Keep-Alive Mechanism | |||
| The OPES callout protocol MUST provide a keep-alive mechanism which, | The OPES callout protocol MUST provide a keep-alive mechanism which, | |||
| if used, would allow both endpoints of a callout connection to detect | if used, would allow both endpoints of a callout connection to detect | |||
| a failure of the other endpoint even in the absence of callout | a failure of the other endpoint, even in the absence of callout | |||
| transactions. The callout protocol MAY specify that keep-alive | transactions. The callout protocol MAY specify that keep-alive | |||
| messages be exchanged over existing callout connections or a separate | messages be exchanged over existing callout connections or a separate | |||
| connection between OPES processor and callout server. The callout | connection between OPES processor and callout server. The callout | |||
| protocol MAY also specify that the use of the keep-alive mechanism is | protocol MAY also specify that the use of the keep-alive mechanism is | |||
| optional. | optional. | |||
| The detection of a callout server failure may enable an OPES | The detection of a callout server failure may enable an OPES | |||
| processor to establish a callout connection with a stand-by callout | processor to establish a callout connection with a stand-by callout | |||
| server so that future callout transactions do not result in the loss | server so that future callout transactions do not result in the loss | |||
| of application message data. The detection of the failure of an OPES | of application message data. The detection of the failure of an OPES | |||
| processor may enable a callout server to release resources which | processor may enable a callout server to release resources which | |||
| would otherwise not be available for callout transactions with other | would otherwise not be available for callout transactions with other | |||
| OPES processors. | OPES processors. | |||
| 3.8 Operation in NAT Environments | 3.8. Operation in NAT Environments | |||
| The OPES protocol SHOULD be NAT-friendly, i.e. its operation should | The OPES protocol SHOULD be NAT-friendly, i.e., its operation should | |||
| not be compromised by the presence of one or more NAT devices in the | not be compromised by the presence of one or more NAT devices in the | |||
| path between an OPES processor and a callout server. | path between an OPES processor and a callout server. | |||
| 3.9 Multiple Callout Servers | 3.9. Multiple Callout Servers | |||
| The OPES callout protocol MUST allow an OPES processor to | The OPES callout protocol MUST allow an OPES processor to | |||
| simultaneously communicate with more than one callout server. | simultaneously communicate with more than one callout server. | |||
| In larger networks, OPES services are likely to be hosted by | In larger networks, OPES services are likely to be hosted by | |||
| different callout servers. Therefore, an OPES processor will likely | different callout servers. Therefore, an OPES processor will likely | |||
| have to communicate with multiple callout servers. The protocol | have to communicate with multiple callout servers. The protocol | |||
| design MUST enable an OPES processor to do so. | design MUST enable an OPES processor to do so. | |||
| 3.10 Multiple OPES Processors | 3.10. Multiple OPES Processors | |||
| The OPES callout protocol MUST allow a callout server to | The OPES callout protocol MUST allow a callout server to | |||
| simultaneously communicate with more than one OPES processor. | simultaneously communicate with more than one OPES processor. | |||
| The protocol design MUST support a scenario in which multiple OPES | The protocol design MUST support a scenario in which multiple OPES | |||
| processors use the services of a single callout server. | processors use the services of a single callout server. | |||
| 3.11 Support for Different Application Protocols | 3.11. Support for Different Application Protocols | |||
| The OPES callout protocol SHOULD be application protocol-agnostic, | The OPES callout protocol SHOULD be application protocol-agnostic, | |||
| i.e. it SHOULD not make any assumptions about the characteristics of | i.e., it SHOULD not make any assumptions about the characteristics of | |||
| the application-layer protocol used on the data path between data | the application-layer protocol used on the data path between the data | |||
| provider and data consumer. At a minimum, the callout protocol MUST | provider and data consumer. At a minimum, the callout protocol MUST | |||
| be compatible with HTTP [5]. | be compatible with HTTP [5]. | |||
| The OPES entities on the data path may use different | The OPES entities on the data path may use different application- | |||
| application-layer protocols, including, but not limited to, HTTP [5] | layer protocols, including, but not limited to, HTTP [5] and RTP [8]. | |||
| and RTP [8]. It would be desirable to be able to use the same OPES | It would be desirable to be able to use the same OPES callout | |||
| callout protocol for any such application-layer protocol. | protocol for any such application-layer protocol. | |||
| 3.12 Capability and Parameter Negotiations | 3.12. Capability and Parameter Negotiations | |||
| The OPES callout protocol MUST support the negotiation of | The OPES callout protocol MUST support the negotiation of | |||
| capabilities and callout connection parameters between an OPES | capabilities and callout connection parameters between an OPES | |||
| processor and a callout server. This implies that the OPES processor | processor and a callout server. This implies that the OPES processor | |||
| and the callout server MUST be able to exchange their capabilities | and the callout server MUST be able to exchange their capabilities | |||
| and preferences and engage into a deterministic negotiation process | and preferences. Then they MUST be able to engage in a deterministic | |||
| at the end of which the two endpoints have either agreed on the | negotiation process that terminates either with the two endpoints | |||
| capabilities and parameters to be used for future callout | agreeing on the capabilities and parameters to be used for future | |||
| connections/transactions or determined that their capabilities are | callout connections/transactions or with a determination that their | |||
| incompatible. | capabilities are incompatible. | |||
| Capabilities and parameters that could be negotiated between an OPES | Capabilities and parameters that could be negotiated between an OPES | |||
| processor and a callout server include (but are not limited to): | processor and a callout server include (but are not limited to): | |||
| callout protocol version, fail-over behavior, heartbeat rate for | callout protocol version, fail-over behavior, heartbeat rate for | |||
| keep-alive messages, security-related parameters etc. | keep-alive messages, security-related parameters, etc. | |||
| The callout protocol MUST NOT negotiate the transport protocol to be | The callout protocol MUST NOT use negotiation to determine the | |||
| used for callout connections. The callout protocol MAY, however, | transport protocol to be used for callout connections. The callout | |||
| specify that a certain application message protocol (e.g. HTTP [5], | protocol MAY, however, specify that a certain application message | |||
| RTP [8]) requires the use of a certain transport protocol (e.g. TCP | protocol (e.g., HTTP [5], RTP [8]) requires the use of a certain | |||
| [6], SCTP [7]). | transport protocol (e.g., TCP [6], SCTP [7]). | |||
| Callout connection parameters may also pertain to the characteristics | Callout connection parameters may also pertain to the characteristics | |||
| of OPES callout services if, for example, callout connections are | of OPES callout services if, for example, callout connections are | |||
| associated with one or more specific OPES services. An OPES | associated with one or more specific OPES services. An OPES | |||
| service-specific parameter may, for example, specify which parts of | service-specific parameter may, for example, specify which parts of | |||
| an application message an OPES service requires for its operation. | an application message an OPES service requires for its operation. | |||
| Callout connection parameters MUST be negotiated on a per-callout | Callout connection parameters MUST be negotiated on a per-callout | |||
| connection basis and before any callout transactions are performed | connection basis and before any callout transactions are performed | |||
| over the corresponding callout connection. Other parameters and | over the corresponding callout connection. Other parameters and | |||
| capabilities, such as the fail-over behavior, MAY be negotiated | capabilities, such as the fail-over behavior, MAY be negotiated | |||
| between the two endpoints independently of callout connections. | between the two endpoints independently of callout connections. | |||
| The parties to a callout protocol MAY use callout connections to | The parties to a callout protocol MAY use callout connections to | |||
| negotiate all or some of their capabilities and parameters. | negotiate all or some of their capabilities and parameters. | |||
| Alternatively, a separate control connection MAY be used for this | Alternatively, a separate control connection MAY be used for this | |||
| purpose. | purpose. | |||
| 3.13 Meta Data and Instructions | 3.13. Meta Data and Instructions | |||
| The OPES callout protocol MUST provide a mechanism for the endpoints | The OPES callout protocol MUST provide a mechanism for the endpoints | |||
| of a particular callout transaction to include in callout requests | of a particular callout transaction to include metadata and | |||
| and responses meta data and instructions for the OPES processor or | instructions for the OPES processor or callout server in callout | |||
| callout server. | requests and responses. | |||
| Specifically, the callout protocol MUST enable an OPES processor to | Specifically, the callout protocol MUST enable an OPES processor to | |||
| include information about the forwarded application message in a | include information about the forwarded application message in a | |||
| callout request, e.g. in order to specify the type of the forwarded | callout request, e.g. in order to specify the type of forwarded | |||
| application message or to specify what part(s) of the application | application message or to specify what part(s) of the application | |||
| message are forwarded to the callout server. Likewise, the callout | message are forwarded to the callout server. Likewise, the callout | |||
| server MUST be able to include information about the returned | server MUST be able to include information about the returned | |||
| application message. | application message. | |||
| The OPES processor MUST further be able to include an ordered list of | The OPES processor MUST further be able to include an ordered list of | |||
| one or more uniquely specified OPES services which are to be | one or more uniquely specified OPES services which are to be | |||
| performed on the forwarded application message in the specified | performed on the forwarded application message in the specified | |||
| order. However, as the callout protocol MAY also choose to associate | order. However, as the callout protocol MAY also choose to associate | |||
| callout connections with specific OPES services, there may not be a | callout connections with specific OPES services, there may not be a | |||
| skipping to change at page 10, line 23 | skipping to change at page 8, line 43 | |||
| Additionally, the OPES callout protocol MUST allow the callout server | Additionally, the OPES callout protocol MUST allow the callout server | |||
| to indicate to the OPES processor the cacheability of callout | to indicate to the OPES processor the cacheability of callout | |||
| responses. This implies that callout responses may have to carry | responses. This implies that callout responses may have to carry | |||
| cache-control instructions for the OPES processor. | cache-control instructions for the OPES processor. | |||
| The OPES callout protocol MUST further enable the OPES processor to | The OPES callout protocol MUST further enable the OPES processor to | |||
| indicate to the callout server if it has kept a local copy of the | indicate to the callout server if it has kept a local copy of the | |||
| forwarded application message (or parts thereof). This information | forwarded application message (or parts thereof). This information | |||
| enables the callout server to determine whether the forwarded | enables the callout server to determine whether the forwarded | |||
| application message must be returned to the OPES processor even it | application message must be returned to the OPES processor, even if | |||
| has not been modified by an OPES service. | it has not been modified by an OPES service. | |||
| The OPES callout protocol MUST also allow OPES processors to comply | The OPES callout protocol MUST also allow OPES processors to comply | |||
| with the tracing requirements of the OPES architecture as laid out in | with the tracing requirements of the OPES architecture as laid out in | |||
| [1] and [3]. This implies that the callout protocol MUST enable a | [1] and [3]. This implies that the callout protocol MUST enable a | |||
| callout server to convey to the OPES processor information about the | callout server to convey to the OPES processor information about the | |||
| OPES service operations performed on the forwarded application | OPES service operations performed on the forwarded application | |||
| message. | message. | |||
| 4. Performance Requirements | 4. Performance Requirements | |||
| 4.1 Protocol Efficiency | 4.1. Protocol Efficiency | |||
| The OPES callout protocol SHOULD be efficient in that it minimizes | The OPES callout protocol SHOULD have minimal latency. For example, | |||
| the additionally introduced latency, for example by minimizing the | the size and complexity of its headers could be minimized. | |||
| protocol overhead. | ||||
| As OPES callout transactions introduce additional latency to | Because OPES callout transactions add latency to application protocol | |||
| application protocol transactions on the data path, callout protocol | transactions on the data path, callout protocol efficiency is crucial | |||
| efficiency is crucial. | to overall performance. | |||
| 5. Security Requirements | 5. Security Requirements | |||
| In the absence of any security mechanisms, sensitive information | In the absence of any security mechanisms, sensitive information | |||
| might be communicated between the OPES processor and the callout | might be communicated between the OPES processor and the callout | |||
| server in violation of either endpoint's security and privacy policy | server in violation of either endpoint's security and privacy policy, | |||
| through misconfiguration or a deliberate insider attack. By using | through misconfiguration or deliberate insider attack. By using | |||
| strong authentication, message encryption, and integrity checks, this | strong authentication, message encryption, and integrity checks, this | |||
| threat can be minimized to a smaller set of insiders and/or operator | threat can be minimized to a smaller set of insiders and/or operator | |||
| configuration errors. | configuration errors. | |||
| The OPES processor and the callout servers SHOULD have enforceable | The OPES processor and the callout servers SHOULD have enforceable | |||
| policies that limit the parties they communicate with, that determine | policies that limit the parties they communicate with and that | |||
| the protections to use based on identities of the endpoints and other | determine the protections to use based on identities of the endpoints | |||
| data (such as enduser policies). In order to enforce the policies, | and other data (such as enduser policies). In order to enforce the | |||
| they MUST be able to authenticate the callout protocol endpoints | policies, they MUST be able to authenticate the callout protocol | |||
| using cryptographic methods. | endpoints using cryptographic methods. | |||
| 5.1 Authentication, Confidentiality, and Integrity | 5.1. Authentication, Confidentiality, and Integrity | |||
| The parties to the callout protocol MUST have a sound basis for | The parties to the callout protocol MUST have a sound basis for | |||
| binding authenticated identities to the protocol endpoints, and they | binding authenticated identities to the protocol endpoints, and they | |||
| MUST verify that these identities are consistent with their security | MUST verify that these identities are consistent with their security | |||
| policies. | policies. | |||
| The OPES callout protocol MUST provide for message authentication, | The OPES callout protocol MUST provide for message authentication, | |||
| confidentiality, and integrity between the OPES processor and the | confidentiality, and integrity between the OPES processor and the | |||
| callout server. It MUST provide mutual authentication. For this | callout server. It MUST provide mutual authentication. For this | |||
| purpose, the callout protocol SHOULD use existing security | purpose, the callout protocol SHOULD use existing security | |||
| mechanisms. The callout protocol specification is not required to | mechanisms. The callout protocol specification is not required to | |||
| specify the security mechanisms, but it MAY instead refer to a | specify the security mechanisms, but it MAY instead refer to a | |||
| lower-level security protocol and discuss how its mechanisms are to | lower-level security protocol and discuss how its mechanisms are to | |||
| be used with the callout protocol. | be used with the callout protocol. | |||
| 5.2 Hop-by-Hop Confidentiality | 5.2. Hop-by-Hop Confidentiality | |||
| If end-to-end encryption is a requirement for the content path, then | If hop-by-hop encryption is a requirement for the content path, then | |||
| this confidentiality MUST be extended to the communication between | this confidentiality MUST be extended to the communication between | |||
| the OPES processor and the callout server. While it is recommended | the OPES processor and the callout server. While it is recommended | |||
| that the communication between OPES processor and callout server | that the communication between the OPES processor and callout server | |||
| always be encrypted, encryption MAY be optional if both the OPES | always be encrypted, encryption MAY be optional if both the OPES | |||
| processor and the callout server are co-located with each other in a | processor and the callout server are co-located together in a single | |||
| single administrative domain with strong confidentiality guarantees. | administrative domain with strong confidentiality guarantees. | |||
| In order to minimize data exposure, the callout protocol MUST use a | In order to minimize data exposure, the callout protocol MUST use a | |||
| different encryption key for each encrypted content stream. | different encryption key for each encrypted content stream. | |||
| 5.3 Operation Across Un-trusted Domains | 5.3. Operation Across Untrusted Domains | |||
| The OPES callout protocol MUST operate securely across un-trusted | ||||
| The OPES callout protocol MUST operate securely across untrusted | ||||
| domains between the OPES processor and the callout server. | domains between the OPES processor and the callout server. | |||
| If the communication channels between the OPES processor and callout | If the communication channels between the OPES processor and callout | |||
| server cross outside of the organization taking responsibility for | server cross outside of the organization which is responsible for the | |||
| the OPES services, then endpoint authentication and message | OPES services, then endpoint authentication and message protection | |||
| protection (confidentiality and integrity) MUST be used. | (confidentiality and integrity) MUST be used. | |||
| 5.4 Privacy | 5.4. Privacy | |||
| Any communication carrying information relevant to privacy policies | Any communication carrying information relevant to privacy policies | |||
| MUST protect the data using encryption. | MUST protect the data using encryption. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| The security requirements for the OPES callout protocol are discussed | The security requirements for the OPES callout protocol are discussed | |||
| in Section 5. | in Section 5. | |||
| Normative References | 7. References | |||
| [1] Barbir, A., "An Architecture for Open Pluggable Edge Services | 7.1. Normative References | |||
| (OPES)", draft-ietf-opes-architecture-04 (work in progress), | ||||
| December 2002. | [1] Barbir, A., Penno, R., Chen, R., Hofmann, M., and H. Orman, "An | |||
| Architecture for Open Pluggable Edge Services (OPES)", RFC 3835, | ||||
| August 2004. | ||||
| [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement | [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement | |||
| Levels", RFC 2119, March 1997. | Levels", BCP 14, RFC 2119, March 1997. | |||
| [3] Floyd, S. and L. Daigle, "IAB Architectural and Policy | [3] Floyd, S. and L. Daigle, "IAB Architectural and Policy | |||
| Considerations for Open Pluggable Edge Services", RFC 3238, | Considerations for Open Pluggable Edge Services", RFC 3238, | |||
| January 2002. | January 2002. | |||
| [4] Floyd, S., "Congestion Control Principles", BCP 41, RFC 2914, | [4] Floyd, S. and L. Daigle, "IAB Architectural and Policy | |||
| September 2000. | Considerations for Open Pluggable Edge Services", RFC 3238, | |||
| January 2002. | ||||
| [5] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., Masinter, L., | [5] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., | |||
| Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- | Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- | |||
| HTTP/1.1", RFC 2616, June 1999. | HTTP/1.1", RFC 2616, June 1999. | |||
| Informative References | 7.2. Informative References | |||
| [6] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, | [6] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, | |||
| September 1981. | September 1981. | |||
| [7] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, | [7] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, | |||
| H., Taylor, T., Rytina, I., Kalla, M., Zhang, L. and V. Paxson, | H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., and V. Paxson, | |||
| "Stream Control Transmission Protocol", RFC 2960, October 2000. | "Stream Control Transmission Protocol", RFC 2960, October 2000. | |||
| [8] Schulzrinne, H., Casner, S., Frederick, R. and V. Jacobson, | [8] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, | |||
| "RTP: A Transport Protocol for Real-Time Applications", RFC | "RTP: A Transport Protocol for Real-Time Applications", RFC | |||
| 1889, January 1996. | 3550, July 2003. | |||
| Authors' Addresses | 8. Acknowledgments | |||
| Parts of this document are based on previous work by Anca Dracinschi | ||||
| Sailer, Volker Hilt, and Rama R. Menon. | ||||
| The authors would like to thank the participants of the OPES WG for | ||||
| their comments on this document. | ||||
| 9. Authors' Addresses | ||||
| Andre Beck | Andre Beck | |||
| Lucent Technologies | Lucent Technologies | |||
| 101 Crawfords Corner Road | 101 Crawfords Corner Road | |||
| Holmdel, NJ 07733 | Holmdel, NJ 07733 | |||
| US | US | |||
| EMail: abeck@bell-labs.com | EMail: abeck@bell-labs.com | |||
| Markus Hofmann | Markus Hofmann | |||
| skipping to change at page 17, line 4 | skipping to change at page 12, line 30 | |||
| US | US | |||
| Phone: +1 732 332 5983 | Phone: +1 732 332 5983 | |||
| EMail: hofmann@bell-labs.com | EMail: hofmann@bell-labs.com | |||
| Hilarie Orman | Hilarie Orman | |||
| Purple Streak Development | Purple Streak Development | |||
| EMail: ho@alum.mit.edu | EMail: ho@alum.mit.edu | |||
| URI: http://www.purplestreak.com | URI: http://www.purplestreak.com | |||
| Reinaldo Penno | Reinaldo Penno | |||
| Nortel Networks | Nortel Networks | |||
| 2305 Mission College Boulevard | 600 Technology Park Drive | |||
| San Jose, CA 95134 | Billerica, MA 01821 | |||
| US | US | |||
| EMail: rpenno@nortelnetworks.com | EMail: rpenno@nortelnetworks.com | |||
| Andreas Terzis | Andreas Terzis | |||
| Individual Consultant | Computer Science Department | |||
| 150 Golf Course Dr. | Johns Hopkins University | |||
| Rohnert Park, CA 94928 | 3400 North Charles Street, 224 NEB | |||
| US | Baltimore, MD 21218 | |||
| Phone: +1 707 586 8864 | ||||
| EMail: aterzis@sbcglobal.net | ||||
| Appendix A. Acknowledgments | ||||
| This document is based in parts on previous work by Anca Dracinschi | ||||
| Sailer, Volker Hilt, and Rama R. Menon. | ||||
| The authors would like to thank the participants of the OPES WG for | ||||
| their comments on this draft. | ||||
| Appendix B. Change Log | ||||
| Changes from draft-ietf-opes-protocol-reqs-02.txt | ||||
| o Re-ordered some sections in the functional requirements part of | ||||
| the draft | ||||
| o Clarified in Section 3.3 what callout requests and responses must/ | ||||
| may contain | ||||
| o Removed reference to explicit and implicit mechanism of | ||||
| terminating a callout transaction prematurely in Section 3.3 | ||||
| o Added reference to RFC 2914 in congestion avoidance requirement in | ||||
| Section 3.2 | ||||
| o Added language that states that existing solutions should be used | ||||
| to achieve congestion avoidance and ordered/unordered reliability | ||||
| in Section 3.2 and Section 3.1 | ||||
| o Clarified concept of callout connections (previously referred to | ||||
| as "callout channels") in Section 3.4 | ||||
| o Added statement about the possibility of multiplexing multiple | ||||
| callout connections over a transport connection to Section 3.4 | ||||
| o Clarified in Section 3.7 that use of a keep-alive mechanism is | ||||
| optional | ||||
| o Replaced "MUST" with "SHOULD" in OCP requirement to be application | ||||
| protocol-agnostic in Section 3.11, added explicit requirement to | ||||
| support HTTP | ||||
| o Removed "transport protocol" from list of callout parameters which | ||||
| may be negotiated, added suggestion to pick transport protocol | ||||
| depending on the application protocol in Section 3.12. | ||||
| o Explained that application message segementation is also necessary | ||||
| for multiplexing callout connections over transport connections in | ||||
| Section 3.6 | ||||
| o Added statement to Section 5.2 that encryption between OPES | ||||
| processor and callout server may be optional if they are | ||||
| co-located with each other in a single administrative domain | ||||
| Changes from draft-ietf-opes-protocol-reqs-01.txt | ||||
| o Reworded and clarified several statements of the draft | ||||
| Changes from draft-ietf-opes-protocol-reqs-00.txt | Phone: +1 410 516 5847 | |||
| EMail: terzis@cs.jhu.edu | ||||
| o Aligned terminology with [1] | 10. Full Copyright Statement | |||
| o Clarified in Section 3.13 that OCP requests not only have to | Copyright (C) The Internet Society (2004). This document is subject | |||
| identify one or more OPES services, but also the order in which | to the rights, licenses and restrictions contained in BCP 78, and | |||
| the services are to be executed | except as set forth therein, the authors retain all their rights. | |||
| o Removed requirement from Section 4.1 that OCP must satisfy | This document and the information contained herein are provided on an | |||
| performance requirements of the application-layer protocol used | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| between data consumer and provider | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ||||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | ||||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Intellectual Property Statement | Intellectual Property | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| intellectual property or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; neither does it represent that it | might or might not be available; nor does it represent that it has | |||
| has made any effort to identify any such rights. Information on the | made any independent effort to identify any such rights. Information | |||
| IETF's procedures with respect to rights in standards-track and | on the procedures with respect to rights in RFC documents can be | |||
| standards-related documentation can be found in BCP-11. Copies of | found in BCP 78 and BCP 79. | |||
| claims of rights made available for publication and any assurances of | ||||
| licenses to be made available, or the result of an attempt made to | Copies of IPR disclosures made to the IETF Secretariat and any | |||
| obtain a general license or permission for the use of such | assurances of licenses to be made available, or the result of an | |||
| proprietary rights by implementors or users of this specification can | attempt made to obtain a general license or permission for the use of | |||
| be obtained from the IETF Secretariat. | such proprietary rights by implementers or users of this | |||
| specification can be obtained from the IETF on-line IPR repository at | ||||
| http://www.ietf.org/ipr. | ||||
| The IETF invites any interested party to bring to its attention any | The IETF invites any interested party to bring to its attention any | |||
| copyrights, patents or patent applications, or other proprietary | copyrights, patents or patent applications, or other proprietary | |||
| rights which may cover technology that may be required to practice | rights that may cover technology that may be required to implement | |||
| this standard. Please address the information to the IETF Executive | this standard. Please address the information to the IETF at ietf- | |||
| Director. | ipr@ietf.org. | |||
| Full Copyright Statement | ||||
| Copyright (C) The Internet Society (2002). All Rights Reserved. | ||||
| This document and translations of it may be copied and furnished to | ||||
| others, and derivative works that comment on or otherwise explain it | ||||
| or assist in its implementation may be prepared, copied, published | ||||
| and distributed, in whole or in part, without restriction of any | ||||
| kind, provided that the above copyright notice and this paragraph are | ||||
| included on all such copies and derivative works. However, this | ||||
| document itself may not be modified in any way, such as by removing | ||||
| the copyright notice or references to the Internet Society or other | ||||
| Internet organizations, except as needed for the purpose of | ||||
| developing Internet standards in which case the procedures for | ||||
| copyrights defined in the Internet Standards process must be | ||||
| followed, or as required to translate it into languages other than | ||||
| English. | ||||
| The limited permissions granted above are perpetual and will not be | ||||
| revoked by the Internet Society or its successors or assignees. | ||||
| This document and the information contained herein is provided on an | ||||
| "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING | ||||
| TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING | ||||
| BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION | ||||
| HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF | ||||
| MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Acknowledgement | Acknowledgement | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | |||
| Internet Society. | Internet Society. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||