idnits 2.17.1 draft-ietf-cdni-metadata-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 11, 2016) is 2848 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Object' is mentioned on line 342, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO3166-1' ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 5861 ** Downref: Normative reference to an Informational RFC: RFC 6707 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7525 (Obsoleted by RFC 9325) == Outdated reference: A later version (-20) exists of draft-ietf-cdni-redirection-18 -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7540 (Obsoleted by RFC 9113) Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group B. Niven-Jenkins 3 Internet-Draft R. Murray 4 Intended status: Standards Track Velocix (Alcatel-Lucent) 5 Expires: December 13, 2016 M. Caulfield 6 Cisco Systems 7 K. Ma 8 Ericsson 9 June 11, 2016 11 CDN Interconnection Metadata 12 draft-ietf-cdni-metadata-18 14 Abstract 16 The Content Delivery Networks Interconnection (CDNI) metadata 17 interface enables interconnected Content Delivery Networks (CDNs) to 18 exchange content distribution metadata in order to enable content 19 acquisition and delivery. The CDNI metadata associated with a piece 20 of content provides a downstream CDN with sufficient information for 21 the downstream CDN to service content requests on behalf of an 22 upstream CDN. This document describes both a base set of CDNI 23 metadata and the protocol for exchanging that metadata. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in RFC 2119 [RFC2119]. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on December 13, 2016. 48 Copyright Notice 50 Copyright (c) 2016 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 66 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 67 1.2. Supported Metadata Capabilities . . . . . . . . . . . . . 5 68 2. Design Principles . . . . . . . . . . . . . . . . . . . . . . 6 69 3. CDNI Metadata object model . . . . . . . . . . . . . . . . . 7 70 3.1. HostIndex, HostMatch, HostMetadata, PathMatch, 71 PatternMatch and PathMetadata objects . . . . . . . . . . 8 72 3.2. Generic CDNI Metadata Objects . . . . . . . . . . . . . . 10 73 3.3. Metadata Inheritance and Override . . . . . . . . . . . . 13 74 4. CDNI Metadata objects . . . . . . . . . . . . . . . . . . . . 14 75 4.1. Definitions of the CDNI structural metadata objects . . . 15 76 4.1.1. HostIndex . . . . . . . . . . . . . . . . . . . . . . 15 77 4.1.2. HostMatch . . . . . . . . . . . . . . . . . . . . . . 16 78 4.1.3. HostMetadata . . . . . . . . . . . . . . . . . . . . 17 79 4.1.4. PathMatch . . . . . . . . . . . . . . . . . . . . . . 18 80 4.1.5. PatternMatch . . . . . . . . . . . . . . . . . . . . 19 81 4.1.6. PathMetadata . . . . . . . . . . . . . . . . . . . . 20 82 4.1.7. GenericMetadata . . . . . . . . . . . . . . . . . . . 21 83 4.2. Definitions of the initial set of CDNI Generic Metadata 84 objects . . . . . . . . . . . . . . . . . . . . . . . . . 23 85 4.2.1. SourceMetadata . . . . . . . . . . . . . . . . . . . 23 86 4.2.1.1. Source . . . . . . . . . . . . . . . . . . . . . 24 87 4.2.2. LocationACL Metadata . . . . . . . . . . . . . . . . 25 88 4.2.2.1. LocationRule . . . . . . . . . . . . . . . . . . 27 89 4.2.2.2. Footprint . . . . . . . . . . . . . . . . . . . . 27 90 4.2.3. TimeWindowACL . . . . . . . . . . . . . . . . . . . . 28 91 4.2.3.1. TimeWindowRule . . . . . . . . . . . . . . . . . 29 92 4.2.3.2. TimeWindow . . . . . . . . . . . . . . . . . . . 30 93 4.2.4. ProtocolACL Metadata . . . . . . . . . . . . . . . . 31 94 4.2.4.1. ProtocolRule . . . . . . . . . . . . . . . . . . 32 95 4.2.5. DeliveryAuthorization Metadata . . . . . . . . . . . 32 96 4.2.6. Cache . . . . . . . . . . . . . . . . . . . . . . . . 33 97 4.2.7. Auth . . . . . . . . . . . . . . . . . . . . . . . . 34 98 4.2.8. Grouping . . . . . . . . . . . . . . . . . . . . . . 35 99 4.3. CDNI Metadata Simple Data Type Descriptions . . . . . . . 35 100 4.3.1. Link . . . . . . . . . . . . . . . . . . . . . . . . 35 101 4.3.2. Protocol . . . . . . . . . . . . . . . . . . . . . . 37 102 4.3.3. Endpoint . . . . . . . . . . . . . . . . . . . . . . 37 103 4.3.4. Time . . . . . . . . . . . . . . . . . . . . . . . . 38 104 4.3.5. IPv4CIDR . . . . . . . . . . . . . . . . . . . . . . 38 105 4.3.6. IPv6CIDR . . . . . . . . . . . . . . . . . . . . . . 38 106 4.3.7. ASN . . . . . . . . . . . . . . . . . . . . . . . . . 38 107 4.3.8. CountryCode . . . . . . . . . . . . . . . . . . . . . 39 108 5. CDNI Metadata Capabilities . . . . . . . . . . . . . . . . . 39 109 6. CDNI Metadata interface . . . . . . . . . . . . . . . . . . . 39 110 6.1. Transport . . . . . . . . . . . . . . . . . . . . . . . . 40 111 6.2. Retrieval of CDNI Metadata resources . . . . . . . . . . 41 112 6.3. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 42 113 6.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 42 114 6.5. Extensibility . . . . . . . . . . . . . . . . . . . . . . 43 115 6.6. Metadata Enforcement . . . . . . . . . . . . . . . . . . 44 116 6.7. Metadata Conflicts . . . . . . . . . . . . . . . . . . . 44 117 6.8. Versioning . . . . . . . . . . . . . . . . . . . . . . . 45 118 6.9. Media Types . . . . . . . . . . . . . . . . . . . . . . . 45 119 6.10. Complete CDNI Metadata Example . . . . . . . . . . . . . 46 120 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50 121 7.1. CDNI Payload Types . . . . . . . . . . . . . . . . . . . 50 122 7.1.1. CDNI MI HostIndex Payload Type . . . . . . . . . . . 50 123 7.1.2. CDNI MI HostMatch Payload Type . . . . . . . . . . . 51 124 7.1.3. CDNI MI HostMetadata Payload Type . . . . . . . . . . 51 125 7.1.4. CDNI MI PathMatch Payload Type . . . . . . . . . . . 51 126 7.1.5. CDNI MI PatternMatch Payload Type . . . . . . . . . . 51 127 7.1.6. CDNI MI PathMetadata Payload Type . . . . . . . . . . 51 128 7.1.7. CDNI MI SourceMetadata Payload Type . . . . . . . . . 52 129 7.1.8. CDNI MI Source Payload Type . . . . . . . . . . . . . 52 130 7.1.9. CDNI MI LocationACL Payload Type . . . . . . . . . . 52 131 7.1.10. CDNI MI LocationRule Payload Type . . . . . . . . . . 52 132 7.1.11. CDNI MI Footprint Payload Type . . . . . . . . . . . 52 133 7.1.12. CDNI MI TimeWindowACL Payload Type . . . . . . . . . 53 134 7.1.13. CDNI MI TimeWindowRule Payload Type . . . . . . . . . 53 135 7.1.14. CDNI MI TimeWindow Payload Type . . . . . . . . . . . 53 136 7.1.15. CDNI MI ProtocolACL Payload Type . . . . . . . . . . 53 137 7.1.16. CDNI MI ProtocolRule Payload Type . . . . . . . . . . 53 138 7.1.17. CDNI MI DeliveryAuthorization Payload Type . . . . . 54 139 7.1.18. CDNI MI Cache Payload Type . . . . . . . . . . . . . 54 140 7.1.19. CDNI MI Auth Payload Type . . . . . . . . . . . . . . 54 141 7.1.20. CDNI MI Grouping Payload Type . . . . . . . . . . . . 54 142 7.2. CDNI Metadata Footprint Types Registry . . . . . . . . . 54 143 7.3. CDNI Metadata Protocol Types Registry . . . . . . . . . . 55 144 7.4. CDNI Metadata Auth Types Registry . . . . . . . . . . . . 56 145 8. Security Considerations . . . . . . . . . . . . . . . . . . . 56 146 8.1. Authentication . . . . . . . . . . . . . . . . . . . . . 56 147 8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 57 148 8.3. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 57 149 8.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 57 150 8.5. Securing the CDNI Metadata interface . . . . . . . . . . 58 151 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 58 152 10. Contributing Authors . . . . . . . . . . . . . . . . . . . . 58 153 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 59 154 11.1. Normative References . . . . . . . . . . . . . . . . . . 59 155 11.2. Informative References . . . . . . . . . . . . . . . . . 60 156 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 61 158 1. Introduction 160 Content Delivery Networks Interconnection (CDNI) [RFC6707] enables a 161 downstream Content Delivery Network (dCDN) to service content 162 requests on behalf of an upstream CDN (uCDN). 164 The CDNI metadata interface is discussed in [RFC7336] along with four 165 other interfaces that can be used to compose a CDNI solution (CDNI 166 Control interface, CDNI Request Routing Redirection interface, CDNI 167 Footprint & Capabilities Advertisement interface and CDNI Logging 168 interface). [RFC7336] describes each interface and the relationships 169 between them. The requirements for the CDNI metadata interface are 170 specified in [RFC7337]. 172 The CDNI metadata associated with a piece of content (or with a set 173 of content) provides a dCDN with sufficient information for servicing 174 content requests on behalf of an uCDN, in accordance with the 175 policies defined by the uCDN. 177 This document defines the CDNI metadata interface which enables a 178 dCDN to obtain CDNI metadata from an uCDN so that the dCDN can 179 properly process and respond to: 181 o Redirection requests received over the CDNI Request Routing 182 Redirection interface [I-D.ietf-cdni-redirection]. 184 o Content requests received directly from User Agents. 186 Specifically, this document specifies: 188 o A data structure for mapping content requests and redirection 189 requests to CDNI metadata objects (Section 3 and Section 4.1). 191 o An initial set of CDNI Generic metadata objects (Section 4.2). 193 o A HTTP web service for the transfer of CDNI metadata (Section 6). 195 1.1. Terminology 197 This document reuses the terminology defined in [RFC6707]. 199 Additionally, the following terms are used throughout this document 200 and are defined as follows: 202 o Object - a collection of properties. 204 o Property - a key and value pair where the key is a property name 205 and the value is the property value or another object. 207 This document uses the phrase "[Object] A contains [Object] B" for 208 simplicity when a strictly accurate phrase would be "[Object] A 209 contains or references (via a Link object) [Object] B". 211 1.2. Supported Metadata Capabilities 213 Only the metadata for a small set of initial capabilities is 214 specified in this document. This set provides the minimum amount of 215 metadata for basic CDN interoperability while still meeting the 216 requirements set forth by [RFC7337]. 218 The following high-level functionality can be configured via the CDNI 219 metadata objects specified in Section 4: 221 o Acquisition Source: Metadata for allowing a dCDN to fetch content 222 from a uCDN. 224 o Delivery Access Control: Metadata for restricting (or permitting) 225 access to content based on any of the following factors: 227 * Location 229 * Time Window 231 * Delivery Protocol 233 o Delivery Authorization: Metadata for authorizing dCDN user agent 234 requests. 236 o Cache Control: Metadata for controlling cache behavior of the 237 dCDN. 239 The metadata encoding described by this document is extensible in 240 order to allow for future additions to this list. 242 The set of metadata specified in this document covers the initial 243 capabilities above. It is only intended to support CDN 244 interconnection for the delivery of content by a dCDN using HTTP/1.1 245 [RFC7230] and for a dCDN to be able to acquire content from a uCDN 246 using either HTTP/1.1 or HTTP/1.1 over TLS [RFC2818]. 248 Supporting CDN interconnection for the delivery of content using 249 unencrypted HTTP/2 [RFC7540] (as well as for a dCDN to acquire 250 content using unencrypted HTTP/2 or HTTP/2 over TLS) requires the 251 registration of these protocol names in the CDNI Metadata Protocol 252 Types registry Section 7.3. 254 Supporting CDN interconnection for the delivery of content using 255 HTTP/1.1 over TLS or HTTP/2 over TLS requires specifying additional 256 metadata objects to carry the properties required to establish a TLS 257 session, for example metadata to describe the certificate to use as 258 part of the TLS handshake. 260 2. Design Principles 262 The CDNI metadata interface was designed to achieve the following 263 objectives: 265 1. Cacheability of CDNI metadata objects; 267 2. Deterministic mapping from redirection requests and content 268 requests to CDNI metadata properties; 270 3. Support for DNS redirection as well as application-specific 271 redirection (for example HTTP redirection); 273 4. Minimal duplication of CDNI metadata; and 275 5. Leveraging of existing protocols. 277 Cacheability can decrease the latency of acquiring metadata while 278 maintaining its freshness, and therefore decrease the latency of 279 serving content requests and redirection requests, without 280 sacrificing accuracy. The CDNI metadata interface uses HTTP and its 281 existing caching mechanisms to achieve CDNI metadata cacheability. 283 Deterministic mappings from content to metadata properties eliminates 284 ambiguity and ensures that policies are applied consistently by all 285 dCDNs. 287 Support for both HTTP and DNS redirection ensures that the CDNI 288 metadata meets the same design principles for both HTTP and DNS based 289 redirection schemes. 291 Minimal duplication of CDNI metadata improves storage efficiency in 292 the CDNs. 294 Leveraging existing protocols avoids reinventing common mechanisms 295 such as data structure encoding (by leveraging I-JSON [RFC7493]) and 296 data transport (by leveraging HTTP [RFC7230]). 298 3. CDNI Metadata object model 300 The CDNI metadata object model describes a data structure for mapping 301 redirection requests and content requests to metadata properties. 302 Metadata properties describe how to acquire content from an uCDN, 303 authorize access to content, and deliver content from a dCDN. The 304 object model relies on the assumption that these metadata properties 305 can be aggregated based on the hostname of the content and 306 subsequently on the resource path (URI) of the content. The object 307 model associates a set of CDNI metadata properties with a Hostname to 308 form a default set of metadata properties for content delivered on 309 behalf of that Hostname. That default set of metadata properties can 310 be overridden by properties that apply to specific paths within a 311 URI. 313 Different Hostnames and URI paths will be associated with different 314 sets of CDNI metadata properties in order to describe the required 315 behaviour when a dCDN surrogate or request router is processing User 316 Agent requests for content at that Hostname and URI path. As a 317 result of this structure, significant commonality could exist between 318 the CDNI metadata properties specified for different Hostnames, 319 different URI paths within a Hostname and different URI paths on 320 different Hostnames. For example the definition of which User Agent 321 IP addresses should be grouped together into a single network or 322 geographic location is likely to be common for a number of different 323 Hostnames; although a uCDN is likely to have several different 324 policies configured to express geo-blocking rules, it is likely that 325 a single geo-blocking policy could be applied to multiple Hostnames 326 delivered through the CDN. 328 In order to enable the CDNI metadata for a given Hostname and URI 329 Path to be decomposed into reusable sets of CDNI metadata properties, 330 the CDNI metadata interface splits the CDNI metadata into separate 331 objects. Efficiency is improved by enabling a single CDNI metadata 332 object (that is shared across Hostname and/or URI paths) to be 333 retrieved and stored by a dCDN once, even if it is referenced by the 334 CDNI metadata for multiple Hostnames and/or URI paths. 336 Important Note: Any CDNI metadata object A that contains another CDNI 337 metadata object B can include a Link object specifying a URI that can 338 be used to retrieve object B, instead of embedding object B within 339 object A. The remainder of this document uses the phrase "[Object] A 340 contains [Object] B" for simplicity when a strictly accurate phrase 341 would be "[Object] A contains or references (via a Link object) 342 [Object] B". It is generally a deployment choice for the uCDN 343 implementation to decide when to embed CDNI metadata objects and when 344 to reference separate resources via Link objects. 346 Section 3.1 introduces a high level description of the HostIndex, 347 HostMatch, HostMetadata, PathMatch, PatternMatch and PathMetadata 348 objects, and describes the relationships between them. 350 Section 3.2 introduces a high level description of the CDNI 351 GenericMetadata object which represents the level at which CDNI 352 metadata override occurs between HostMetadata and PathMetadata 353 objects. 355 Section 4 describes in detail the specific CDNI metadata objects and 356 properties specified by this document which can be contained within a 357 CDNI GenericMetadata object. 359 3.1. HostIndex, HostMatch, HostMetadata, PathMatch, PatternMatch and 360 PathMetadata objects 362 The relationships between the HostIndex, HostMatch, HostMetadata, 363 PathMatch, PatternMatch and PathMetadata objects are described in 364 Figure 1. 366 +---------+ +---------+ +------------+ 367 |HostIndex+-(*)->|HostMatch+-(1)->|HostMetadata+-------(*)------+ 368 +---------+ +---------+ +------+-----+ | 369 | | 370 (*) | 371 | V 372 --> Contains or References V ****************** 373 (1) One and only one +---------+ *Generic Metadata* 374 (*) Zero or more +--->|PathMatch| * Objects * 375 | +----+---++ ****************** 376 | | | ^ 377 (*) (1) (1) +------------+ | 378 | | +->|PatternMatch| | 379 | V +------------+ | 380 | +------------+ | 381 +--+PathMetadata+-------(*)------+ 382 +------------+ 384 Figure 1: Relationships between CDNI Metadata Objects (Diagram 385 Representation) 387 A HostIndex object (see Section 4.1.1) contains a list of HostMatch 388 objects (see Section 4.1.2) that contain Hostnames (and/or IP 389 addresses) for which content requests might be delegated to the dCDN. 390 The HostIndex is the starting point for accessing the uCDN CDNI 391 metadata data store. It enables the dCDN to deterministically 392 discover which CDNI metadata objects it requires in order to deliver 393 a given piece of content. 395 The HostIndex links Hostnames (and/or IP addresses) to HostMetadata 396 objects (see Section 4.1.3) via HostMatch objects. A HostMatch 397 object defines a Hostname (or IP address) to match against a 398 requested host and contains a HostMetadata object. 400 HostMetadata objects contain the default GenericMetadata objects (see 401 Section 4.1.7) required to serve content for that host. When looking 402 up CDNI metadata, the dCDN looks up the requested Hostname (or IP 403 address) against the HostMatch entries in the HostIndex, from there 404 it can find HostMetadata which describes the default metadata 405 properties for each host as well as PathMetadata objects (see 406 Section 4.1.6), via PathMatch objects (see Section 4.1.4). PathMatch 407 objects define patterns, contained inside PatternMatch objects (see 408 Section 4.1.5), to match against the requested URI path. 409 PatternMatch objects contain the pattern strings and flags that 410 describe the URI path that a PathMatch applies to. PathMetadata 411 objects contain the GenericMetadata objects that apply to content 412 requests matching the defined URI path pattern. PathMetadata 413 properties override properties previously defined in HostMetadata or 414 less specific PathMatch paths. PathMetadata objects can contain 415 additional PathMatch objects to recursively define more specific URI 416 paths to which GenericMetadata properties might be applied. 418 A GenericMetadata object contains individual CDNI metadata objects 419 which define the specific policies and attributes needed to properly 420 deliver the associated content. For example, a GenericMetadata 421 object could describe the source from which a CDN can acquire a piece 422 of content. The GenericMetadata object is an atomic unit that can be 423 referenced by HostMetadata or PathMetadata objects. 425 For example, if "example.com" is a content provider, a HostMatch 426 object could include an entry for "example.com" with the URI of the 427 associated HostMetadata object. The HostMetadata object for 428 "example.com" describes the metadata properties which apply to 429 "example.com" and could contain PathMatches for "example.com/ 430 movies/*" and "example.com/music/*", which in turn reference 431 corresponding PathMetadata objects that contain the properties for 432 those more specific URI paths. The PathMetadata object for 433 "example.com/movies/*" describes the properties which apply to that 434 URI path. It could also contain a PathMatch object for 435 "example.com/movies/hd/*" which would reference the corresponding 436 PathMetadata object for the "example.com/movies/hd/" path prefix. 438 The relationships in Figure 1 are also represented in tabular format 439 in Table 1 below. 441 +--------------+----------------------------------------------------+ 442 | Data Object | Objects it contains or references | 443 +--------------+----------------------------------------------------+ 444 | HostIndex | 0 or more HostMatch objects. | 445 | HostMatch | 1 HostMetadata object. | 446 | HostMetadata | 0 or more PathMatch objects. 0 or more | 447 | | GenericMetadata objects. | 448 | PathMatch | 1 PatternMatch object. 1 PathMetadata object. | 449 | PatternMatch | Does not contain or reference any other objects. | 450 | PathMetadata | 0 or more PathMatch objects. 0 or more | 451 | | GenericMetadata objects. | 452 +--------------+----------------------------------------------------+ 454 Table 1: Relationships between CDNI Metadata Objects 455 (Table Representation) 457 3.2. Generic CDNI Metadata Objects 459 The HostMetadata and PathMetadata objects contain other CDNI metadata 460 objects that contain properties which describe how User Agent 461 requests for content should be processed, for example where to 462 acquire the content from, authorization rules that should be applied, 463 geo-blocking restrictions, and so on. Each such CDNI metadata object 464 is a specialization of a CDNI GenericMetadata object. The 465 GenericMetadata object abstracts the basic information required for 466 metadata override and metadata distribution, from the specifics of 467 any given property (i.e., property semantics, enforcement options, 468 etc.). 470 The GenericMetadata object defines the properties contained within it 471 as well as whether or not the properties are "mandatory-to-enforce". 472 If the dCDN does not understand or support a "mandatory-to-enforce" 473 property, the dCDN MUST NOT serve the content. If the property is 474 not "mandatory-to-enforce", then that GenericMetadata object can be 475 safely ignored and the dCDN MUST process the content request in 476 accordance with the rest of the CDNI metadata. 478 Although a CDN MUST NOT serve content to a User Agent if a 479 "mandatory-to-enforce" property cannot be enforced, it could still be 480 "safe-to-redistribute" that metadata to another CDN without 481 modification. For example, in the cascaded CDN case, a transit CDN 482 (tCDN) could pass through "mandatory-to-enforce" metadata to a dCDN. 484 For metadata which does not require customization or translation 485 (i.e., metadata that is "safe-to-redistribute"), the data 486 representation received off the wire MAY be stored and redistributed 487 without being understood or supported by the transit CDN. However, 488 for metadata which requires translation, transparent redistribution 489 of the uCDN metadata values might not be appropriate. Certain 490 metadata can be safely, though perhaps not optimally, redistributed 491 unmodified. For example, source acquisition address might not be 492 optimal if transparently redistributed, but it might still work. 494 Redistribution safety MUST be specified for each GenericMetadata 495 property. If a CDN does not understand or support a given 496 GenericMetadata property that is not "safe-to-redistribute", the CDN 497 MUST set the "incomprehensible" flag to true for that GenericMetadata 498 object before redistributing the metadata. The "incomprehensible" 499 flag signals to a dCDN that the metadata was not properly transformed 500 by the transit CDN. A CDN MUST NOT attempt to use metadata that has 501 been marked as "incomprehensible" by a uCDN. 503 Transit CDNs MUST NOT change the value of "mandatory-to-enforce" or 504 "safe-to-redistribute" when propagating metadata to a dCDN. Although 505 a transit CDN can set the value of "incomprehensible" to true, a 506 transit CDN MUST NOT change the value of "incomprehensible" from true 507 to false. 509 Table 2 describes the action to be taken by a transit CDN (tCDN) for 510 the different combinations of "mandatory-to-enforce" (MtE) and "safe- 511 to-redistribute" (StR) properties, when the tCDN either does or does 512 not understand the metadata in question: 514 +-------+-------+------------+--------------------------------------+ 515 | MtE | StR | Metadata | Action | 516 | | | Understood | | 517 | | | by tCDN | | 518 +-------+-------+------------+--------------------------------------+ 519 | False | True | True | Can serve and redistribute. | 520 | False | True | False | Can serve and redistribute. | 521 | False | False | False | Can serve. MUST set | 522 | | | | "incomprehensible" to True when | 523 | | | | redistributing. | 524 | False | False | True | Can serve. Can redistribute after | 525 | | | | transforming the metadata (if the | 526 | | | | CDN knows how to do so safely), | 527 | | | | otherwise MUST set | 528 | | | | "incomprehensible" to True when | 529 | | | | redistributing. | 530 | True | True | True | Can serve and redistribute. | 531 | True | True | False | MUST NOT serve but can redistribute. | 532 | True | False | True | Can serve. Can redistribute after | 533 | | | | transforming the metadata (if the | 534 | | | | CDN knows how to do so safely), | 535 | | | | otherwise MUST set | 536 | | | | "incomprehensible" to True when | 537 | | | | redistributing. | 538 | True | False | False | MUST NOT serve. MUST set | 539 | | | | "incomprehensible" to True when | 540 | | | | redistributing. | 541 +-------+-------+------------+--------------------------------------+ 543 Table 2: Action to be taken by a tCDN for the different combinations 544 of MtE and StR properties 546 Table 3 describes the action to be taken by a dCDN for the different 547 combinations of "mandatory-to-enforce" (MtE) and "incomprehensible" 548 (Incomp) properties, when the dCDN either does or does not understand 549 the metadata in question: 551 +-------+--------+--------------+-----------------------------------+ 552 | MtE | Incomp | Metadata | Action | 553 | | | Understood | | 554 | | | by dCDN | | 555 +-------+--------+--------------+-----------------------------------+ 556 | False | False | True | Can serve. | 557 | False | True | True | Can serve but MUST NOT | 558 | | | | interpret/apply any metadata | 559 | | | | marked incomprehensible. | 560 | False | False | False | Can serve. | 561 | False | True | False | Can serve but MUST NOT | 562 | | | | interpret/apply any metadata | 563 | | | | marked incomprehensible. | 564 | True | False | True | Can serve. | 565 | True | True | True | MUST NOT serve. | 566 | True | False | False | MUST NOT serve. | 567 | True | True | False | MUST NOT serve. | 568 +-------+--------+--------------+-----------------------------------+ 570 Table 3: Action to be taken by a dCDN for the different combinations 571 of MtE and Incomp properties 573 3.3. Metadata Inheritance and Override 575 In the metadata object model, a HostMetadata object can contain 576 multiple PathMetadata objects (via PathMatch objects). Each 577 PathMetadata object can in turn contain other PathMetadata objects. 578 HostMetadata and PathMetadata objects form an inheritance tree where 579 each node in the tree inherits or overrides the property values set 580 by its parent. 582 GenericMetadata objects of a given type override all GenericMetadata 583 objects of the same type previously defined by any parent object in 584 the tree. GenericMetadata objects of a given type previously defined 585 by a parent object in the tree are inherited when no object of the 586 same type is defined by the child object. For example, if 587 HostMetadata for the host "example.com" contains GenericMetadata 588 objects of type LocationACL and TimeWindowACL, while a PathMetadata 589 object which applies to "example.com/movies/*" defines an alternate 590 GenericMetadata object of type TimeWindowACL, then: 592 o the TimeWindowACL defined in the PathMetadata would override the 593 TimeWindowACL defined in the HostMetadata for all User Agent 594 requests for content under "example.com/movies/", and 596 o the LocationACL defined in the HostMetadata would be inherited for 597 all User Agent requests for content under "example.com/movies/". 599 A single HostMetadata or PathMetadata object MUST NOT contain 600 multiple GenericMetadata objects of the same type. If a list of 601 GenericMetadata contains objects of duplicate types, the receiver 602 MUST ignore all but the first object of each type. 604 4. CDNI Metadata objects 606 Section 4.1 provides the definitions of each metadata object type 607 introduced in Section 3. These metadata objects are described as 608 structural metadata objects as they provide the structure for host 609 and URI path-based inheritance and identify which GenericMetadata 610 objects apply to a given User Agent content request. 612 Section 4.2 provides the definitions for a base set of core metadata 613 objects which can be contained within a GenericMetadata object. 614 These metadata objects govern how User Agent requests for content are 615 handled. GenericMetadata objects can contain other GenericMetadata 616 as properties; these can be referred to as sub-objects). As with all 617 CDNI metadata objects, the value of the GenericMetadata sub-objects 618 can be either a complete serialized representation of the sub-object, 619 or a Link object that contains a URI that can be dereferenced to 620 retrieve the complete serialized representation of the property sub- 621 object. 623 Section 6.5 discusses the ability to extend the base set of 624 GenericMetadata objects specified in this document with additional 625 standards-based or vendor specific GenericMetadata objects that might 626 be defined in the future in separate documents. 628 dCDNs and tCDNs MUST support parsing of all CDNI metadata objects 629 specified in this document. A dCDN does not have to implement the 630 underlying functionality represented by non-structural 631 GenericMetadata objects (though that might restrict the content that 632 a given dCDN will be able to serve). uCDNs as generators of CDNI 633 metadata only need to support generating the CDNI metadata that they 634 need in order to express the policies required by the content they 635 are describing. 637 CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] 638 containing a dictionary of (key,value) pairs where the keys are the 639 property names and the values are the associated property values. 640 See Section 6.4 for more details of the specific encoding rules for 641 CDNI metadata objects. 643 Note: In the following sections, the term "mandatory-to-specify" is 644 used to convey which properties MUST be included for a given 645 structural or GenericMetadata object. When mandatory-to-specify is 646 specified as "Yes" for an individual property, it means that if the 647 object containing that property is included in a metadata response, 648 then the mandatory-to-specify property MUST also be included 649 (directly or by reference) in the response, e.g., a HostMatch 650 property object without a host to match against does not make sense, 651 therefore, the host property is mandatory-to-specify inside a 652 HostMatch object. 654 4.1. Definitions of the CDNI structural metadata objects 656 Each of the sub-sections below describe the structural objects 657 introduced in Section 3.1. 659 4.1.1. HostIndex 661 The HostIndex object is the entry point into the CDNI metadata 662 hierarchy. It contains a list of HostMatch objects. An incoming 663 content request is checked against the Hostname (or IP address) 664 specified by each of the listed HostMatch objects to find the 665 HostMatch object which applies to the request. 667 Property: hosts 669 Description: List of HostMatch objects. Hosts (HostMatch 670 objects) MUST be evaluated in the order they appear and the 671 first HostMatch object that matches the content request being 672 processed MUST be used. 674 Type: List of HostMatch objects 676 Mandatory-to-Specify: Yes. 678 Example HostIndex object containing two HostMatch objects, where the 679 first HostMatch object is embedded and the second HostMatch object is 680 referenced: 682 { 683 "hosts": [ 684 { 685 686 }, 687 { 688 "type": "MI.HostMatch", 689 "href": "http://metadata.ucdn.example/hostmatch1234" 690 } 691 ] 692 } 694 4.1.2. HostMatch 696 The HostMatch object contains a Hostname or IP address to match 697 against content requests. The HostMatch object also contains a 698 HostMetadata object to apply if a match is found. 700 Property: host 702 Description: Hostname or IP address to match against the 703 requested host. In order for a Hostname or IP address in a 704 content request to match the Hostname or IP address in the host 705 property the value from the content request when converted to 706 lowercase MUST be identical to the value of the host property 707 when converted to lowercase. Note: All implementations MUST 708 support IPv4 addresses encoded as specified by the 709 'IPv4address' rule in Section 3.2.2 of [RFC3986]. IPv6 710 addresses MUST be encoded in one of the IPv6 address formats 711 specified in [RFC5952] although receivers MUST support all IPv6 712 address formats specified in [RFC4291]. 714 Type: Endpoint 716 Mandatory-to-Specify: Yes. 718 Property: host-metadata 720 Description: CDNI metadata to apply when delivering content 721 that matches this host. 723 Type: HostMetadata 725 Mandatory-to-Specify: Yes. 727 Example HostMatch object with an embedded HostMetadata object: 729 { 730 "host": "video.example.com", 731 "host-metadata" : { 732 733 } 734 } 736 Example HostMatch object referencing (via a Link object, see 737 Section 4.3.1) a HostMetadata object: 739 { 740 "host": "video.example.com", 741 "host-metadata" : { 742 "type": "MI.HostMetadata", 743 "href": "http://metadata.ucdn.example/host1234" 744 } 745 } 747 4.1.3. HostMetadata 749 A HostMetadata object contains the CDNI metadata properties for 750 content served for a particular host (defined in the HostMatch 751 object) and possibly child PathMatch objects. 753 Property: metadata 755 Description: List of host related metadata. 757 Type: List of GenericMetadata objects 759 Mandatory-to-Specify: Yes. 761 Property: paths 763 Description: Path specific rules. Path patterns (PathMatch 764 objects) MUST be evaluated in the order they appear and the 765 first PathMatch object that matches the content request being 766 processed MUST be used. 768 Type: List of PathMatch objects 770 Mandatory-to-Specify: No. 772 Example HostMetadata object containing a number of embedded 773 GenericMetadata objects that will describe the default metadata for 774 the host and an embedded PathMatch object that contains a path for 775 which metadata exists that overrides the default metadata for the 776 host: 778 { 779 "metadata": [ 780 { 781 782 }, 783 { 784 785 }, 787 ... 789 { 790 791 } 792 ], 793 "paths": [ 794 { 795 796 } 797 ] 798 } 800 4.1.4. PathMatch 802 A PathMatch object contains PatternMatch object with a path to match 803 against a resource's URI path, as well as a PathMetadata object with 804 GenericMetadata to apply if the resource's URI path matches the 805 pattern within the PatternMatch object. 807 Property: path-pattern 809 Description: Pattern to match against the requested resource's 810 URI path, i.e., against the [RFC3986] path-absolute. 812 Type: PatternMatch 814 Mandatory-to-Specify: Yes. 816 Property: path-metadata 818 Description: CDNI metadata to apply when delivering content 819 that matches the associated PatternMatch. 821 Type: PathMetadata 823 Mandatory-to-Specify: Yes. 825 Example PathMatch object referencing the PathMetadata object to use 826 for URIs that match the case-sensitive URI path pattern "/movies/*" 827 (contained within an embedded PatternMatch object): 829 { 830 "path-pattern": { 831 "pattern": "/movies/*", 832 "case-sensitive": true 833 }, 834 "path-metadata": { 835 "type": "MI.PathMetadata", 836 "href": "http://metadata.ucdn.example/host1234/pathDCE" 837 } 838 } 840 4.1.5. PatternMatch 842 A PatternMatch object contains the pattern string and flags that 843 describe the pattern expression. 845 Property: pattern 847 Description: A pattern for string matching. The pattern can 848 contain the wildcards * and ?, where * matches any sequence of 849 characters (including the empty string) and ? matches exactly 850 one character. The three literals $, * and ? should be escaped 851 as $$, $* and $?. All other characters are treated as literals. 853 Type: String 855 Mandatory-to-Specify: Yes. 857 Property: case-sensitive 859 Description: Flag indicating whether or not case-sensitive 860 matching should be used. Note: Case-insensitivity applies to 861 ALPHA characters in the URI path prior to percent-decoding 862 [RFC3986]. 864 Type: Boolean 866 Mandatory-to-Specify: No. Default is case-insensitive match. 868 Property: ignore-query-string 870 Description: List of query parameters which should be ignored 871 when searching for a pattern match. Matching against query 872 parameters to ignore MUST be case-insensitive. If all query 873 parameters should be ignored then the list MUST be empty. 875 Type: List of String 877 Mandatory-to-Specify: No. Default is to include query strings 878 when matching. 880 Example PatternMatch object that matches the case-sensitive URI path 881 pattern "/movies/*". All query parameters will be ignored when 882 matching URIs requested from surrogates by content clients against 883 this path pattern: 885 { 886 "pattern": "/movies/*", 887 "case-sensitive": true, 888 "ignore-query-string": [] 889 } 891 Example PatternMatch object that matches the case-sensitive URI path 892 pattern "/movies/*". The query parameter "sessionid" will be ignored 893 when matching URIs requested from surrogates by content clients 894 against this path pattern: 896 { 897 "pattern": "/movies/*", 898 "case-sensitive": true, 899 "ignore-query-string": ["sessionid"] 900 } 902 4.1.6. PathMetadata 904 A PathMetadata object contains the CDNI metadata properties for 905 content requests that match against the associated URI path (defined 906 in a PathMatch object). 908 Note that if DNS-based redirection is employed, then a dCDN will be 909 unable to evaulate any metadata at the PathMetadata level or below 910 because only the hostname of the content request is available at 911 request routing time. dCDNs SHOULD still process all PathMetadata for 912 the host before responding to the redirection request to detect if 913 any unsupported metadata is specifed. If any metadata not supported 914 by the dCDN is marked as "mandatory-to-enforce", the dCDN SHOULD NOT 915 accept the content redirection request, in order to avoid receiving 916 content requests that it will not be able to satisfy/serve. 918 Property: metadata 919 Description: List of path related metadata. 921 Type: List of GenericMetadata objects 923 Mandatory-to-Specify: Yes. 925 Property: paths 927 Description: Path specific rules. First match applies. 929 Type: List of PathMatch objects 931 Mandatory-to-Specify: No. 933 Example PathMetadata object containing a number of embedded 934 GenericMetadata objects that describe the metadata to apply for the 935 URI path defined in the parent PathMatch object, as well as a more 936 specific PathMatch object. 938 { 939 "metadata": [ 940 { 941 942 }, 943 { 944 945 }, 947 ... 949 { 950 951 } 952 ], 953 "paths": [ 954 { 955 956 } 957 ] 958 } 960 4.1.7. GenericMetadata 962 A GenericMetadata object is a wrapper for managing individual CDNI 963 metadata properties in an opaque manner. 965 Property: generic-metadata-type 966 Description: Case-insensitive CDNI metadata object type. 968 Type: String containing the CDNI Payload Type [RFC7736] of the 969 object contained in the generic-metadata-value property (see 970 Table 4). 972 Mandatory-to-Specify: Yes. 974 Property: generic-metadata-value 976 Description: CDNI metadata object. 978 Type: Format/Type is defined by the value of generic-metadata- 979 type property above. Note: generic-metadata-values MUST NOT 980 name any properties "href" (see Section 4.3.1). 982 Mandatory-to-Specify: Yes. 984 Property: mandatory-to-enforce 986 Description: Flag identifying whether or not the enforcement of 987 the property metadata is required. 989 Type: Boolean 991 Mandatory-to-Specify: No. Default is to treat metadata as 992 mandatory to enforce (i.e., a value of True). 994 Property: safe-to-redistribute 996 Description: Flag identifying whether or not the property 997 metadata can be safely redistributed without modification. 999 Type: Boolean 1001 Mandatory-to-Specify: No. Default is allow transparent 1002 redistribution (i.e., a value of True). 1004 Property: incomprehensible 1006 Description: Flag identifying whether or not any CDN in the 1007 chain of delegation has failed to understand and/or failed to 1008 properly transform this metadata object. Note: This flag only 1009 applies to metadata objects whose safe-to-redistribute property 1010 has a value of False. 1012 Type: Boolean 1013 Mandatory-to-Specify: No. Default is comprehensible (i.e., a 1014 value of False). 1016 Example GenericMetadata object containing a metadata object that 1017 applies to the applicable URI path and/or host (within a parent 1018 PathMetadata and/or HostMetadata object, respectively): 1020 { 1021 "mandatory-to-enforce": true, 1022 "safe-to-redistribute": true, 1023 "incomprehensible": false, 1024 "generic-metadata-type": , 1025 "generic-metadata-value": 1026 { 1027 1028 } 1029 } 1031 4.2. Definitions of the initial set of CDNI Generic Metadata objects 1033 The objects defined below are intended to be used in the 1034 GenericMetadata object generic-metadata-value field as defined in 1035 Section 4.1.7 and their generic-metadata-type property MUST be set to 1036 the appropriate CDNI Payload Type as defined in Table 4. 1038 4.2.1. SourceMetadata 1040 Source metadata provides the dCDN with information about content 1041 acquisition, i.e., how to contact an uCDN Surrogate or an Origin 1042 Server to obtain the content to be served. The sources are not 1043 necessarily the actual Origin Servers operated by the CSP but might 1044 be a set of Surrogates in the uCDN. 1046 Property: sources 1048 Description: Sources from which the dCDN can acquire content, 1049 listed in order of preference. 1051 Type: List of Source objects (see Section 4.2.1.1) 1053 Mandatory-to-Specify: No. Default is to use static 1054 configuration, out-of-band from the metadata interface. 1056 Example SourceMetadata object (which contains two Source objects) 1057 that describes which servers the dCDN should use for acquiring 1058 content for the applicable URI path and/or host: 1060 { 1061 "generic-metadata-type": "MI.SourceMetadata", 1062 "generic-metadata-value": 1063 { 1064 "sources": [ 1065 { 1066 "endpoints": [ 1067 "a.service123.ucdn.example", 1068 "b.service123.ucdn.example" 1069 ], 1070 "protocol": "http/1.1" 1071 }, 1072 { 1073 "endpoints": ["origin.service123.example"], 1074 "protocol": "http/1.1" 1075 } 1076 ] 1077 } 1078 } 1080 4.2.1.1. Source 1082 A Source object describes the source to be used by the dCDN for 1083 content acquisition (e.g., a Surrogate within the uCDN or an 1084 alternate Origin Server), the protocol to be used, and any 1085 authentication method to be used when contacting that source. 1087 Endpoints within a Source object MUST be treated as equivalent/equal. 1088 A uCDN can specify a list of sources in preference order within a 1089 SourceMetadata objecct, and then for each preference ranked Source 1090 object, a uCDN can specify a list of endpoints that are equivalent 1091 (e.g., a pool of servers that are not behind a load balancer). 1093 Property: acquisition-auth 1095 Description: Authentication method to use when requesting 1096 content from this source. 1098 Type: Auth (see Section 4.2.7) 1100 Mandatory-to-Specify: No. Default is no authentication 1101 required. 1103 Property: endpoints 1105 Description: Origins from which the dCDN can acquire content. 1106 If multiple endpoints are specified they are all equal, i.e., 1107 the list is not in preference order (e.g., a pool of servers 1108 behind a load balancer). 1110 Type: List of Endpoint objects (See Section 4.3.3) 1112 Mandatory-to-Specify: Yes. 1114 Property: protocol 1116 Description: Network retrieval protocol to use when requesting 1117 content from this source. 1119 Type: Protocol (see Section 4.3.2) 1121 Mandatory-to-Specify: Yes. 1123 Example Source object that describes a pair of endpoints (servers) 1124 the dCDN can use for acquiring content for the applicable host and/or 1125 URI path: 1127 { 1128 "endpoints": [ 1129 "a.service123.ucdn.example", 1130 "b.service123.ucdn.example" 1131 ], 1132 "protocol": "http/1.1" 1133 } 1135 4.2.2. LocationACL Metadata 1137 LocationACL metadata defines which locations a User Agent needs to be 1138 in, in order to be able to receive the associated content. 1140 A LocationACL which does not include a locations property results in 1141 an action of allow all, meaning that delivery can be performed 1142 regardless of the User Agent's location, otherwise a CDN MUST take 1143 the action from the first footprint to match against the User Agent's 1144 location. If two or more footprints overlap, the first footprint 1145 that matches against the User Agent's location determines the action 1146 a CDN MUST take. If the locations property is included but is empty, 1147 or if none of the listed footprints matches the User Agent's 1148 location, then the result is an action of deny. 1150 Although the LocationACL, TimeWindowACL (see Section 4.2.3), and 1151 ProtocolACL (see Section 4.2.4) are independent GenericMetadata 1152 objects, they can provide conflicting information to a dCDN, e.g., a 1153 content request which is simultaneously allowed based on the 1154 LocationACL and denied based on the TimeWindowACL. The dCDN MUST use 1155 the logical AND of all ACLs (where 'allow' is true and 'deny' is 1156 false) to determine whether or not a request should be allowed. 1158 Property: locations 1160 Description: Access control list which allows or denies 1161 (blocks) delivery based on the User Agent's location. 1163 Type: List of LocationRule objects (see Section 4.2.2.1) 1165 Mandatory-to-Specify: No. Default is allow all locations. 1167 Example LocationACL object that allows the dCDN to deliver content to 1168 any location/IP address: 1170 { 1171 "generic-metadata-type": "MI.LocationACL", 1172 "generic-metadata-value": 1173 { 1174 } 1175 } 1177 Example LocationACL object (which contains a LocationRule object 1178 which itself contains a Footprint object) that only allows the dCDN 1179 to deliver content to User Agents in the USA: 1181 { 1182 "generic-metadata-type": "MI.LocationACL", 1183 "generic-metadata-value": 1184 { 1185 "locations": [ 1186 { 1187 "action": "allow", 1188 "footprints": [ 1189 { 1190 "footprint-type": "countrycode", 1191 "footprint-value": ["us"] 1192 } 1193 ] 1194 } 1195 ] 1196 } 1197 } 1199 4.2.2.1. LocationRule 1201 A LocationRule contains or references a list of Footprint objects and 1202 the corresponding action. 1204 Property: footprints 1206 Description: List of footprints to which the rule applies. 1208 Type: List of Footprint objects (see Section 4.2.2.2) 1210 Mandatory-to-Specify: Yes. 1212 Property: action 1214 Description: Defines whether the rule specifies locations to 1215 allow or deny. 1217 Type: Enumeration [allow|deny] encoded as a lowercase string 1219 Mandatory-to-Specify: No. Default is deny. 1221 Example LocationRule object (which contains a Footprint object) that 1222 allows the dCDN to deliver content to clients in the USA: 1224 { 1225 "action": "allow", 1226 "footprints": [ 1227 { 1228 "footprint-type": "countrycode", 1229 "footprint-value": ["us"] 1230 } 1231 ] 1232 } 1233 } 1235 4.2.2.2. Footprint 1237 A Footprint object describes the footprint to which a LocationRule 1238 can be applied to, e.g., an IPv4 address range or a geographic 1239 location. 1241 Property: footprint-type 1243 Description: Registered footprint type (see Section 7.2). The 1244 footprint types specified by this document are: "ipv4cidr" 1245 (IPv4CIDR, see Section 4.3.5), "ipv6cidr" (IPv6CIDR, see 1246 Section 4.3.6), "asn" (Autonomous System Number, see 1247 Section 4.3.7) and "countrycode" (Country Code, see 1248 Section 4.3.8). 1250 Type: Lowercase String 1252 Mandatory-to-Specify: Yes. 1254 Property: footprint-value 1256 Description: List of footprint values conforming to the 1257 specification associated with the registered footprint type. 1258 Footprint values can be simple strings (e.g., IPv4CIDR, 1259 IPv6CIDR, ASN, and CountryCode), however, other Footprint 1260 objects can be defined in the future, along with a more complex 1261 encoding (e.g., GPS coordinate tuples). 1263 Type: List of footprints 1265 Mandatory-to-Specify: Yes. 1267 Example Footprint object describing a footprint covering the USA: 1269 { 1270 "footprint-type": "countrycode", 1271 "footprint-value": ["us"] 1272 } 1274 Example Footprint object describing a footprint covering the IP 1275 address ranges 192.0.2.0/24 and 198.51.100.0/24: 1277 { 1278 "footprint-type": "ipv4cidr", 1279 "footprint-value": ["192.0.2.0/24", "198.51.100.0/24"] 1280 } 1282 4.2.3. TimeWindowACL 1284 TimeWindowACL metadata defines time-based restrictions. 1286 A TimeWindowACL which does not include a times property results in an 1287 action of allow all, meaning that delivery can be performed 1288 regardless of the time of the User Agent's request, otherwise a CDN 1289 MUST take the action from the first window to match against the 1290 current time. If two or more windows overlap, the first window that 1291 matches against the current time determines the action a CDN MUST 1292 take. If the times property is included but is empty, or if none of 1293 the listed windows matches the current time, then the result is an 1294 action of deny. 1296 Although the LocationACL (see Section 4.2.2), TimeWindowACL, and 1297 ProtocolACL (see Section 4.2.4) are independent GenericMetadata 1298 objects, they can provide conflicting information to a dCDN, e.g., a 1299 content request which is simultaneously allowed based on the 1300 LocationACL and denied based on the TimeWindowACL. The dCDN MUST use 1301 the logical AND of all ACLs (where 'allow' is true and 'deny' is 1302 false) to determine whether or not a request should be allowed. 1304 Property: times 1306 Description: Access control list which allows or denies 1307 (blocks) delivery based on the time of a User Agent's request. 1309 Type: List of TimeWindowRule objects (see Section 4.2.3.1) 1311 Mandatory-to-Specify: No. Default is allow all time windows. 1313 Example TimeWIndowACL object (which contains a TimeWindowRule object 1314 which itself contains a TimeWIndow object) that only allows the dCDN 1315 to deliver content to clients between 09:00 01/01/2000 UTC and 17:00 1316 01/01/2000 UTC: 1318 { 1319 "generic-metadata-type": "MI.TimeWindowACL", 1320 "generic-metadata-value": 1321 { 1322 "times": [ 1323 { 1324 "action": "allow", 1325 "windows": [ 1326 { 1327 "start": 946717200, 1328 "end": 946746000 1329 } 1330 ] 1331 } 1332 ] 1333 } 1334 } 1336 4.2.3.1. TimeWindowRule 1338 A TimeWindowRule contains or references a list of TimeWindow objects 1339 and the corresponding action. 1341 Property: windows 1343 Description: List of time windows to which the rule applies. 1345 Type: List of TimeWindow objects (see Section 4.2.3.2) 1347 Mandatory-to-Specify: Yes. 1349 Property: action 1351 Description: Defines whether the rule specifies time windows to 1352 allow or deny. 1354 Type: Enumeration [allow|deny] encoded as a lowercase string 1356 Mandatory-to-Specify: No. Default is deny. 1358 Example TimeWIndowRule object (which contains a TimeWIndow object) 1359 that only allows the dCDN to deliver content to clients between 09:00 1360 01/01/2000 UTC and 17:00 01/01/2000 UTC: 1362 { 1363 "action": "allow", 1364 "windows": [ 1365 { 1366 "start": 946717200, 1367 "end": 946746000 1368 } 1369 ] 1370 } 1372 4.2.3.2. TimeWindow 1374 A TimeWindow object describes a time range which can be applied by an 1375 TimeWindowACL, e.g., start 946717200 (i.e., 09:00 01/01/2000 UTC), 1376 end: 946746000 (i.e., 17:00 01/01/2000 UTC). 1378 Property: start 1380 Description: The start time of the window. 1382 Type: Time (see Section 4.3.4) 1384 Mandatory-to-Specify: Yes. 1386 Property: end 1388 Description: The end time of the window. 1390 Type: Time (see Section 4.3.4) 1392 Mandatory-to-Specify: Yes. 1394 Example TimeWIndow object that describes a time window from 09:00 1395 01/01/2000 UTC to 17:00 01/01/2000 UTC: 1397 { 1398 "start": 946717200, 1399 "end": 946746000 1400 } 1402 4.2.4. ProtocolACL Metadata 1404 ProtocolACL metadata defines delivery protocol restrictions. 1406 A ProtocolACL which does not include a protocol-acl property results 1407 in an action of allow all, meaning that delivery can be performed 1408 regardless of the protocol in the User Agent's request, otherwise a 1409 CDN MUST take the action from the first protocol to match against the 1410 request protocol. If two or more request protocols overlap, the 1411 first protocol that matches the request protocol determines the 1412 action a CDN MUST take. If the protocol-acl property is included but 1413 is empty, or if none of the listed protocol matches the request 1414 protocol, then the result is an action of deny. 1416 Although the LocationACL, TimeWindowACL, and ProtocolACL are 1417 independent GenericMetadata objects, they can provide conflicting 1418 information to a dCDN, e.g., a content request which is 1419 simultaneously allowed based on the ProtocolACL and denied based on 1420 the TimeWindowACL. The dCDN MUST use the logical AND of all ACLs 1421 (where 'allow' is true and 'deny' is false) to determine whether or 1422 not a request should be allowed. 1424 Property: protocol-acl 1426 Description: Description: Access control list which allows or 1427 denies (blocks) delivery based on delivery protocol. 1429 Type: List of ProtocolRule objects (see Section 4.2.4.1) 1431 Mandatory-to-Specify: No. Default is allow all protocols. 1433 Example ProtocolACL object (which contains a ProtocolRule object) 1434 that only allows the dCDN to deliver content using HTTP/1.1: 1436 { 1437 "generic-metadata-type": "MI.ProtocolACL", 1438 "generic-metadata-value": 1439 { 1440 "protocol-acl": [ 1441 { 1442 "action": "allow", 1443 "protocols": ["http/1.1"] 1444 } 1445 ] 1446 } 1447 } 1449 4.2.4.1. ProtocolRule 1451 A ProtocolRule contains or references a list of Protocol objects and 1452 the corresponding action. 1454 Property: protocols 1456 Description: List of protocols to which the rule applies. 1458 Type: List of Protocols (see Section 4.3.2) 1460 Mandatory-to-Specify: Yes. 1462 Property: action 1464 Description: Defines whether the rule specifies protocols to 1465 allow or deny. 1467 Type: Enumeration [allow|deny] encoded as a lowercase string 1469 Mandatory-to-Specify: No. Default is deny. 1471 Example ProtocolRule object (which contains a ProtocolRule object) 1472 that allows the dCDN to deliver content using HTTP/1.1: 1474 { 1475 "action": "allow", 1476 "protocols": ["http/1.1"] 1477 } 1479 4.2.5. DeliveryAuthorization Metadata 1481 Delivery Authorization defines authorization methods for the delivery 1482 of content to User Agents. 1484 Property: delivery-auth-methods 1486 Description: Options for authorizing content requests. 1487 Delivery for a content request is authorized if any of the 1488 authorization methods in the list is satisfied for that 1489 request. 1491 Type: List of Auth objects (see Section 4.2.7) 1493 Mandatory-to-Specify: No. Default is no authorization 1494 required. 1496 Example DeliveryAuthorization object (which contains an Auth object): 1498 { 1499 "generic-metadata-type": "MI.DeliveryAuthorization", 1500 "generic-metadata-value": 1501 { 1502 "delivery-auth-methods": [ 1503 { 1504 "auth-type": , 1505 "auth-value": 1506 { 1507 1508 } 1509 } 1510 ] 1511 } 1512 } 1514 4.2.6. Cache 1516 A Cache object describes the cache control parameters to be applied 1517 to the content by intermediate caches. 1519 Property: ignore-query-string 1521 Description: Allows a Surrogate to ignore URI query string 1522 parameters [RFC3986] when comparing the requested URI against 1523 the URIs in its cache for equivalence. Matching query 1524 parameters to ignore MUST be case-insensitive. Each query 1525 parameter to ignore is specified in the list. If all query 1526 parameters should be ignored, then the list MUST be specified 1527 and MUST be empty. 1529 Type: List of String 1530 Mandatory-to-Specify: No. Default is to consider query string 1531 parameters when comparing URIs. 1533 Example Cache object that instructs the dCDN to ignore all query 1534 parameters: 1536 { 1537 "generic-metadata-type": "MI.Cache", 1538 "generic-metadata-value": 1539 { 1540 "ignore-query-string": [] 1541 } 1542 } 1544 Example Cache object that instructs the dCDN to ignore the (case- 1545 insensitive) query parameters named "sessionid" and "random": 1547 { 1548 "generic-metadata-type": "MI.Cache", 1549 "generic-metadata-value": 1550 { 1551 "ignore-query-string": ["sessionid", "random"] 1552 } 1553 } 1555 4.2.7. Auth 1557 An Auth object defines authentication and authorization methods to be 1558 used during content acquisition and content delivery, respectively. 1560 Property: auth-type 1562 Description: Registered Auth type (Section 7.4). 1564 Type: String 1566 Mandatory-to-Specify: Yes. 1568 Property: auth-value 1570 Description: An object conforming to the specification 1571 associated with the Registered Auth type. 1573 Type: GenericMetadata Object 1575 Mandatory-to-Specify: Yes. 1577 Example Auth object: 1579 { 1580 "generic-metadata-type": "MI.Auth", 1581 "generic-metadata-value": 1582 { 1583 "auth-type": , 1584 "auth-value": 1585 { 1586 1587 } 1588 } 1589 } 1591 4.2.8. Grouping 1593 A Grouping object identifies a group of content to which a given 1594 asset belongs. 1596 Property: ccid 1598 Description: Content Collection identifier for an application- 1599 specific purpose such as logging aggregation. 1601 Type: String 1603 Mandatory-to-Specify: No. Default is an empty string. 1605 Example Grouping object that specifies a Content Collection 1606 Identifier for the content associated with the Grouping object's 1607 parent HostMetdata and PathMetadata: 1609 { 1610 "generic-metadata-type": "MI.Grouping", 1611 "generic-metadata-value": 1612 { 1613 "ccid": "ABCD" 1614 } 1615 } 1617 4.3. CDNI Metadata Simple Data Type Descriptions 1619 This section describes the simple data types that are used for 1620 properties of CDNI metadata objects. 1622 4.3.1. Link 1624 A Link object can be used in place of any of the objects or 1625 properties described above. Link objects can be used to avoid 1626 duplication if the same metadata information is repeated within the 1627 metadata tree. When a Link object replaces another object, its href 1628 property is set to the URI of the resource and its type property is 1629 set to the CDNI Payload Type of the object it is replacing. 1631 dCDNs can detect the presence of a Link object by detecting the 1632 presence of a property named "href" within the object. This means 1633 that GenericMetadata types MUST NOT contain a property named "href" 1634 because doing so would conflict with the ability for dCDNs to detect 1635 Link objects being used to reference a GenericMetadata object. 1637 Property: href 1639 Description: The URI of the addressable object being 1640 referenced. 1642 Type: String 1644 Mandatory-to-Specify: Yes. 1646 Property: type 1648 Description: The type of the object being referenced. 1650 Type: String 1652 Mandatory-to-Specify: No. If the container specifies the type 1653 (e.g., the HostIndex object contains a list of HostMatch 1654 objects, so a Link object in the list of HostMatch objects must 1655 reference a HostMatch), then it is not necessary to explicitly 1656 specify a type. 1658 Example Link object referencing a HostMatch object: 1660 { 1661 "type": "MI.HostMatch", 1662 "href": "http://metadata.ucdn.example/hostmatch1234" 1663 } 1665 Example Link object referencing a HostMatch object, without an 1666 explicit type, inside a HostIndex object: 1668 { 1669 "hosts": [ 1670 { 1671 1672 }, 1673 { 1674 "href": "http://metadata.ucdn.example/hostmatch1234" 1675 } 1676 ] 1677 } 1679 4.3.2. Protocol 1681 Protocol objects are used to specify registered protocols for content 1682 acquisition or delivery (see Section 7.3). 1684 Type: String 1686 Example: 1688 "http/1.1" 1690 4.3.3. Endpoint 1692 A Hostname (with optional port) or an IP address (with optional 1693 port). 1695 Note: All implementations MUST support IPv4 addresses encoded as 1696 specified by the 'IPv4address' rule in Section 3.2.2 of [RFC3986]. 1697 IPv6 addresses MUST be encoded in one of the IPv6 address formats 1698 specified in [RFC5952] although receivers MUST support all IPv6 1699 address formats specified in [RFC4291]. 1701 Type: String 1703 Example Hostname: 1705 "metadata.ucdn.example" 1707 Example IPv4 address: 1709 "192.0.2.1" 1711 Example IPv6 address (with port number): 1713 "[2001:db8::1]:81" 1715 4.3.4. Time 1717 A time value expressed in seconds since the Unix epoch in the UTC 1718 timezone. 1720 Type: Integer 1722 Example Time representing 09:00 01/01/2000 UTC: 1724 946717200 1726 4.3.5. IPv4CIDR 1728 An IPv4address CIDR block encoded as specified by the 'IPv4address' 1729 rule in Section 3.2.2 of [RFC3986] followed by a / followed by an 1730 unsigned integer representing the leading bits of the routing prefix 1731 (i.e., IPv4 CIDR notation). Single IP addresses can be expressed as 1732 /32. 1734 Type: String 1736 Example IPv4 CIDR: 1738 "192.0.2.0/24" 1740 4.3.6. IPv6CIDR 1742 An IPv6address CIDR block encoded in one of the IPv6 address formats 1743 specified in [RFC5952] followed by a / followed by an unsigned 1744 integer representing the leading bits of the routing prefix (i.e., 1745 IPv6 CIDR notation). Single IP addresses can be expressed as /128. 1747 Type: String 1749 Example IPv6 CIDR: 1751 "2001:db8::/32" 1753 4.3.7. ASN 1755 An Autonomous System Number encoded as a string consisting of the 1756 characters "as" (in lowercase) followed by the Autonomous System 1757 number [RFC6793]. 1759 Type: String 1761 Example ASN: 1763 "as64496" 1765 4.3.8. CountryCode 1767 An ISO 3166-1 alpha-2 code [ISO3166-1] in lowercase. 1769 Type: String 1771 Example Country Code representing the USA: 1773 "us" 1775 5. CDNI Metadata Capabilities 1777 CDNI metadata is used to convey information pertaining to content 1778 delivery from uCDN to dCDN. For optional metadata, it can be useful 1779 for the uCDN to know if the dCDN supports the underlying 1780 functionality described by the metadata, prior to delegating any 1781 content requests to the dCDN. If some metadata is "mandatory-to- 1782 enforce", and the dCDN does not support it, any delegated requests 1783 for content that requires that metadata will fail. The uCDN will 1784 likely want to avoid delegating those requests to that dCDN. 1785 Likewise, for any metadata which might be assigned optional values, 1786 it could be useful for the uCDN to know which values a dCDN supports, 1787 prior to delegating any content requests to that dCDN. If the 1788 optional value assigned to a given piece of content's metadata is not 1789 supported by the dCDN, any delegated requests for that content can 1790 fail, so again the uCDN is likely to want to avoid delegating those 1791 requests to that dCDN. 1793 The CDNI Footprint and Capabilities Interface (FCI) provides a means 1794 of advertising capabilities from dCDN to uCDN [RFC7336]. Support for 1795 optional metadata types and values can be advertised using the FCI. 1797 6. CDNI Metadata interface 1799 This section specifies an interface to enable a dCDN to retrieve CDNI 1800 metadata objects from a uCDN. 1802 The interface can be used by a dCDN to retrieve CDNI metadata objects 1803 either: 1805 o Dynamically as required by the dCDN to process received requests. 1806 For example in response to a query from an uCDN over the CDNI 1807 Request Routing Redirection interface (RI) 1808 [I-D.ietf-cdni-redirection] or in response to receiving a request 1809 for content from a User Agent. Or; 1811 o In advance of being required. For example in the case of pre- 1812 positioned CDNI metadata acquisition, initiated through the "CDNI 1813 Control interface / Triggers" (CI/T) interface 1814 [I-D.ietf-cdni-control-triggers]. 1816 The CDNI metadata interface is built on the principles of HTTP web 1817 services. In particular, this means that requests and responses over 1818 the interface are built around the transfer of representations of 1819 hyperlinked resources. A resource in the context of the CDNI 1820 metadata interface is any object in the object model (as described in 1821 Section 3 and Section 4). 1823 To retrieve CDNI metadata, a CDNI metadata client (i.e., a client in 1824 the dCDN) first makes a HTTP GET request for the URI of the HostIndex 1825 which provides the CDNI metadata client with a list of Hostnames for 1826 which the uCDN can delegate content delivery to the dCDN. The CDNI 1827 metadata client can then obtain any other CDNI metadata objects by 1828 making a HTTP GET requests for any linked metadata objects it 1829 requires. 1831 CDNI metadata servers (i.e., servers in the uCDN) are free to assign 1832 whatever structure they desire to the URIs for CDNI metadata objects 1833 and CDNI metadata clients MUST NOT make any assumptions regarding the 1834 structure of CDNI metadata URIs or the mapping between CDNI metadata 1835 objects and their associated URIs. Therefore any URIs present in the 1836 examples in this document are purely illustrative and are not 1837 intended to impose a definitive structure on CDNI metadata interface 1838 implementations. 1840 6.1. Transport 1842 The CDNI metadata interface uses HTTP as the underlying protocol 1843 transport [RFC7230]. 1845 The HTTP Method in the request defines the operation the request 1846 would like to perform. A server implementation of the CDNI metadata 1847 interface MUST support the HTTP GET and HEAD methods. 1849 The corresponding HTTP Response returns the status of the operation 1850 in the HTTP Status Code and returns the current representation of the 1851 resource (if appropriate) in the Response Body. HTTP Responses that 1852 contain a response body SHOULD include an ETag to enable validation 1853 of cached versions of returned resources. 1855 The CDNI metadata interface specified in this document is a read-only 1856 interface. Therefore support for other HTTP methods such as PUT, 1857 POST, DELETE, etc. is not specified. A server implementation of the 1858 CDNI metadata interface MUST reject all methods other than GET and 1859 HEAD. 1861 As the CDNI metadata interface builds on top of HTTP, CDNI metadata 1862 server implementations MAY make use of any HTTP feature when 1863 implementing the CDNI metadata interface, for example, a CDNI 1864 metadata server MAY make use of HTTP's caching mechanisms to indicate 1865 that the returned response/representation can be reused without re- 1866 contacting the CDNI metadata server. 1868 6.2. Retrieval of CDNI Metadata resources 1870 In the general case, a CDNI metadata server makes CDNI metadata 1871 objects available via a unique URIs and thus, in order to retrieve 1872 CDNI metadata, a CDNI metadata client first makes a HTTP GET request 1873 for the URI of the HostIndex which provides a list of Hostnames for 1874 which the uCDN can delegate content delivery to the dCDN. 1876 In order to retrieve the CDNI metadata for a particular request the 1877 CDNI metadata client processes the received HostIndex object and 1878 finds the corresponding HostMetadata entry (by matching the hostname 1879 in the request against the hostnames listed in the HostMatch 1880 objects). If the HostMetadata is linked (rather than embedded), the 1881 CDNI metadata client then makes a GET request for the URI specified 1882 in the href property of the Link object which points to the 1883 HostMetadata object itself. 1885 In order to retrieve the most specific metadata for a particular 1886 request, the CDNI metadata client inspects the HostMetadata for 1887 references to more specific PathMetadata objects (by matching the URI 1888 path in the request against the path-patterns in any PathMatch 1889 objects listed in the HostMetadata object). If any PathMetadata are 1890 found to match (and are linked rather than embedded), the CDNI 1891 metadata client makes another GET request for the PathMetadata. Each 1892 PathMetadata object can also include references to yet more specific 1893 metadata. If this is the case, the CDNI metadata client continues 1894 requesting PathMatch and PathMetadata objects recursively. The CDNI 1895 metadata client repeats this approach of processing metadata objects 1896 and retrieving (via HTTP GETs) any linked objects until it has all 1897 the metadata objects it requires in order to process the redirection 1898 request from an uCDN or the content request from a User Agent. 1900 In cases where a dCDN is not able to retrieve the entire set of CDNI 1901 metadata associated with a User Agent request, for example because 1902 the uCDN is unreachable or returns a HTTP 4xx or 5xx status in 1903 response to some or all of the dCDN's CDNI metadata requests, the 1904 dCDN MUST NOT serve the requested content unless the dCDN has stale 1905 versions of all the required metadata and the stale-if-error Cache- 1906 Control extension [RFC5861] was included in all previous responses 1907 that are required but cannot currently be retrieved. The dCDN can 1908 continue to serve other content for which it can retrieve (or for 1909 which it has fresh responses cached) all the required metadata even 1910 if some non-applicable part of the metadata tree is missing. 1912 Where a dCDN is interconnected with multiple uCDNs, the dCDN needs to 1913 determine which uCDN's CDNI metadata should be used to handle a 1914 particular User Agent request. 1916 When application level redirection (e.g., HTTP 302 redirects) is 1917 being used between CDNs, it is expected that the dCDN will be able to 1918 determine the uCDN that redirected a particular request from 1919 information contained in the received request (e.g., via the URI). 1920 With knowledge of which uCDN routed the request, the dCDN can choose 1921 the correct uCDN from which to obtain the HostIndex. Note that the 1922 HostIndexes served by each uCDN can be unique. 1924 In the case of DNS redirection there is not always sufficient 1925 information carried in the DNS request from User Agents to determine 1926 the uCDN that redirected a particular request (e.g., when content 1927 from a given host is redirected to a given dCDN by more than one 1928 uCDN) and therefore dCDNs will have to apply local policy when 1929 deciding which uCDN's metadata to apply. 1931 6.3. Bootstrapping 1933 The URI for the HostIndex object of a given uCDN needs to be either 1934 configured in, or discovered by, the dCDN. All other objects/ 1935 resources are then discoverable from the HostIndex object by 1936 following any links in the HostIndex object and through the 1937 referenced HostMetadata and PathMetadata objects and their 1938 GenericMetadata sub-objects. 1940 If the URI for the HostIndex object is not manually configured in the 1941 dCDN then the HostIndex URI could be discovered. A mechanism 1942 allowing the dCDN to discover the URI of the HostIndex is outside the 1943 scope of this document. 1945 6.4. Encoding 1947 CDNI metadata objects MUST be encoded as I-JSON objects [RFC7493] 1948 containing a dictionary of (key,value) pairs where the keys are the 1949 property names and the values are the associated property values. 1951 The keys of the dictionary are the names of the properties associated 1952 with the object and are therefore dependent on the specific object 1953 being encoded (i.e., dependent on the CDNI Payload Type of the 1954 returned resource). Likewise, the values associated with each 1955 property (dictionary key) are dependent on the specific object being 1956 encoded (i.e., dependent on the CDNI Payload Type of the returned 1957 resource). 1959 Dictionary keys (properties) in I-JSON are case sensitive. By 1960 convention, any dictionary key (property) defined by this document 1961 (for example, the names of CDNI metadata object properties) MUST be 1962 lowercase. 1964 6.5. Extensibility 1966 The set of GenericMetadata objects can be extended with additional 1967 (standards based or vendor specific) metadata objects through the 1968 specification of new GenericMetadata objects. The GenericMetadata 1969 object defined in Section 4.1.7 specifies a type field and a type- 1970 specific value field that allows any metadata to be included in 1971 either the HostMetadata or PathMetadata lists. 1973 As with the initial GenericMetadata types defined in Section 4.2, 1974 future GenericMetadata types MUST specify the information necessary 1975 for constructing and decoding the GenericMetadata object. 1977 Any document which defines a new GenericMetadata type MUST: 1979 1. Specify and register the CDNI Payload Type [RFC7736] used to 1980 identify the new GenericMetadata type being specified. 1982 2. Define the set of properties associated with the new 1983 GenericMetadata object. GenericMetadata MUST NOT contain a 1984 property named "href" because doing so would conflict with the 1985 ability to detect Link objects (see Section 4.3.1). 1987 3. Define a name, description, type, and whether or not the property 1988 is mandatory-to-specify. 1990 4. Describe the semantics of the new type including its purpose and 1991 example of a use case to which it applies including an example 1992 encoded in I-JSON. 1994 Note: In the case of vendor specific extensions, vendor-identifying 1995 CDNI Payload Type names will decrease the possibility of 1996 GenericMetadata type collisions. 1998 6.6. Metadata Enforcement 2000 At any given time, the set of GenericMetadata types supported by the 2001 uCDN might not match the set of GenericMetadata types supported by 2002 the dCDN. 2004 In cases where a uCDN sends metadata containing a GenericMetadata 2005 type that a dCDN does not support, the dCDN MUST enforce the 2006 semantics of the "mandatory-to-enforce" property. If a dCDN does not 2007 understand or is unable to perform the functions associated with any 2008 "mandatory-to-enforce" metadata, the dCDN MUST NOT service any 2009 requests for the corresponding content. 2011 Note: Ideally, uCDNs would not delegate content requests to a dCDN 2012 that does not support the "mandatory-to-enforce" metadata associated 2013 with the content being requested. However, even if the uCDN has a 2014 priori knowledge of the metadata supported by the dCDN (e.g., via the 2015 FCI or through out-of-band negotiation between CDN operators), 2016 metadata support can fluctuate or be inconsistent (e.g., due to mis- 2017 communication, mis-configuration, or temporary outage). Thus, the 2018 dCDN MUST always evaluate all metadata associated with redirection 2019 and content requests and reject any requests where "mandatory-to- 2020 enforce" metadata associated with the content cannot be enforced. 2022 6.7. Metadata Conflicts 2024 It is possible that new metadata definitions will obsolete or 2025 conflict with existing GenericMetadata (e.g., a future revision of 2026 the CDNI metadata interface could redefine the Auth GenericMetadata 2027 object or a custom vendor extension could implement an alternate Auth 2028 metadata option). If multiple metadata (e.g., MI.Auth.v2, 2029 vendor1.Auth, and vendor2.Auth) all conflict with an existing 2030 GenericMetadata object (i.e., MI.Auth) and all are marked as 2031 "mandatory-to-enforce", it could be ambiguous which metadata should 2032 be applied, especially if the functionality of the metadata overlap. 2034 As described in Section 3.3, metadata override only applies to 2035 metadata objects of the same exact type found in HostMetadata and 2036 nested PathMetadata structures. The CDNI metadata interface does not 2037 support enforcement of dependencies between different metadata types. 2038 It is the responsibility of the CSP and the CDN operators to ensure 2039 that metadata assigned to a given piece of content do not conflict. 2041 Note: Because metadata is inherently ordered in HostMetadata and 2042 PathMetadata lists, as well as in the PathMatch hierarchy, multiple 2043 conflicting metadata types MAY be used, however, metadata hierarchies 2044 SHOULD ensure that independent PathMatch root objects are used to 2045 prevent ambiguous or conflicting metadata definitions. 2047 6.8. Versioning 2049 The version of CDNI metadata objects is conveyed inside the CDNI 2050 Payload Type that is included in the HTTP Content-Type header, for 2051 example: "Content-Type: application/cdni; ptype=MI.HostIndex". We 2052 intentionally omit the ".v1" on the initial versions of metadata, for 2053 simplicity. Subsequent versions of those metadata MUST postpend a 2054 version string (e.g., ".v2"). Upon responding to a request for an 2055 object, a CDNI metadata server MUST include a Content-Type header 2056 with the CDNI Payload Type containing the version number (or 2057 implicitly, version 1) of the object. HTTP requests sent to a 2058 metadata server SHOULD include an Accept header with the CDNI Payload 2059 Type (which includes the version) of the expected object. Metadata 2060 clients can specify multiple CDNI Payload Types in the Accept header, 2061 for example if a metadata client is capable of processing two 2062 different versions of the same type of object (defined by different 2063 CDNI Payload Types) it might decide to include both in the Accept 2064 header. 2066 6.9. Media Types 2068 All CDNI metadata objects use the Media Type "application/cdni". The 2069 CDNI Payload Type for each object then contains the object name of 2070 that object as defined by this document, prefixed with "MI.". 2071 Table 4 lists the CDNI Paylod Type for the metadata objects 2072 (resources) specified in this document. 2074 +-----------------------+--------------------------+ 2075 | Data Object | CDNI Payload Type | 2076 +-----------------------+--------------------------+ 2077 | HostIndex | MI.HostIndex | 2078 | HostMatch | MI.HostMatch | 2079 | HostMetadata | MI.HostMetadata | 2080 | PathMatch | MI.PathMatch | 2081 | PatternMatch | MI.PatternMatch | 2082 | PathMetadata | MI.PathMetadata | 2083 | SourceMetadata | MI.SourceMetadata | 2084 | Source | MI.Source | 2085 | LocationACL | MI.LocationACL | 2086 | LocationRule | MI.LocationRule | 2087 | Footprint | MI.Footprint | 2088 | TimeWindowACL | MI.TimeWindowACL | 2089 | TimeWindowRule | MI.TimeWindowRule | 2090 | TimeWindow | MI.TineWindow | 2091 | ProtocolACL | MI.ProtocolACL | 2092 | ProtocolRule | MI.ProtocolRule | 2093 | DeliveryAuthorization | MI.DeliveryAuthorization | 2094 | Cache | MI.Cache | 2095 | Auth | MI.Auth | 2096 | Grouping | MI.Grouping | 2097 +-----------------------+--------------------------+ 2099 Table 4: CDNI Payload Types for CDNI Metadata objects 2101 6.10. Complete CDNI Metadata Example 2103 A dCDN requests the HostIndex and receive the following object with a 2104 CDNI payload type of "MI.HostIndex": 2106 { 2107 "hosts": [ 2108 { 2109 "host": "video.example.com", 2110 "host-metadata" : { 2111 "type": "MI.HostMetadata", 2112 "href": "http://metadata.ucdn.example/host1234" 2113 } 2114 }, 2115 { 2116 "host": "images.example.com", 2117 "host-metadata" : { 2118 "type": "MI.HostMetadata", 2119 "href": "http://metadata.ucdn.example/host5678" 2120 } 2121 } 2122 ] 2123 } 2125 If the incoming request has a Host header with "video.example.com" 2126 then the dCDN would fetch the HostMetadata object from 2127 "http://metadata.ucdn.example/host1234" expecting a CDNI payload type 2128 of "MI.HostMetadata": 2130 { 2131 "metadata": [ 2132 { 2133 "generic-metadata-type": "MI.SourceMetadata", 2134 "generic-metadata-value": { 2135 "sources": [ 2136 { 2137 "endpoint": "acq1.ucdn.example", 2138 "protocol": "http/1.1" 2139 }, 2140 { 2141 "endpoint": "acq2.ucdn.example", 2142 "protocol": "http/1.1" 2143 } 2144 ] 2145 } 2146 }, 2147 { 2148 "generic-metadata-type": "MI.LocationACL", 2149 "generic-metadata-value": { 2150 "locations": [ 2151 { 2152 "footprints": [ 2153 { 2154 "footprint-type": "IPv4CIDR", 2155 "footprint-value": "192.0.2.0/24" 2156 } 2157 ], 2158 "action": "deny" 2159 } 2160 ] 2161 } 2162 }, 2163 { 2164 "generic-metadata-type": "MI.ProtocolACL", 2165 "generic-metadata-value": { 2166 "protocol-acl": [ 2167 { 2168 "protocols": [ 2169 "http/1.1" 2170 ], 2171 "action": "allow" 2172 } 2173 ] 2174 } 2175 } 2176 ], 2177 "paths": [ 2178 { 2179 "path-pattern": { 2180 "pattern": "/video/trailers/*" 2181 }, 2182 "path-metadata": { 2183 "type": "MI.PathMetadata", 2184 "href": "http://metadata.ucdn.example/host1234/pathABC" 2185 } 2186 }, 2187 { 2188 "path-pattern": { 2189 "pattern": "/video/movies/*" 2190 }, 2191 "path-metadata": { 2192 "type": "MI.PathMetadata", 2193 "href": "http://metadata.ucdn.example/host1234/pathDEF" 2194 } 2195 } 2196 ] 2197 } 2199 Suppose the path of the requested resource matches the "/video/ 2200 movies/*" pattern, the next metadata requested would be for 2201 "http://metadata.ucdn.example/host1234/pathDCE" with an expected CDNI 2202 payload type of "MI.PathMetadata": 2204 { 2205 "metadata": [], 2206 "paths": [ 2207 { 2208 "path-pattern": { 2209 "pattern": "/videos/movies/hd/*" 2210 }, 2211 "path-metadata": { 2212 "type": "MI.PathMetadata", 2213 "href": 2214 "http://metadata.ucdn.example/host1234/pathDEF/path123" 2215 } 2216 } 2217 ] 2218 } 2220 Finally, if the path of the requested resource also matches the 2221 "/videos/movies/hd/*" pattern, the dCDN would also fetch the 2222 following object from "http://metadata.ucdn.example/host1234/pathDEF/ 2223 path123" with CDNI payload type "MI.PathMetadata": 2225 { 2226 "metadata": [ 2227 { 2228 "generic-metadata-type": "MI.TimeWindowACL", 2229 "generic-metadata-value": { 2230 "times": [ 2231 "windows": [ 2232 { 2233 "start": "1213948800", 2234 "end": "1327393200" 2235 } 2236 ], 2237 "action": "allow" 2238 ] 2239 } 2240 } 2241 ] 2242 } 2244 The final set of metadata which applies to the requested resource 2245 includes a SourceMetadata, a LocationACL, a ProtocolACL, and a 2246 TimeWindowACL. 2248 7. IANA Considerations 2250 7.1. CDNI Payload Types 2252 This document requests the registration of the following CDNI Payload 2253 Types under the IANA CDNI Payload Type registry: 2255 +--------------------------+---------------+ 2256 | Payload Type | Specification | 2257 +--------------------------+---------------+ 2258 | MI.HostIndex | RFCthis | 2259 | MI.HostMatch | RFCthis | 2260 | MI.HostMetadata | RFCthis | 2261 | MI.PathMatch | RFCthis | 2262 | MI.PatternMatch | RFCthis | 2263 | MI.PathMetadata | RFCthis | 2264 | MI.SourceMetadata | RFCthis | 2265 | MI.Source | RFCthis | 2266 | MI.LocationACL | RFCthis | 2267 | MI.LocationRule | RFCthis | 2268 | MI.Footprint | RFCthis | 2269 | MI.TimeWindowACL | RFCthis | 2270 | MI.TimeWindowRule | RFCthis | 2271 | MI.TimeWindow | RFCthis | 2272 | MI.ProtocolACL | RFCthis | 2273 | MI.ProtocolRule | RFCthis | 2274 | MI.DeliveryAuthorization | RFCthis | 2275 | MI.Cache | RFCthis | 2276 | MI.Auth | RFCthis | 2277 | MI.Grouping | RFCthis | 2278 +--------------------------+---------------+ 2280 [RFC Editor: Please replace RFCthis with the published RFC number for 2281 this document.] 2283 7.1.1. CDNI MI HostIndex Payload Type 2285 Purpose: The purpose of this payload type is to distinguish HostIndex 2286 MI objects (and any associated capabilitiy advertisement) 2288 Interface: MI/FCI 2290 Encoding: see Section 4.1.1 2292 7.1.2. CDNI MI HostMatch Payload Type 2294 Purpose: The purpose of this payload type is to distinguish HostMatch 2295 MI objects (and any associated capabilitiy advertisement) 2297 Interface: MI/FCI 2299 Encoding: see Section 4.1.2 2301 7.1.3. CDNI MI HostMetadata Payload Type 2303 Purpose: The purpose of this payload type is to distinguish 2304 HostMetadata MI objects (and any associated capabilitiy 2305 advertisement) 2307 Interface: MI/FCI 2309 Encoding: see Section 4.1.3 2311 7.1.4. CDNI MI PathMatch Payload Type 2313 Purpose: The purpose of this payload type is to distinguish PathMatch 2314 MI objects (and any associated capabilitiy advertisement) 2316 Interface: MI/FCI 2318 Encoding: see Section 4.1.4 2320 7.1.5. CDNI MI PatternMatch Payload Type 2322 Purpose: The purpose of this payload type is to distinguish 2323 PatternMatch MI objects (and any associated capabilitiy 2324 advertisement) 2326 Interface: MI/FCI 2328 Encoding: see Section 4.1.5 2330 7.1.6. CDNI MI PathMetadata Payload Type 2332 Purpose: The purpose of this payload type is to distinguish 2333 PathMetadata MI objects (and any associated capabilitiy 2334 advertisement) 2336 Interface: MI/FCI 2338 Encoding: see Section 4.1.6 2340 7.1.7. CDNI MI SourceMetadata Payload Type 2342 Purpose: The purpose of this payload type is to distinguish 2343 SourceMetadata MI objects (and any associated capabilitiy 2344 advertisement) 2346 Interface: MI/FCI 2348 Encoding: see Section 4.2.1 2350 7.1.8. CDNI MI Source Payload Type 2352 Purpose: The purpose of this payload type is to distinguish Source MI 2353 objects (and any associated capabilitiy advertisement) 2355 Interface: MI/FCI 2357 Encoding: see Section 4.2.1.1 2359 7.1.9. CDNI MI LocationACL Payload Type 2361 Purpose: The purpose of this payload type is to distinguish 2362 LocationACL MI objects (and any associated capabilitiy advertisement) 2364 Interface: MI/FCI 2366 Encoding: see Section 4.2.2 2368 7.1.10. CDNI MI LocationRule Payload Type 2370 Purpose: The purpose of this payload type is to distinguish 2371 LocationRule MI objects (and any associated capabilitiy 2372 advertisement) 2374 Interface: MI/FCI 2376 Encoding: see Section 4.2.2.1 2378 7.1.11. CDNI MI Footprint Payload Type 2380 Purpose: The purpose of this payload type is to distinguish Footprint 2381 MI objects (and any associated capabilitiy advertisement) 2383 Interface: MI/FCI 2385 Encoding: see Section 4.2.2.2 2387 7.1.12. CDNI MI TimeWindowACL Payload Type 2389 Purpose: The purpose of this payload type is to distinguish 2390 TimeWindowACL MI objects (and any associated capabilitiy 2391 advertisement) 2393 Interface: MI/FCI 2395 Encoding: see Section 4.2.3 2397 7.1.13. CDNI MI TimeWindowRule Payload Type 2399 Purpose: The purpose of this payload type is to distinguish 2400 TimeWindowRule MI objects (and any associated capabilitiy 2401 advertisement) 2403 Interface: MI/FCI 2405 Encoding: see Section 4.2.3.1 2407 7.1.14. CDNI MI TimeWindow Payload Type 2409 Purpose: The purpose of this payload type is to distinguish 2410 TimeWindow MI objects (and any associated capabilitiy advertisement) 2412 Interface: MI/FCI 2414 Encoding: see Section 4.2.3.2 2416 7.1.15. CDNI MI ProtocolACL Payload Type 2418 Purpose: The purpose of this payload type is to distinguish 2419 ProtocolACL MI objects (and any associated capabilitiy advertisement) 2421 Interface: MI/FCI 2423 Encoding: see Section 4.2.4 2425 7.1.16. CDNI MI ProtocolRule Payload Type 2427 Purpose: The purpose of this payload type is to distinguish 2428 ProtocolRule MI objects (and any associated capabilitiy 2429 advertisement) 2431 Interface: MI/FCI 2433 Encoding: see Section 4.2.4.1 2435 7.1.17. CDNI MI DeliveryAuthorization Payload Type 2437 Purpose: The purpose of this payload type is to distinguish 2438 DeliveryAuthorization MI objects (and any associated capabilitiy 2439 advertisement) 2441 Interface: MI/FCI 2443 Encoding: see Section 4.2.5 2445 7.1.18. CDNI MI Cache Payload Type 2447 Purpose: The purpose of this payload type is to distinguish Cache MI 2448 objects (and any associated capabilitiy advertisement) 2450 Interface: MI/FCI 2452 Encoding: see Section 4.2.6 2454 7.1.19. CDNI MI Auth Payload Type 2456 Purpose: The purpose of this payload type is to distinguish Auth MI 2457 objects (and any associated capabilitiy advertisement) 2459 Interface: MI/FCI 2461 Encoding: see Section 4.2.7 2463 7.1.20. CDNI MI Grouping Payload Type 2465 Purpose: The purpose of this payload type is to distinguish Grouping 2466 MI objects (and any associated capabilitiy advertisement) 2468 Interface: MI/FCI 2470 Encoding: see Section 4.2.8 2472 7.2. CDNI Metadata Footprint Types Registry 2474 The IANA is requested to create a new "CDNI Metadata Footprint Types" 2475 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2476 Parameters" registry. The "CDNI Metadata Footprint Types" namespace 2477 defines the valid Footprint object type values used by the Footprint 2478 object in Section 4.2.2.2. Additions to the Footprint type namespace 2479 conform to the "Specification Required" policy as defined in 2480 [RFC5226]. The designated expert will verify that new type 2481 definitions do not duplicate existing type definitions and prevent 2482 gratuitous additions to the namespace. New registrations are 2483 required to provide a clear description of how to interpret new 2484 footprint types. 2486 The following table defines the initial Footprint Registry values: 2488 +----------------+-------------------------------+---------------+ 2489 | Footprint Type | Description | Specification | 2490 +----------------+-------------------------------+---------------+ 2491 | ipv4cidr | IPv4 CIDR address block | RFCthis | 2492 | ipv6cidr | IPv6 CIDR address block | RFCthis | 2493 | asn | Autonomous System (AS) Number | RFCthis | 2494 | countrycode | ISO 3166-1 alpha-2 code | RFCthis | 2495 +----------------+-------------------------------+---------------+ 2497 [RFC Editor: Please replace RFCthis with the published RFC number for 2498 this document.] 2500 7.3. CDNI Metadata Protocol Types Registry 2502 The IANA is requested to create a new "CDNI Metadata Protocol Types" 2503 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2504 Parameters" registry. The "CDNI Metadata Protocol Types" namespace 2505 defines the valid Protocol object values in Section 4.3.2, used by 2506 the SourceMetadata and ProtocolACL objects. Additions to the 2507 Protocol namespace conform to the "Specification Required" policy as 2508 defined in [RFC5226], where the specification defines the Protocol 2509 Type and the protocol to which it is associated. The designated 2510 expert will verify that new protocol definitions do not duplicate 2511 existing protocol definitions and prevent gratuitous additions to the 2512 namespace. 2514 The following table defines the initial Protocol values corresponding 2515 to the HTTP and HTTPS protocols: 2517 +-----------+----------------------+---------------+----------------+ 2518 | Protocol | Description | Type | Protocol | 2519 | Type | | Specification | Specifications | 2520 +-----------+----------------------+---------------+----------------+ 2521 | http/1.1 | Hypertext Transfer | RFCthis | RFC7230 | 2522 | | Protocol -- HTTP/1.1 | | | 2523 | https/1.1 | HTTP/1.1 Over TLS | RFCthis | RFC7230, | 2524 | | | | RFC2818 | 2525 +-----------+----------------------+---------------+----------------+ 2527 [RFC Editor: Please replace RFCthis with the published RFC number for 2528 this document.] 2530 7.4. CDNI Metadata Auth Types Registry 2532 The IANA is requested to create a new "CDNI Metadata Auth Types" 2533 subregistry in the "Content Delivery Networks Interconnection (CDNI) 2534 Parameters" registry. The "CDNI Metadata Auth Type" namespace 2535 defines the valid Auth object types used by the Auth object in 2536 Section 4.2.7. Additions to the Auth Type namespace conform to the 2537 "Specification Required" policy as defined in [RFC5226]. The 2538 designated expert will verify that new type definitions do not 2539 duplicate existing type definitions and prevent gratuitous additions 2540 to the namespace. New registrations are required to provide a clear 2541 description of what information the uCDN is required to provide to 2542 the dCDN, as well as the procedures the dCDN is required to perform 2543 to authorize and/or authenticate content requests. 2545 The registry will initially be unpopulated: 2547 +-----------+-------------+---------------+ 2548 | Auth Type | Description | Specification | 2549 +-----------+-------------+---------------+ 2550 +-----------+-------------+---------------+ 2552 8. Security Considerations 2554 8.1. Authentication 2556 Unauthorized access to metadata could result in denial of service. A 2557 malicious metadata server, proxy server, or an attacker performing a 2558 "man in the middle" attack could provide malicious metadata to a dCDN 2559 that either: 2561 o Denies service for one or more pieces of content to one or more 2562 User Agents; or 2564 o Directs dCDNs to contact malicious origin servers instead of the 2565 actual origin servers. 2567 Unauthorized access to metadata could also enable a malicious 2568 metadata client to continuously issue metadata requests in order to 2569 overload a uCDN's metadata server(s). 2571 Unauthorized access to metadata could result in leakage of private 2572 information. A malicious metadata client could request metadata in 2573 order to gain access to origin servers, as well as information 2574 pertaining to content restrictions. 2576 An implementation of the CDNI metadata interface MUST use mutual 2577 authentication to prevent unauthorized access to metadata (see 2578 Section 8.5). 2580 8.2. Confidentiality 2582 Unauthorized viewing of metadata could result in leakage of private 2583 information. A third party could intercept metadata transactions in 2584 order to gain access to origin servers, as well as information 2585 pertaining to content restrictions. 2587 An implementation of the CDNI metadata interface MUST use strong 2588 encryption to prevent unauthorized interception of metadata (see 2589 Section 8.5). 2591 8.3. Integrity 2593 Unauthorized modification of metadata could result in denial of 2594 service. A malicious metadata server, proxy server, or an attacker 2595 performing a "man in the middle" attack could modify metadata 2596 destined to a dCDN in order to deny service for one or more pieces of 2597 content to one or more user agents. A malicious metadata server, 2598 proxy server, or an attacker performing a "Man in the middle" attack 2599 could also modify metadata so that dCDNs are directed to contact to 2600 malicious origin servers instead of the actual origin servers. 2602 An implementation of the CDNI metadata interface MUST use strong 2603 encryption and mutual authentication to prevent undetectable 2604 modification of metadata (see Section 8.5). 2606 8.4. Privacy 2608 Content provider origin and policy information is conveyed through 2609 the CDNI metadata interface. The distribution of this information to 2610 another CDN could introduce potential privacy concerns for some 2611 content providers, for example, dCDNs accepting content requests for 2612 a content provider's content might be able to obtain additional 2613 information and usage patterns relating to the users of a content 2614 provider's services. Content providers with such concerns can 2615 instruct their CDN partners not to use CDN interconnects when 2616 delivering that content provider's content. 2618 An attacker performing a "man in the middle" attack could monitor 2619 metadata in order to obtain usage patterns relating to the users of a 2620 content provider's services. 2622 An implementation of the CDNI metadata interface MUST use strong 2623 encryption and mutual authentication to prevent unauthorized 2624 monitoring of metadata (see Section 8.5). 2626 8.5. Securing the CDNI Metadata interface 2628 An implementation of the CDNI metadata interface MUST support TLS 2629 transport as per [RFC2818] and [RFC7230]. The use of TLS for 2630 transport of the CDNI metadata interface messages allows: 2632 o The dCDN and uCDN to authenticate each other. 2634 and, once they have mutually authenticated each other, it allows: 2636 o The dCDN and uCDN to authorize each other (to ensure they are 2637 transmitting/receiving CDNI metadata requests and responses from 2638 an authorized CDN); 2640 o CDNI metadata interface requests and responses to be transmitted 2641 with confidentiality; and 2643 o The integrity of the CDNI metadata interface requests and 2644 responses to be protected during the exchange. 2646 In an environment where any such protection is required, TLS MUST be 2647 used (including authentication of the remote end) by the server-side 2648 (uCDN) and the client-side (dCDN) of the CDNI metadata interface 2649 unless alternate methods are used for ensuring the confidentiality of 2650 the information in the CDNI metadata interface requests and responses 2651 (such as setting up an IPsec tunnel between the two CDNs or using a 2652 physically secured internal network between two CDNs that are owned 2653 by the same corporate entity). 2655 When TLS is used, the general TLS usage guidance in [RFC7525] MUST be 2656 followed. 2658 9. Acknowledgements 2660 The authors would like to thank David Ferguson, Francois Le Faucheur, 2661 Jan Seedorf and Matt Miller for their valuable comments and input to 2662 this document. 2664 10. Contributing Authors 2666 [RFC Editor Note: Please move the contents of this section to the 2667 Authors' Addresses section prior to publication as an RFC.] 2668 Grant Watson 2669 Velocix (Alcatel-Lucent) 2670 3 Ely Road 2671 Milton, Cambridge CB24 6AA 2672 UK 2674 Email: gwatson@velocix.com 2676 Kent Leung 2677 Cisco Systems 2678 3625 Cisco Way 2679 San Jose, 95134 2680 USA 2682 Email: kleung@cisco.com 2684 11. References 2686 11.1. Normative References 2688 [ISO3166-1] 2689 "https://www.iso.org/obp/ui/#search". 2691 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2692 Requirement Levels", BCP 14, RFC 2119, 2693 DOI 10.17487/RFC2119, March 1997, 2694 . 2696 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 2697 Resource Identifier (URI): Generic Syntax", STD 66, 2698 RFC 3986, DOI 10.17487/RFC3986, January 2005, 2699 . 2701 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 2702 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2703 2006, . 2705 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 2706 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 2707 DOI 10.17487/RFC5226, May 2008, 2708 . 2710 [RFC5861] Nottingham, M., "HTTP Cache-Control Extensions for Stale 2711 Content", RFC 5861, DOI 10.17487/RFC5861, May 2010, 2712 . 2714 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 2715 Address Text Representation", RFC 5952, 2716 DOI 10.17487/RFC5952, August 2010, 2717 . 2719 [RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content 2720 Distribution Network Interconnection (CDNI) Problem 2721 Statement", RFC 6707, DOI 10.17487/RFC6707, September 2722 2012, . 2724 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 2725 Protocol (HTTP/1.1): Message Syntax and Routing", 2726 RFC 7230, DOI 10.17487/RFC7230, June 2014, 2727 . 2729 [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, 2730 DOI 10.17487/RFC7493, March 2015, 2731 . 2733 [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, 2734 "Recommendations for Secure Use of Transport Layer 2735 Security (TLS) and Datagram Transport Layer Security 2736 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 2737 2015, . 2739 11.2. Informative References 2741 [I-D.ietf-cdni-control-triggers] 2742 Murray, R. and B. Niven-Jenkins, "CDNI Control Interface / 2743 Triggers", draft-ietf-cdni-control-triggers-15 (work in 2744 progress), May 2016. 2746 [I-D.ietf-cdni-redirection] 2747 Niven-Jenkins, B. and R. Brandenburg, "Request Routing 2748 Redirection interface for CDN Interconnection", draft- 2749 ietf-cdni-redirection-18 (work in progress), April 2016. 2751 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 2752 DOI 10.17487/RFC2818, May 2000, 2753 . 2755 [RFC6793] Vohra, Q. and E. Chen, "BGP Support for Four-Octet 2756 Autonomous System (AS) Number Space", RFC 6793, 2757 DOI 10.17487/RFC6793, December 2012, 2758 . 2760 [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed., 2761 "Framework for Content Distribution Network 2762 Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336, 2763 August 2014, . 2765 [RFC7337] Leung, K., Ed. and Y. Lee, Ed., "Content Distribution 2766 Network Interconnection (CDNI) Requirements", RFC 7337, 2767 DOI 10.17487/RFC7337, August 2014, 2768 . 2770 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 2771 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 2772 DOI 10.17487/RFC7540, May 2015, 2773 . 2775 [RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI) 2776 Media Type Registration", RFC 7736, DOI 10.17487/RFC7736, 2777 December 2015, . 2779 Authors' Addresses 2781 Ben Niven-Jenkins 2782 Velocix (Alcatel-Lucent) 2783 3 Ely Road 2784 Milton, Cambridge CB24 6AA 2785 UK 2787 Email: ben@velocix.com 2789 Rob Murray 2790 Velocix (Alcatel-Lucent) 2791 3 Ely Road 2792 Milton, Cambridge CB24 6AA 2793 UK 2795 Email: rmurray@velocix.com 2797 Matt Caulfield 2798 Cisco Systems 2799 1414 Massachusetts Avenue 2800 Boxborough, MA 01719 2801 USA 2803 Phone: +1 978 936 9307 2804 Email: mcaulfie@cisco.com 2805 Kevin J. Ma 2806 Ericsson 2807 43 Nagog Park 2808 Acton, MA 01720 2809 USA 2811 Phone: +1 978-844-5100 2812 Email: kevin.j.ma@ericsson.com