DECADE WG Meeting Minutes
IETF 82, Taipei, Nov. 17
Chairs: Haibin Song, Richard Woundy
Attendance: 25 people
Notes taker: Richard Alimi

Audio archive can be found at http://www.ietf.org/audio/ietf82/ietf82-101c-20111115-1706-pm.mp3

(Audio offset: 14:28)
Comments on Agenda (Chairs)

Rich Woundy: We are nearing the completion of WG items; later presentations (after Integration Examples) represent future work for the WG (e.g., after rechartering).

Status of Drafts (Chairs)

No comments from room

(Audio offset: 20:17) 
Presentation: Integration Examples (Danhua Wang)

Rich Alimi: Why are tokens presented to DECADE?
Danhua: Not sure.

Akbar Rahman: Does the portal speak DECADE?
Danhua: No - it is not a DECADE client or server; only offers address of DECADE server to client.
Haibin Song: It is a DECADE client since it uploads objects to server (when uploaded).
Ning Zong: Portal provides service to applications; it is an interface on top of DECADE server.

Rich Woundy: Note that this is more than just a CDN.
Rich Alimi: It might be useful to extend to multiple ISPs since that is where there is more of a benefit to ALTO.

Akbar Rahman: Agree this is useful. What does it mean ※supply transmit bandwidth§?
Danhua: I am presenting for others; can ask authors of draft.
Akbar Rahman: I will go to the mailing list.

(Audio offset:    32:10)
Charter Text (WG Chairs)

(no comments)

(Audio offset:   37:40)
Presentation: ※ni§ names (Stephen Farrell)

Rich Woundy: How might websec use this?
Stephen: There is a proposal for websec to do certificate pinning in the HTTP header.

(Audio offset: 46:45)
Presentation: Design considerations for a SDT (Dirk)

Rich Alimi: Can you be more specific about ※DRP scheme§?
Dirk: There is one token format, and one protocol to initiate communication with DECADE server.

Rich Alimi: There is an issue if the locator has scheme that implies SDT (may not know protocol until client connects to DECADE server).
Dirk: Yes

Akbar: Is ※ni§ a scheme?
Dirk: yes
Akbar: What part is ※decade-loc§?
Dirk: It is a parameter that allows you to refer client to a specific DECADE server.
Akbar: Would you do DNS resolution on the whole ※ni§ part?
Dirk: DNS resolution is done on ※decade-loc§ param.

Haibin: Why is there a content type? DECADE server is application agnostic.
Dirk: It may be useful for applications; ※ni§ can do it but we don＊t have to use it.
Haibin: The server doesn＊t have to be aware of content type?
Dirk: Correct.

Rich Alimi: You might think about ※batching§ going forward (was raised on mailing list).
Dirk: Perhaps can use http pipelining.

Rich Woundy: Can you discuss the modularity concept further?
Dirk: The server advertises capabilities, and the client picks what is needed.  Modules are mostly independent 每 the server decides which to support or not.

Rich Woundy: Is there a baseline set of modules?
Dirk: There is a minimal set of features; need to look back at specifics.

Rich Alimi: Perhaps we use containers as ※views§ since each user has its own view into objects available to it at a server.
Dirk: Yes - can be an internal detail of DECADE server.

Akbar: Why is it just an implementation issue?
Dirk: HTTP server can have mapping from URIs to other URIs at same server.

Stephen Farrell: is there really just 2^31 objects per enterprise?
Dirk: Yes.

Rich Woundy: Looking at the CDMI spec, the object ID has 32 bytes where bytes are hexadecimal version of id.

(Audio offset:  79:00)
Presentation: DECADE Protocol (Danhua Wang)

Danhua: Can we implement anything in a token that could in an ACL?
Rich Alimi: I think yes as long as client can check same parameters that the ACL could.
Rich Woundy: Permissions may change over time. By granting a token you have ceded control to the client; then updating the ACL at the server may not matter after that.
Rich Alimi: You can probably handle that by token revocation.

Akbar: Associating a token with an IP address can be problematic - it can change.
Rich Alimi: Users can cheat anyways (just forward data offline). You can prevent re-use by using limited-use tokens.

[ NOTE: didn＊t quite get the following exchange - may be inaccurate ]
Haibin: Could we protect it with a password?
Stephen Farrell: That is still not really secure - e.g., with wireless sniffing.

(Audio offset:  90:35)
Presentation: Content Replication (Ning Zong)

Dirk: May be worth seeing how inline the content routing idea is with the DECADE requirements; do we need the remote get?
Ning: We are open to discuss it.

(Audio offset: 101:35)
Wrapup (Chairs)

Expert reviewers for integration examples: Akbar, Rich Alimi, Ning Zong
Timeline: reviews done by Dec 5th