idnits 2.17.1 draft-ietf-cdni-metadata-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 21, 2016) is 2951 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Object' is mentioned on line 342, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO3166-1' ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 5861 ** Downref: Normative reference to an Informational RFC: RFC 6707 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7525 (Obsoleted by RFC 9325) == Outdated reference: A later version (-15) exists of draft-ietf-cdni-control-triggers-12 == Outdated reference: A later version (-20) exists of draft-ietf-cdni-redirection-17 -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7540 (Obsoleted by RFC 9113) Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group B. Niven-Jenkins 3 Internet-Draft R. Murray 4 Intended status: Standards Track Velocix (Alcatel-Lucent) 5 Expires: September 22, 2016 M. Caulfield 6 Cisco Systems 7 K. Ma 8 Ericsson 9 March 21, 2016 11 CDN Interconnection Metadata 12 draft-ietf-cdni-metadata-13 14 Abstract 16 The Content Delivery Networks Interconnection (CDNI) metadata 17 interface enables interconnected Content Delivery Networks (CDNs) to 18 exchange content distribution metadata in order to enable content 19 acquisition and delivery. The CDNI metadata associated with a piece 20 of content provides a downstream CDN with sufficient information for 21 the downstream CDN to service content requests on behalf of an 22 upstream CDN. This document describes both a base set of CDNI 23 metadata and the protocol for exchanging that metadata. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in RFC 2119 [RFC2119]. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on September 22, 2016. 48 Copyright Notice 50 Copyright (c) 2016 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 66 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 67 1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 5 68 2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 6 69 3. CDNI Metadata object model . . . . . . . . . . . . . . . . . 7 70 3.1. HostIndex, HostMatch, HostMetadata, PathMatch, 71 PatternMatch and PathMetadata objects . . . . . . . . . . 8 72 3.2. Generic CDNI Metadata Objects . . . . . . . . . . . . . . 10 73 3.3. Metadata Inheritance and Override . . . . . . . . . . . . 13 74 4. CDNI Metadata objects . . . . . . . . . . . . . . . . . . . . 14 75 4.1. Definitions of the CDNI structural metadata objects . . . 15 76 4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 15 77 4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 16 78 4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 17 79 4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 18 80 4.1.5. PatternMatch . . . . . . . . . . . . . . . . . . . . 19 81 4.1.6. PathMetadata . . . . . . . . . . . . . . . . . . . . 20 82 4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 21 83 4.2. Definitions of the initial set of CDNI Generic Metadata 84 objects . . . . . . . . . . . . . . . . . . . . . . . . . 23 85 4.2.1. SourceMetadata . . . . . . . . . . . . . . . . . . . 23 86 4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 24 87 4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 25 88 4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 27 89 4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 27 90 4.2.3. TimeWindowACL . . . . . . . . . . . . . . . . . . . . 28 91 4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 29 92 4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 30 93 4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 31 94 4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 32 95 4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 32 96 4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 33 97 4.2.7. Auth . . . . . . . . . . . . . . . . . . . . . . . . 34 98 4.2.8. Grouping . . . . . . . . . . . . . . . . . . . . . . 35 99 4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 35 100 4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 36 101 4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 37 102 4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 37 103 4.3.4. Time . . . . . . . . . . . . . . . . . . . . . . . . 38 104 4.3.5. IPv4CIDR . . . . . . . . . . . . . . . . . . . . . . 38 105 4.3.6. IPv6CIDR . . . . . . . . . . . . . . . . . . . . . . 38 106 4.3.7. ASN . . . . . . . . . . . . . . . . . . . . . . . . . 38 107 4.3.8. CountryCode . . . . . . . . . . . . . . . . . . . . . 39 108 5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 39 109 6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 39 110 6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 40 111 6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 41 112 6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 42 113 6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 42 114 6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 43 115 6.6. Metadata Enforcement . . . . . . . . . . . . . . . . . . 44 116 6.7. Metadata Conflicts . . . . . . . . . . . . . . . . . . . 44 117 6.8. Versioning . . . . . . . . . . . . . . . . . . . . . . . 45 118 6.9. Media Types . . . . . . . . . . . . . . . . . . . . . . . 45 119 6.10. Complete CDNI Metadata Example . . . . . . . . . . . . . 46 120 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50 121 7.1. CDNI Payload Types . . . . . . . . . . . . . . . . . . . 50 122 7.1.1. CDNI MI HostIndex Payload Type . . . . . . . . . . . 50 123 7.1.2. CDNI MI HostMatch Payload Type . . . . . . . . . . . 51 124 7.1.3. CDNI MI HostMetadata Payload Type . . . . . . . . . . 51 125 7.1.4. CDNI MI PathMatch Payload Type . . . . . . . . . . . 51 126 7.1.5. CDNI MI PatternMatch Payload Type . . . . . . . . . . 51 127 7.1.6. CDNI MI PathMetadata Payload Type . . . . . . . . . . 51 128 7.1.7. CDNI MI SourceMetadata Payload Type . . . . . . . . . 52 129 7.1.8. CDNI MI Source Payload Type . . . . . . . . . . . . . 52 130 7.1.9. CDNI MI LocationACL Payload Type . . . . . . . . . . 52 131 7.1.10. CDNI MI LocationRule Payload Type . . . . . . . . . . 52 132 7.1.11. CDNI MI Footprint Payload Type . . . . . . . . . . . 52 133 7.1.12. CDNI MI TimeWindowACL Payload Type . . . . . . . . . 53 134 7.1.13. CDNI MI TimeWindowRule Payload Type . . . . . . . . . 53 135 7.1.14. CDNI MI TimeWindow Payload Type . . . . . . . . . . . 53 136 7.1.15. CDNI MI ProtocolACL Payload Type . . . . . . . . . . 53 137 7.1.16. CDNI MI ProtocolRule Payload Type . . . . . . . . . . 53 138 7.1.17. CDNI MI DeliveryAuthorization Payload Type . . . . . 54 139 7.1.18. CDNI MI Cache Payload Type . . . . . . . . . . . . . 54 140 7.1.19. CDNI MI Auth Payload Type . . . . . . . . . . . . . . 54 141 7.1.20. CDNI MI Grouping Payload Type . . . . . . . . . . . . 54 142 7.2. CDNI Metadata Footprint Types Registry . . . . . . . . . 54 143 7.3. CDNI Metadata Protocol Types Registry . . . . . . . . . . 55 144 7.4. CDNI Metadata Auth Types Registry . . . . . . . . . . . . 56 145 8. Security Considerations . . . . . . . . . . . . . . . . . . . 56 146 8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 56 147 8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 57 148 8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 57 149 8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 57 150 8.5. Securing the CDNI Metadata interface . . . . . . . . . . 58 151 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 58 152 10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 58 153 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 59 154 11.1. Normative References . . . . . . . . . . . . . . . . . . 59 155 11.2. Informative References . . . . . . . . . . . . . . . . . 60 156 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 61 158 1. Introduction 160 Content Delivery Networks Interconnection (CDNI) [RFC6707] enables a 161 downstream Content Delivery Network (dCDN) to service content 162 requests on behalf of an upstream CDN (uCDN). 164 The CDNI metadata interface is discussed in [RFC7336] along with four 165 other interfaces that can be used to compose a CDNI solution (CDNI 166 Control interface, CDNI Request Routing Redirection interface, CDNI 167 Footprint & Capabilities Advertisement interface and CDNI Logging 168 interface). [RFC7336] describes each interface and the relationships 169 between them. The requirements for the CDNI metadata interface are 170 specified in [RFC7337]. 172 The CDNI metadata associated with a piece of content (or with a set 173 of content) provides a dCDN with sufficient information for servicing 174 content requests on behalf of an uCDN, in accordance with the 175 policies defined by the uCDN. 177 This document defines the CDNI metadata interface which enables a 178 dCDN to obtain CDNI metadata from an uCDN so that the dCDN can 179 properly process and respond to: 181 o Redirection requests received over the CDNI Request Routing 182 Redirection interface [I-D.ietf-cdni-redirection]. 184 o Content requests received directly from User Agents. 186 Specifically, this document specifies: 188 o A data structure for mapping content requests and redirection 189 requests to CDNI metadata objects (Section 3 and Section 4.1). 191 o An initial set of CDNI Generic metadata objects (Section 4.2). 193 o A HTTP web service for the transfer of CDNI metadata (Section 6). 195 1.1. Terminology 197 This document reuses the terminology defined in [RFC6707]. 199 Additionally, the following terms are used throughout this document 200 and are defined as follows: 202 o Object - a collection of properties. 204 o Property - a key and value pair where the key is a property name 205 and the value is the property value or another object. 207 This document uses the phrase "[Object] A contains [Object] B" for 208 simplicity when a strictly accurate phrase would be "[Object] A 209 contains or references (via a Link object) [Object] B". 211 1.2. Supported Metadata Capabilities 213 Only the metadata for a small set of initial capabilities is 214 specified in this document. This set provides the minimum amount of 215 metadata for basic CDN interoperability while still meeting the 216 requirements set forth by [RFC7337]. 218 The following high-level functionality can be configured via the CDNI 219 metadata objects specified in Section 4: 221 o Acquisition Source: Metadata for allowing a dCDN to fetch content 222 from a uCDN. 224 o Delivery Access Control: Metadata for restricting (or permitting) 225 access to content based on any of the following factors: 227 * Location 229 * Time Window 231 * Delivery Protocol 233 o Delivery Authorization: Metadata for authorizing dCDN user agent 234 requests. 236 o Cache Control: Metadata for controlling cache behavior of the 237 dCDN. 239 The metadata encoding described by this document is extensible in 240 order to allow for future additions to this list. 242 The set of metadata specified in this document covers the initial 243 capabilities above. It is only intended to support CDN 244 interconnection for the delivery of content by a dCDN using HTTP/1.1 245 [RFC7230] and for a dCDN to be able to acquire content from a uCDN 246 using either HTTP/1.1 or HTTP/1.1 over TLS [RFC2818]. 248 Supporting CDN interconnection for the delivery of content using 249 unencrypted HTTP/2 [RFC7540] (as well as for a dCDN to acquire 250 content using unencrypted HTTP/2 or HTTP/2 over TLS) requires the 251 registration of these protocol names in the CDNI Metadata Protocol 252 Types registry Section 7.3. 254 Supporting CDN interconnection for the delivery of content using 255 HTTP/1.1 over TLS or HTTP/2 over TLS requires specifying additional 256 metadata objects to carry the properties required to establish a TLS 257 session, for example metadata to describe the certificate to use as 258 part of the TLS handshake. 260 2. Design Principles 262 The CDNI metadata interface was designed to achieve the following 263 objectives: 265 1. Cacheability of CDNI metadata objects; 267 2. Deterministic mapping from redirection requests and content 268 requests to CDNI metadata properties; 270 3. Support for DNS redirection as well as application-specific 271 redirection (for example HTTP redirection); 273 4. Minimal duplication of CDNI metadata; and 275 5. Leveraging of existing protocols. 277 Cacheability can decrease the latency of acquiring metadata while 278 maintaining its freshness, and therefore decrease the latency of 279 serving content requests and redirection requests, without 280 sacrificing accuracy. The CDNI metadata interface uses HTTP and its 281 existing caching mechanisms to achieve CDNI metadata cacheability. 283 Deterministic mappings from content to metadata properties eliminates 284 ambiguity and ensures that policies are applied consistently by all 285 dCDNs. 287 Support for both HTTP and DNS redirection ensures that the CDNI 288 metadata meets the same design principles for both HTTP and DNS based 289 redirection schemes. 291 Minimal duplication of CDNI metadata improves storage efficiency in 292 the CDNs. 294 Leveraging existing protocols avoids reinventing common mechanisms 295 such as data structure encoding (by leveraging I-JSON [RFC7493]) and 296 data transport (by leveraging HTTP [RFC7230]). 298 3. CDNI Metadata object model 300 The CDNI metadata object model describes a data structure for mapping 301 redirection requests and content requests to metadata properties. 302 Metadata properties describe how to acquire content from an uCDN, 303 authorize access to content, and deliver content from a dCDN. The 304 object model relies on the assumption that these metadata properties 305 can be aggregated based on the hostname of the content and 306 subsequently on the resource path (URI) of the content. The object 307 model associates a set of CDNI metadata properties with a Hostname to 308 form a default set of metadata properties for content delivered on 309 behalf of that Hostname. That default set of metadata properties can 310 be overridden by properties that apply to specific paths within a 311 URI. 313 Different Hostnames and URI paths will be associated with different 314 sets of CDNI metadata properties in order to describe the required 315 behaviour when a dCDN surrogate or request router is processing User 316 Agent requests for content at that Hostname and URI path. As a 317 result of this structure, significant commonality could exist between 318 the CDNI metadata properties specified for different Hostnames, 319 different URI paths within a Hostname and different URI paths on 320 different Hostnames. For example the definition of which User Agent 321 IP addresses should be grouped together into a single network or 322 geographic location is likely to be common for a number of different 323 Hostnames; although a uCDN is likely to have several different 324 policies configured to express geo-blocking rules, it is likely that 325 a single geo-blocking policy could be applied to multiple Hostnames 326 delivered through the CDN. 328 In order to enable the CDNI metadata for a given Hostname and URI 329 Path to be decomposed into reusable sets of CDNI metadata properties, 330 the CDNI metadata interface splits the CDNI metadata into separate 331 objects. Efficiency is improved by enabling a single CDNI metadata 332 object (that is shared across Hostname and/or URI paths) to be 333 retrieved and stored by a dCDN once, even if it is referenced by the 334 CDNI metadata for multiple Hostnames and/or URI paths. 336 Important Note: Any CDNI metadata object A that contains another CDNI 337 metadata object B can include a Link object specifying a URI that can 338 be used to retrieve object B, instead of embedding object B within 339 object A. The remainder of this document uses the phrase "[Object] A 340 contains [Object] B" for simplicity when a strictly accurate phrase 341 would be "[Object] A contains or references (via a Link object) 342 [Object] B". It is generally a deployment choice for the uCDN 343 implementation to decide when to embed CDNI metadata objects and when 344 to reference separate resources via Link objects. 346 Section 3.1 introduces a high level description of the HostIndex, 347 HostMatch, HostMetadata, PathMatch, PatternMatch and PathMetadata 348 objects, and describes the relationships between them. 350 Section 3.2 introduces a high level description of the CDNI 351 GenericMetadata object which represents the level at which CDNI 352 metadata override occurs between HostMetadata and PathMetadata 353 objects. 355 Section 4 describes in detail the specific CDNI metadata objects and 356 properties specified by this document which can be contained within a 357 CDNI GenericMetadata object. 359 3.1. HostIndex, HostMatch, HostMetadata, PathMatch, PatternMatch and 360 PathMetadata objects 362 The relationships between the HostIndex, HostMatch, HostMetadata, 363 PathMatch, PatternMatch and PathMetadata objects are described in 364 Figure 1. 366 +---------+ +---------+ +------------+ 367 |HostIndex+-(*)->|HostMatch+-(1)->|HostMetadata+-------(*)------+ 368 +---------+ +---------+ +------+-----+ | 369 | | 370 (*) | 371 | V 372 --> Contains or References V ****************** 373 (1) One and only one +---------+ *Generic Metadata* 374 (*) Zero or more +--->|PathMatch| * Objects * 375 | +----+---++ ****************** 376 | | | ^ 377 (*) (1) (1) +------------+ | 378 | | +->|PatternMatch| | 379 | V +------------+ | 380 | +------------+ | 381 +--+PathMetadata+-------(*)------+ 382 +------------+ 384 Figure 1: Relationships between CDNI Metadata Objects (Diagram 385 Representation) 387 A HostIndex object (see Section 4.1.1) contains a list of HostMatch 388 objects (see Section 4.1.2) that contain Hostnames (and/or IP 389 addresses) for which content requests might be delegated to the dCDN. 390 The HostIndex is the starting point for accessing the uCDN CDNI 391 metadata data store. It enables the dCDN to deterministically 392 discover which CDNI metadata objects it requires in order to deliver 393 a given piece of content. 395 The HostIndex links Hostnames (and/or IP addresses) to HostMetadata 396 objects (see Section 4.1.3) via HostMatch objects. A HostMatch 397 object defines a Hostname (or IP address) to match against a 398 requested host and contains a HostMetadata object. 400 HostMetadata objects contain the default GenericMetadata objects (see 401 Section 4.1.7) required to serve content for that host. When looking 402 up CDNI metadata, the dCDN looks up the requested Hostname (or IP 403 address) against the HostMatch entries in the HostIndex, from there 404 it can find HostMetadata which describes the default metadata 405 properties for each host as well as PathMetadata objects (see 406 Section 4.1.6), via PathMatch objects (see Section 4.1.4). PathMatch 407 objects define patterns, contained inside PatternMatch objects (see 408 Section 4.1.5), to match against the requested URI path. 409 PatternMatch objects contain the pattern strings and flags that 410 describe the URI path that a PathMatch applies to. PathMetadata 411 objects contain the GenericMetadata objects that apply to content 412 requests matching the defined URI path pattern. PathMetadata 413 properties override properties previously defined in HostMetadata or 414 less specific PathMatch paths. PathMetadata objects can contain 415 additional PathMatch objects to recursively define more specific URI 416 paths to which GenericMetadata properties might be applied. 418 A GenericMetadata object contains individual CDNI metadata objects 419 which define the specific policies and attributes needed to properly 420 deliver the associated content. For example, a GenericMetadata 421 object could describe the source from which a CDN can acquire a piece 422 of content. The GenericMetadata object is an atomic unit that can be 423 referenced by HostMetadata or PathMetadata objects. 425 For example, if "example.com" is a content provider, a HostMatch 426 object could include an entry for "example.com" with the URI of the 427 associated HostMetadata object. The HostMetadata object for 428 "example.com" describes the metadata properties which apply to 429 "example.com" and could contain PathMatches for "example.com/ 430 movies/*" and "example.com/music/*", which in turn reference 431 corresponding PathMetadata objects that contain the properties for 432 those more specific URI paths. The PathMetadata object for 433 "example.com/movies/*" describes the properties which apply to that 434 URI path. It could also contain a PathMatch object for 435 "example.com/movies/hd/*" which would reference the corresponding 436 PathMetadata object for the "example.com/movies/hd/" path prefix. 438 The relationships in Figure 1 are also represented in tabular format 439 in Table 1 below. 441 +--------------+----------------------------------------------------+ 442 | Data Object | Objects it contains or references | 443 +--------------+----------------------------------------------------+ 444 | HostIndex | 0 or more HostMatch objects. | 445 | HostMatch | 1 HostMetadata object. | 446 | HostMetadata | 0 or more PathMatch objects. 0 or more | 447 | | GenericMetadata objects. | 448 | PathMatch | 1 PatternMatch object. 1 PathMetadata object. | 449 | PatternMatch | Does not contain or reference any other objects. | 450 | PathMetadata | 0 or more PathMatch objects. 0 or more | 451 | | GenericMetadata objects. | 452 +--------------+----------------------------------------------------+ 454 Table 1: Relationships between CDNI Metadata Objects 455 (Table Representation) 457 3.2. Generic CDNI Metadata Objects 459 The HostMetadata and PathMetadata objects contain other CDNI metadata 460 objects that contain properties which describe how User Agent 461 requests for content should be processed, for example where to 462 acquire the content from, authorization rules that should be applied, 463 geo-blocking restrictions, and so on. Each such CDNI metadata object 464 is a specialization of a CDNI GenericMetadata object. The 465 GenericMetadata object abstracts the basic information required for 466 metadata override and metadata distribution, from the specifics of 467 any given property (i.e., property semantics, enforcement options, 468 etc.). 470 The GenericMetadata object defines the properties contained within it 471 as well as whether or not the properties are "mandatory-to-enforce". 472 If the dCDN does not understand or support a "mandatory-to-enforce" 473 property, the dCDN MUST NOT serve the content. If the property is 474 not "mandatory-to-enforce", then that GenericMetadata object can be 475 safely ignored and the dCDN MUST process the content request in 476 accordance with the rest of the CDNI metadata. 478 Although a CDN MUST NOT serve content to a User Agent if a 479 "mandatory-to-enforce" property cannot be enforced, it could still be 480 "safe-to-redistribute" that metadata to another CDN without 481 modification. For example, in the cascaded CDN case, a transit CDN 482 (tCDN) could pass through "mandatory-to-enforce" metadata to a dCDN. 484 For metadata which does not require customization or translation 485 (i.e., metadata that is "safe-to-redistribute"), the data 486 representation received off the wire MAY be stored and redistributed 487 without being understood or supported by the transit CDN. However, 488 for metadata which requires translation, transparent redistribution 489 of the uCDN metadata values might not be appropriate. Certain 490 metadata can be safely, though perhaps not optimally, redistributed 491 unmodified. For example, source acquisition address might not be 492 optimal if transparently redistributed, but it might still work. 494 Redistribution safety MUST be specified for each GenericMetadata 495 property. If a CDN does not understand or support a given 496 GenericMetadata property that is not "safe-to-redistribute", the CDN 497 MUST set the "incomprehensible" flag to true for that GenericMetadata 498 object before redistributing the metadata. The "incomprehensible" 499 flag signals to a dCDN that the metadata was not properly transformed 500 by the transit CDN. A CDN MUST NOT attempt to use metadata that has 501 been marked as "incomprehensible" by a uCDN. 503 Transit CDNs MUST NOT change the value of "mandatory-to-enforce" or 504 "safe-to-redistribute" when propagating metadata to a dCDN. Although 505 a transit CDN can set the value of "incomprehensible" to true, a 506 transit CDN MUST NOT change the value of "incomprehensible" from true 507 to false. 509 Table 2 describes the action to be taken by a transit CDN (tCDN) for 510 the different combinations of "mandatory-to-enforce" (MtE) and "safe- 511 to-redistribute" (StR) properties, when the tCDN either does or does 512 not understand the metadata in question: 514 +-------+-------+------------+--------------------------------------+ 515 | MtE | StR | Metadata | Action | 516 | | | Understood | | 517 | | | by tCDN | | 518 +-------+-------+------------+--------------------------------------+ 519 | False | True | True | Can serve and redistribute. | 520 | False | True | False | Can serve and redistribute. | 521 | False | False | False | Can serve. MUST set | 522 | | | | "incomprehensible" to True when | 523 | | | | redistributing. | 524 | False | False | True | Can serve. Can redistribute after | 525 | | | | transforming the metadata (if the | 526 | | | | CDN knows how to do so safely), | 527 | | | | otherwise MUST set | 528 | | | | "incomprehensible" to True when | 529 | | | | redistributing. | 530 | True | True | True | Can serve and redistribute. | 531 | True | True | False | MUST NOT serve but can redistribute. | 532 | True | False | True | Can serve. Can redistribute after | 533 | | | | transforming the metadata (if the | 534 | | | | CDN knows how to do so safely), | 535 | | | | otherwise MUST set | 536 | | | | "incomprehensible" to True when | 537 | | | | redistributing. | 538 | True | False | False | MUST NOT serve. MUST set | 539 | | | | "incomprehensible" to True when | 540 | | | | redistributing. | 541 +-------+-------+------------+--------------------------------------+ 543 Table 2: Action to be taken by a tCDN for the different combinations 544 of MtE and StR properties 546 Table 3 describes the action to be taken by a dCDN for the different 547 combinations of "mandatory-to-enforce" (MtE) and "incomprehensible" 548 (Incomp) properties, when the dCDN either does or does not understand 549 the metadata in question: 551 +-------+--------+--------------+-----------------------------------+ 552 | MtE | Incomp | Metadata | Action | 553 | | | Understood | | 554 | | | by dCDN | | 555 +-------+--------+--------------+-----------------------------------+ 556 | False | False | True | Can serve. | 557 | False | True | True | Can serve but MUST NOT | 558 | | | | interpret/apply any metadata | 559 | | | | marked incomprehensible. | 560 | False | False | False | Can serve. | 561 | False | True | False | Can serve but MUST NOT | 562 | | | | interpret/apply any metadata | 563 | | | | marked incomprehensible. | 564 | True | False | True | Can serve. | 565 | True | True | True | MUST NOT serve. | 566 | True | False | False | MUST NOT serve. | 567 | True | True | False | MUST NOT serve. | 568 +-------+--------+--------------+-----------------------------------+ 570 Table 3: Action to be taken by a dCDN for the different combinations 571 of MtE and Incomp properties 573 3.3. Metadata Inheritance and Override 575 In the metadata object model, a HostMetadata object can contain 576 multiple PathMetadata objects (via PathMatch objects). Each 577 PathMetadata object can in turn contain other PathMetadata objects. 578 HostMetadata and PathMetadata objects form an inheritance tree where 579 each node in the tree inherits or overrides the property values set 580 by its parent. 582 GenericMetadata objects of a given type override all GenericMetadata 583 objects of the same type previously defined by any parent object in 584 the tree. GenericMetadata objects of a given type previously defined 585 by a parent object in the tree are inherited when no object of the 586 same type is defined by the child object. For example, if 587 HostMetadata for the host "example.com" contains GenericMetadata 588 objects of type LocationACL and TimeWindowACL, while a PathMetadata 589 object which applies to "example.com/movies/*" defines an alternate 590 GenericMetadata object of type TimeWindowACL, then: 592 o the TimeWindowACL defined in the PathMetadata would override the 593 TimeWindowACL defined in the HostMetadata for all User Agent 594 requests for content under "example.com/movies/", and 596 o the LocationACL defined in the HostMetadata would be inherited for 597 all User Agent requests for content under "example.com/movies/". 599 A single HostMetadata or PathMetadata object MUST NOT contain 600 multiple GenericMetadata objects of the same type. If a list of 601 GenericMetadata contains objects of duplicate types, the receiver 602 MUST ignore all but the first object of each type. 604 4. CDNI Metadata objects 606 Section 4.1 provides the definitions of each metadata object type 607 introduced in Section 3. These metadata objects are described as 608 structural metadata objects as they provide the structure for host 609 and URI path-based inheritance and identify which GenericMetadata 610 objects apply to a given User Agent content request. 612 Section 4.2 provides the definitions for a base set of core metadata 613 objects which can be contained within a GenericMetadata object. 614 These metadata objects govern how User Agent requests for content are 615 handled. GenericMetadata objects can contain other GenericMetadata 616 as properties; these can be referred to as sub-objects). As with all 617 CDNI metadata objects, the value of the GenericMetadata sub-objects 618 can be either a complete serialized representation of the sub-object, 619 or a Link object that contains a URI that can be dereferenced to 620 retrieve the complete serialized representation of the property sub- 621 object. 623 Section 6.5 discusses the ability to extend the base set of 624 GenericMetadata objects specified in this document with additional 625 standards-based or vendor specific GenericMetadata objects that might 626 be defined in the future in separate documents. 628 dCDNs and tCDNs MUST support parsing of all CDNI metadata objects 629 specified in this document. A dCDN does not have to implement the 630 underlying functionality represented by the metadata object (though 631 that might restrict the content that a given dCDN will be able to 632 serve). uCDNs as generators of CDNI metadata only need to support 633 generating the CDNI metadata that they need in order to express the 634 policies required by the content they are describing. 636 CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] 637 containing a dictionary of (key,value) pairs where the keys are the 638 property names and the values are the associated property values. 639 See Section 6.4 for more details of the specific encoding rules for 640 CDNI metadata objects. 642 Note: In the following sections, the term "mandatory-to-specify" is 643 used to convey which properties MUST be included for a given 644 structural or GenericMetadata object. When mandatory-to-specify is 645 specified as "Yes" for an individual property, it means that if the 646 object containing that property is included in a metadata response, 647 then the mandatory-to-specify property MUST also be included 648 (directly or by reference) in the response, e.g., a HostMatch 649 property object without a host to match against does not make sense, 650 therefore, the host property is mandatory-to-specify inside a 651 HostMatch object. 653 4.1. Definitions of the CDNI structural metadata objects 655 Each of the sub-sections below describe the structural objects 656 introduced in Section 3.1. 658 4.1.1. HostIndex 660 The HostIndex object is the entry point into the CDNI metadata 661 hierarchy. It contains a list of HostMatch objects. An incoming 662 content request is checked against the Hostname (or IP address) 663 specified by each of the listed HostMatch objects to find the 664 HostMatch object which applies to the request. 666 Property: hosts 668 Description: List of HostMatch objects. Hosts (HostMatch 669 objects) MUST be evaluated in the order they appear and the 670 first HostMatch object that matches the content request being 671 processed MUST be used. 673 Type: List of HostMatch objects 675 Mandatory-to-Specify: Yes. 677 Example HostIndex object containing two HostMatch objects, where the 678 first HostMatch object is embedded and the second HostMatch object is 679 referenced: 681 { 682 "hosts": [ 683 { 684 685 }, 686 { 687 "type": "MI.HostMatch.v1", 688 "href": "http://metadata.ucdn.example/hostmatch1234" 689 } 690 ] 691 } 693 4.1.2. HostMatch 695 The HostMatch object contains a Hostname or IP address to match 696 against content requests. The HostMatch object also contains a 697 HostMetadata object to apply if a match is found. 699 Property: host 701 Description: Hostname or IP address to match against the 702 requested host. In order for a Hostname or IP address in a 703 content request to match the Hostname or IP address in the host 704 property the value from the content request when converted to 705 lowercase MUST be identical to the value of the host property 706 when converted to lowercase. 708 Type: Endpoint 710 Mandatory-to-Specify: Yes. 712 Property: host-metadata 714 Description: CDNI metadata to apply when delivering content 715 that matches this host. 717 Type: HostMetadata 719 Mandatory-to-Specify: Yes. 721 Example HostMatch object with an embedded HostMetadata object: 723 { 724 "host": "video.example.com", 725 "host-metadata" : { 726 727 } 728 } 730 Example HostMatch object referencing (via a Link object, see 731 Section 4.3.1) a HostMetadata object: 733 { 734 "host": "video.example.com", 735 "host-metadata" : { 736 "type": "MI.HostMetadata.v1", 737 "href": "http://metadata.ucdn.example/host1234" 738 } 739 } 741 4.1.3. HostMetadata 743 A HostMetadata object contains the CDNI metadata properties for 744 content served for a particular host (defined in the HostMatch 745 object) and possibly child PathMatch objects. 747 Property: metadata 749 Description: List of host related metadata. 751 Type: List of GenericMetadata objects 753 Mandatory-to-Specify: Yes. 755 Property: paths 757 Description: Path specific rules. Path patterns (PathMatch 758 objects) MUST be evaluated in the order they appear and the 759 first PathMatch object that matches the content request being 760 processed MUST be used. 762 Type: List of PathMatch objects 764 Mandatory-to-Specify: No. 766 Example HostMetadata object containing a number of embedded 767 GenericMetadata objects that will describe the default metadata for 768 the host and an embedded PathMatch object that contains a path for 769 which metadata exists that overrides the default metadata for the 770 host: 772 { 773 "metadata": [ 774 { 775 776 }, 777 { 778 779 }, 781 ... 783 { 784 785 } 786 ], 787 "paths": [ 788 { 789 790 } 791 ] 792 } 794 4.1.4. PathMatch 796 A PathMatch object contains PatternMatch object with a path to match 797 against a resource's URI path, as well as a PathMetadata object with 798 GenericMetadata to apply if the resource's URI path matches the 799 pattern within the PatternMatch object. 801 Property: path-pattern 803 Description: Pattern to match against the requested resource's 804 URI path, i.e., against the [RFC3986] path-absolute. 806 Type: PatternMatch 808 Mandatory-to-Specify: Yes. 810 Property: path-metadata 812 Description: CDNI metadata to apply when delivering content 813 that matches the associated PatternMatch. 815 Type: PathMetadata 817 Mandatory-to-Specify: Yes. 819 Example PathMatch object referencing the PathMetadata object to use 820 for URIs that match the case-sensitive URI path pattern "/movies/*" 821 (contained within an embedded PatternMatch object): 823 { 824 "path-pattern": { 825 "pattern": "/movies/*", 826 "case-sensitive": true 827 }, 828 "path-metadata": { 829 "type": "MI.PathMetadata.v1", 830 "href": "http://metadata.ucdn.example/host1234/pathDCE" 831 } 832 } 834 4.1.5. PatternMatch 836 A PatternMatch object contains the pattern string and flags that 837 describe the pattern expression. 839 Property: pattern 841 Description: A pattern for string matching. The pattern can 842 contain the wildcards * and ?, where * matches any sequence of 843 characters (including the empty string) and ? matches exactly 844 one character. The three literals $, * and ? should be escaped 845 as $$, $* and $?. All other characters are treated as literals. 847 Type: String 849 Mandatory-to-Specify: Yes. 851 Property: case-sensitive 853 Description: Flag indicating whether or not case-sensitive 854 matching should be used. 856 Type: Boolean 858 Mandatory-to-Specify: No. Default is case-insensitive match. 860 Property: ignore-query-string 862 Description: List of query parameters which should be ignored 863 when searching for a pattern match. Matching against query 864 parameters to ignore MUST be case-insensitive. If all query 865 parameters should be ignored then the list MUST be empty. 867 Type: List of String 869 Mandatory-to-Specify: No. Default is to include query strings 870 when matching. 872 Example PatternMatch object that matches the case-sensitive URI path 873 pattern "/movies/*". All query parameters will be ignored when 874 matching URIs requested from surrogates by content clients against 875 this path pattern: 877 { 878 "pattern": "/movies/*", 879 "case-sensitive": true, 880 "ignore-query-string": [] 881 } 883 Example PatternMatch object that matches the case-sensitive URI path 884 pattern "/movies/*". The query parameter "sessionid" will be ignored 885 when matching URIs requested from surrogates by content clients 886 against this path pattern: 888 { 889 "pattern": "/movies/*", 890 "case-sensitive": true, 891 "ignore-query-string": ["sessionid"] 892 } 894 4.1.6. PathMetadata 896 A PathMetadata object contains the CDNI metadata properties for 897 content requests that match against the associated URI path (defined 898 in a PathMatch object). 900 Note that if DNS-based redirection is employed, then a dCDN will be 901 unable to evaulate any metadata at the PathMetadata level or below 902 because only the hostname of the content request is available at 903 request routing time. dCDNs SHOULD still process all PathMetadata for 904 the host before responding to the redirection request to detect if 905 any unsupported metadata is specifed. If any metadata not supported 906 by the dCDN is marked as "mandatory-to-enforce", the dCDN SHOULD NOT 907 accept the content redirection request, in order to avoid receiving 908 content requests that it will not be able to satisfy/serve. 910 Property: metadata 912 Description: List of path related metadata. 914 Type: List of GenericMetadata objects 915 Mandatory-to-Specify: Yes. 917 Property: paths 919 Description: Path specific rules. First match applies. 921 Type: List of PathMatch objects 923 Mandatory-to-Specify: No. 925 Example PathMetadata object containing a number of embedded 926 GenericMetadata objects that describe the metadata to apply for the 927 URI path defined in the parent PathMatch object, as well as a more 928 specific PathMatch object. 930 { 931 "metadata": [ 932 { 933 934 }, 935 { 936 937 }, 939 ... 941 { 942 943 } 944 ], 945 "paths": [ 946 { 947 948 } 949 ] 950 } 952 4.1.7. GenericMetadata 954 A GenericMetadata object is a wrapper for managing individual CDNI 955 metadata properties in an opaque manner. 957 Property: generic-metadata-type 959 Description: Case-insensitive CDNI metadata object type. 961 Type: String containing the CDNI Payload Type [RFC7736] of the 962 object contained in the generic-metadata-value property (see 963 Table 4). 965 Mandatory-to-Specify: Yes. 967 Property: generic-metadata-value 969 Description: CDNI metadata object. 971 Type: Format/Type is defined by the value of generic-metadata- 972 type property above. Note: generic-metadata-values MUST NOT 973 name any properties "href" (see Section 4.3.1). 975 Mandatory-to-Specify: Yes. 977 Property: mandatory-to-enforce 979 Description: Flag identifying whether or not the enforcement of 980 the property metadata is required. 982 Type: Boolean 984 Mandatory-to-Specify: No. Default is to treat metadata as 985 mandatory to enforce (i.e., a value of True). 987 Property: safe-to-redistribute 989 Description: Flag identifying whether or not the property 990 metadata can be safely redistributed without modification. 992 Type: Boolean 994 Mandatory-to-Specify: No. Default is allow transparent 995 redistribution (i.e., a value of True). 997 Property: incomprehensible 999 Description: Flag identifying whether or not any CDN in the 1000 chain of delegation has failed to understand and/or failed to 1001 properly transform this metadata object. Note: This flag only 1002 applies to metadata objects whose safe-to-redistribute property 1003 has a value of False. 1005 Type: Boolean 1007 Mandatory-to-Specify: No. Default is comprehensible (i.e., a 1008 value of False). 1010 Example GenericMetadata object containing a metadata object that 1011 applies to the applicable URI path and/or host (within a parent 1012 PathMetadata and/or HostMetadata object, respectively): 1014 { 1015 "mandatory-to-enforce": true, 1016 "safe-to-redistribute": true, 1017 "incomprehensible": false, 1018 "generic-metadata-type": , 1019 "generic-metadata-value": 1020 { 1021 1022 } 1023 } 1025 4.2. Definitions of the initial set of CDNI Generic Metadata objects 1027 The objects defined below are intended to be used in the 1028 GenericMetadata object generic-metadata-value field as defined in 1029 Section 4.1.7 and their generic-metadata-type property MUST be set to 1030 the appropriate CDNI Payload Type as defined in Table 4. 1032 4.2.1. SourceMetadata 1034 Source metadata provides the dCDN with information about content 1035 acquisition, i.e., how to contact an uCDN Surrogate or an Origin 1036 Server to obtain the content to be served. The sources are not 1037 necessarily the actual Origin Servers operated by the CSP but might 1038 be a set of Surrogates in the uCDN. 1040 Property: sources 1042 Description: Sources from which the dCDN can acquire content, 1043 listed in order of preference. 1045 Type: List of Source objects (see Section 4.2.1.1) 1047 Mandatory-to-Specify: No. Default is to use static 1048 configuration, out-of-band from the metadata interface. 1050 Example SourceMetadata object (which contains two Source objects) 1051 that describes which servers the dCDN should use for acquiring 1052 content for the applicable URI path and/or host: 1054 { 1055 "generic-metadata-type": "MI.SourceMetadata.v1" 1056 "generic-metadata-value": 1057 { 1058 "sources": [ 1059 { 1060 "endpoints": [ 1061 "a.service123.ucdn.example", 1062 "b.service123.ucdn.example" 1063 ], 1064 "protocol": "http1.1" 1065 }, 1066 { 1067 "endpoints": ["origin.service123.example"], 1068 "protocol": "http1.1" 1069 } 1070 ] 1071 } 1072 } 1074 4.2.1.1. Source 1076 A Source object describes the source to be used by the dCDN for 1077 content acquisition (e.g., a Surrogate within the uCDN or an 1078 alternate Origin Server), the protocol to be used, and any 1079 authentication method to be used when contacting that source. 1081 Endpoints within a Source object MUST be treated as equivalent/equal. 1082 A uCDN can specify a list of sources in preference order within a 1083 SourceMetadata objecct, and then for each preference ranked Source 1084 object, a uCDN can specify a list of endpoints that are equivalent 1085 (e.g., a pool of servers that are not behind a load balancer). 1087 Property: acquisition-auth 1089 Description: Authentication method to use when requesting 1090 content from this source. 1092 Type: Auth (see Section 4.2.7) 1094 Mandatory-to-Specify: No. Default is no authentication 1095 required. 1097 Property: endpoints 1099 Description: Origins from which the dCDN can acquire content. 1100 If multiple endpoints are specified they are all equal, i.e., 1101 the list is not in preference order (e.g., a pool of servers 1102 behind a load balancer). 1104 Type: List of Endpoint objects (See Section 4.3.3) 1106 Mandatory-to-Specify: Yes. 1108 Property: protocol 1110 Description: Network retrieval protocol to use when requesting 1111 content from this source. 1113 Type: Protocol (see Section 4.3.2) 1115 Mandatory-to-Specify: Yes. 1117 Example Source object that describes a pair of endpoints (servers) 1118 the dCDN can use for acquiring content for the applicable host and/or 1119 URI path: 1121 { 1122 "endpoints": [ 1123 "a.service123.ucdn.example", 1124 "b.service123.ucdn.example" 1125 ], 1126 "protocol": "http1.1" 1127 } 1129 4.2.2. LocationACL Metadata 1131 LocationACL metadata defines which locations a User Agent needs to be 1132 in, in order to be able to receive the associated content. 1134 A LocationACL which does not include a locations property results in 1135 an action of allow all, meaning that delivery can be performed 1136 regardless of the User Agent's location, otherwise a CDN MUST take 1137 the action from the first footprint to match against the User Agent's 1138 location. If two or more footprints overlap, the first footprint 1139 that matches against the User Agent's location determines the action 1140 a CDN MUST take. If the locations property is included but is empty, 1141 or if none of the listed footprints matches the User Agent's 1142 location, then the result is an action of deny. 1144 Although the LocationACL, TimeWindowACL (see Section 4.2.3), and 1145 ProtocolACL (see Section 4.2.4) are independent GenericMetadata 1146 objects, they can provide conflicting information to a dCDN, e.g., a 1147 content request which is simultaneously allowed based on the 1148 LocationACL and denied based on the TimeWindowACL. The dCDN MUST use 1149 the logical AND of all ACLs (where 'allow' is true and 'deny' is 1150 false) to determine whether or not a request should be allowed. 1152 Property: locations 1154 Description: Access control list which allows or denies 1155 (blocks) delivery based on the User Agent's location. 1157 Type: List of LocationRule objects (see Section 4.2.2.1) 1159 Mandatory-to-Specify: No. Default is allow all locations. 1161 Example LocationACL object that allows the dCDN to deliver content to 1162 any location/IP address: 1164 { 1165 "generic-metadata-type": "MI.LocationACL.v1" 1166 "generic-metadata-value": 1167 { 1168 } 1169 } 1171 Example LocationACL object (which contains a LocationRule object 1172 which itself contains a Footprint object) that only allows the dCDN 1173 to deliver content to User Agents in the USA: 1175 { 1176 "generic-metadata-type": "MI.LocationACL.v1" 1177 "generic-metadata-value": 1178 { 1179 "locations": [ 1180 { 1181 "action": "allow", 1182 "footprints": [ 1183 { 1184 "footprint-type": "countrycode", 1185 "footprint-value": ["us"] 1186 } 1187 ] 1188 } 1189 ] 1190 } 1191 } 1193 4.2.2.1. LocationRule 1195 A LocationRule contains or references a list of Footprint objects and 1196 the corresponding action. 1198 Property: footprints 1200 Description: List of footprints to which the rule applies. 1202 Type: List of Footprint objects (see Section 4.2.2.2) 1204 Mandatory-to-Specify: Yes. 1206 Property: action 1208 Description: Defines whether the rule specifies locations to 1209 allow or deny. 1211 Type: Enumeration [allow|deny] encoded as a lowercase string 1213 Mandatory-to-Specify: No. Default is deny. 1215 Example LocationRule object (which contains a Footprint object) that 1216 allows the dCDN to deliver content to clients in the USA: 1218 { 1219 "action": "allow", 1220 "footprints": [ 1221 { 1222 "footprint-type": "countrycode", 1223 "footprint-value": ["us"] 1224 } 1225 ] 1226 } 1227 } 1229 4.2.2.2. Footprint 1231 A Footprint object describes the footprint to which a LocationRule 1232 can be applied to, e.g., an IPv4 address range or a geographic 1233 location. 1235 Property: footprint-type 1237 Description: Registered footprint type (see Section 7.2). The 1238 footprint types specified by this document are: "ipv4cidr" 1239 (IPv4CIDR, see Section 4.3.5), "ipv6cidr" (IPv6CIDR, see 1240 Section 4.3.6), "asn" (Autonomous System Number, see 1241 Section 4.3.7) and "countrycode" (Country Code, see 1242 Section 4.3.8). 1244 Type: Lowercase String 1246 Mandatory-to-Specify: Yes. 1248 Property: footprint-value 1250 Description: List of footprint values conforming to the 1251 specification associated with the registered footprint type. 1252 Footprint values can be simple strings (e.g., IPv4CIDR, 1253 IPv6CIDR, ASN, and CountryCode), however, other Footprint 1254 objects can be defined in the future, along with a more complex 1255 encoding (e.g., GPS coordinate tuples). 1257 Type: List of footprints 1259 Mandatory-to-Specify: Yes. 1261 Example Footprint object describing a footprint covering the USA: 1263 { 1264 "footprint-type": "countrycode", 1265 "footprint-value": ["us"] 1266 } 1268 Example Footprint object describing a footprint covering the IP 1269 address ranges 192.0.2.0/24 and 198.51.100.0/24: 1271 { 1272 "footprint-type": "ipv4cidr", 1273 "footprint-value": ["192.0.2.0/24", "198.51.100.0/24"] 1274 } 1276 4.2.3. TimeWindowACL 1278 TimeWindowACL metadata defines time-based restrictions. 1280 A TimeWindowACL which does not include a times property results in an 1281 action of allow all, meaning that delivery can be performed 1282 regardless of the time of the User Agent's request, otherwise a CDN 1283 MUST take the action from the first window to match against the 1284 current time. If two or more windows overlap, the first window that 1285 matches against the current time determines the action a CDN MUST 1286 take. If the times property is included but is empty, or if none of 1287 the listed windows matches the current time, then the result is an 1288 action of deny. 1290 Although the LocationACL (see Section 4.2.2), TimeWindowACL, and 1291 ProtocolACL (see Section 4.2.4) are independent GenericMetadata 1292 objects, they can provide conflicting information to a dCDN, e.g., a 1293 content request which is simultaneously allowed based on the 1294 LocationACL and denied based on the TimeWindowACL. The dCDN MUST use 1295 the logical AND of all ACLs (where 'allow' is true and 'deny' is 1296 false) to determine whether or not a request should be allowed. 1298 Property: times 1300 Description: Access control list which allows or denies 1301 (blocks) delivery based on the time of a User Agent's request. 1303 Type: List of TimeWindowRule objects (see Section 4.2.3.1) 1305 Mandatory-to-Specify: No. Default is allow all time windows. 1307 Example TimeWIndowACL object (which contains a TimeWindowRule object 1308 which itself contains a TimeWIndow object) that only allows the dCDN 1309 to deliver content to clients between 09:00 01/01/2000 UTC and 17:00 1310 01/01/2000 UTC: 1312 { 1313 "generic-metadata-type": "MI.TimeWindowACL.v1" 1314 "generic-metadata-value": 1315 { 1316 "times": [ 1317 { 1318 "action": "allow", 1319 "windows": [ 1320 { 1321 "start": 946717200, 1322 "end": 946746000 1323 } 1324 ] 1325 } 1326 ] 1327 } 1328 } 1330 4.2.3.1. TimeWindowRule 1332 A TimeWindowRule contains or references a list of TimeWindow objects 1333 and the corresponding action. 1335 Property: windows 1337 Description: List of time windows to which the rule applies. 1339 Type: List of TimeWindow objects (see Section 4.2.3.2) 1341 Mandatory-to-Specify: Yes. 1343 Property: action 1345 Description: Defines whether the rule specifies time windows to 1346 allow or deny. 1348 Type: Enumeration [allow|deny] encoded as a lowercase string 1350 Mandatory-to-Specify: No. Default is deny. 1352 Example TimeWIndowRule object (which contains a TimeWIndow object) 1353 that only allows the dCDN to deliver content to clients between 09:00 1354 01/01/2000 UTC and 17:00 01/01/2000 UTC: 1356 { 1357 "action": "allow", 1358 "windows": [ 1359 { 1360 "start": 946717200, 1361 "end": 946746000 1362 } 1363 ] 1364 } 1366 4.2.3.2. TimeWindow 1368 A TimeWindow object describes a time range which can be applied by an 1369 TimeWindowACL, e.g., start 946717200 (i.e., 09:00 01/01/2000 UTC), 1370 end: 946746000 (i.e., 17:00 01/01/2000 UTC). 1372 Property: start 1374 Description: The start time of the window. 1376 Type: Time (see Section 4.3.4) 1378 Mandatory-to-Specify: Yes. 1380 Property: end 1382 Description: The end time of the window. 1384 Type: Time (see Section 4.3.4) 1386 Mandatory-to-Specify: Yes. 1388 Example TimeWIndow object that describes a time window from 09:00 1389 01/01/2000 UTC to 17:00 01/01/2000 UTC: 1391 { 1392 "start": 946717200, 1393 "end": 946746000 1394 } 1396 4.2.4. ProtocolACL Metadata 1398 ProtocolACL metadata defines delivery protocol restrictions. 1400 A ProtocolACL which does not include a protocol-acl property results 1401 in an action of allow all, meaning that delivery can be performed 1402 regardless of the protocol in the User Agent's request, otherwise a 1403 CDN MUST take the action from the first protocol to match against the 1404 request protocol. If two or more request protocols overlap, the 1405 first protocol that matches the request protocol determines the 1406 action a CDN MUST take. If the protocol-acl property is included but 1407 is empty, or if none of the listed protocol matches the request 1408 protocol, then the result is an action of deny. 1410 Although the LocationACL, TimeWindowACL, and ProtocolACL are 1411 independent GenericMetadata objects, they can provide conflicting 1412 information to a dCDN, e.g., a content request which is 1413 simultaneously allowed based on the ProtocolACL and denied based on 1414 the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs 1415 (where 'allow' is true and 'deny' is false) to determine whether or 1416 not a request should be allowed. 1418 Property: protocol-acl 1420 Description: Description: Access control list which allows or 1421 denies (blocks) delivery based on delivery protocol. 1423 Type: List of ProtocolRule objects (see Section 4.2.4.1) 1425 Mandatory-to-Specify: No. Default is allow all protocols. 1427 Example ProtocolACL object (which contains a ProtocolRule object) 1428 that only allows the dCDN to deliver content using HTTP/1.1: 1430 { 1431 "generic-metadata-type": "MI.ProtocolACL.v1" 1432 "generic-metadata-value": 1433 { 1434 "protocol-acl": [ 1435 { 1436 "action": "allow", 1437 "protocols": ["http1.1"] 1438 } 1439 ] 1440 } 1441 } 1443 4.2.4.1. ProtocolRule 1445 A ProtocolRule contains or references a list of Protocol objects and 1446 the corresponding action. 1448 Property: protocols 1450 Description: List of protocols to which the rule applies. 1452 Type: List of Protocols (see Section 4.3.2) 1454 Mandatory-to-Specify: Yes. 1456 Property: action 1458 Description: Defines whether the rule specifies protocols to 1459 allow or deny. 1461 Type: Enumeration [allow|deny] encoded as a lowercase string 1463 Mandatory-to-Specify: No. Default is deny. 1465 Example ProtocolRule object (which contains a ProtocolRule object) 1466 that allows the dCDN to deliver content using HTTP/1.1: 1468 { 1469 "action": "allow", 1470 "protocols": ["http1.1"] 1471 } 1473 4.2.5. DeliveryAuthorization Metadata 1475 Delivery Authorization defines authorization methods for the delivery 1476 of content to User Agents. 1478 Property: delivery-auth-methods 1480 Description: Options for authorizing content requests. 1481 Delivery for a content request is authorized if any of the 1482 authorization methods in the list is satisfied for that 1483 request. 1485 Type: List of Auth objects (see Section 4.2.7) 1487 Mandatory-to-Specify: No. Default is no authorization 1488 required. 1490 Example DeliveryAuthorization object (which contains an Auth object): 1492 { 1493 "generic-metadata-type": "MI.DeliveryAuthorization.v1" 1494 "generic-metadata-value": 1495 { 1496 "delivery-auth-methods": [ 1497 { 1498 "auth-type": , 1499 "auth-value": 1500 { 1501 1502 } 1503 } 1504 ] 1505 } 1506 } 1508 4.2.6. Cache 1510 A Cache object describes the cache control parameters to be applied 1511 to the content by intermediate caches. 1513 Property: ignore-query-string 1515 Description: Allows a Surrogate to ignore URI query string 1516 parameters when comparing the requested URI against the URIs in 1517 its cache for equivalence. Matching query parameters to ignore 1518 MUST be case-insensitive. Each query parameter to ignore is 1519 specified in the list. If all query parameters should be 1520 ignored, then the list MUST be specified and MUST be empty. 1522 Type: List of String 1524 Mandatory-to-Specify: No. Default is to consider query string 1525 parameters when comparing URIs. 1527 Example Cache object that instructs the dCDN to ignore all query 1528 parameters: 1530 { 1531 "generic-metadata-type": 1532 "MI.Cache.v1" 1533 "generic-metadata-value": 1534 { 1535 "ignore-query-string": [] 1536 } 1537 } 1539 Example Cache object that instructs the dCDN to ignore the (case- 1540 insensitive) query parameters named "sessionid" and "random": 1542 { 1543 "generic-metadata-type": 1544 "MI.Cache.v1" 1545 "generic-metadata-value": 1546 { 1547 "ignore-query-string": ["sessionid", "random"] 1548 } 1549 } 1551 4.2.7. Auth 1553 An Auth object defines authentication and authorization methods to be 1554 used during content acquisition and content delivery, respectively. 1556 Property: auth-type 1558 Description: Registered Auth type (Section 7.4). 1560 Type: String 1562 Mandatory-to-Specify: Yes. 1564 Property: auth-value 1566 Description: An object conforming to the specification 1567 associated with the Registered Auth type. 1569 Type: GenericMetadata Object 1571 Mandatory-to-Specify: Yes. 1573 Example Auth object: 1575 { 1576 "generic-metadata-type": 1577 "MI.Auth.v1" 1578 "generic-metadata-value": 1579 { 1580 "auth-type": , 1581 "auth-value": 1582 { 1583 1584 } 1585 } 1586 } 1588 4.2.8. Grouping 1590 A Grouping object identifies a group of content to which a given 1591 asset belongs. 1593 Property: ccid 1595 Description: Content Collection identifier for an application- 1596 specific purpose such as logging aggregation. 1598 Type: String 1600 Mandatory-to-Specify: No. Default is an empty string. 1602 Example Grouping object that specifies a Content Collection 1603 Identifier for the content associated with the Grouping object's 1604 parent HostMetdata and PathMetadata: 1606 { 1607 "generic-metadata-type": 1608 "MI.Grouping.v1" 1609 "generic-metadata-value": 1610 { 1611 "ccid": "ABCD", 1612 } 1613 } 1615 4.3. CDNI Metadata Simple Data Type Descriptions 1617 This section describes the simple data types that are used for 1618 properties of CDNI metadata objects. 1620 4.3.1. Link 1622 A Link object can be used in place of any of the objects or 1623 properties described above. Link objects can be used to avoid 1624 duplication if the same metadata information is repeated within the 1625 metadata tree. When a Link object replaces another object, its href 1626 property is set to the URI of the resource and its type property is 1627 set to the CDNI Payload Type of the object it is replacing. 1629 dCDNs can detect the presence of a Link object by detecting the 1630 presence of a property named "href" within the object. This means 1631 that GenericMetadata types MUST NOT contain a property named "href" 1632 because doing so would conflict with the ability for dCDNs to detect 1633 Link objects being used to reference a GenericMetadata object. 1635 Property: href 1637 Description: The URI of the addressable object being 1638 referenced. 1640 Type: String 1642 Mandatory-to-Specify: Yes. 1644 Property: type 1646 Description: The type of the object being referenced. 1648 Type: String 1650 Mandatory-to-Specify: No. If the container specifies the type 1651 (e.g., the HostIndex object contains a list of HostMatch 1652 objects, so a Link object in the list of HostMatch objects must 1653 reference a HostMatch), then it is not necessary to explicitly 1654 specify a type. 1656 Example Link object referencing a HostMatch object: 1658 { 1659 "type": "MI.HostMatch.v1", 1660 "href": "http://metadata.ucdn.example/hostmatch1234" 1661 } 1663 Example Link object referencing a HostMatch object, without an 1664 explicit type, inside a HostIndex object: 1666 { 1667 "hosts": [ 1668 { 1669 1670 }, 1671 { 1672 "href": "http://metadata.ucdn.example/hostmatch1234" 1673 } 1674 ] 1675 } 1677 4.3.2. Protocol 1679 Protocol objects are used to specify registered protocols for content 1680 acquisition or delivery (see Section 7.3). 1682 Type: String 1684 Example: 1686 "http1.1" 1688 4.3.3. Endpoint 1690 A Hostname (with optional port) or an IP address (with optional 1691 port). 1693 Note: All implementations MUST support IPv4 addresses encoded as 1694 specified by the 'IPv4address' rule in Section 3.2.2 of [RFC3986]. 1695 IPv6 addresses MUST be encoded in one of the IPv6 address formats 1696 specified in [RFC5952] although receivers MUST support all IPv6 1697 address formats specified in [RFC4291]. 1699 Type: String 1701 Example Hostname: 1703 "metadata.ucdn.example" 1705 Example IPv4 address: 1707 "192.0.2.1" 1709 Example IPv6 address (with port number): 1711 "[2001:db8::1]:81" 1713 4.3.4. Time 1715 A time value expressed in seconds since the Unix epoch in the UTC 1716 timezone. 1718 Type: Integer 1720 Example Time representing 09:00 01/01/2000 UTC: 1722 946717200 1724 4.3.5. IPv4CIDR 1726 An IPv4address CIDR block encoded as specified by the 'IPv4address' 1727 rule in Section 3.2.2 of [RFC3986] followed by a / followed by an 1728 unsigned integer representing the leading bits of the routing prefix 1729 (i.e., IPv4 CIDR notation). Single IP addresses can be expressed as 1730 /32. 1732 Type: String 1734 Example IPv4 CIDR: 1736 "192.0.2.0/24" 1738 4.3.6. IPv6CIDR 1740 An IPv6address CIDR block encoded in one of the IPv6 address formats 1741 specified in [RFC5952] followed by a / followed by an unsigned 1742 integer representing the leading bits of the routing prefix (i.e., 1743 IPv6 CIDR notation). Single IP addresses can be expressed as /128. 1745 Type: String 1747 Example IPv6 CIDR: 1749 "2001:db8::/32" 1751 4.3.7. ASN 1753 An Autonomous System Number encoded as a string consisting of the 1754 characters "as" (in lowercase) followed by the Autonomous System 1755 number. 1757 Type: String 1759 Example ASN: 1761 "as64496" 1763 4.3.8. CountryCode 1765 An ISO 3166-1 alpha-2 code [ISO3166-1] in lowercase. 1767 Type: String 1769 Example Country Code representing the USA: 1771 "us" 1773 5. CDNI Metadata Capabilities 1775 CDNI metadata is used to convey information pertaining to content 1776 delivery from uCDN to dCDN. For optional metadata, it can be useful 1777 for the uCDN to know if the dCDN supports the underlying 1778 functionality described by the metadata, prior to delegating any 1779 content requests to the dCDN. If some metadata is "mandatory-to- 1780 enforce", and the dCDN does not support it, any delegated requests 1781 for content that requires that metadata will fail. The uCDN will 1782 likely want to avoid delegating those requests to that dCDN. 1783 Likewise, for any metadata which might be assigned optional values, 1784 it could be useful for the uCDN to know which values a dCDN supports, 1785 prior to delegating any content requests to that dCDN. If the 1786 optional value assigned to a given piece of content's metadata is not 1787 supported by the dCDN, any delegated requests for that content can 1788 fail, so again the uCDN is likely to want to avoid delegating those 1789 requests to that dCDN. 1791 The CDNI Footprint and Capabilities Interface (FCI) provides a means 1792 of advertising capabilities from dCDN to uCDN [RFC7336]. Support for 1793 optional metadata types and values can be advertised using the FCI. 1795 6. CDNI Metadata interface 1797 This section specifies an interface to enable a dCDN to retrieve CDNI 1798 metadata objects from a uCDN. 1800 The interface can be used by a dCDN to retrieve CDNI metadata objects 1801 either: 1803 o Dynamically as required by the dCDN to process received requests. 1804 For example in response to a query from an uCDN over the CDNI 1805 Request Routing Redirection interface (RI) 1806 [I-D.ietf-cdni-redirection] or in response to receiving a request 1807 for content from a User Agent. Or; 1809 o In advance of being required. For example in the case of pre- 1810 positioned CDNI metadata acquisition, initiated through the "CDNI 1811 Control interface / Triggers" (CI/T) interface 1812 [I-D.ietf-cdni-control-triggers]. 1814 The CDNI metadata interface is built on the principles of HTTP web 1815 services. In particular, this means that requests and responses over 1816 the interface are built around the transfer of representations of 1817 hyperlinked resources. A resource in the context of the CDNI 1818 metadata interface is any object in the object model (as described in 1819 Section 3 and Section 4). 1821 To retrieve CDNI metadata, a CDNI metadata client (i.e., a client in 1822 the dCDN) first makes a HTTP GET request for the URI of the HostIndex 1823 which provides the CDNI metadata client with a list of Hostnames for 1824 which the uCDN can delegate content delivery to the dCDN. The CDNI 1825 metadata client can then obtain any other CDNI metadata objects by 1826 making a HTTP GET requests for any linked metadata objects it 1827 requires. 1829 CDNI metadata servers (i.e., servers in the uCDN) are free to assign 1830 whatever structure they desire to the URIs for CDNI metadata objects 1831 and CDNI metadata clients MUST NOT make any assumptions regarding the 1832 structure of CDNI metadata URIs or the mapping between CDNI metadata 1833 objects and their associated URIs. Therefore any URIs present in the 1834 examples in this document are purely illustrative and are not 1835 intended to impose a definitive structure on CDNI metadata interface 1836 implementations. 1838 6.1. Transport 1840 The CDNI metadata interface uses HTTP as the underlying protocol 1841 transport. 1843 The HTTP Method in the request defines the operation the request 1844 would like to perform. A server implementation of the CDNI metadata 1845 interface MUST support the HTTP GET and HEAD methods. 1847 The corresponding HTTP Response returns the status of the operation 1848 in the HTTP Status Code and returns the current representation of the 1849 resource (if appropriate) in the Response Body. HTTP Responses that 1850 contain a response body SHOULD include an ETag to enable validation 1851 of cached versions of returned resources. 1853 The CDNI metadata interface specified in this document is a read-only 1854 interface. Therefore support for other HTTP methods such as PUT, 1855 POST, DELETE, etc. is not specified. A server implementation of the 1856 CDNI metadata interface SHOULD reject all methods other than GET and 1857 HEAD. 1859 As the CDNI metadata interface builds on top of HTTP, CDNI metadata 1860 server implementations MAY make use of any HTTP feature when 1861 implementing the CDNI metadata interface, for example, a CDNI 1862 metadata server MAY make use of HTTP's caching mechanisms to indicate 1863 that the returned response/representation can be reused without re- 1864 contacting the CDNI metadata server. 1866 6.2. Retrieval of CDNI Metadata resources 1868 In the general case, a CDNI metadata server makes CDNI metadata 1869 objects available via a unique URIs and thus, in order to retrieve 1870 CDNI metadata, a CDNI metadata client first makes a HTTP GET request 1871 for the URI of the HostIndex which provides a list of Hostnames for 1872 which the uCDN can delegate content delivery to the dCDN. 1874 In order to retrieve the CDNI metadata for a particular request the 1875 CDNI metadata client processes the received HostIndex object and 1876 finds the corresponding HostMetadata entry (by matching the hostname 1877 in the request against the hostnames listed in the HostMatch 1878 objects). If the HostMetadata is linked (rather than embedded), the 1879 CDNI metadata client then makes a GET request for the URI specified 1880 in the href property of the Link object which points to the 1881 HostMetadata object itself. 1883 In order to retrieve the most specific metadata for a particular 1884 request, the CDNI metadata client inspects the HostMetadata for 1885 references to more specific PathMetadata objects (by matching the URI 1886 path in the request against the path-patterns in any PathMatch 1887 objects listed in the HostMetadata object). If any PathMetadata are 1888 found to match (and are linked rather than embedded), the CDNI 1889 metadata client makes another GET request for the PathMetadata. Each 1890 PathMetadata object can also include references to yet more specific 1891 metadata. If this is the case, the CDNI metadata client continues 1892 requesting PathMatch and PathMetadata objects recursively. The CDNI 1893 metadata client repeats this approach of processing metadata objects 1894 and retrieving (via HTTP GETs) any linked objects until it has all 1895 the metadata objects it requires in order to process the redirection 1896 request from an uCDN or the content request from a User Agent. 1898 In cases where a dCDN is not able to retrieve the entire set of CDNI 1899 metadata associated with a User Agent request, for example because 1900 the uCDN is unreachable or returns a HTTP 4xx or 5xx status in 1901 response to some or all of the dCDN's CDNI metadata requests, the 1902 dCDN MUST NOT serve the requested content unless the dCDN has stale 1903 versions of all the required metadata and the stale-if-error Cache- 1904 Control extension [RFC5861] was included in all previous responses 1905 that are required but cannot currently be retrieved. The dCDN can 1906 continue to serve other content for which it can retrieve (or for 1907 which it has fresh responses cached) all the required metadata even 1908 if some non-applicable part of the metadata tree is missing. 1910 Where a dCDN is interconnected with multiple uCDNs, the dCDN needs to 1911 determine which uCDN's CDNI metadata should be used to handle a 1912 particular User Agent request. 1914 When application level redirection (e.g., HTTP 302 redirects) is 1915 being used between CDNs, it is expected that the dCDN will be able to 1916 determine the uCDN that redirected a particular request from 1917 information contained in the received request (e.g., via the URI). 1918 With knowledge of which uCDN routed the request, the dCDN can choose 1919 the correct uCDN from which to obtain the HostIndex. Note that the 1920 HostIndexes served by each uCDN can be unique. 1922 In the case of DNS redirection there is not always sufficient 1923 information carried in the DNS request from User Agents to determine 1924 the uCDN that redirected a particular request (e.g., when content 1925 from a given host is redirected to a given dCDN by more than one 1926 uCDN) and therefore dCDNs will have to apply local policy when 1927 deciding which uCDN's metadata to apply. 1929 6.3. Bootstrapping 1931 The URI for the HostIndex object of a given uCDN needs to be either 1932 configured in, or discovered by, the dCDN. All other objects/ 1933 resources are then discoverable from the HostIndex object by 1934 following any links in the HostIndex object and through the 1935 referenced HostMetadata and PathMetadata objects and their 1936 GenericMetadata sub-objects. 1938 If the URI for the HostIndex object is not manually configured in the 1939 dCDN then the HostIndex URI could be discovered. A mechanism 1940 allowing the dCDN to discover the URI of the HostIndex is outside the 1941 scope of this document. 1943 6.4. Encoding 1945 CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] 1946 containing a dictionary of (key,value) pairs where the keys are the 1947 property names and the values are the associated property values. 1949 The keys of the dictionary are the names of the properties associated 1950 with the object and are therefore dependent on the specific object 1951 being encoded (i.e., dependent on the CDNI Payload Type of the 1952 returned resource). Likewise, the values associated with each 1953 property (dictionary key) are dependent on the specific object being 1954 encoded (i.e., dependent on the CDNI Payload Type of the returned 1955 resource). 1957 Dictionary keys (properties) in I-JSON are case sensitive. By 1958 convention any dictionary key (property) defined by this document 1959 (for example the names of CDNI metadata object properties) MUST be 1960 lowercase. 1962 6.5. Extensibility 1964 The set of GenericMetadata objects can be extended with additional 1965 (standards based or vendor specific) metadata objects through the 1966 specification of new GenericMetadata objects. The GenericMetadata 1967 object defined in Section 4.1.7 specifies a type field and a type- 1968 specific value field that allows any metadata to be included in 1969 either the HostMetadata or PathMetadata lists. 1971 As with the initial GenericMetadata types defined in Section 4.2, 1972 future GenericMetadata types MUST specify the information necessary 1973 for constructing and decoding the GenericMetadata object. 1975 Any document which defines a new GenericMetadata type MUST: 1977 1. Specify and register the CDNI Payload Type [RFC7736] used to 1978 identify the new GenericMetadata type being specified. 1980 2. Define the set of properties associated with the new 1981 GenericMetadata object. GenericMetadata MUST NOT contain a 1982 property named "href" because doing so would conflict with the 1983 ability to detect Link objects (see Section 4.3.1). 1985 3. Define a name, description, type, and whether or not the property 1986 is mandatory-to-specify. 1988 4. Describe the semantics of the new type including its purpose and 1989 example of a use case to which it applies including an example 1990 encoded in I-JSON. 1992 Note: In the case of vendor specific extensions, vendor-identifying 1993 CDNI Payload Type names will decrease the possibility of 1994 GenericMetadata type collisions. 1996 6.6. Metadata Enforcement 1998 At any given time, the set of GenericMetadata types supported by the 1999 uCDN might not match the set of GenericMetadata types supported by 2000 the dCDN. 2002 In cases where a uCDN sends metadata containing a GenericMetadata 2003 type that a dCDN does not support, the dCDN MUST enforce the 2004 semantics of the "mandatory-to-enforce" property. If a dCDN does not 2005 understand or is unable to perform the functions associated with any 2006 "mandatory-to-enforce" metadata, the dCDN MUST NOT service any 2007 requests for the corresponding content. 2009 Note: Ideally, uCDNs would not delegate content requests to a dCDN 2010 that does not support the "mandatory-to-enforce" metadata associated 2011 with the content being requested. However, even if the uCDN has a 2012 priori knowledge of the metadata supported by the dCDN (e.g., via the 2013 FCI or through out-of-band negotiation between CDN operators), 2014 metadata support can fluctuate or be inconsistent (e.g., due to mis- 2015 communication, mis-configuration, or temporary outage). Thus, the 2016 dCDN MUST always evaluate all metadata associated with redirection 2017 and content requests and reject any requests where "mandatory-to- 2018 enforce" metadata associated with the content cannot be enforced. 2020 6.7. Metadata Conflicts 2022 It is possible that new metadata definitions will obsolete or 2023 conflict with existing GenericMetadata (e.g., a future revision of 2024 the CDNI metadata interface could redefine the Auth GenericMetadata 2025 object or a custom vendor extension could implement an alternate Auth 2026 metadata option). If multiple metadata (e.g., MI.Auth.v2, 2027 vendor1.Auth, and vendor2.Auth) all conflict with an existing 2028 GenericMetadata object (i.e., MI.Auth.v1) and all are marked as 2029 "mandatory-to-enforce", it could be ambiguous which metadata should 2030 be applied, especially if the functionality of the metadata overlap. 2032 As described in Section 3.3, metadata override only applies to 2033 metadata objects of the same exact type found in HostMetadata and 2034 nested PathMetadata structures. The CDNI metadata interface does not 2035 support enforcement of dependencies between different metadata types. 2036 It is the responsibility of the CSP and the CDN operators to ensure 2037 that metadata assigned to a given piece of content do not conflict. 2039 Note: Because metadata is inherently ordered in HostMetadata and 2040 PathMetadata lists, as well as in the PathMatch hierarchy, multiple 2041 conflicting metadata types MAY be used, however, metadata hierarchies 2042 SHOULD ensure that independent PathMatch root objects are used to 2043 prevent ambiguous or conflicting metadata definitions. 2045 6.8. Versioning 2047 The version of CDNI metadata objects is conveyed inside the CDNI 2048 Payload Type that is included in the HTTP Content-Type header, for 2049 example: "Content-Type: application/cdni; ptype=MI.HostIndex.v1". 2050 Upon responding to a request for an object, a CDNI metadata server 2051 MUST include a Content-Type header with the CDNI Payload Type 2052 containing the version number of the object. HTTP requests sent to a 2053 metadata server SHOULD include an Accept header with the CDNI Payload 2054 Type (which includes the version) of the expected object. Metadata 2055 clients can specify multiple CDNI Payload Types in the Accept header, 2056 for example if a metadata client is capable of processing two 2057 different versions of the same type of object (defined by different 2058 CDNI Payload Types) it might decide to include both in the Accept 2059 header. 2061 GenericMetadata objects include a "type" property which specifies the 2062 CDNI Payload Type of the GenericMetadata value. Any document which 2063 defines a new GenericMetadata type MUST specify the version number 2064 which it describes, for example: "MI.Location.v1". The version of 2065 each object defined by this document is version 1. 2067 6.9. Media Types 2069 All CDNI metadata objects use the Media Type "application/cdni". The 2070 CDNI Payload Type for each object then contains the object name of 2071 that object as defined by this document, prefixed with "MI.". 2072 Table 4 lists the CDNI Paylod Type for the metadata objects 2073 (resources) specified in this document. 2075 +-----------------------+-----------------------------+ 2076 | Data Object | CDNI Payload Type | 2077 +-----------------------+-----------------------------+ 2078 | HostIndex | MI.HostIndex.v1 | 2079 | HostMatch | MI.HostMatch.v1 | 2080 | HostMetadata | MI.HostMetadata.v1 | 2081 | PathMatch | MI.PathMatch.v1 | 2082 | PatternMatch | MI.PatternMatch.v1 | 2083 | PathMetadata | MI.PathMetadata.v1 | 2084 | SourceMetadata | MI.SourceMetadata.v1 | 2085 | Source | MI.Source.v1 | 2086 | LocationACL | MI.LocationACL.v1 | 2087 | LocationRule | MI.LocationRule.v1 | 2088 | Footprint | MI.Footprint.v1 | 2089 | TimeWindowACL | MI.TimeWindowACL.v1 | 2090 | TimeWindowRule | MI.TimeWindowRule.v1 | 2091 | TimeWindow | MI.TineWindow.v1 | 2092 | ProtocolACL | MI.ProtocolACL.v1 | 2093 | ProtocolRule | MI.ProtocolRule.v1 | 2094 | DeliveryAuthorization | MI.DeliveryAuthorization.v1 | 2095 | Cache | MI.Cache.v1 | 2096 | Auth | MI.Auth.v1 | 2097 | Grouping | MI.Grouping.v1 | 2098 +-----------------------+-----------------------------+ 2100 Table 4: CDNI Payload Types for CDNI Metadata objects 2102 6.10. Complete CDNI Metadata Example 2104 A dCDN requests the HostIndex and receive the following object with a 2105 CDNI payload type of "MI.HostIndex.v1": 2107 { 2108 "hosts": [ 2109 { 2110 "host": "video.example.com", 2111 "host-metadata" : { 2112 "type": "MI.HostMetadata.v1", 2113 "href": "http://metadata.ucdn.example/host1234" 2114 } 2115 }, 2116 { 2117 "host": "images.example.com", 2118 "host-metadata" : { 2119 "type": "MI.HostMetadata.v1", 2120 "href": "http://metadata.ucdn.example/host5678" 2121 } 2122 } 2123 ] 2124 } 2126 If the incoming request has a Host header with "video.example.com" 2127 then the dCDN would fetch the HostMetadata object from 2128 "http://metadata.ucdn.example/host1234" expecting a CDNI payload type 2129 of "MI.HostMetadata.v1": 2131 { 2132 "metadata": [ 2133 { 2134 "generic-metadata-type": 2135 "MI.SourceMetadata.v1", 2136 "generic-metadata-value": { 2137 "sources": [ 2138 { 2139 "endpoint": "acq1.ucdn.example", 2140 "protocol": "http1.1" 2141 }, 2142 { 2143 "endpoint": "acq2.ucdn.example", 2144 "protocol": "http1.1" 2145 } 2146 ] 2147 } 2148 }, 2149 { 2150 "generic-metadata-type": 2151 "MI.LocationACL.v1", 2152 "generic-metadata-value": { 2153 "locations": [ 2154 { 2155 "footprints": [ 2156 { 2157 "footprint-type": "IPv4CIDR", 2158 "footprint-value": "192.0.2.0/24" 2159 } 2160 ], 2161 "action": "deny" 2162 } 2163 ] 2164 } 2165 }, 2166 { 2167 "generic-metadata-type": 2168 "MI.ProtocolACL.v1", 2169 "generic-metadata-value": { 2170 "protocol-acl": [ 2171 { 2172 "protocols": [ 2173 "http1.1" 2174 ], 2175 "action": "allow" 2176 } 2177 ] 2178 } 2179 } 2180 ], 2181 "paths": [ 2182 { 2183 "path-pattern": { 2184 "pattern": "/video/trailers/*" 2185 }, 2186 "path-metadata": { 2187 "type": "MI.PathMetadata.v1", 2188 "href": "http://metadata.ucdn.example/host1234/pathABC" 2189 } 2190 }, 2191 { 2192 "path-pattern": { 2193 "pattern": "/video/movies/*" 2194 }, 2195 "path-metadata": { 2196 "type": "MI.PathMetadata.v1", 2197 "href": "http://metadata.ucdn.example/host1234/pathDEF" 2198 } 2199 } 2200 ] 2201 } 2202 Suppose the path of the requested resource matches the "/video/ 2203 movies/*" pattern, the next metadata requested would be for 2204 "http://metadata.ucdn.example/host1234/pathDCE" with an expected CDNI 2205 payload type of "MI.PathMetadata.v1": 2207 { 2208 "metadata": [], 2209 "paths": [ 2210 { 2211 "path-pattern": { 2212 "pattern": "/videos/movies/hd/*" 2213 }, 2214 "path-metadata": { 2215 "type": "MI.PathMetadata.v1", 2216 "href": 2217 "http://metadata.ucdn.example/host1234/pathDEF/path123" 2218 } 2219 } 2220 ] 2221 } 2223 Finally, if the path of the requested resource also matches the 2224 "/videos/movies/hd/*" pattern, the dCDN would also fetch the 2225 following object from "http://metadata.ucdn.example/host1234/pathDEF/ 2226 path123" with CDNI payload type "MI.PathMetadata.v1": 2228 { 2229 "metadata": [ 2230 { 2231 "generic-metadata-type": 2232 "MI.TimeWindowACL.v1", 2233 "generic-metadata-value": { 2234 "times": [ 2235 "windows": [ 2236 { 2237 "start": "1213948800", 2238 "end": "1327393200" 2239 } 2240 ], 2241 "action": "allow" 2242 ] 2243 } 2244 } 2245 ] 2246 } 2247 The final set of metadata which applies to the requested resource 2248 includes a SourceMetadata, a LocationACL, a ProtocolACL, and a 2249 TimeWindowACL. 2251 7. IANA Considerations 2253 7.1. CDNI Payload Types 2255 This document requests the registration of the following CDNI Payload 2256 Types under the IANA CDNI Payload Type registry: 2258 +-----------------------------+---------------+ 2259 | Payload Type | Specification | 2260 +-----------------------------+---------------+ 2261 | MI.HostIndex.v1 | RFCthis | 2262 | MI.HostMatch.v1 | RFCthis | 2263 | MI.HostMetadata.v1 | RFCthis | 2264 | MI.PathMatch.v1 | RFCthis | 2265 | MI.PatternMatch.v1 | RFCthis | 2266 | MI.PathMetadata.v1 | RFCthis | 2267 | MI.SourceMetadata.v1 | RFCthis | 2268 | MI.Source.v1 | RFCthis | 2269 | MI.LocationACL.v1 | RFCthis | 2270 | MI.LocationRule.v1 | RFCthis | 2271 | MI.Footprint.v1 | RFCthis | 2272 | MI.TimeWindowACL.v1 | RFCthis | 2273 | MI.TimeWindowRule.v1 | RFCthis | 2274 | MI.TimeWindow.v1 | RFCthis | 2275 | MI.ProtocolACL.v1 | RFCthis | 2276 | MI.ProtocolRule.v1 | RFCthis | 2277 | MI.DeliveryAuthorization.v1 | RFCthis | 2278 | MI.Cache.v1 | RFCthis | 2279 | MI.Auth.v1 | RFCthis | 2280 | MI.Grouping.v1 | RFCthis | 2281 +-----------------------------+---------------+ 2283 [RFC Editor: Please replace RFCthis with the published RFC number for 2284 this document.] 2286 7.1.1. CDNI MI HostIndex Payload Type 2288 Purpose: The purpose of this payload type is to distinguish HostIndex 2289 MI objects (and any associated capabilitiy advertisement) 2291 Interface: MI/FCI 2293 Encoding: see Section 4.1.1 2295 7.1.2. CDNI MI HostMatch Payload Type 2297 Purpose: The purpose of this payload type is to distinguish HostMatch 2298 MI objects (and any associated capabilitiy advertisement) 2300 Interface: MI/FCI 2302 Encoding: see Section 4.1.2 2304 7.1.3. CDNI MI HostMetadata Payload Type 2306 Purpose: The purpose of this payload type is to distinguish 2307 HostMetadata MI objects (and any associated capabilitiy 2308 advertisement) 2310 Interface: MI/FCI 2312 Encoding: see Section 4.1.3 2314 7.1.4. CDNI MI PathMatch Payload Type 2316 Purpose: The purpose of this payload type is to distinguish PathMatch 2317 MI objects (and any associated capabilitiy advertisement) 2319 Interface: MI/FCI 2321 Encoding: see Section 4.1.4 2323 7.1.5. CDNI MI PatternMatch Payload Type 2325 Purpose: The purpose of this payload type is to distinguish 2326 PatternMatch MI objects (and any associated capabilitiy 2327 advertisement) 2329 Interface: MI/FCI 2331 Encoding: see Section 4.1.5 2333 7.1.6. CDNI MI PathMetadata Payload Type 2335 Purpose: The purpose of this payload type is to distinguish 2336 PathMetadata MI objects (and any associated capabilitiy 2337 advertisement) 2339 Interface: MI/FCI 2341 Encoding: see Section 4.1.6 2343 7.1.7. CDNI MI SourceMetadata Payload Type 2345 Purpose: The purpose of this payload type is to distinguish 2346 SourceMetadata MI objects (and any associated capabilitiy 2347 advertisement) 2349 Interface: MI/FCI 2351 Encoding: see Section 4.2.1 2353 7.1.8. CDNI MI Source Payload Type 2355 Purpose: The purpose of this payload type is to distinguish Source MI 2356 objects (and any associated capabilitiy advertisement) 2358 Interface: MI/FCI 2360 Encoding: see Section 4.2.1.1 2362 7.1.9. CDNI MI LocationACL Payload Type 2364 Purpose: The purpose of this payload type is to distinguish 2365 LocationACL MI objects (and any associated capabilitiy advertisement) 2367 Interface: MI/FCI 2369 Encoding: see Section 4.2.2 2371 7.1.10. CDNI MI LocationRule Payload Type 2373 Purpose: The purpose of this payload type is to distinguish 2374 LocationRule MI objects (and any associated capabilitiy 2375 advertisement) 2377 Interface: MI/FCI 2379 Encoding: see Section 4.2.2.1 2381 7.1.11. CDNI MI Footprint Payload Type 2383 Purpose: The purpose of this payload type is to distinguish Footprint 2384 MI objects (and any associated capabilitiy advertisement) 2386 Interface: MI/FCI 2388 Encoding: see Section 4.2.2.2 2390 7.1.12. CDNI MI TimeWindowACL Payload Type 2392 Purpose: The purpose of this payload type is to distinguish 2393 TimeWindowACL MI objects (and any associated capabilitiy 2394 advertisement) 2396 Interface: MI/FCI 2398 Encoding: see Section 4.2.3 2400 7.1.13. CDNI MI TimeWindowRule Payload Type 2402 Purpose: The purpose of this payload type is to distinguish 2403 TimeWindowRule MI objects (and any associated capabilitiy 2404 advertisement) 2406 Interface: MI/FCI 2408 Encoding: see Section 4.2.3.1 2410 7.1.14. CDNI MI TimeWindow Payload Type 2412 Purpose: The purpose of this payload type is to distinguish 2413 TimeWindow MI objects (and any associated capabilitiy advertisement) 2415 Interface: MI/FCI 2417 Encoding: see Section 4.2.3.2 2419 7.1.15. CDNI MI ProtocolACL Payload Type 2421 Purpose: The purpose of this payload type is to distinguish 2422 ProtocolACL MI objects (and any associated capabilitiy advertisement) 2424 Interface: MI/FCI 2426 Encoding: see Section 4.2.4 2428 7.1.16. CDNI MI ProtocolRule Payload Type 2430 Purpose: The purpose of this payload type is to distinguish 2431 ProtocolRule MI objects (and any associated capabilitiy 2432 advertisement) 2434 Interface: MI/FCI 2436 Encoding: see Section 4.2.4.1 2438 7.1.17. CDNI MI DeliveryAuthorization Payload Type 2440 Purpose: The purpose of this payload type is to distinguish 2441 DeliveryAuthorization MI objects (and any associated capabilitiy 2442 advertisement) 2444 Interface: MI/FCI 2446 Encoding: see Section 4.2.5 2448 7.1.18. CDNI MI Cache Payload Type 2450 Purpose: The purpose of this payload type is to distinguish Cache MI 2451 objects (and any associated capabilitiy advertisement) 2453 Interface: MI/FCI 2455 Encoding: see Section 4.2.6 2457 7.1.19. CDNI MI Auth Payload Type 2459 Purpose: The purpose of this payload type is to distinguish Auth MI 2460 objects (and any associated capabilitiy advertisement) 2462 Interface: MI/FCI 2464 Encoding: see Section 4.2.7 2466 7.1.20. CDNI MI Grouping Payload Type 2468 Purpose: The purpose of this payload type is to distinguish Grouping 2469 MI objects (and any associated capabilitiy advertisement) 2471 Interface: MI/FCI 2473 Encoding: see Section 4.2.8 2475 7.2. CDNI Metadata Footprint Types Registry 2477 The IANA is requested to create a new "CDNI Metadata Footprint Types" 2478 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2479 Parameters" registry. The "CDNI Metadata Footprint Types" namespace 2480 defines the valid Footprint object type values used by the Footprint 2481 object in Section 4.2.2.2. Additions to the Footprint type namespace 2482 conform to the "Specification Required" policy as defined in 2483 [RFC5226]. The designated expert will verify that new type 2484 definitions do not duplicate existing type definitions and prevent 2485 gratuitous additions to the namespace. New registrations are 2486 required to provide a clear description of how to interpret new 2487 footprint types. 2489 The following table defines the initial Footprint Registry values: 2491 +----------------+-------------------------------+---------------+ 2492 | Footprint Type | Description | Specification | 2493 +----------------+-------------------------------+---------------+ 2494 | ipv4cidr | IPv4 CIDR address block | RFCthis | 2495 | ipv6cidr | IPv6 CIDR address block | RFCthis | 2496 | asn | Autonomous System (AS) Number | RFCthis | 2497 | countrycode | ISO 3166-1 alpha-2 code | RFCthis | 2498 +----------------+-------------------------------+---------------+ 2500 [RFC Editor: Please replace RFCthis with the published RFC number for 2501 this document.] 2503 7.3. CDNI Metadata Protocol Types Registry 2505 The IANA is requested to create a new "CDNI Metadata Protocol Types" 2506 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2507 Parameters" registry. The "CDNI Metadata Protocol Types" namespace 2508 defines the valid Protocol object values in Section 4.3.2, used by 2509 the SourceMetadata and ProtocolACL objects. Additions to the 2510 Protocol namespace conform to the "Specification Required" policy as 2511 defined in [RFC5226], where the specification defines the Protocol 2512 Type and the protocol to which it is associated. The designated 2513 expert will verify that new protocol definitions do not duplicate 2514 existing protocol definitions and prevent gratuitous additions to the 2515 namespace. 2517 The following table defines the initial Protocol values corresponding 2518 to the HTTP and HTTPS protocols: 2520 +----------+-----------------------+---------------+----------------+ 2521 | Protocol | Description | Type | Protocol | 2522 | Type | | Specification | Specification | 2523 +----------+-----------------------+---------------+----------------+ 2524 | http1.1 | Hypertext Transfer | RFCthis | RFC7230 | 2525 | | Protocol -- HTTP/1.1 | | | 2526 | https1.1 | HTTP/1.1 Over TLS | RFCthis | RFC2818 | 2527 +----------+-----------------------+---------------+----------------+ 2529 [RFC Editor: Please replace RFCthis with the published RFC number for 2530 this document.] 2532 7.4. CDNI Metadata Auth Types Registry 2534 The IANA is requested to create a new "CDNI Metadata Auth Types" 2535 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2536 Parameters" registry. The "CDNI Metadata Auth Type" namespace 2537 defines the valid Auth object types used by the Auth object in 2538 Section 4.2.7. Additions to the Auth Type namespace conform to the 2539 "Specification Required" policy as defined in [RFC5226]. The 2540 designated expert will verify that new type definitions do not 2541 duplicate existing type definitions and prevent gratuitous additions 2542 to the namespace. New registrations are required to provide a clear 2543 description of what information the uCDN is required to provide to 2544 the dCDN, as well as the procedures the dCDN is required to perform 2545 to authorize and/or authenticate content requests. 2547 The registry will initially be unpopulated: 2549 +-----------+-------------+---------------+ 2550 | Auth Type | Description | Specification | 2551 +-----------+-------------+---------------+ 2552 +-----------+-------------+---------------+ 2554 8. Security Considerations 2556 8.1. Authentication 2558 Unauthorized access to metadata could result in denial of service. A 2559 malicious metadata server, proxy server, or an attacker performing a 2560 "man in the middle" attack could provide malicious metadata to a dCDN 2561 that either: 2563 o Denies service for one or more pieces of content to one or more 2564 User Agents; or 2566 o Directs dCDNs to contact malicious origin servers instead of the 2567 actual origin servers. 2569 Unauthorized access to metadata could also enable a malicious 2570 metadata client to continuously issue metadata requests in order to 2571 overload a uCDN's metadata server(s). 2573 Unauthorized access to metadata could result in leakage of private 2574 information. A malicious metadata client could request metadata in 2575 order to gain access to origin servers, as well as information 2576 pertaining to content restrictions. 2578 An implementation of the CDNI metadata interface SHOULD use mutual 2579 authentication to prevent unauthorized access to metadata. 2581 8.2. Confidentiality 2583 Unauthorized viewing of metadata could result in leakage of private 2584 information. A third party could intercept metadata transactions in 2585 order to gain access to origin servers, as well as information 2586 pertaining to content restrictions. 2588 An implementation of the CDNI metadata interface SHOULD use strong 2589 encryption to prevent unauthorized interception of metadata. 2591 8.3. Integrity 2593 Unauthorized modification of metadata could result in denial of 2594 service. A malicious metadata server, proxy server, or an attacker 2595 performing a "man in the middle" attack could modify metadata 2596 destined to a dCDN in order to deny service for one or more pieces of 2597 content to one or more user agents. A malicious metadata server, 2598 proxy server, or an attacker performing a "Man in the middle" attack 2599 could also modify metadata so that dCDNs are directed to contact to 2600 malicious origin servers instead of the actual origin servers. 2602 An implementation of the CDNI metadata interface SHOULD use strong 2603 encryption and mutual authentication to prevent unauthorized 2604 modification of metadata. 2606 8.4. Privacy 2608 Content provider origin and policy information is conveyed through 2609 the CDNI metadata interface. The distribution of this information to 2610 another CDN could introduce potential privacy concerns for some 2611 content providers, for example, dCDNs accepting content requests for 2612 a content provider's content might be able to obtain additional 2613 information and usage patterns relating to the users of a content 2614 provider's services. Content providers with such concerns can 2615 instruct their CDN partners not to use CDN interconnects when 2616 delivering that content provider's content. 2618 An attacker performing a "man in the middle" attack could monitor and 2619 prevent caching of metadata in order to obtain usage patters relating 2620 to the users of a content provider's services. 2622 An implementation of the CDNI metadata interface SHOULD use strong 2623 encryption and mutual authentication to prevent unauthorized 2624 monitoring of metadata. 2626 8.5. Securing the CDNI Metadata interface 2628 An implementation of the CDNI metadata interface MUST support TLS 2629 transport as per [RFC2818] and [RFC7230]. The use of TLS for 2630 transport of the CDNI metadata interface messages allows: 2632 o The dCDN and uCDN to authenticate each other. 2634 and, once they have mutually authenticated each other, it allows: 2636 o The dCDN and uCDN to authorize each other (to ensure they are 2637 transmitting/receiving CDNI metadata requests and responses from 2638 an authorized CDN); 2640 o CDNI metadata interface requests and responses to be transmitted 2641 with confidentiality; and 2643 o The integrity of the CDNI metadata interface requests and 2644 responses to be protected during the exchange. 2646 In an environment where any such protection is required, TLS MUST be 2647 used (including authentication of the remote end) by the server-side 2648 (uCDN) and the client-side (dCDN) of the CDNI metadata interface 2649 unless alternate methods are used for ensuring the confidentiality of 2650 the information in the CDNI metadata interface requests and responses 2651 (such as setting up an IPsec tunnel between the two CDNs or using a 2652 physically secured internal network between two CDNs that are owned 2653 by the same corporate entity). 2655 When TLS is used, the general TLS usage guidance in [RFC7525] MUST be 2656 followed. 2658 9. Acknowledgements 2660 The authors would like to thank David Ferguson, Francois Le Faucheur, 2661 Jan Seedorf and Matt Miller for their valuable comments and input to 2662 this document. 2664 10. Contributing Authors 2666 [RFC Editor Note: Please move the contents of this section to the 2667 Authors' Addresses section prior to publication as an RFC.] 2668 Grant Watson 2669 Velocix (Alcatel-Lucent) 2670 3 Ely Road 2671 Milton, Cambridge CB24 6AA 2672 UK 2674 Email: gwatson@velocix.com 2676 Kent Leung 2677 Cisco Systems 2678 3625 Cisco Way 2679 San Jose, 95134 2680 USA 2682 Email: kleung@cisco.com 2684 11. References 2686 11.1. Normative References 2688 [ISO3166-1] 2689 "https://www.iso.org/obp/ui/#search". 2691 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2692 Requirement Levels", BCP 14, RFC 2119, 2693 DOI 10.17487/RFC2119, March 1997, 2694 . 2696 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 2697 Resource Identifier (URI): Generic Syntax", STD 66, 2698 RFC 3986, DOI 10.17487/RFC3986, January 2005, 2699 . 2701 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 2702 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2703 2006, . 2705 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 2706 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 2707 DOI 10.17487/RFC5226, May 2008, 2708 . 2710 [RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale 2711 Content", RFC 5861, DOI 10.17487/RFC5861, May 2010, 2712 . 2714 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 2715 Address Text Representation", RFC 5952, 2716 DOI 10.17487/RFC5952, August 2010, 2717 . 2719 [RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content 2720 Distribution Network Interconnection (CDNI) Problem 2721 Statement", RFC 6707, DOI 10.17487/RFC6707, September 2722 2012, . 2724 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 2725 Protocol (HTTP/1.1): Message Syntax and Routing", 2726 RFC 7230, DOI 10.17487/RFC7230, June 2014, 2727 . 2729 [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, 2730 "Recommendations for Secure Use of Transport Layer 2731 Security (TLS) and Datagram Transport Layer Security 2732 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 2733 2015, . 2735 11.2. Informative References 2737 [I-D.ietf-cdni-control-triggers] 2738 Murray, R. and B. Niven-Jenkins, "CDNI Control Interface / 2739 Triggers", draft-ietf-cdni-control-triggers-12 (work in 2740 progress), March 2016. 2742 [I-D.ietf-cdni-redirection] 2743 Niven-Jenkins, B. and R. Brandenburg, "Request Routing 2744 Redirection interface for CDN Interconnection", draft- 2745 ietf-cdni-redirection-17 (work in progress), February 2746 2016. 2748 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 2749 DOI 10.17487/RFC2818, May 2000, 2750 . 2752 [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed., 2753 "Framework for Content Distribution Network 2754 Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336, 2755 August 2014, . 2757 [RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution 2758 Network Interconnection (CDNI) Requirements", RFC 7337, 2759 DOI 10.17487/RFC7337, August 2014, 2760 . 2762 [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, 2763 DOI 10.17487/RFC7493, March 2015, 2764 . 2766 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 2767 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 2768 DOI 10.17487/RFC7540, May 2015, 2769 . 2771 [RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI) 2772 Media Type Registration", RFC 7736, DOI 10.17487/RFC7736, 2773 December 2015, . 2775 Authors' Addresses 2777 Ben Niven-Jenkins 2778 Velocix (Alcatel-Lucent) 2779 3 Ely Road 2780 Milton, Cambridge CB24 6AA 2781 UK 2783 Email: ben@velocix.com 2785 Rob Murray 2786 Velocix (Alcatel-Lucent) 2787 3 Ely Road 2788 Milton, Cambridge CB24 6AA 2789 UK 2791 Email: rmurray@velocix.com 2793 Matt Caulfield 2794 Cisco Systems 2795 1414 Massachusetts Avenue 2796 Boxborough, MA 01719 2797 USA 2799 Phone: +1 978 936 9307 2800 Email: mcaulfie@cisco.com 2801 Kevin J. Ma 2802 Ericsson 2803 43 Nagog Park 2804 Acton, MA 01720 2805 USA 2807 Phone: +1 978-844-5100 2808 Email: kevin.j.ma@ericsson.com