idnits 2.17.1 draft-ietf-cdni-metadata-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 12, 2016) is 2935 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Object' is mentioned on line 342, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO3166-1' ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 5861 ** Downref: Normative reference to an Informational RFC: RFC 6707 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7525 (Obsoleted by RFC 9325) == Outdated reference: A later version (-15) exists of draft-ietf-cdni-control-triggers-12 == Outdated reference: A later version (-20) exists of draft-ietf-cdni-redirection-17 -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7540 (Obsoleted by RFC 9113) Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group B. Niven-Jenkins 3 Internet-Draft R. Murray 4 Intended status: Standards Track Velocix (Alcatel-Lucent) 5 Expires: October 14, 2016 M. Caulfield 6 Cisco Systems 7 K. Ma 8 Ericsson 9 April 12, 2016 11 CDN Interconnection Metadata 12 draft-ietf-cdni-metadata-15 14 Abstract 16 The Content Delivery Networks Interconnection (CDNI) metadata 17 interface enables interconnected Content Delivery Networks (CDNs) to 18 exchange content distribution metadata in order to enable content 19 acquisition and delivery. The CDNI metadata associated with a piece 20 of content provides a downstream CDN with sufficient information for 21 the downstream CDN to service content requests on behalf of an 22 upstream CDN. This document describes both a base set of CDNI 23 metadata and the protocol for exchanging that metadata. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in RFC 2119 [RFC2119]. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on October 14, 2016. 48 Copyright Notice 50 Copyright (c) 2016 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 66 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 67 1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 5 68 2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 6 69 3. CDNI Metadata object model . . . . . . . . . . . . . . . . . 7 70 3.1. HostIndex, HostMatch, HostMetadata, PathMatch, 71 PatternMatch and PathMetadata objects . . . . . . . . . . 8 72 3.2. Generic CDNI Metadata Objects . . . . . . . . . . . . . . 10 73 3.3. Metadata Inheritance and Override . . . . . . . . . . . . 13 74 4. CDNI Metadata objects . . . . . . . . . . . . . . . . . . . . 14 75 4.1. Definitions of the CDNI structural metadata objects . . . 15 76 4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 15 77 4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 16 78 4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 17 79 4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 18 80 4.1.5. PatternMatch . . . . . . . . . . . . . . . . . . . . 19 81 4.1.6. PathMetadata . . . . . . . . . . . . . . . . . . . . 20 82 4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 21 83 4.2. Definitions of the initial set of CDNI Generic Metadata 84 objects . . . . . . . . . . . . . . . . . . . . . . . . . 23 85 4.2.1. SourceMetadata . . . . . . . . . . . . . . . . . . . 23 86 4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 24 87 4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 25 88 4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 27 89 4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 27 90 4.2.3. TimeWindowACL . . . . . . . . . . . . . . . . . . . . 28 91 4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 29 92 4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 30 93 4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 31 94 4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 32 95 4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 32 96 4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 33 97 4.2.7. Auth . . . . . . . . . . . . . . . . . . . . . . . . 34 98 4.2.8. Grouping . . . . . . . . . . . . . . . . . . . . . . 35 99 4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 35 100 4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 35 101 4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 37 102 4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 37 103 4.3.4. Time . . . . . . . . . . . . . . . . . . . . . . . . 38 104 4.3.5. IPv4CIDR . . . . . . . . . . . . . . . . . . . . . . 38 105 4.3.6. IPv6CIDR . . . . . . . . . . . . . . . . . . . . . . 38 106 4.3.7. ASN . . . . . . . . . . . . . . . . . . . . . . . . . 38 107 4.3.8. CountryCode . . . . . . . . . . . . . . . . . . . . . 39 108 5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 39 109 6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 39 110 6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 40 111 6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 41 112 6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 42 113 6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 42 114 6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 43 115 6.6. Metadata Enforcement . . . . . . . . . . . . . . . . . . 44 116 6.7. Metadata Conflicts . . . . . . . . . . . . . . . . . . . 44 117 6.8. Versioning . . . . . . . . . . . . . . . . . . . . . . . 45 118 6.9. Media Types . . . . . . . . . . . . . . . . . . . . . . . 45 119 6.10. Complete CDNI Metadata Example . . . . . . . . . . . . . 46 120 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50 121 7.1. CDNI Payload Types . . . . . . . . . . . . . . . . . . . 50 122 7.1.1. CDNI MI HostIndex Payload Type . . . . . . . . . . . 50 123 7.1.2. CDNI MI HostMatch Payload Type . . . . . . . . . . . 51 124 7.1.3. CDNI MI HostMetadata Payload Type . . . . . . . . . . 51 125 7.1.4. CDNI MI PathMatch Payload Type . . . . . . . . . . . 51 126 7.1.5. CDNI MI PatternMatch Payload Type . . . . . . . . . . 51 127 7.1.6. CDNI MI PathMetadata Payload Type . . . . . . . . . . 51 128 7.1.7. CDNI MI SourceMetadata Payload Type . . . . . . . . . 52 129 7.1.8. CDNI MI Source Payload Type . . . . . . . . . . . . . 52 130 7.1.9. CDNI MI LocationACL Payload Type . . . . . . . . . . 52 131 7.1.10. CDNI MI LocationRule Payload Type . . . . . . . . . . 52 132 7.1.11. CDNI MI Footprint Payload Type . . . . . . . . . . . 52 133 7.1.12. CDNI MI TimeWindowACL Payload Type . . . . . . . . . 53 134 7.1.13. CDNI MI TimeWindowRule Payload Type . . . . . . . . . 53 135 7.1.14. CDNI MI TimeWindow Payload Type . . . . . . . . . . . 53 136 7.1.15. CDNI MI ProtocolACL Payload Type . . . . . . . . . . 53 137 7.1.16. CDNI MI ProtocolRule Payload Type . . . . . . . . . . 53 138 7.1.17. CDNI MI DeliveryAuthorization Payload Type . . . . . 54 139 7.1.18. CDNI MI Cache Payload Type . . . . . . . . . . . . . 54 140 7.1.19. CDNI MI Auth Payload Type . . . . . . . . . . . . . . 54 141 7.1.20. CDNI MI Grouping Payload Type . . . . . . . . . . . . 54 142 7.2. CDNI Metadata Footprint Types Registry . . . . . . . . . 54 143 7.3. CDNI Metadata Protocol Types Registry . . . . . . . . . . 55 144 7.4. CDNI Metadata Auth Types Registry . . . . . . . . . . . . 56 145 8. Security Considerations . . . . . . . . . . . . . . . . . . . 56 146 8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 56 147 8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 57 148 8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 57 149 8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 57 150 8.5. Securing the CDNI Metadata interface . . . . . . . . . . 58 151 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 58 152 10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 58 153 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 59 154 11.1. Normative References . . . . . . . . . . . . . . . . . . 59 155 11.2. Informative References . . . . . . . . . . . . . . . . . 60 156 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 61 158 1. Introduction 160 Content Delivery Networks Interconnection (CDNI) [RFC6707] enables a 161 downstream Content Delivery Network (dCDN) to service content 162 requests on behalf of an upstream CDN (uCDN). 164 The CDNI metadata interface is discussed in [RFC7336] along with four 165 other interfaces that can be used to compose a CDNI solution (CDNI 166 Control interface, CDNI Request Routing Redirection interface, CDNI 167 Footprint & Capabilities Advertisement interface and CDNI Logging 168 interface). [RFC7336] describes each interface and the relationships 169 between them. The requirements for the CDNI metadata interface are 170 specified in [RFC7337]. 172 The CDNI metadata associated with a piece of content (or with a set 173 of content) provides a dCDN with sufficient information for servicing 174 content requests on behalf of an uCDN, in accordance with the 175 policies defined by the uCDN. 177 This document defines the CDNI metadata interface which enables a 178 dCDN to obtain CDNI metadata from an uCDN so that the dCDN can 179 properly process and respond to: 181 o Redirection requests received over the CDNI Request Routing 182 Redirection interface [I-D.ietf-cdni-redirection]. 184 o Content requests received directly from User Agents. 186 Specifically, this document specifies: 188 o A data structure for mapping content requests and redirection 189 requests to CDNI metadata objects (Section 3 and Section 4.1). 191 o An initial set of CDNI Generic metadata objects (Section 4.2). 193 o A HTTP web service for the transfer of CDNI metadata (Section 6). 195 1.1. Terminology 197 This document reuses the terminology defined in [RFC6707]. 199 Additionally, the following terms are used throughout this document 200 and are defined as follows: 202 o Object - a collection of properties. 204 o Property - a key and value pair where the key is a property name 205 and the value is the property value or another object. 207 This document uses the phrase "[Object] A contains [Object] B" for 208 simplicity when a strictly accurate phrase would be "[Object] A 209 contains or references (via a Link object) [Object] B". 211 1.2. Supported Metadata Capabilities 213 Only the metadata for a small set of initial capabilities is 214 specified in this document. This set provides the minimum amount of 215 metadata for basic CDN interoperability while still meeting the 216 requirements set forth by [RFC7337]. 218 The following high-level functionality can be configured via the CDNI 219 metadata objects specified in Section 4: 221 o Acquisition Source: Metadata for allowing a dCDN to fetch content 222 from a uCDN. 224 o Delivery Access Control: Metadata for restricting (or permitting) 225 access to content based on any of the following factors: 227 * Location 229 * Time Window 231 * Delivery Protocol 233 o Delivery Authorization: Metadata for authorizing dCDN user agent 234 requests. 236 o Cache Control: Metadata for controlling cache behavior of the 237 dCDN. 239 The metadata encoding described by this document is extensible in 240 order to allow for future additions to this list. 242 The set of metadata specified in this document covers the initial 243 capabilities above. It is only intended to support CDN 244 interconnection for the delivery of content by a dCDN using HTTP/1.1 245 [RFC7230] and for a dCDN to be able to acquire content from a uCDN 246 using either HTTP/1.1 or HTTP/1.1 over TLS [RFC2818]. 248 Supporting CDN interconnection for the delivery of content using 249 unencrypted HTTP/2 [RFC7540] (as well as for a dCDN to acquire 250 content using unencrypted HTTP/2 or HTTP/2 over TLS) requires the 251 registration of these protocol names in the CDNI Metadata Protocol 252 Types registry Section 7.3. 254 Supporting CDN interconnection for the delivery of content using 255 HTTP/1.1 over TLS or HTTP/2 over TLS requires specifying additional 256 metadata objects to carry the properties required to establish a TLS 257 session, for example metadata to describe the certificate to use as 258 part of the TLS handshake. 260 2. Design Principles 262 The CDNI metadata interface was designed to achieve the following 263 objectives: 265 1. Cacheability of CDNI metadata objects; 267 2. Deterministic mapping from redirection requests and content 268 requests to CDNI metadata properties; 270 3. Support for DNS redirection as well as application-specific 271 redirection (for example HTTP redirection); 273 4. Minimal duplication of CDNI metadata; and 275 5. Leveraging of existing protocols. 277 Cacheability can decrease the latency of acquiring metadata while 278 maintaining its freshness, and therefore decrease the latency of 279 serving content requests and redirection requests, without 280 sacrificing accuracy. The CDNI metadata interface uses HTTP and its 281 existing caching mechanisms to achieve CDNI metadata cacheability. 283 Deterministic mappings from content to metadata properties eliminates 284 ambiguity and ensures that policies are applied consistently by all 285 dCDNs. 287 Support for both HTTP and DNS redirection ensures that the CDNI 288 metadata meets the same design principles for both HTTP and DNS based 289 redirection schemes. 291 Minimal duplication of CDNI metadata improves storage efficiency in 292 the CDNs. 294 Leveraging existing protocols avoids reinventing common mechanisms 295 such as data structure encoding (by leveraging I-JSON [RFC7493]) and 296 data transport (by leveraging HTTP [RFC7230]). 298 3. CDNI Metadata object model 300 The CDNI metadata object model describes a data structure for mapping 301 redirection requests and content requests to metadata properties. 302 Metadata properties describe how to acquire content from an uCDN, 303 authorize access to content, and deliver content from a dCDN. The 304 object model relies on the assumption that these metadata properties 305 can be aggregated based on the hostname of the content and 306 subsequently on the resource path (URI) of the content. The object 307 model associates a set of CDNI metadata properties with a Hostname to 308 form a default set of metadata properties for content delivered on 309 behalf of that Hostname. That default set of metadata properties can 310 be overridden by properties that apply to specific paths within a 311 URI. 313 Different Hostnames and URI paths will be associated with different 314 sets of CDNI metadata properties in order to describe the required 315 behaviour when a dCDN surrogate or request router is processing User 316 Agent requests for content at that Hostname and URI path. As a 317 result of this structure, significant commonality could exist between 318 the CDNI metadata properties specified for different Hostnames, 319 different URI paths within a Hostname and different URI paths on 320 different Hostnames. For example the definition of which User Agent 321 IP addresses should be grouped together into a single network or 322 geographic location is likely to be common for a number of different 323 Hostnames; although a uCDN is likely to have several different 324 policies configured to express geo-blocking rules, it is likely that 325 a single geo-blocking policy could be applied to multiple Hostnames 326 delivered through the CDN. 328 In order to enable the CDNI metadata for a given Hostname and URI 329 Path to be decomposed into reusable sets of CDNI metadata properties, 330 the CDNI metadata interface splits the CDNI metadata into separate 331 objects. Efficiency is improved by enabling a single CDNI metadata 332 object (that is shared across Hostname and/or URI paths) to be 333 retrieved and stored by a dCDN once, even if it is referenced by the 334 CDNI metadata for multiple Hostnames and/or URI paths. 336 Important Note: Any CDNI metadata object A that contains another CDNI 337 metadata object B can include a Link object specifying a URI that can 338 be used to retrieve object B, instead of embedding object B within 339 object A. The remainder of this document uses the phrase "[Object] A 340 contains [Object] B" for simplicity when a strictly accurate phrase 341 would be "[Object] A contains or references (via a Link object) 342 [Object] B". It is generally a deployment choice for the uCDN 343 implementation to decide when to embed CDNI metadata objects and when 344 to reference separate resources via Link objects. 346 Section 3.1 introduces a high level description of the HostIndex, 347 HostMatch, HostMetadata, PathMatch, PatternMatch and PathMetadata 348 objects, and describes the relationships between them. 350 Section 3.2 introduces a high level description of the CDNI 351 GenericMetadata object which represents the level at which CDNI 352 metadata override occurs between HostMetadata and PathMetadata 353 objects. 355 Section 4 describes in detail the specific CDNI metadata objects and 356 properties specified by this document which can be contained within a 357 CDNI GenericMetadata object. 359 3.1. HostIndex, HostMatch, HostMetadata, PathMatch, PatternMatch and 360 PathMetadata objects 362 The relationships between the HostIndex, HostMatch, HostMetadata, 363 PathMatch, PatternMatch and PathMetadata objects are described in 364 Figure 1. 366 +---------+ +---------+ +------------+ 367 |HostIndex+-(*)->|HostMatch+-(1)->|HostMetadata+-------(*)------+ 368 +---------+ +---------+ +------+-----+ | 369 | | 370 (*) | 371 | V 372 --> Contains or References V ****************** 373 (1) One and only one +---------+ *Generic Metadata* 374 (*) Zero or more +--->|PathMatch| * Objects * 375 | +----+---++ ****************** 376 | | | ^ 377 (*) (1) (1) +------------+ | 378 | | +->|PatternMatch| | 379 | V +------------+ | 380 | +------------+ | 381 +--+PathMetadata+-------(*)------+ 382 +------------+ 384 Figure 1: Relationships between CDNI Metadata Objects (Diagram 385 Representation) 387 A HostIndex object (see Section 4.1.1) contains a list of HostMatch 388 objects (see Section 4.1.2) that contain Hostnames (and/or IP 389 addresses) for which content requests might be delegated to the dCDN. 390 The HostIndex is the starting point for accessing the uCDN CDNI 391 metadata data store. It enables the dCDN to deterministically 392 discover which CDNI metadata objects it requires in order to deliver 393 a given piece of content. 395 The HostIndex links Hostnames (and/or IP addresses) to HostMetadata 396 objects (see Section 4.1.3) via HostMatch objects. A HostMatch 397 object defines a Hostname (or IP address) to match against a 398 requested host and contains a HostMetadata object. 400 HostMetadata objects contain the default GenericMetadata objects (see 401 Section 4.1.7) required to serve content for that host. When looking 402 up CDNI metadata, the dCDN looks up the requested Hostname (or IP 403 address) against the HostMatch entries in the HostIndex, from there 404 it can find HostMetadata which describes the default metadata 405 properties for each host as well as PathMetadata objects (see 406 Section 4.1.6), via PathMatch objects (see Section 4.1.4). PathMatch 407 objects define patterns, contained inside PatternMatch objects (see 408 Section 4.1.5), to match against the requested URI path. 409 PatternMatch objects contain the pattern strings and flags that 410 describe the URI path that a PathMatch applies to. PathMetadata 411 objects contain the GenericMetadata objects that apply to content 412 requests matching the defined URI path pattern. PathMetadata 413 properties override properties previously defined in HostMetadata or 414 less specific PathMatch paths. PathMetadata objects can contain 415 additional PathMatch objects to recursively define more specific URI 416 paths to which GenericMetadata properties might be applied. 418 A GenericMetadata object contains individual CDNI metadata objects 419 which define the specific policies and attributes needed to properly 420 deliver the associated content. For example, a GenericMetadata 421 object could describe the source from which a CDN can acquire a piece 422 of content. The GenericMetadata object is an atomic unit that can be 423 referenced by HostMetadata or PathMetadata objects. 425 For example, if "example.com" is a content provider, a HostMatch 426 object could include an entry for "example.com" with the URI of the 427 associated HostMetadata object. The HostMetadata object for 428 "example.com" describes the metadata properties which apply to 429 "example.com" and could contain PathMatches for "example.com/ 430 movies/*" and "example.com/music/*", which in turn reference 431 corresponding PathMetadata objects that contain the properties for 432 those more specific URI paths. The PathMetadata object for 433 "example.com/movies/*" describes the properties which apply to that 434 URI path. It could also contain a PathMatch object for 435 "example.com/movies/hd/*" which would reference the corresponding 436 PathMetadata object for the "example.com/movies/hd/" path prefix. 438 The relationships in Figure 1 are also represented in tabular format 439 in Table 1 below. 441 +--------------+----------------------------------------------------+ 442 | Data Object | Objects it contains or references | 443 +--------------+----------------------------------------------------+ 444 | HostIndex | 0 or more HostMatch objects. | 445 | HostMatch | 1 HostMetadata object. | 446 | HostMetadata | 0 or more PathMatch objects. 0 or more | 447 | | GenericMetadata objects. | 448 | PathMatch | 1 PatternMatch object. 1 PathMetadata object. | 449 | PatternMatch | Does not contain or reference any other objects. | 450 | PathMetadata | 0 or more PathMatch objects. 0 or more | 451 | | GenericMetadata objects. | 452 +--------------+----------------------------------------------------+ 454 Table 1: Relationships between CDNI Metadata Objects 455 (Table Representation) 457 3.2. Generic CDNI Metadata Objects 459 The HostMetadata and PathMetadata objects contain other CDNI metadata 460 objects that contain properties which describe how User Agent 461 requests for content should be processed, for example where to 462 acquire the content from, authorization rules that should be applied, 463 geo-blocking restrictions, and so on. Each such CDNI metadata object 464 is a specialization of a CDNI GenericMetadata object. The 465 GenericMetadata object abstracts the basic information required for 466 metadata override and metadata distribution, from the specifics of 467 any given property (i.e., property semantics, enforcement options, 468 etc.). 470 The GenericMetadata object defines the properties contained within it 471 as well as whether or not the properties are "mandatory-to-enforce". 472 If the dCDN does not understand or support a "mandatory-to-enforce" 473 property, the dCDN MUST NOT serve the content. If the property is 474 not "mandatory-to-enforce", then that GenericMetadata object can be 475 safely ignored and the dCDN MUST process the content request in 476 accordance with the rest of the CDNI metadata. 478 Although a CDN MUST NOT serve content to a User Agent if a 479 "mandatory-to-enforce" property cannot be enforced, it could still be 480 "safe-to-redistribute" that metadata to another CDN without 481 modification. For example, in the cascaded CDN case, a transit CDN 482 (tCDN) could pass through "mandatory-to-enforce" metadata to a dCDN. 484 For metadata which does not require customization or translation 485 (i.e., metadata that is "safe-to-redistribute"), the data 486 representation received off the wire MAY be stored and redistributed 487 without being understood or supported by the transit CDN. However, 488 for metadata which requires translation, transparent redistribution 489 of the uCDN metadata values might not be appropriate. Certain 490 metadata can be safely, though perhaps not optimally, redistributed 491 unmodified. For example, source acquisition address might not be 492 optimal if transparently redistributed, but it might still work. 494 Redistribution safety MUST be specified for each GenericMetadata 495 property. If a CDN does not understand or support a given 496 GenericMetadata property that is not "safe-to-redistribute", the CDN 497 MUST set the "incomprehensible" flag to true for that GenericMetadata 498 object before redistributing the metadata. The "incomprehensible" 499 flag signals to a dCDN that the metadata was not properly transformed 500 by the transit CDN. A CDN MUST NOT attempt to use metadata that has 501 been marked as "incomprehensible" by a uCDN. 503 Transit CDNs MUST NOT change the value of "mandatory-to-enforce" or 504 "safe-to-redistribute" when propagating metadata to a dCDN. Although 505 a transit CDN can set the value of "incomprehensible" to true, a 506 transit CDN MUST NOT change the value of "incomprehensible" from true 507 to false. 509 Table 2 describes the action to be taken by a transit CDN (tCDN) for 510 the different combinations of "mandatory-to-enforce" (MtE) and "safe- 511 to-redistribute" (StR) properties, when the tCDN either does or does 512 not understand the metadata in question: 514 +-------+-------+------------+--------------------------------------+ 515 | MtE | StR | Metadata | Action | 516 | | | Understood | | 517 | | | by tCDN | | 518 +-------+-------+------------+--------------------------------------+ 519 | False | True | True | Can serve and redistribute. | 520 | False | True | False | Can serve and redistribute. | 521 | False | False | False | Can serve. MUST set | 522 | | | | "incomprehensible" to True when | 523 | | | | redistributing. | 524 | False | False | True | Can serve. Can redistribute after | 525 | | | | transforming the metadata (if the | 526 | | | | CDN knows how to do so safely), | 527 | | | | otherwise MUST set | 528 | | | | "incomprehensible" to True when | 529 | | | | redistributing. | 530 | True | True | True | Can serve and redistribute. | 531 | True | True | False | MUST NOT serve but can redistribute. | 532 | True | False | True | Can serve. Can redistribute after | 533 | | | | transforming the metadata (if the | 534 | | | | CDN knows how to do so safely), | 535 | | | | otherwise MUST set | 536 | | | | "incomprehensible" to True when | 537 | | | | redistributing. | 538 | True | False | False | MUST NOT serve. MUST set | 539 | | | | "incomprehensible" to True when | 540 | | | | redistributing. | 541 +-------+-------+------------+--------------------------------------+ 543 Table 2: Action to be taken by a tCDN for the different combinations 544 of MtE and StR properties 546 Table 3 describes the action to be taken by a dCDN for the different 547 combinations of "mandatory-to-enforce" (MtE) and "incomprehensible" 548 (Incomp) properties, when the dCDN either does or does not understand 549 the metadata in question: 551 +-------+--------+--------------+-----------------------------------+ 552 | MtE | Incomp | Metadata | Action | 553 | | | Understood | | 554 | | | by dCDN | | 555 +-------+--------+--------------+-----------------------------------+ 556 | False | False | True | Can serve. | 557 | False | True | True | Can serve but MUST NOT | 558 | | | | interpret/apply any metadata | 559 | | | | marked incomprehensible. | 560 | False | False | False | Can serve. | 561 | False | True | False | Can serve but MUST NOT | 562 | | | | interpret/apply any metadata | 563 | | | | marked incomprehensible. | 564 | True | False | True | Can serve. | 565 | True | True | True | MUST NOT serve. | 566 | True | False | False | MUST NOT serve. | 567 | True | True | False | MUST NOT serve. | 568 +-------+--------+--------------+-----------------------------------+ 570 Table 3: Action to be taken by a dCDN for the different combinations 571 of MtE and Incomp properties 573 3.3. Metadata Inheritance and Override 575 In the metadata object model, a HostMetadata object can contain 576 multiple PathMetadata objects (via PathMatch objects). Each 577 PathMetadata object can in turn contain other PathMetadata objects. 578 HostMetadata and PathMetadata objects form an inheritance tree where 579 each node in the tree inherits or overrides the property values set 580 by its parent. 582 GenericMetadata objects of a given type override all GenericMetadata 583 objects of the same type previously defined by any parent object in 584 the tree. GenericMetadata objects of a given type previously defined 585 by a parent object in the tree are inherited when no object of the 586 same type is defined by the child object. For example, if 587 HostMetadata for the host "example.com" contains GenericMetadata 588 objects of type LocationACL and TimeWindowACL, while a PathMetadata 589 object which applies to "example.com/movies/*" defines an alternate 590 GenericMetadata object of type TimeWindowACL, then: 592 o the TimeWindowACL defined in the PathMetadata would override the 593 TimeWindowACL defined in the HostMetadata for all User Agent 594 requests for content under "example.com/movies/", and 596 o the LocationACL defined in the HostMetadata would be inherited for 597 all User Agent requests for content under "example.com/movies/". 599 A single HostMetadata or PathMetadata object MUST NOT contain 600 multiple GenericMetadata objects of the same type. If a list of 601 GenericMetadata contains objects of duplicate types, the receiver 602 MUST ignore all but the first object of each type. 604 4. CDNI Metadata objects 606 Section 4.1 provides the definitions of each metadata object type 607 introduced in Section 3. These metadata objects are described as 608 structural metadata objects as they provide the structure for host 609 and URI path-based inheritance and identify which GenericMetadata 610 objects apply to a given User Agent content request. 612 Section 4.2 provides the definitions for a base set of core metadata 613 objects which can be contained within a GenericMetadata object. 614 These metadata objects govern how User Agent requests for content are 615 handled. GenericMetadata objects can contain other GenericMetadata 616 as properties; these can be referred to as sub-objects). As with all 617 CDNI metadata objects, the value of the GenericMetadata sub-objects 618 can be either a complete serialized representation of the sub-object, 619 or a Link object that contains a URI that can be dereferenced to 620 retrieve the complete serialized representation of the property sub- 621 object. 623 Section 6.5 discusses the ability to extend the base set of 624 GenericMetadata objects specified in this document with additional 625 standards-based or vendor specific GenericMetadata objects that might 626 be defined in the future in separate documents. 628 dCDNs and tCDNs MUST support parsing of all CDNI metadata objects 629 specified in this document. A dCDN does not have to implement the 630 underlying functionality represented by non-structural 631 GenericMetadata objects (though that might restrict the content that 632 a given dCDN will be able to serve). uCDNs as generators of CDNI 633 metadata only need to support generating the CDNI metadata that they 634 need in order to express the policies required by the content they 635 are describing. 637 CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] 638 containing a dictionary of (key,value) pairs where the keys are the 639 property names and the values are the associated property values. 640 See Section 6.4 for more details of the specific encoding rules for 641 CDNI metadata objects. 643 Note: In the following sections, the term "mandatory-to-specify" is 644 used to convey which properties MUST be included for a given 645 structural or GenericMetadata object. When mandatory-to-specify is 646 specified as "Yes" for an individual property, it means that if the 647 object containing that property is included in a metadata response, 648 then the mandatory-to-specify property MUST also be included 649 (directly or by reference) in the response, e.g., a HostMatch 650 property object without a host to match against does not make sense, 651 therefore, the host property is mandatory-to-specify inside a 652 HostMatch object. 654 4.1. Definitions of the CDNI structural metadata objects 656 Each of the sub-sections below describe the structural objects 657 introduced in Section 3.1. 659 4.1.1. HostIndex 661 The HostIndex object is the entry point into the CDNI metadata 662 hierarchy. It contains a list of HostMatch objects. An incoming 663 content request is checked against the Hostname (or IP address) 664 specified by each of the listed HostMatch objects to find the 665 HostMatch object which applies to the request. 667 Property: hosts 669 Description: List of HostMatch objects. Hosts (HostMatch 670 objects) MUST be evaluated in the order they appear and the 671 first HostMatch object that matches the content request being 672 processed MUST be used. 674 Type: List of HostMatch objects 676 Mandatory-to-Specify: Yes. 678 Example HostIndex object containing two HostMatch objects, where the 679 first HostMatch object is embedded and the second HostMatch object is 680 referenced: 682 { 683 "hosts": [ 684 { 685 686 }, 687 { 688 "type": "MI.HostMatch", 689 "href": "http://metadata.ucdn.example/hostmatch1234" 690 } 691 ] 692 } 694 4.1.2. HostMatch 696 The HostMatch object contains a Hostname or IP address to match 697 against content requests. The HostMatch object also contains a 698 HostMetadata object to apply if a match is found. 700 Property: host 702 Description: Hostname or IP address to match against the 703 requested host. In order for a Hostname or IP address in a 704 content request to match the Hostname or IP address in the host 705 property the value from the content request when converted to 706 lowercase MUST be identical to the value of the host property 707 when converted to lowercase. 709 Type: Endpoint 711 Mandatory-to-Specify: Yes. 713 Property: host-metadata 715 Description: CDNI metadata to apply when delivering content 716 that matches this host. 718 Type: HostMetadata 720 Mandatory-to-Specify: Yes. 722 Example HostMatch object with an embedded HostMetadata object: 724 { 725 "host": "video.example.com", 726 "host-metadata" : { 727 728 } 729 } 731 Example HostMatch object referencing (via a Link object, see 732 Section 4.3.1) a HostMetadata object: 734 { 735 "host": "video.example.com", 736 "host-metadata" : { 737 "type": "MI.HostMetadata", 738 "href": "http://metadata.ucdn.example/host1234" 739 } 740 } 742 4.1.3. HostMetadata 744 A HostMetadata object contains the CDNI metadata properties for 745 content served for a particular host (defined in the HostMatch 746 object) and possibly child PathMatch objects. 748 Property: metadata 750 Description: List of host related metadata. 752 Type: List of GenericMetadata objects 754 Mandatory-to-Specify: Yes. 756 Property: paths 758 Description: Path specific rules. Path patterns (PathMatch 759 objects) MUST be evaluated in the order they appear and the 760 first PathMatch object that matches the content request being 761 processed MUST be used. 763 Type: List of PathMatch objects 765 Mandatory-to-Specify: No. 767 Example HostMetadata object containing a number of embedded 768 GenericMetadata objects that will describe the default metadata for 769 the host and an embedded PathMatch object that contains a path for 770 which metadata exists that overrides the default metadata for the 771 host: 773 { 774 "metadata": [ 775 { 776 777 }, 778 { 779 780 }, 782 ... 784 { 785 786 } 787 ], 788 "paths": [ 789 { 790 791 } 792 ] 793 } 795 4.1.4. PathMatch 797 A PathMatch object contains PatternMatch object with a path to match 798 against a resource's URI path, as well as a PathMetadata object with 799 GenericMetadata to apply if the resource's URI path matches the 800 pattern within the PatternMatch object. 802 Property: path-pattern 804 Description: Pattern to match against the requested resource's 805 URI path, i.e., against the [RFC3986] path-absolute. 807 Type: PatternMatch 809 Mandatory-to-Specify: Yes. 811 Property: path-metadata 813 Description: CDNI metadata to apply when delivering content 814 that matches the associated PatternMatch. 816 Type: PathMetadata 818 Mandatory-to-Specify: Yes. 820 Example PathMatch object referencing the PathMetadata object to use 821 for URIs that match the case-sensitive URI path pattern "/movies/*" 822 (contained within an embedded PatternMatch object): 824 { 825 "path-pattern": { 826 "pattern": "/movies/*", 827 "case-sensitive": true 828 }, 829 "path-metadata": { 830 "type": "MI.PathMetadata", 831 "href": "http://metadata.ucdn.example/host1234/pathDCE" 832 } 833 } 835 4.1.5. PatternMatch 837 A PatternMatch object contains the pattern string and flags that 838 describe the pattern expression. 840 Property: pattern 842 Description: A pattern for string matching. The pattern can 843 contain the wildcards * and ?, where * matches any sequence of 844 characters (including the empty string) and ? matches exactly 845 one character. The three literals $, * and ? should be escaped 846 as $$, $* and $?. All other characters are treated as literals. 848 Type: String 850 Mandatory-to-Specify: Yes. 852 Property: case-sensitive 854 Description: Flag indicating whether or not case-sensitive 855 matching should be used. 857 Type: Boolean 859 Mandatory-to-Specify: No. Default is case-insensitive match. 861 Property: ignore-query-string 863 Description: List of query parameters which should be ignored 864 when searching for a pattern match. Matching against query 865 parameters to ignore MUST be case-insensitive. If all query 866 parameters should be ignored then the list MUST be empty. 868 Type: List of String 870 Mandatory-to-Specify: No. Default is to include query strings 871 when matching. 873 Example PatternMatch object that matches the case-sensitive URI path 874 pattern "/movies/*". All query parameters will be ignored when 875 matching URIs requested from surrogates by content clients against 876 this path pattern: 878 { 879 "pattern": "/movies/*", 880 "case-sensitive": true, 881 "ignore-query-string": [] 882 } 884 Example PatternMatch object that matches the case-sensitive URI path 885 pattern "/movies/*". The query parameter "sessionid" will be ignored 886 when matching URIs requested from surrogates by content clients 887 against this path pattern: 889 { 890 "pattern": "/movies/*", 891 "case-sensitive": true, 892 "ignore-query-string": ["sessionid"] 893 } 895 4.1.6. PathMetadata 897 A PathMetadata object contains the CDNI metadata properties for 898 content requests that match against the associated URI path (defined 899 in a PathMatch object). 901 Note that if DNS-based redirection is employed, then a dCDN will be 902 unable to evaulate any metadata at the PathMetadata level or below 903 because only the hostname of the content request is available at 904 request routing time. dCDNs SHOULD still process all PathMetadata for 905 the host before responding to the redirection request to detect if 906 any unsupported metadata is specifed. If any metadata not supported 907 by the dCDN is marked as "mandatory-to-enforce", the dCDN SHOULD NOT 908 accept the content redirection request, in order to avoid receiving 909 content requests that it will not be able to satisfy/serve. 911 Property: metadata 913 Description: List of path related metadata. 915 Type: List of GenericMetadata objects 916 Mandatory-to-Specify: Yes. 918 Property: paths 920 Description: Path specific rules. First match applies. 922 Type: List of PathMatch objects 924 Mandatory-to-Specify: No. 926 Example PathMetadata object containing a number of embedded 927 GenericMetadata objects that describe the metadata to apply for the 928 URI path defined in the parent PathMatch object, as well as a more 929 specific PathMatch object. 931 { 932 "metadata": [ 933 { 934 935 }, 936 { 937 938 }, 940 ... 942 { 943 944 } 945 ], 946 "paths": [ 947 { 948 949 } 950 ] 951 } 953 4.1.7. GenericMetadata 955 A GenericMetadata object is a wrapper for managing individual CDNI 956 metadata properties in an opaque manner. 958 Property: generic-metadata-type 960 Description: Case-insensitive CDNI metadata object type. 962 Type: String containing the CDNI Payload Type [RFC7736] of the 963 object contained in the generic-metadata-value property (see 964 Table 4). 966 Mandatory-to-Specify: Yes. 968 Property: generic-metadata-value 970 Description: CDNI metadata object. 972 Type: Format/Type is defined by the value of generic-metadata- 973 type property above. Note: generic-metadata-values MUST NOT 974 name any properties "href" (see Section 4.3.1). 976 Mandatory-to-Specify: Yes. 978 Property: mandatory-to-enforce 980 Description: Flag identifying whether or not the enforcement of 981 the property metadata is required. 983 Type: Boolean 985 Mandatory-to-Specify: No. Default is to treat metadata as 986 mandatory to enforce (i.e., a value of True). 988 Property: safe-to-redistribute 990 Description: Flag identifying whether or not the property 991 metadata can be safely redistributed without modification. 993 Type: Boolean 995 Mandatory-to-Specify: No. Default is allow transparent 996 redistribution (i.e., a value of True). 998 Property: incomprehensible 1000 Description: Flag identifying whether or not any CDN in the 1001 chain of delegation has failed to understand and/or failed to 1002 properly transform this metadata object. Note: This flag only 1003 applies to metadata objects whose safe-to-redistribute property 1004 has a value of False. 1006 Type: Boolean 1008 Mandatory-to-Specify: No. Default is comprehensible (i.e., a 1009 value of False). 1011 Example GenericMetadata object containing a metadata object that 1012 applies to the applicable URI path and/or host (within a parent 1013 PathMetadata and/or HostMetadata object, respectively): 1015 { 1016 "mandatory-to-enforce": true, 1017 "safe-to-redistribute": true, 1018 "incomprehensible": false, 1019 "generic-metadata-type": , 1020 "generic-metadata-value": 1021 { 1022 1023 } 1024 } 1026 4.2. Definitions of the initial set of CDNI Generic Metadata objects 1028 The objects defined below are intended to be used in the 1029 GenericMetadata object generic-metadata-value field as defined in 1030 Section 4.1.7 and their generic-metadata-type property MUST be set to 1031 the appropriate CDNI Payload Type as defined in Table 4. 1033 4.2.1. SourceMetadata 1035 Source metadata provides the dCDN with information about content 1036 acquisition, i.e., how to contact an uCDN Surrogate or an Origin 1037 Server to obtain the content to be served. The sources are not 1038 necessarily the actual Origin Servers operated by the CSP but might 1039 be a set of Surrogates in the uCDN. 1041 Property: sources 1043 Description: Sources from which the dCDN can acquire content, 1044 listed in order of preference. 1046 Type: List of Source objects (see Section 4.2.1.1) 1048 Mandatory-to-Specify: No. Default is to use static 1049 configuration, out-of-band from the metadata interface. 1051 Example SourceMetadata object (which contains two Source objects) 1052 that describes which servers the dCDN should use for acquiring 1053 content for the applicable URI path and/or host: 1055 { 1056 "generic-metadata-type": "MI.SourceMetadata", 1057 "generic-metadata-value": 1058 { 1059 "sources": [ 1060 { 1061 "endpoints": [ 1062 "a.service123.ucdn.example", 1063 "b.service123.ucdn.example" 1064 ], 1065 "protocol": "http1.1" 1066 }, 1067 { 1068 "endpoints": ["origin.service123.example"], 1069 "protocol": "http1.1" 1070 } 1071 ] 1072 } 1073 } 1075 4.2.1.1. Source 1077 A Source object describes the source to be used by the dCDN for 1078 content acquisition (e.g., a Surrogate within the uCDN or an 1079 alternate Origin Server), the protocol to be used, and any 1080 authentication method to be used when contacting that source. 1082 Endpoints within a Source object MUST be treated as equivalent/equal. 1083 A uCDN can specify a list of sources in preference order within a 1084 SourceMetadata objecct, and then for each preference ranked Source 1085 object, a uCDN can specify a list of endpoints that are equivalent 1086 (e.g., a pool of servers that are not behind a load balancer). 1088 Property: acquisition-auth 1090 Description: Authentication method to use when requesting 1091 content from this source. 1093 Type: Auth (see Section 4.2.7) 1095 Mandatory-to-Specify: No. Default is no authentication 1096 required. 1098 Property: endpoints 1100 Description: Origins from which the dCDN can acquire content. 1101 If multiple endpoints are specified they are all equal, i.e., 1102 the list is not in preference order (e.g., a pool of servers 1103 behind a load balancer). 1105 Type: List of Endpoint objects (See Section 4.3.3) 1107 Mandatory-to-Specify: Yes. 1109 Property: protocol 1111 Description: Network retrieval protocol to use when requesting 1112 content from this source. 1114 Type: Protocol (see Section 4.3.2) 1116 Mandatory-to-Specify: Yes. 1118 Example Source object that describes a pair of endpoints (servers) 1119 the dCDN can use for acquiring content for the applicable host and/or 1120 URI path: 1122 { 1123 "endpoints": [ 1124 "a.service123.ucdn.example", 1125 "b.service123.ucdn.example" 1126 ], 1127 "protocol": "http1.1" 1128 } 1130 4.2.2. LocationACL Metadata 1132 LocationACL metadata defines which locations a User Agent needs to be 1133 in, in order to be able to receive the associated content. 1135 A LocationACL which does not include a locations property results in 1136 an action of allow all, meaning that delivery can be performed 1137 regardless of the User Agent's location, otherwise a CDN MUST take 1138 the action from the first footprint to match against the User Agent's 1139 location. If two or more footprints overlap, the first footprint 1140 that matches against the User Agent's location determines the action 1141 a CDN MUST take. If the locations property is included but is empty, 1142 or if none of the listed footprints matches the User Agent's 1143 location, then the result is an action of deny. 1145 Although the LocationACL, TimeWindowACL (see Section 4.2.3), and 1146 ProtocolACL (see Section 4.2.4) are independent GenericMetadata 1147 objects, they can provide conflicting information to a dCDN, e.g., a 1148 content request which is simultaneously allowed based on the 1149 LocationACL and denied based on the TimeWindowACL. The dCDN MUST use 1150 the logical AND of all ACLs (where 'allow' is true and 'deny' is 1151 false) to determine whether or not a request should be allowed. 1153 Property: locations 1155 Description: Access control list which allows or denies 1156 (blocks) delivery based on the User Agent's location. 1158 Type: List of LocationRule objects (see Section 4.2.2.1) 1160 Mandatory-to-Specify: No. Default is allow all locations. 1162 Example LocationACL object that allows the dCDN to deliver content to 1163 any location/IP address: 1165 { 1166 "generic-metadata-type": "MI.LocationACL", 1167 "generic-metadata-value": 1168 { 1169 } 1170 } 1172 Example LocationACL object (which contains a LocationRule object 1173 which itself contains a Footprint object) that only allows the dCDN 1174 to deliver content to User Agents in the USA: 1176 { 1177 "generic-metadata-type": "MI.LocationACL", 1178 "generic-metadata-value": 1179 { 1180 "locations": [ 1181 { 1182 "action": "allow", 1183 "footprints": [ 1184 { 1185 "footprint-type": "countrycode", 1186 "footprint-value": ["us"] 1187 } 1188 ] 1189 } 1190 ] 1191 } 1192 } 1194 4.2.2.1. LocationRule 1196 A LocationRule contains or references a list of Footprint objects and 1197 the corresponding action. 1199 Property: footprints 1201 Description: List of footprints to which the rule applies. 1203 Type: List of Footprint objects (see Section 4.2.2.2) 1205 Mandatory-to-Specify: Yes. 1207 Property: action 1209 Description: Defines whether the rule specifies locations to 1210 allow or deny. 1212 Type: Enumeration [allow|deny] encoded as a lowercase string 1214 Mandatory-to-Specify: No. Default is deny. 1216 Example LocationRule object (which contains a Footprint object) that 1217 allows the dCDN to deliver content to clients in the USA: 1219 { 1220 "action": "allow", 1221 "footprints": [ 1222 { 1223 "footprint-type": "countrycode", 1224 "footprint-value": ["us"] 1225 } 1226 ] 1227 } 1228 } 1230 4.2.2.2. Footprint 1232 A Footprint object describes the footprint to which a LocationRule 1233 can be applied to, e.g., an IPv4 address range or a geographic 1234 location. 1236 Property: footprint-type 1238 Description: Registered footprint type (see Section 7.2). The 1239 footprint types specified by this document are: "ipv4cidr" 1240 (IPv4CIDR, see Section 4.3.5), "ipv6cidr" (IPv6CIDR, see 1241 Section 4.3.6), "asn" (Autonomous System Number, see 1242 Section 4.3.7) and "countrycode" (Country Code, see 1243 Section 4.3.8). 1245 Type: Lowercase String 1247 Mandatory-to-Specify: Yes. 1249 Property: footprint-value 1251 Description: List of footprint values conforming to the 1252 specification associated with the registered footprint type. 1253 Footprint values can be simple strings (e.g., IPv4CIDR, 1254 IPv6CIDR, ASN, and CountryCode), however, other Footprint 1255 objects can be defined in the future, along with a more complex 1256 encoding (e.g., GPS coordinate tuples). 1258 Type: List of footprints 1260 Mandatory-to-Specify: Yes. 1262 Example Footprint object describing a footprint covering the USA: 1264 { 1265 "footprint-type": "countrycode", 1266 "footprint-value": ["us"] 1267 } 1269 Example Footprint object describing a footprint covering the IP 1270 address ranges 192.0.2.0/24 and 198.51.100.0/24: 1272 { 1273 "footprint-type": "ipv4cidr", 1274 "footprint-value": ["192.0.2.0/24", "198.51.100.0/24"] 1275 } 1277 4.2.3. TimeWindowACL 1279 TimeWindowACL metadata defines time-based restrictions. 1281 A TimeWindowACL which does not include a times property results in an 1282 action of allow all, meaning that delivery can be performed 1283 regardless of the time of the User Agent's request, otherwise a CDN 1284 MUST take the action from the first window to match against the 1285 current time. If two or more windows overlap, the first window that 1286 matches against the current time determines the action a CDN MUST 1287 take. If the times property is included but is empty, or if none of 1288 the listed windows matches the current time, then the result is an 1289 action of deny. 1291 Although the LocationACL (see Section 4.2.2), TimeWindowACL, and 1292 ProtocolACL (see Section 4.2.4) are independent GenericMetadata 1293 objects, they can provide conflicting information to a dCDN, e.g., a 1294 content request which is simultaneously allowed based on the 1295 LocationACL and denied based on the TimeWindowACL. The dCDN MUST use 1296 the logical AND of all ACLs (where 'allow' is true and 'deny' is 1297 false) to determine whether or not a request should be allowed. 1299 Property: times 1301 Description: Access control list which allows or denies 1302 (blocks) delivery based on the time of a User Agent's request. 1304 Type: List of TimeWindowRule objects (see Section 4.2.3.1) 1306 Mandatory-to-Specify: No. Default is allow all time windows. 1308 Example TimeWIndowACL object (which contains a TimeWindowRule object 1309 which itself contains a TimeWIndow object) that only allows the dCDN 1310 to deliver content to clients between 09:00 01/01/2000 UTC and 17:00 1311 01/01/2000 UTC: 1313 { 1314 "generic-metadata-type": "MI.TimeWindowACL", 1315 "generic-metadata-value": 1316 { 1317 "times": [ 1318 { 1319 "action": "allow", 1320 "windows": [ 1321 { 1322 "start": 946717200, 1323 "end": 946746000 1324 } 1325 ] 1326 } 1327 ] 1328 } 1329 } 1331 4.2.3.1. TimeWindowRule 1333 A TimeWindowRule contains or references a list of TimeWindow objects 1334 and the corresponding action. 1336 Property: windows 1338 Description: List of time windows to which the rule applies. 1340 Type: List of TimeWindow objects (see Section 4.2.3.2) 1342 Mandatory-to-Specify: Yes. 1344 Property: action 1346 Description: Defines whether the rule specifies time windows to 1347 allow or deny. 1349 Type: Enumeration [allow|deny] encoded as a lowercase string 1351 Mandatory-to-Specify: No. Default is deny. 1353 Example TimeWIndowRule object (which contains a TimeWIndow object) 1354 that only allows the dCDN to deliver content to clients between 09:00 1355 01/01/2000 UTC and 17:00 01/01/2000 UTC: 1357 { 1358 "action": "allow", 1359 "windows": [ 1360 { 1361 "start": 946717200, 1362 "end": 946746000 1363 } 1364 ] 1365 } 1367 4.2.3.2. TimeWindow 1369 A TimeWindow object describes a time range which can be applied by an 1370 TimeWindowACL, e.g., start 946717200 (i.e., 09:00 01/01/2000 UTC), 1371 end: 946746000 (i.e., 17:00 01/01/2000 UTC). 1373 Property: start 1375 Description: The start time of the window. 1377 Type: Time (see Section 4.3.4) 1379 Mandatory-to-Specify: Yes. 1381 Property: end 1383 Description: The end time of the window. 1385 Type: Time (see Section 4.3.4) 1387 Mandatory-to-Specify: Yes. 1389 Example TimeWIndow object that describes a time window from 09:00 1390 01/01/2000 UTC to 17:00 01/01/2000 UTC: 1392 { 1393 "start": 946717200, 1394 "end": 946746000 1395 } 1397 4.2.4. ProtocolACL Metadata 1399 ProtocolACL metadata defines delivery protocol restrictions. 1401 A ProtocolACL which does not include a protocol-acl property results 1402 in an action of allow all, meaning that delivery can be performed 1403 regardless of the protocol in the User Agent's request, otherwise a 1404 CDN MUST take the action from the first protocol to match against the 1405 request protocol. If two or more request protocols overlap, the 1406 first protocol that matches the request protocol determines the 1407 action a CDN MUST take. If the protocol-acl property is included but 1408 is empty, or if none of the listed protocol matches the request 1409 protocol, then the result is an action of deny. 1411 Although the LocationACL, TimeWindowACL, and ProtocolACL are 1412 independent GenericMetadata objects, they can provide conflicting 1413 information to a dCDN, e.g., a content request which is 1414 simultaneously allowed based on the ProtocolACL and denied based on 1415 the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs 1416 (where 'allow' is true and 'deny' is false) to determine whether or 1417 not a request should be allowed. 1419 Property: protocol-acl 1421 Description: Description: Access control list which allows or 1422 denies (blocks) delivery based on delivery protocol. 1424 Type: List of ProtocolRule objects (see Section 4.2.4.1) 1426 Mandatory-to-Specify: No. Default is allow all protocols. 1428 Example ProtocolACL object (which contains a ProtocolRule object) 1429 that only allows the dCDN to deliver content using HTTP/1.1: 1431 { 1432 "generic-metadata-type": "MI.ProtocolACL", 1433 "generic-metadata-value": 1434 { 1435 "protocol-acl": [ 1436 { 1437 "action": "allow", 1438 "protocols": ["http1.1"] 1439 } 1440 ] 1441 } 1442 } 1444 4.2.4.1. ProtocolRule 1446 A ProtocolRule contains or references a list of Protocol objects and 1447 the corresponding action. 1449 Property: protocols 1451 Description: List of protocols to which the rule applies. 1453 Type: List of Protocols (see Section 4.3.2) 1455 Mandatory-to-Specify: Yes. 1457 Property: action 1459 Description: Defines whether the rule specifies protocols to 1460 allow or deny. 1462 Type: Enumeration [allow|deny] encoded as a lowercase string 1464 Mandatory-to-Specify: No. Default is deny. 1466 Example ProtocolRule object (which contains a ProtocolRule object) 1467 that allows the dCDN to deliver content using HTTP/1.1: 1469 { 1470 "action": "allow", 1471 "protocols": ["http1.1"] 1472 } 1474 4.2.5. DeliveryAuthorization Metadata 1476 Delivery Authorization defines authorization methods for the delivery 1477 of content to User Agents. 1479 Property: delivery-auth-methods 1481 Description: Options for authorizing content requests. 1482 Delivery for a content request is authorized if any of the 1483 authorization methods in the list is satisfied for that 1484 request. 1486 Type: List of Auth objects (see Section 4.2.7) 1488 Mandatory-to-Specify: No. Default is no authorization 1489 required. 1491 Example DeliveryAuthorization object (which contains an Auth object): 1493 { 1494 "generic-metadata-type": "MI.DeliveryAuthorization", 1495 "generic-metadata-value": 1496 { 1497 "delivery-auth-methods": [ 1498 { 1499 "auth-type": , 1500 "auth-value": 1501 { 1502 1503 } 1504 } 1505 ] 1506 } 1507 } 1509 4.2.6. Cache 1511 A Cache object describes the cache control parameters to be applied 1512 to the content by intermediate caches. 1514 Property: ignore-query-string 1516 Description: Allows a Surrogate to ignore URI query string 1517 parameters when comparing the requested URI against the URIs in 1518 its cache for equivalence. Matching query parameters to ignore 1519 MUST be case-insensitive. Each query parameter to ignore is 1520 specified in the list. If all query parameters should be 1521 ignored, then the list MUST be specified and MUST be empty. 1523 Type: List of String 1525 Mandatory-to-Specify: No. Default is to consider query string 1526 parameters when comparing URIs. 1528 Example Cache object that instructs the dCDN to ignore all query 1529 parameters: 1531 { 1532 "generic-metadata-type": "MI.Cache", 1533 "generic-metadata-value": 1534 { 1535 "ignore-query-string": [] 1536 } 1537 } 1539 Example Cache object that instructs the dCDN to ignore the (case- 1540 insensitive) query parameters named "sessionid" and "random": 1542 { 1543 "generic-metadata-type": "MI.Cache", 1544 "generic-metadata-value": 1545 { 1546 "ignore-query-string": ["sessionid", "random"] 1547 } 1548 } 1550 4.2.7. Auth 1552 An Auth object defines authentication and authorization methods to be 1553 used during content acquisition and content delivery, respectively. 1555 Property: auth-type 1557 Description: Registered Auth type (Section 7.4). 1559 Type: String 1561 Mandatory-to-Specify: Yes. 1563 Property: auth-value 1565 Description: An object conforming to the specification 1566 associated with the Registered Auth type. 1568 Type: GenericMetadata Object 1570 Mandatory-to-Specify: Yes. 1572 Example Auth object: 1574 { 1575 "generic-metadata-type": "MI.Auth", 1576 "generic-metadata-value": 1577 { 1578 "auth-type": , 1579 "auth-value": 1580 { 1581 1582 } 1583 } 1584 } 1586 4.2.8. Grouping 1588 A Grouping object identifies a group of content to which a given 1589 asset belongs. 1591 Property: ccid 1593 Description: Content Collection identifier for an application- 1594 specific purpose such as logging aggregation. 1596 Type: String 1598 Mandatory-to-Specify: No. Default is an empty string. 1600 Example Grouping object that specifies a Content Collection 1601 Identifier for the content associated with the Grouping object's 1602 parent HostMetdata and PathMetadata: 1604 { 1605 "generic-metadata-type": "MI.Grouping", 1606 "generic-metadata-value": 1607 { 1608 "ccid": "ABCD" 1609 } 1610 } 1612 4.3. CDNI Metadata Simple Data Type Descriptions 1614 This section describes the simple data types that are used for 1615 properties of CDNI metadata objects. 1617 4.3.1. Link 1619 A Link object can be used in place of any of the objects or 1620 properties described above. Link objects can be used to avoid 1621 duplication if the same metadata information is repeated within the 1622 metadata tree. When a Link object replaces another object, its href 1623 property is set to the URI of the resource and its type property is 1624 set to the CDNI Payload Type of the object it is replacing. 1626 dCDNs can detect the presence of a Link object by detecting the 1627 presence of a property named "href" within the object. This means 1628 that GenericMetadata types MUST NOT contain a property named "href" 1629 because doing so would conflict with the ability for dCDNs to detect 1630 Link objects being used to reference a GenericMetadata object. 1632 Property: href 1634 Description: The URI of the addressable object being 1635 referenced. 1637 Type: String 1639 Mandatory-to-Specify: Yes. 1641 Property: type 1643 Description: The type of the object being referenced. 1645 Type: String 1647 Mandatory-to-Specify: No. If the container specifies the type 1648 (e.g., the HostIndex object contains a list of HostMatch 1649 objects, so a Link object in the list of HostMatch objects must 1650 reference a HostMatch), then it is not necessary to explicitly 1651 specify a type. 1653 Example Link object referencing a HostMatch object: 1655 { 1656 "type": "MI.HostMatch", 1657 "href": "http://metadata.ucdn.example/hostmatch1234" 1658 } 1660 Example Link object referencing a HostMatch object, without an 1661 explicit type, inside a HostIndex object: 1663 { 1664 "hosts": [ 1665 { 1666 1667 }, 1668 { 1669 "href": "http://metadata.ucdn.example/hostmatch1234" 1670 } 1671 ] 1672 } 1674 4.3.2. Protocol 1676 Protocol objects are used to specify registered protocols for content 1677 acquisition or delivery (see Section 7.3). 1679 Type: String 1681 Example: 1683 "http1.1" 1685 4.3.3. Endpoint 1687 A Hostname (with optional port) or an IP address (with optional 1688 port). 1690 Note: All implementations MUST support IPv4 addresses encoded as 1691 specified by the 'IPv4address' rule in Section 3.2.2 of [RFC3986]. 1692 IPv6 addresses MUST be encoded in one of the IPv6 address formats 1693 specified in [RFC5952] although receivers MUST support all IPv6 1694 address formats specified in [RFC4291]. 1696 Type: String 1698 Example Hostname: 1700 "metadata.ucdn.example" 1702 Example IPv4 address: 1704 "192.0.2.1" 1706 Example IPv6 address (with port number): 1708 "[2001:db8::1]:81" 1710 4.3.4. Time 1712 A time value expressed in seconds since the Unix epoch in the UTC 1713 timezone. 1715 Type: Integer 1717 Example Time representing 09:00 01/01/2000 UTC: 1719 946717200 1721 4.3.5. IPv4CIDR 1723 An IPv4address CIDR block encoded as specified by the 'IPv4address' 1724 rule in Section 3.2.2 of [RFC3986] followed by a / followed by an 1725 unsigned integer representing the leading bits of the routing prefix 1726 (i.e., IPv4 CIDR notation). Single IP addresses can be expressed as 1727 /32. 1729 Type: String 1731 Example IPv4 CIDR: 1733 "192.0.2.0/24" 1735 4.3.6. IPv6CIDR 1737 An IPv6address CIDR block encoded in one of the IPv6 address formats 1738 specified in [RFC5952] followed by a / followed by an unsigned 1739 integer representing the leading bits of the routing prefix (i.e., 1740 IPv6 CIDR notation). Single IP addresses can be expressed as /128. 1742 Type: String 1744 Example IPv6 CIDR: 1746 "2001:db8::/32" 1748 4.3.7. ASN 1750 An Autonomous System Number encoded as a string consisting of the 1751 characters "as" (in lowercase) followed by the Autonomous System 1752 number. 1754 Type: String 1756 Example ASN: 1758 "as64496" 1760 4.3.8. CountryCode 1762 An ISO 3166-1 alpha-2 code [ISO3166-1] in lowercase. 1764 Type: String 1766 Example Country Code representing the USA: 1768 "us" 1770 5. CDNI Metadata Capabilities 1772 CDNI metadata is used to convey information pertaining to content 1773 delivery from uCDN to dCDN. For optional metadata, it can be useful 1774 for the uCDN to know if the dCDN supports the underlying 1775 functionality described by the metadata, prior to delegating any 1776 content requests to the dCDN. If some metadata is "mandatory-to- 1777 enforce", and the dCDN does not support it, any delegated requests 1778 for content that requires that metadata will fail. The uCDN will 1779 likely want to avoid delegating those requests to that dCDN. 1780 Likewise, for any metadata which might be assigned optional values, 1781 it could be useful for the uCDN to know which values a dCDN supports, 1782 prior to delegating any content requests to that dCDN. If the 1783 optional value assigned to a given piece of content's metadata is not 1784 supported by the dCDN, any delegated requests for that content can 1785 fail, so again the uCDN is likely to want to avoid delegating those 1786 requests to that dCDN. 1788 The CDNI Footprint and Capabilities Interface (FCI) provides a means 1789 of advertising capabilities from dCDN to uCDN [RFC7336]. Support for 1790 optional metadata types and values can be advertised using the FCI. 1792 6. CDNI Metadata interface 1794 This section specifies an interface to enable a dCDN to retrieve CDNI 1795 metadata objects from a uCDN. 1797 The interface can be used by a dCDN to retrieve CDNI metadata objects 1798 either: 1800 o Dynamically as required by the dCDN to process received requests. 1801 For example in response to a query from an uCDN over the CDNI 1802 Request Routing Redirection interface (RI) 1803 [I-D.ietf-cdni-redirection] or in response to receiving a request 1804 for content from a User Agent. Or; 1806 o In advance of being required. For example in the case of pre- 1807 positioned CDNI metadata acquisition, initiated through the "CDNI 1808 Control interface / Triggers" (CI/T) interface 1809 [I-D.ietf-cdni-control-triggers]. 1811 The CDNI metadata interface is built on the principles of HTTP web 1812 services. In particular, this means that requests and responses over 1813 the interface are built around the transfer of representations of 1814 hyperlinked resources. A resource in the context of the CDNI 1815 metadata interface is any object in the object model (as described in 1816 Section 3 and Section 4). 1818 To retrieve CDNI metadata, a CDNI metadata client (i.e., a client in 1819 the dCDN) first makes a HTTP GET request for the URI of the HostIndex 1820 which provides the CDNI metadata client with a list of Hostnames for 1821 which the uCDN can delegate content delivery to the dCDN. The CDNI 1822 metadata client can then obtain any other CDNI metadata objects by 1823 making a HTTP GET requests for any linked metadata objects it 1824 requires. 1826 CDNI metadata servers (i.e., servers in the uCDN) are free to assign 1827 whatever structure they desire to the URIs for CDNI metadata objects 1828 and CDNI metadata clients MUST NOT make any assumptions regarding the 1829 structure of CDNI metadata URIs or the mapping between CDNI metadata 1830 objects and their associated URIs. Therefore any URIs present in the 1831 examples in this document are purely illustrative and are not 1832 intended to impose a definitive structure on CDNI metadata interface 1833 implementations. 1835 6.1. Transport 1837 The CDNI metadata interface uses HTTP as the underlying protocol 1838 transport. 1840 The HTTP Method in the request defines the operation the request 1841 would like to perform. A server implementation of the CDNI metadata 1842 interface MUST support the HTTP GET and HEAD methods. 1844 The corresponding HTTP Response returns the status of the operation 1845 in the HTTP Status Code and returns the current representation of the 1846 resource (if appropriate) in the Response Body. HTTP Responses that 1847 contain a response body SHOULD include an ETag to enable validation 1848 of cached versions of returned resources. 1850 The CDNI metadata interface specified in this document is a read-only 1851 interface. Therefore support for other HTTP methods such as PUT, 1852 POST, DELETE, etc. is not specified. A server implementation of the 1853 CDNI metadata interface SHOULD reject all methods other than GET and 1854 HEAD. 1856 As the CDNI metadata interface builds on top of HTTP, CDNI metadata 1857 server implementations MAY make use of any HTTP feature when 1858 implementing the CDNI metadata interface, for example, a CDNI 1859 metadata server MAY make use of HTTP's caching mechanisms to indicate 1860 that the returned response/representation can be reused without re- 1861 contacting the CDNI metadata server. 1863 6.2. Retrieval of CDNI Metadata resources 1865 In the general case, a CDNI metadata server makes CDNI metadata 1866 objects available via a unique URIs and thus, in order to retrieve 1867 CDNI metadata, a CDNI metadata client first makes a HTTP GET request 1868 for the URI of the HostIndex which provides a list of Hostnames for 1869 which the uCDN can delegate content delivery to the dCDN. 1871 In order to retrieve the CDNI metadata for a particular request the 1872 CDNI metadata client processes the received HostIndex object and 1873 finds the corresponding HostMetadata entry (by matching the hostname 1874 in the request against the hostnames listed in the HostMatch 1875 objects). If the HostMetadata is linked (rather than embedded), the 1876 CDNI metadata client then makes a GET request for the URI specified 1877 in the href property of the Link object which points to the 1878 HostMetadata object itself. 1880 In order to retrieve the most specific metadata for a particular 1881 request, the CDNI metadata client inspects the HostMetadata for 1882 references to more specific PathMetadata objects (by matching the URI 1883 path in the request against the path-patterns in any PathMatch 1884 objects listed in the HostMetadata object). If any PathMetadata are 1885 found to match (and are linked rather than embedded), the CDNI 1886 metadata client makes another GET request for the PathMetadata. Each 1887 PathMetadata object can also include references to yet more specific 1888 metadata. If this is the case, the CDNI metadata client continues 1889 requesting PathMatch and PathMetadata objects recursively. The CDNI 1890 metadata client repeats this approach of processing metadata objects 1891 and retrieving (via HTTP GETs) any linked objects until it has all 1892 the metadata objects it requires in order to process the redirection 1893 request from an uCDN or the content request from a User Agent. 1895 In cases where a dCDN is not able to retrieve the entire set of CDNI 1896 metadata associated with a User Agent request, for example because 1897 the uCDN is unreachable or returns a HTTP 4xx or 5xx status in 1898 response to some or all of the dCDN's CDNI metadata requests, the 1899 dCDN MUST NOT serve the requested content unless the dCDN has stale 1900 versions of all the required metadata and the stale-if-error Cache- 1901 Control extension [RFC5861] was included in all previous responses 1902 that are required but cannot currently be retrieved. The dCDN can 1903 continue to serve other content for which it can retrieve (or for 1904 which it has fresh responses cached) all the required metadata even 1905 if some non-applicable part of the metadata tree is missing. 1907 Where a dCDN is interconnected with multiple uCDNs, the dCDN needs to 1908 determine which uCDN's CDNI metadata should be used to handle a 1909 particular User Agent request. 1911 When application level redirection (e.g., HTTP 302 redirects) is 1912 being used between CDNs, it is expected that the dCDN will be able to 1913 determine the uCDN that redirected a particular request from 1914 information contained in the received request (e.g., via the URI). 1915 With knowledge of which uCDN routed the request, the dCDN can choose 1916 the correct uCDN from which to obtain the HostIndex. Note that the 1917 HostIndexes served by each uCDN can be unique. 1919 In the case of DNS redirection there is not always sufficient 1920 information carried in the DNS request from User Agents to determine 1921 the uCDN that redirected a particular request (e.g., when content 1922 from a given host is redirected to a given dCDN by more than one 1923 uCDN) and therefore dCDNs will have to apply local policy when 1924 deciding which uCDN's metadata to apply. 1926 6.3. Bootstrapping 1928 The URI for the HostIndex object of a given uCDN needs to be either 1929 configured in, or discovered by, the dCDN. All other objects/ 1930 resources are then discoverable from the HostIndex object by 1931 following any links in the HostIndex object and through the 1932 referenced HostMetadata and PathMetadata objects and their 1933 GenericMetadata sub-objects. 1935 If the URI for the HostIndex object is not manually configured in the 1936 dCDN then the HostIndex URI could be discovered. A mechanism 1937 allowing the dCDN to discover the URI of the HostIndex is outside the 1938 scope of this document. 1940 6.4. Encoding 1942 CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] 1943 containing a dictionary of (key,value) pairs where the keys are the 1944 property names and the values are the associated property values. 1946 The keys of the dictionary are the names of the properties associated 1947 with the object and are therefore dependent on the specific object 1948 being encoded (i.e., dependent on the CDNI Payload Type of the 1949 returned resource). Likewise, the values associated with each 1950 property (dictionary key) are dependent on the specific object being 1951 encoded (i.e., dependent on the CDNI Payload Type of the returned 1952 resource). 1954 Dictionary keys (properties) in I-JSON are case sensitive. By 1955 convention any dictionary key (property) defined by this document 1956 (for example the names of CDNI metadata object properties) MUST be 1957 lowercase. 1959 6.5. Extensibility 1961 The set of GenericMetadata objects can be extended with additional 1962 (standards based or vendor specific) metadata objects through the 1963 specification of new GenericMetadata objects. The GenericMetadata 1964 object defined in Section 4.1.7 specifies a type field and a type- 1965 specific value field that allows any metadata to be included in 1966 either the HostMetadata or PathMetadata lists. 1968 As with the initial GenericMetadata types defined in Section 4.2, 1969 future GenericMetadata types MUST specify the information necessary 1970 for constructing and decoding the GenericMetadata object. 1972 Any document which defines a new GenericMetadata type MUST: 1974 1. Specify and register the CDNI Payload Type [RFC7736] used to 1975 identify the new GenericMetadata type being specified. 1977 2. Define the set of properties associated with the new 1978 GenericMetadata object. GenericMetadata MUST NOT contain a 1979 property named "href" because doing so would conflict with the 1980 ability to detect Link objects (see Section 4.3.1). 1982 3. Define a name, description, type, and whether or not the property 1983 is mandatory-to-specify. 1985 4. Describe the semantics of the new type including its purpose and 1986 example of a use case to which it applies including an example 1987 encoded in I-JSON. 1989 Note: In the case of vendor specific extensions, vendor-identifying 1990 CDNI Payload Type names will decrease the possibility of 1991 GenericMetadata type collisions. 1993 6.6. Metadata Enforcement 1995 At any given time, the set of GenericMetadata types supported by the 1996 uCDN might not match the set of GenericMetadata types supported by 1997 the dCDN. 1999 In cases where a uCDN sends metadata containing a GenericMetadata 2000 type that a dCDN does not support, the dCDN MUST enforce the 2001 semantics of the "mandatory-to-enforce" property. If a dCDN does not 2002 understand or is unable to perform the functions associated with any 2003 "mandatory-to-enforce" metadata, the dCDN MUST NOT service any 2004 requests for the corresponding content. 2006 Note: Ideally, uCDNs would not delegate content requests to a dCDN 2007 that does not support the "mandatory-to-enforce" metadata associated 2008 with the content being requested. However, even if the uCDN has a 2009 priori knowledge of the metadata supported by the dCDN (e.g., via the 2010 FCI or through out-of-band negotiation between CDN operators), 2011 metadata support can fluctuate or be inconsistent (e.g., due to mis- 2012 communication, mis-configuration, or temporary outage). Thus, the 2013 dCDN MUST always evaluate all metadata associated with redirection 2014 and content requests and reject any requests where "mandatory-to- 2015 enforce" metadata associated with the content cannot be enforced. 2017 6.7. Metadata Conflicts 2019 It is possible that new metadata definitions will obsolete or 2020 conflict with existing GenericMetadata (e.g., a future revision of 2021 the CDNI metadata interface could redefine the Auth GenericMetadata 2022 object or a custom vendor extension could implement an alternate Auth 2023 metadata option). If multiple metadata (e.g., MI.Auth.v2, 2024 vendor1.Auth, and vendor2.Auth) all conflict with an existing 2025 GenericMetadata object (i.e., MI.Auth) and all are marked as 2026 "mandatory-to-enforce", it could be ambiguous which metadata should 2027 be applied, especially if the functionality of the metadata overlap. 2029 As described in Section 3.3, metadata override only applies to 2030 metadata objects of the same exact type found in HostMetadata and 2031 nested PathMetadata structures. The CDNI metadata interface does not 2032 support enforcement of dependencies between different metadata types. 2033 It is the responsibility of the CSP and the CDN operators to ensure 2034 that metadata assigned to a given piece of content do not conflict. 2036 Note: Because metadata is inherently ordered in HostMetadata and 2037 PathMetadata lists, as well as in the PathMatch hierarchy, multiple 2038 conflicting metadata types MAY be used, however, metadata hierarchies 2039 SHOULD ensure that independent PathMatch root objects are used to 2040 prevent ambiguous or conflicting metadata definitions. 2042 6.8. Versioning 2044 The version of CDNI metadata objects is conveyed inside the CDNI 2045 Payload Type that is included in the HTTP Content-Type header, for 2046 example: "Content-Type: application/cdni; ptype=MI.HostIndex". We 2047 intentionally omit the ".v1" on the initial versions of metadata, for 2048 simplicity. Subsequent versions of those metadata MUST postpend a 2049 version string (e.g., ".v2"). Upon responding to a request for an 2050 object, a CDNI metadata server MUST include a Content-Type header 2051 with the CDNI Payload Type containing the version number (or 2052 implicitly, version 1) of the object. HTTP requests sent to a 2053 metadata server SHOULD include an Accept header with the CDNI Payload 2054 Type (which includes the version) of the expected object. Metadata 2055 clients can specify multiple CDNI Payload Types in the Accept header, 2056 for example if a metadata client is capable of processing two 2057 different versions of the same type of object (defined by different 2058 CDNI Payload Types) it might decide to include both in the Accept 2059 header. 2061 6.9. Media Types 2063 All CDNI metadata objects use the Media Type "application/cdni". The 2064 CDNI Payload Type for each object then contains the object name of 2065 that object as defined by this document, prefixed with "MI.". 2066 Table 4 lists the CDNI Paylod Type for the metadata objects 2067 (resources) specified in this document. 2069 +-----------------------+--------------------------+ 2070 | Data Object | CDNI Payload Type | 2071 +-----------------------+--------------------------+ 2072 | HostIndex | MI.HostIndex | 2073 | HostMatch | MI.HostMatch | 2074 | HostMetadata | MI.HostMetadata | 2075 | PathMatch | MI.PathMatch | 2076 | PatternMatch | MI.PatternMatch | 2077 | PathMetadata | MI.PathMetadata | 2078 | SourceMetadata | MI.SourceMetadata | 2079 | Source | MI.Source | 2080 | LocationACL | MI.LocationACL | 2081 | LocationRule | MI.LocationRule | 2082 | Footprint | MI.Footprint | 2083 | TimeWindowACL | MI.TimeWindowACL | 2084 | TimeWindowRule | MI.TimeWindowRule | 2085 | TimeWindow | MI.TineWindow | 2086 | ProtocolACL | MI.ProtocolACL | 2087 | ProtocolRule | MI.ProtocolRule | 2088 | DeliveryAuthorization | MI.DeliveryAuthorization | 2089 | Cache | MI.Cache | 2090 | Auth | MI.Auth | 2091 | Grouping | MI.Grouping | 2092 +-----------------------+--------------------------+ 2094 Table 4: CDNI Payload Types for CDNI Metadata objects 2096 6.10. Complete CDNI Metadata Example 2098 A dCDN requests the HostIndex and receive the following object with a 2099 CDNI payload type of "MI.HostIndex": 2101 { 2102 "hosts": [ 2103 { 2104 "host": "video.example.com", 2105 "host-metadata" : { 2106 "type": "MI.HostMetadata", 2107 "href": "http://metadata.ucdn.example/host1234" 2108 } 2109 }, 2110 { 2111 "host": "images.example.com", 2112 "host-metadata" : { 2113 "type": "MI.HostMetadata", 2114 "href": "http://metadata.ucdn.example/host5678" 2115 } 2116 } 2117 ] 2118 } 2120 If the incoming request has a Host header with "video.example.com" 2121 then the dCDN would fetch the HostMetadata object from 2122 "http://metadata.ucdn.example/host1234" expecting a CDNI payload type 2123 of "MI.HostMetadata": 2125 { 2126 "metadata": [ 2127 { 2128 "generic-metadata-type": "MI.SourceMetadata", 2129 "generic-metadata-value": { 2130 "sources": [ 2131 { 2132 "endpoint": "acq1.ucdn.example", 2133 "protocol": "http1.1" 2134 }, 2135 { 2136 "endpoint": "acq2.ucdn.example", 2137 "protocol": "http1.1" 2138 } 2139 ] 2140 } 2141 }, 2142 { 2143 "generic-metadata-type": "MI.LocationACL", 2144 "generic-metadata-value": { 2145 "locations": [ 2146 { 2147 "footprints": [ 2148 { 2149 "footprint-type": "IPv4CIDR", 2150 "footprint-value": "192.0.2.0/24" 2151 } 2152 ], 2153 "action": "deny" 2154 } 2155 ] 2156 } 2157 }, 2158 { 2159 "generic-metadata-type": "MI.ProtocolACL", 2160 "generic-metadata-value": { 2161 "protocol-acl": [ 2162 { 2163 "protocols": [ 2164 "http1.1" 2165 ], 2166 "action": "allow" 2167 } 2168 ] 2169 } 2170 } 2171 ], 2172 "paths": [ 2173 { 2174 "path-pattern": { 2175 "pattern": "/video/trailers/*" 2176 }, 2177 "path-metadata": { 2178 "type": "MI.PathMetadata", 2179 "href": "http://metadata.ucdn.example/host1234/pathABC" 2180 } 2181 }, 2182 { 2183 "path-pattern": { 2184 "pattern": "/video/movies/*" 2185 }, 2186 "path-metadata": { 2187 "type": "MI.PathMetadata", 2188 "href": "http://metadata.ucdn.example/host1234/pathDEF" 2189 } 2190 } 2191 ] 2192 } 2194 Suppose the path of the requested resource matches the "/video/ 2195 movies/*" pattern, the next metadata requested would be for 2196 "http://metadata.ucdn.example/host1234/pathDCE" with an expected CDNI 2197 payload type of "MI.PathMetadata": 2199 { 2200 "metadata": [], 2201 "paths": [ 2202 { 2203 "path-pattern": { 2204 "pattern": "/videos/movies/hd/*" 2205 }, 2206 "path-metadata": { 2207 "type": "MI.PathMetadata", 2208 "href": 2209 "http://metadata.ucdn.example/host1234/pathDEF/path123" 2210 } 2211 } 2212 ] 2213 } 2215 Finally, if the path of the requested resource also matches the 2216 "/videos/movies/hd/*" pattern, the dCDN would also fetch the 2217 following object from "http://metadata.ucdn.example/host1234/pathDEF/ 2218 path123" with CDNI payload type "MI.PathMetadata": 2220 { 2221 "metadata": [ 2222 { 2223 "generic-metadata-type": "MI.TimeWindowACL", 2224 "generic-metadata-value": { 2225 "times": [ 2226 "windows": [ 2227 { 2228 "start": "1213948800", 2229 "end": "1327393200" 2230 } 2231 ], 2232 "action": "allow" 2233 ] 2234 } 2235 } 2236 ] 2237 } 2239 The final set of metadata which applies to the requested resource 2240 includes a SourceMetadata, a LocationACL, a ProtocolACL, and a 2241 TimeWindowACL. 2243 7. IANA Considerations 2245 7.1. CDNI Payload Types 2247 This document requests the registration of the following CDNI Payload 2248 Types under the IANA CDNI Payload Type registry: 2250 +--------------------------+---------------+ 2251 | Payload Type | Specification | 2252 +--------------------------+---------------+ 2253 | MI.HostIndex | RFCthis | 2254 | MI.HostMatch | RFCthis | 2255 | MI.HostMetadata | RFCthis | 2256 | MI.PathMatch | RFCthis | 2257 | MI.PatternMatch | RFCthis | 2258 | MI.PathMetadata | RFCthis | 2259 | MI.SourceMetadata | RFCthis | 2260 | MI.Source | RFCthis | 2261 | MI.LocationACL | RFCthis | 2262 | MI.LocationRule | RFCthis | 2263 | MI.Footprint | RFCthis | 2264 | MI.TimeWindowACL | RFCthis | 2265 | MI.TimeWindowRule | RFCthis | 2266 | MI.TimeWindow | RFCthis | 2267 | MI.ProtocolACL | RFCthis | 2268 | MI.ProtocolRule | RFCthis | 2269 | MI.DeliveryAuthorization | RFCthis | 2270 | MI.Cache | RFCthis | 2271 | MI.Auth | RFCthis | 2272 | MI.Grouping | RFCthis | 2273 +--------------------------+---------------+ 2275 [RFC Editor: Please replace RFCthis with the published RFC number for 2276 this document.] 2278 7.1.1. CDNI MI HostIndex Payload Type 2280 Purpose: The purpose of this payload type is to distinguish HostIndex 2281 MI objects (and any associated capabilitiy advertisement) 2283 Interface: MI/FCI 2285 Encoding: see Section 4.1.1 2287 7.1.2. CDNI MI HostMatch Payload Type 2289 Purpose: The purpose of this payload type is to distinguish HostMatch 2290 MI objects (and any associated capabilitiy advertisement) 2292 Interface: MI/FCI 2294 Encoding: see Section 4.1.2 2296 7.1.3. CDNI MI HostMetadata Payload Type 2298 Purpose: The purpose of this payload type is to distinguish 2299 HostMetadata MI objects (and any associated capabilitiy 2300 advertisement) 2302 Interface: MI/FCI 2304 Encoding: see Section 4.1.3 2306 7.1.4. CDNI MI PathMatch Payload Type 2308 Purpose: The purpose of this payload type is to distinguish PathMatch 2309 MI objects (and any associated capabilitiy advertisement) 2311 Interface: MI/FCI 2313 Encoding: see Section 4.1.4 2315 7.1.5. CDNI MI PatternMatch Payload Type 2317 Purpose: The purpose of this payload type is to distinguish 2318 PatternMatch MI objects (and any associated capabilitiy 2319 advertisement) 2321 Interface: MI/FCI 2323 Encoding: see Section 4.1.5 2325 7.1.6. CDNI MI PathMetadata Payload Type 2327 Purpose: The purpose of this payload type is to distinguish 2328 PathMetadata MI objects (and any associated capabilitiy 2329 advertisement) 2331 Interface: MI/FCI 2333 Encoding: see Section 4.1.6 2335 7.1.7. CDNI MI SourceMetadata Payload Type 2337 Purpose: The purpose of this payload type is to distinguish 2338 SourceMetadata MI objects (and any associated capabilitiy 2339 advertisement) 2341 Interface: MI/FCI 2343 Encoding: see Section 4.2.1 2345 7.1.8. CDNI MI Source Payload Type 2347 Purpose: The purpose of this payload type is to distinguish Source MI 2348 objects (and any associated capabilitiy advertisement) 2350 Interface: MI/FCI 2352 Encoding: see Section 4.2.1.1 2354 7.1.9. CDNI MI LocationACL Payload Type 2356 Purpose: The purpose of this payload type is to distinguish 2357 LocationACL MI objects (and any associated capabilitiy advertisement) 2359 Interface: MI/FCI 2361 Encoding: see Section 4.2.2 2363 7.1.10. CDNI MI LocationRule Payload Type 2365 Purpose: The purpose of this payload type is to distinguish 2366 LocationRule MI objects (and any associated capabilitiy 2367 advertisement) 2369 Interface: MI/FCI 2371 Encoding: see Section 4.2.2.1 2373 7.1.11. CDNI MI Footprint Payload Type 2375 Purpose: The purpose of this payload type is to distinguish Footprint 2376 MI objects (and any associated capabilitiy advertisement) 2378 Interface: MI/FCI 2380 Encoding: see Section 4.2.2.2 2382 7.1.12. CDNI MI TimeWindowACL Payload Type 2384 Purpose: The purpose of this payload type is to distinguish 2385 TimeWindowACL MI objects (and any associated capabilitiy 2386 advertisement) 2388 Interface: MI/FCI 2390 Encoding: see Section 4.2.3 2392 7.1.13. CDNI MI TimeWindowRule Payload Type 2394 Purpose: The purpose of this payload type is to distinguish 2395 TimeWindowRule MI objects (and any associated capabilitiy 2396 advertisement) 2398 Interface: MI/FCI 2400 Encoding: see Section 4.2.3.1 2402 7.1.14. CDNI MI TimeWindow Payload Type 2404 Purpose: The purpose of this payload type is to distinguish 2405 TimeWindow MI objects (and any associated capabilitiy advertisement) 2407 Interface: MI/FCI 2409 Encoding: see Section 4.2.3.2 2411 7.1.15. CDNI MI ProtocolACL Payload Type 2413 Purpose: The purpose of this payload type is to distinguish 2414 ProtocolACL MI objects (and any associated capabilitiy advertisement) 2416 Interface: MI/FCI 2418 Encoding: see Section 4.2.4 2420 7.1.16. CDNI MI ProtocolRule Payload Type 2422 Purpose: The purpose of this payload type is to distinguish 2423 ProtocolRule MI objects (and any associated capabilitiy 2424 advertisement) 2426 Interface: MI/FCI 2428 Encoding: see Section 4.2.4.1 2430 7.1.17. CDNI MI DeliveryAuthorization Payload Type 2432 Purpose: The purpose of this payload type is to distinguish 2433 DeliveryAuthorization MI objects (and any associated capabilitiy 2434 advertisement) 2436 Interface: MI/FCI 2438 Encoding: see Section 4.2.5 2440 7.1.18. CDNI MI Cache Payload Type 2442 Purpose: The purpose of this payload type is to distinguish Cache MI 2443 objects (and any associated capabilitiy advertisement) 2445 Interface: MI/FCI 2447 Encoding: see Section 4.2.6 2449 7.1.19. CDNI MI Auth Payload Type 2451 Purpose: The purpose of this payload type is to distinguish Auth MI 2452 objects (and any associated capabilitiy advertisement) 2454 Interface: MI/FCI 2456 Encoding: see Section 4.2.7 2458 7.1.20. CDNI MI Grouping Payload Type 2460 Purpose: The purpose of this payload type is to distinguish Grouping 2461 MI objects (and any associated capabilitiy advertisement) 2463 Interface: MI/FCI 2465 Encoding: see Section 4.2.8 2467 7.2. CDNI Metadata Footprint Types Registry 2469 The IANA is requested to create a new "CDNI Metadata Footprint Types" 2470 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2471 Parameters" registry. The "CDNI Metadata Footprint Types" namespace 2472 defines the valid Footprint object type values used by the Footprint 2473 object in Section 4.2.2.2. Additions to the Footprint type namespace 2474 conform to the "Specification Required" policy as defined in 2475 [RFC5226]. The designated expert will verify that new type 2476 definitions do not duplicate existing type definitions and prevent 2477 gratuitous additions to the namespace. New registrations are 2478 required to provide a clear description of how to interpret new 2479 footprint types. 2481 The following table defines the initial Footprint Registry values: 2483 +----------------+-------------------------------+---------------+ 2484 | Footprint Type | Description | Specification | 2485 +----------------+-------------------------------+---------------+ 2486 | ipv4cidr | IPv4 CIDR address block | RFCthis | 2487 | ipv6cidr | IPv6 CIDR address block | RFCthis | 2488 | asn | Autonomous System (AS) Number | RFCthis | 2489 | countrycode | ISO 3166-1 alpha-2 code | RFCthis | 2490 +----------------+-------------------------------+---------------+ 2492 [RFC Editor: Please replace RFCthis with the published RFC number for 2493 this document.] 2495 7.3. CDNI Metadata Protocol Types Registry 2497 The IANA is requested to create a new "CDNI Metadata Protocol Types" 2498 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2499 Parameters" registry. The "CDNI Metadata Protocol Types" namespace 2500 defines the valid Protocol object values in Section 4.3.2, used by 2501 the SourceMetadata and ProtocolACL objects. Additions to the 2502 Protocol namespace conform to the "Specification Required" policy as 2503 defined in [RFC5226], where the specification defines the Protocol 2504 Type and the protocol to which it is associated. The designated 2505 expert will verify that new protocol definitions do not duplicate 2506 existing protocol definitions and prevent gratuitous additions to the 2507 namespace. 2509 The following table defines the initial Protocol values corresponding 2510 to the HTTP and HTTPS protocols: 2512 +----------+-----------------------+---------------+----------------+ 2513 | Protocol | Description | Type | Protocol | 2514 | Type | | Specification | Specification | 2515 +----------+-----------------------+---------------+----------------+ 2516 | http1.1 | Hypertext Transfer | RFCthis | RFC7230 | 2517 | | Protocol -- HTTP/1.1 | | | 2518 | https1.1 | HTTP/1.1 Over TLS | RFCthis | RFC2818 | 2519 +----------+-----------------------+---------------+----------------+ 2521 [RFC Editor: Please replace RFCthis with the published RFC number for 2522 this document.] 2524 7.4. CDNI Metadata Auth Types Registry 2526 The IANA is requested to create a new "CDNI Metadata Auth Types" 2527 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2528 Parameters" registry. The "CDNI Metadata Auth Type" namespace 2529 defines the valid Auth object types used by the Auth object in 2530 Section 4.2.7. Additions to the Auth Type namespace conform to the 2531 "Specification Required" policy as defined in [RFC5226]. The 2532 designated expert will verify that new type definitions do not 2533 duplicate existing type definitions and prevent gratuitous additions 2534 to the namespace. New registrations are required to provide a clear 2535 description of what information the uCDN is required to provide to 2536 the dCDN, as well as the procedures the dCDN is required to perform 2537 to authorize and/or authenticate content requests. 2539 The registry will initially be unpopulated: 2541 +-----------+-------------+---------------+ 2542 | Auth Type | Description | Specification | 2543 +-----------+-------------+---------------+ 2544 +-----------+-------------+---------------+ 2546 8. Security Considerations 2548 8.1. Authentication 2550 Unauthorized access to metadata could result in denial of service. A 2551 malicious metadata server, proxy server, or an attacker performing a 2552 "man in the middle" attack could provide malicious metadata to a dCDN 2553 that either: 2555 o Denies service for one or more pieces of content to one or more 2556 User Agents; or 2558 o Directs dCDNs to contact malicious origin servers instead of the 2559 actual origin servers. 2561 Unauthorized access to metadata could also enable a malicious 2562 metadata client to continuously issue metadata requests in order to 2563 overload a uCDN's metadata server(s). 2565 Unauthorized access to metadata could result in leakage of private 2566 information. A malicious metadata client could request metadata in 2567 order to gain access to origin servers, as well as information 2568 pertaining to content restrictions. 2570 An implementation of the CDNI metadata interface SHOULD use mutual 2571 authentication to prevent unauthorized access to metadata. 2573 8.2. Confidentiality 2575 Unauthorized viewing of metadata could result in leakage of private 2576 information. A third party could intercept metadata transactions in 2577 order to gain access to origin servers, as well as information 2578 pertaining to content restrictions. 2580 An implementation of the CDNI metadata interface SHOULD use strong 2581 encryption to prevent unauthorized interception of metadata. 2583 8.3. Integrity 2585 Unauthorized modification of metadata could result in denial of 2586 service. A malicious metadata server, proxy server, or an attacker 2587 performing a "man in the middle" attack could modify metadata 2588 destined to a dCDN in order to deny service for one or more pieces of 2589 content to one or more user agents. A malicious metadata server, 2590 proxy server, or an attacker performing a "Man in the middle" attack 2591 could also modify metadata so that dCDNs are directed to contact to 2592 malicious origin servers instead of the actual origin servers. 2594 An implementation of the CDNI metadata interface SHOULD use strong 2595 encryption and mutual authentication to prevent unauthorized 2596 modification of metadata. 2598 8.4. Privacy 2600 Content provider origin and policy information is conveyed through 2601 the CDNI metadata interface. The distribution of this information to 2602 another CDN could introduce potential privacy concerns for some 2603 content providers, for example, dCDNs accepting content requests for 2604 a content provider's content might be able to obtain additional 2605 information and usage patterns relating to the users of a content 2606 provider's services. Content providers with such concerns can 2607 instruct their CDN partners not to use CDN interconnects when 2608 delivering that content provider's content. 2610 An attacker performing a "man in the middle" attack could monitor 2611 metadata in order to obtain usage patterns relating to the users of a 2612 content provider's services. 2614 An implementation of the CDNI metadata interface SHOULD use strong 2615 encryption and mutual authentication to prevent unauthorized 2616 monitoring of metadata. 2618 8.5. Securing the CDNI Metadata interface 2620 An implementation of the CDNI metadata interface MUST support TLS 2621 transport as per [RFC2818] and [RFC7230]. The use of TLS for 2622 transport of the CDNI metadata interface messages allows: 2624 o The dCDN and uCDN to authenticate each other. 2626 and, once they have mutually authenticated each other, it allows: 2628 o The dCDN and uCDN to authorize each other (to ensure they are 2629 transmitting/receiving CDNI metadata requests and responses from 2630 an authorized CDN); 2632 o CDNI metadata interface requests and responses to be transmitted 2633 with confidentiality; and 2635 o The integrity of the CDNI metadata interface requests and 2636 responses to be protected during the exchange. 2638 In an environment where any such protection is required, TLS MUST be 2639 used (including authentication of the remote end) by the server-side 2640 (uCDN) and the client-side (dCDN) of the CDNI metadata interface 2641 unless alternate methods are used for ensuring the confidentiality of 2642 the information in the CDNI metadata interface requests and responses 2643 (such as setting up an IPsec tunnel between the two CDNs or using a 2644 physically secured internal network between two CDNs that are owned 2645 by the same corporate entity). 2647 When TLS is used, the general TLS usage guidance in [RFC7525] MUST be 2648 followed. 2650 9. Acknowledgements 2652 The authors would like to thank David Ferguson, Francois Le Faucheur, 2653 Jan Seedorf and Matt Miller for their valuable comments and input to 2654 this document. 2656 10. Contributing Authors 2658 [RFC Editor Note: Please move the contents of this section to the 2659 Authors' Addresses section prior to publication as an RFC.] 2660 Grant Watson 2661 Velocix (Alcatel-Lucent) 2662 3 Ely Road 2663 Milton, Cambridge CB24 6AA 2664 UK 2666 Email: gwatson@velocix.com 2668 Kent Leung 2669 Cisco Systems 2670 3625 Cisco Way 2671 San Jose, 95134 2672 USA 2674 Email: kleung@cisco.com 2676 11. References 2678 11.1. Normative References 2680 [ISO3166-1] 2681 "https://www.iso.org/obp/ui/#search". 2683 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2684 Requirement Levels", BCP 14, RFC 2119, 2685 DOI 10.17487/RFC2119, March 1997, 2686 . 2688 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 2689 Resource Identifier (URI): Generic Syntax", STD 66, 2690 RFC 3986, DOI 10.17487/RFC3986, January 2005, 2691 . 2693 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 2694 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2695 2006, . 2697 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 2698 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 2699 DOI 10.17487/RFC5226, May 2008, 2700 . 2702 [RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale 2703 Content", RFC 5861, DOI 10.17487/RFC5861, May 2010, 2704 . 2706 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 2707 Address Text Representation", RFC 5952, 2708 DOI 10.17487/RFC5952, August 2010, 2709 . 2711 [RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content 2712 Distribution Network Interconnection (CDNI) Problem 2713 Statement", RFC 6707, DOI 10.17487/RFC6707, September 2714 2012, . 2716 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 2717 Protocol (HTTP/1.1): Message Syntax and Routing", 2718 RFC 7230, DOI 10.17487/RFC7230, June 2014, 2719 . 2721 [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, 2722 "Recommendations for Secure Use of Transport Layer 2723 Security (TLS) and Datagram Transport Layer Security 2724 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 2725 2015, . 2727 11.2. Informative References 2729 [I-D.ietf-cdni-control-triggers] 2730 Murray, R. and B. Niven-Jenkins, "CDNI Control Interface / 2731 Triggers", draft-ietf-cdni-control-triggers-12 (work in 2732 progress), March 2016. 2734 [I-D.ietf-cdni-redirection] 2735 Niven-Jenkins, B. and R. Brandenburg, "Request Routing 2736 Redirection interface for CDN Interconnection", draft- 2737 ietf-cdni-redirection-17 (work in progress), February 2738 2016. 2740 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 2741 DOI 10.17487/RFC2818, May 2000, 2742 . 2744 [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed., 2745 "Framework for Content Distribution Network 2746 Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336, 2747 August 2014, . 2749 [RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution 2750 Network Interconnection (CDNI) Requirements", RFC 7337, 2751 DOI 10.17487/RFC7337, August 2014, 2752 . 2754 [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, 2755 DOI 10.17487/RFC7493, March 2015, 2756 . 2758 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 2759 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 2760 DOI 10.17487/RFC7540, May 2015, 2761 . 2763 [RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI) 2764 Media Type Registration", RFC 7736, DOI 10.17487/RFC7736, 2765 December 2015, . 2767 Authors' Addresses 2769 Ben Niven-Jenkins 2770 Velocix (Alcatel-Lucent) 2771 3 Ely Road 2772 Milton, Cambridge CB24 6AA 2773 UK 2775 Email: ben@velocix.com 2777 Rob Murray 2778 Velocix (Alcatel-Lucent) 2779 3 Ely Road 2780 Milton, Cambridge CB24 6AA 2781 UK 2783 Email: rmurray@velocix.com 2785 Matt Caulfield 2786 Cisco Systems 2787 1414 Massachusetts Avenue 2788 Boxborough, MA 01719 2789 USA 2791 Phone: +1 978 936 9307 2792 Email: mcaulfie@cisco.com 2793 Kevin J. Ma 2794 Ericsson 2795 43 Nagog Park 2796 Acton, MA 01720 2797 USA 2799 Phone: +1 978-844-5100 2800 Email: kevin.j.ma@ericsson.com