draft-ietf-repute-media-type-04.txt   draft-ietf-repute-media-type-05.txt 
REPUTE Working Group N. Borenstein REPUTE Working Group N. Borenstein
Internet-Draft Mimecast Internet-Draft Mimecast
Intended status: Standards Track M. Kucherawy Intended status: Standards Track M. Kucherawy
Expires: May 17, 2013 November 13, 2012 Expires: May 23, 2013 November 19, 2012
A Media Type for Reputation Interchange A Media Type for Reputation Interchange
draft-ietf-repute-media-type-04 draft-ietf-repute-media-type-05
Abstract Abstract
This document defines a media type for exchanging reputation This document defines a media type for exchanging reputation
information about an arbitrary class of object. information about an arbitrary class of object.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 31 skipping to change at page 1, line 31
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 17, 2013. This Internet-Draft will expire on May 23, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 10 skipping to change at page 4, line 10
The body of the media type consists of a JSON document that contains The body of the media type consists of a JSON document that contains
the reputation information requested. A detailed description of the the reputation information requested. A detailed description of the
expected structure of the reply is provided below. expected structure of the reply is provided below.
3.1. Reputon Keys 3.1. Reputon Keys
The key pieces of data found in a reputon for all reputation The key pieces of data found in a reputon for all reputation
applications are defined as follows: applications are defined as follows:
RATER: The identity of the entity providing the reputation rater: The identity of the entity providing the reputation
information, typically expressed as a DNS domain name. information, typically expressed as a DNS domain name.
ASSERTION: A keyword indicating the specific assertion or claim assertion: A keyword indicating the specific assertion or claim
being rated. In the absence of an "app" parameter on the media being rated. In the absence of an "app" parameter on the media
type, the reputon can only indicate generic goodness, with the type, the reputon can only indicate generic goodness, with the
default assertion "IS-GOOD," but each application is expected to default assertion "is-good", but each application is expected to
define additional ASSERTIONs. define additional assertions.
RATED: The identity of the entity being rated. The nature of this rated: The identity of the entity being rated. The nature of this
field is application-specific; it could be domain names, email field is application-specific; it could be domain names, email
addresses, driver's license numbers, or anything that uniquely addresses, driver's license numbers, or anything that uniquely
identifies the entity being rated. Documents that define specific identifies the entity being rated. Documents that define specific
reputation applications are required to define syntax and reputation applications are required to define syntax and
semantics for this field. semantics for this field.
RATING: The overall rating score for that entity, expressed as a rating: The overall rating score for that entity, expressed as a
floating-point number between 0.0 and 1.0 inclusive. See floating-point number between 0.0 and 1.0 inclusive. See
Section 4 for discussion. Section 4 for discussion.
The following are OPTIONAL for all applications, to be used in The following are OPTIONAL for all applications, to be used in
contexts where they are appropriate: contexts where they are appropriate:
CONFIDENCE: The level of confidence the reputation provider has in confidence: The level of confidence the reputation provider has in
the value presented being accurate, expressed as a floating-point the value presented being accurate, expressed as a floating-point
number between 0.0 and 1.0 inclusive. number between 0.0 and 1.0 inclusive.
RATER-AUTHENTICITY: The level of confidence in that identity being rater-authenticity: The level of confidence in that identity being
genuine, expressed as a floating-point number between 0.0 and 1.0 genuine, expressed as a floating-point number between 0.0 and 1.0
inclusive. inclusive.
SAMPLE-SIZE: The number of data points used to compute that score, sample-size: The number of data points used to compute that score,
possibly an approximation. Expressed as an unsigned 64-bit possibly an approximation. Expressed as an unsigned 64-bit
integer. The units are deliberately not specified, since not all integer. The units are deliberately not specified, since not all
reputation service providers will collect data the same way. reputation service providers will collect data the same way.
Consumers will need to determine out-of-band the units being Consumers will need to determine out-of-band the units being
reported and apply this value accordingly within their local reported and apply this value accordingly within their local
policies. policies.
UPDATED: A timestamp indicating when this value was generated. updated: A timestamp indicating when this value was generated.
Expressed as the number of seconds since January 1, 1970 00:00 Expressed as the number of seconds since January 1, 1970 00:00
UTC. UTC.
A particular application that registers itself with IANA MAY also A particular application that registers itself with IANA MAY also
define additional application-specific attribute/value pairs beyond define additional application-specific attribute/value pairs beyond
these standard ones. these standard ones.
Further, particular application service providers MAY provide local Further, particular application service providers MAY provide local
extensions to registered applications. Syntax for these will need to extensions to registered applications. Syntax for these will need to
be specified and accommodated privately between clients and servers. be specified and accommodated privately between clients and servers.
skipping to change at page 5, line 33 skipping to change at page 5, line 33
Thus, the following simple example: Thus, the following simple example:
Content-type: application/reputon+json Content-type: application/reputon+json
{ {
"reputon": "reputon":
{ {
"rater": "RatingsRUs.example.com", "rater": "RatingsRUs.example.com",
"rater-authenticity": 1.0, "rater-authenticity": 1.0,
"assertion": "IS-GOOD", "assertion": "is-good",
"rated": "Alex Rodriguez", "rated": "Alex Rodriguez",
"rating": 0.99, "rating": 0.99,
"sample-size": 50000 "sample-size": 50000
} }
} }
...indicates we are absolutely sure (1.0) that the entity ...indicates we are absolutely sure (1.0) that the entity
"RatingsRUs.example.com" consolidated 50000 data points (perhaps from "RatingsRUs.example.com" consolidated 50000 data points (perhaps from
everyone in Yankee Stadium) and concluded that Alex Rodriguez is very everyone in Yankee Stadium) and concluded that Alex Rodriguez is very
very good (0.99) at something. It doesn't tell us what he's good at, very good (0.99) at something. It doesn't tell us what he's good at,
skipping to change at page 6, line 12 skipping to change at page 6, line 12
A more sophisticated usage would define a baseball application with a A more sophisticated usage would define a baseball application with a
response set of specific assertions, so that this example: response set of specific assertions, so that this example:
Content-type: application/reputon+json; app="baseball" Content-type: application/reputon+json; app="baseball"
{ {
"reputon": "reputon":
{ {
"rater": "baseball-reference.example.com", "rater": "baseball-reference.example.com",
"rater-authenticity": 1.0, "rater-authenticity": 1.0,
"assertion": "HITS-FOR-POWER", "assertion": "hits-for-power",
"rated": "Alex Rodriguez", "rated": "Alex Rodriguez",
"rating": 0.99, "rating": 0.99,
"sample-size": 50000 "sample-size": 50000
} }
} }
...would indicate that 50000 fans polled by the entity baseball- ...would indicate that 50000 fans polled by the entity baseball-
reference.example.com rate A-Rod very highly in hitting for power, reference.example.com rate A-Rod very highly in hitting for power,
whereas this example: whereas this example:
Content-type: application/reputon+json; app="baseball" Content-type: application/reputon+json; app="baseball"
{ {
"reputon": "reputon":
{ {
"RATER": "baseball-reference.example.com", "rater": "baseball-reference.example.com",
"RATER-AUTHENTICITY": 1.0, "rater-authenticity": 1.0,
"ASSERTION": "CLUTCH-HITTER", "assertion": "clutch-hitter",
"RATED": "Alex Rodriguez", "rated": "Alex Rodriguez",
"RATING": 0.4, "rating": 0.4,
"SAMPLE-SIZE": 50000 "sample-size": 50000
} }
} }
...would indicate that a similar poll indicated a somewhat weaker ...would indicate that a similar poll indicated a somewhat weaker
consensus that A-Rod tends to choke in critical baseball situations. consensus that A-Rod tends to choke in critical baseball situations.
In practice, most usage of reputons is expected to make use of the In practice, most usage of reputons is expected to make use of the
"app" parameter to target an application-specific set of assertions. "app" parameter to target an application-specific set of assertions.
3.3. Example Reply 3.3. Example Reply
skipping to change at page 7, line 12 skipping to change at page 7, line 12
The following is an example reputon generated using this schema, The following is an example reputon generated using this schema,
including the media type definition line: including the media type definition line:
Content-Type: application/reputon+json; app="email-id" Content-Type: application/reputon+json; app="email-id"
{ {
"reputon": "reputon":
{ {
"rater": "rep.example.net", "rater": "rep.example.net",
"rater-authenticity": 0.95, "rater-authenticity": 0.95,
"assertion": "SPAM", "assertion": "spam",
"identity": "DKIM", "identity": "dkim",
"rated": "example.com", "rated": "example.com",
"rating": 0.012, "rating": 0.012,
"sample-size": 16938213, "sample-size": 16938213,
"updated": 1317795852 "updated": 1317795852
} }
} }
Here, reputation agent "rep.example.net" is asserting within the Here, reputation agent "rep.example.net" is asserting within the
context of the "email-id" application that "example.com" appears to context of the "email-id" application that "example.com" appears to
be associated with spam 1.2% of the time, based on just short of 17 be associated with spam 1.2% of the time, based on just short of 17
skipping to change at page 7, line 37 skipping to change at page 7, line 37
some more specific semantics for the "rating" value. In this case, some more specific semantics for the "rating" value. In this case,
the extension is used to show the identity "example.com", the subject the extension is used to show the identity "example.com", the subject
of the query, is extracted from the analyzed messages using the of the query, is extracted from the analyzed messages using the
[DKIM] "d=" parameter for messages where signatures validate. The [DKIM] "d=" parameter for messages where signatures validate. The
reputation agent is 95% confident of this result. (See reputation agent is 95% confident of this result. (See
[I-D.REPUTE-EMAIL-IDENTIFIERS] for details about the registered email [I-D.REPUTE-EMAIL-IDENTIFIERS] for details about the registered email
identifiers application.) identifiers application.)
4. Scores 4. Scores
The score presented as the value in the RATING parameter appears as a The score presented as the value in the rating parameter appears as a
floating point value between 0.0 and 1.0 inclusive. The intent is floating point value between 0.0 and 1.0 inclusive. The intent is
that the definition of an assertion within an application will that the definition of an assertion within an application will
declare what the anchor values 0.0 and 1.0 specifically mean. declare what the anchor values 0.0 and 1.0 specifically mean.
Generally speaking, 1.0 implies full agreement with the assertion, Generally speaking, 1.0 implies full agreement with the assertion,
while 0.0 indicates no support for the assertion. while 0.0 indicates no support for the assertion.
The definition will also specify the type of scale in use when The definition will also specify the type of scale in use when
generating scores, to which all reputation service providers for that generating scores, to which all reputation service providers for that
application space must adhere. This will allow a client to change application space must adhere. This will allow a client to change
which reputation service provider is being queried for a given which reputation service provider is being queried for a given
 End of changes. 17 change blocks. 
24 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/