TOC |
|
TOC |
TOC |
APEX I-Ds:
BEEP RFCs 3080, 3081
Instant Messaging memos:
TOC |
Five distinguishing characteristics:
For example:
Messaging applications vary considerably in their operational requirements, e.g., timeliness, reliability, determinism, etc.
These features come at a cost, in terms of both infrastructure and configuration complexity
The underlying service must be extensible to support different requirements in a consistent manner
TOC |
APEX is about "application-layer relaying"
Looks like the email model:
The APEX model is:
The APEX model is option-driven, allowing:
APEX provides:
The default mode:
The mesh's behavior is modified by self-contained options,
TOC |
+-------------+ | APEX | an APEX process is either: | process | +-------------+ - an application attached | | as an APEX endpoint; or, | APEX | | | - an APEX relay +-------------+ | | APEX services are realized as | BEEP | applications having a special | | relationship with the APEX +-------------+ relays in their administrative | TCP/IP | domain +-------------+ | ... | +-------------+
TOC |
administrative domain #1 administrative domain #2 +--------------------------+ +--------------------------+ | +------+ | | +------+ | | | | | | | | | | | appl | | | | appl | | | | | | | | | | | +......+ +------+ | | +------+ +......+ | | | | | | | | | | | | | | |end- | |relay | | | |relay | |end- | | | | point| | | | | | | | point| | | +------+ +------+ | | +------+ +------+ | | | | | | | | | | | | | | | APEX | | APEX | | | | APEX | | APEX | | | | | | | | | | | | | | | +------+ +------+ | | +------+ +------+ | | || || || | | || || || | | =========== ================ =========== | +--------------------------+ +--------------------------+ | <-- APEX relaying mesh --> |
TOC |
Two modes of operation: endpoint-relay and relay-relay
Both modes are peer-to-peer:
Endpoints have names, i.e., "local@domain"
The local-part prefix "apex=" is reserved for APEX services
Relays aren't named, per se
Relays are located using the SRV algorithm:
TOC |
Applications attach as endpoints, 1:N by default
Relays bind on behalf of administrative domains (FQDNs)
Both exchange datagrams (termed "data")
APEX access policies are used for:
The APEX access service is used for:
TOC |
Envelope contains:
The content is a MIME object, with optimization for XML objects
The URI is usually internal, but can be external
TOC |
C: MSG 1 1 . 42 1234 C: Content-Type: multipart/related; boundary="boundary"; C: start="<1@example.com>"; C: type="application/beep+xml" C: C: --boundary C: Content-Type: application/beep+xml C: Content-ID: <1@example.com> C: C: <data content='cid:2@example.com'> C: <originator identity='fred@example.com' /> C: <recipient identity='barney@example.com' /> C: </data> C: --boundary C: Content-Type: image/gif C: Content-Transfer-Encoding: binary C: Content-ID: <2@example.com> C: C: ... C: --boundary-- C: END
TOC |
C: MSG 1 1 . 42 295 C: Content-Type: application/beep+xml C: C: <data content='#Content'> C: <originator identity='fred@example.com' /> C: <recipient identity='barney@example.com' /> C: <data-content Name='Content'> C: <statusResponse transID='86'> C: <destination identity='barney@example.com'> C: <reply code='250' /> C: </destination> C: <statusResponse> C: </data-content> C: </data> C: END
TOC |
Options may be present on any operation:
<!ELEMENT option ANY> <!ATTLIST option internal NMTOKEN "" external %URI; "" targetHop (this|final|all) "final" seeNoEvil (true|false) "true" transID %UNIQID; #REQUIRED localize %LOCS; "i-default">
One option defined: statusRequest
TOC |
Applications attach as endpoints
Access policy maps peer identities to allowed endpoints
Options modify behavior, e.g., FCFS by default
TOC |
Relays bind on behalf of domains
Reponding peer does SRV lookup/comparison
Access policy maps peer identities to allowed domains
Options modify behavior
TOC |
Access policy maps APEX role to allowed originators
Data-specific options are processed
Fast OK returned
Originator-specific options are processed
Each recipient processed:
Relays may optimize "like" recipients by bundling
TOC |
APEX distinguishes between hop-by-hop and end-to-end
Hop-by-hop:
End-to-End: endpoints chose standards for:
TOC |
Sufficient for authentication, integrity, and confidentiality
Sufficient to support authorization (APEX access policies)
Necessary, but not sufficient, for relaying integrity
Insufficient for some forms of traffic analysis,
TOC |
+----------+ +----------+ +----------+ | APEX | | APEX | | | | report | | access | | ... | | service | | service | | | +----------+ +----------+ +----------+ | | | | | | +----------------------------------------------+ | | | APEX core | | | +----------------------------------------------+
Identified by an endpoint starting with "apex="
TOC |
Triggered by a relaying seeing a "statusRequest" option,
"targetHop" attribute can be used for traceroute-like functionality
<data content='#Content'> <originator identity='apex=report@example.com' /> <recipient identity='fred@example.com' /> <data-content Name='Content'> <statusResponse transID='86'> <destination identity='barney@example.com'> <reply code='250' /> </destination> </statusResponse> </data-content> </data>
TOC |
Controls access for endpoint reception of data
Controls access to other APEX services
<access owner='fred@example.com' lastUpdate='14 May 2000 13:02:00 -0800'> <entry actor='wilma@example.com' actions='all:all' /> <entry actor='mr.slate@example.com' actions='core:data' /> <entry actor='*@example.com' actions='core:data presence:subscribe presence:watch' /> <entry actor='*@*' actions='core:data' /> </access>
Two operations:
get -> access entry or error set -> reply (confirmation or error)
Simple spin-lock to avoid write-write conflicts
TOC |
Repository for rendezvous information
<presence publisher='fred@example.com' lastUpdate='14 May 2000 13:02:00 -0800' publisherInfo='http://www.example.com/fred/'> <tuple destination='apex:fred/appl=im@example.com' availableUntil='14 May 2000 14:02:00 -0800' /> <tuple destination='mailto:fred@flintstone.com' availableUntil='31 Dec 2525 23:59:59 -0800' /> </presence>
Four operations:
subscribe -> event-driven notifications or error publish -> reply (confirmation or error) watch -> reply, followed by event-driven notifications terminate -> reply
Subscribe and watch are duration-based services:
Simple spin-lock to avoid write-write conflicts
TOC |
The Working Group: apexwg@invisible.net
To subscribe: apexwg-request@invisible.net
Archives: http://lists.invisible.net/pipermail/apexwg/