Re: [CDNi] Notes from today's Informal Metadata Meeting
Kevin J Ma <kevin.ma@azukisystems.com> Thu, 01 August 2013 21:47 UTC
Return-Path: <kevin.ma@azukisystems.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BB2F21F9D3E for <cdni@ietfa.amsl.com>; Thu, 1 Aug 2013 14:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.38
X-Spam-Level:
X-Spam-Status: No, score=-2.38 tagged_above=-999 required=5 tests=[AWL=0.219, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gOCumlAdwQJi for <cdni@ietfa.amsl.com>; Thu, 1 Aug 2013 14:47:32 -0700 (PDT)
Received: from mxout.myoutlookonline.com (mxout.myoutlookonline.com [64.95.72.243]) by ietfa.amsl.com (Postfix) with ESMTP id 929F111E81DA for <cdni@ietf.org>; Thu, 1 Aug 2013 14:28:59 -0700 (PDT)
Received: from mxout.myoutlookonline.com (localhost [127.0.0.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id E7ABC8BF88E; Thu, 1 Aug 2013 17:24:39 -0400 (EDT)
X-Virus-Scanned: by SpamTitan at mail.lan
Received: from HUB027.mail.lan (unknown [10.110.2.1]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mxout.myoutlookonline.com (Postfix) with ESMTPS id EE20D8BF332; Thu, 1 Aug 2013 17:24:35 -0400 (EDT)
Received: from MAILR002.mail.lan ([10.110.18.16]) by HUB027.mail.lan ([10.110.17.27]) with mapi; Thu, 1 Aug 2013 17:26:28 -0400
From: Kevin J Ma <kevin.ma@azukisystems.com>
To: "Matt Caulfield (mcaulfie)" <mcaulfie@cisco.com>, "cdni@ietf.org" <cdni@ietf.org>
Date: Thu, 01 Aug 2013 17:28:51 -0400
Thread-Topic: Notes from today's Informal Metadata Meeting
Thread-Index: Ac6O+kJH9tPwbFxNTdSsD84MCa171wAAlvNA
Message-ID: <291CC3F9E50E7641901A54E85D0977C66651433151@MAILR002.mail.lan>
References: <166EBB70C264A9479E459B01B1BA6C92104BB464@xmb-aln-x03.cisco.com>
In-Reply-To: <166EBB70C264A9479E459B01B1BA6C92104BB464@xmb-aln-x03.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [CDNi] Notes from today's Informal Metadata Meeting
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cdni>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 21:47:49 -0000
wrt:
> Authentication for Acquisition
> The current Source object contains a placeholder for authentication. We
> discussed a simple username/password based authentication method in this
> context and agreed to name the auth object "CredentialsAuth". This object
> could be used for HTTP Basic, FTP, or other transfer methods that require
> a username and password.
Note: there was also discussion of other possible authentication methods
(e.g., scp identity file, or ssl mutual auth client cert), but the
basic username/password seemed like the bare minimum in lieu of any
firm requirements.
There is an obvious security concern with passing credentials through the
metadata interface, especially if the uCDN is going to point the dCDN at
not its own caches/origin, but at a further upstream cache/origin, and is
thus propogating credentials that it received from a CDN further upstream
which has no relationship with that dCDN. If this is a concern for the
operators or anyone in the WG at large, it would be good to have input?
An alternative would be to have an AuthID pointer that identifies some type
of authentication credentials that were delivered out-of-band?
-- Kevin J. Ma
> -----Original Message-----
> From: Matt Caulfield (mcaulfie) [mailto:mcaulfie@cisco.com]
> Sent: Thursday, August 01, 2013 5:01 PM
> To: cdni@ietf.org
> Cc: Kent Leung (kleung); Kevin J Ma; Brandenburg, R. (Ray) van
> (ray.vanbrandenburg@tno.nl); Rob Murray (RMurray@velocix.com)
> Subject: Notes from today's Informal Metadata Meeting
>
> Attendees: Matt Caulfield, Kent Leung, Kevin Ma, Ray van Brandenburg, Rob
> Murray
>
> "Mandatory-to-enforce"
> The metadata draft defines a property in the GenericMetadata object for
> indicating that a particular piece of metadata is mandatory to enforce. We
> discussed whether or not there is ever a case where this flag would be set
> to false and came up with a few examples related to optional optimizations
> that a CSP may desire but are not strictly required. We also questioned
> whether or not the value of this property should be static (i.e. defined
> by the RFC or standard which also defines the metadata it corresponds to).
> For example, the URI signing draft defines a new metadata object for URI
> signing. Should the CSP/uCDN be allowed to make URI signing mandatory to
> enforce for some content but not other content? Or should mandatory to
> enforce be defined by the URI signing draft as always "true" for URI
> signing metadata? We felt that mandatory-to-enforce SHOULD be static and
> its value SHOULD be taken from the same standard which defines the
> corresponding metadata.
> --> Matt to clarify this point in the Metadata draft
>
> IANA Registries
> The IANA Considerations section in the Metadata draft is not yet filled
> in. We discussed the required registries for Metadata - such as a registry
> for GenericMetadata types, Protocol types, Location types, etc.
> --> Kevin to identify and fill in IANA Considerations
>
> Authentication for Acquisition
> The current Source object contains a placeholder for authentication. We
> discussed a simple username/password based authentication method in this
> context and agreed to name the auth object "CredentialsAuth". This object
> could be used for HTTP Basic, FTP, or other transfer methods that require
> a username and password. The Source object could point to a
> CredentialsAuth object or to any other type of Auth object yet to be
> defined. As such, an IANA registry is planned for tracking Auth methods.
> --> Matt to add CredentialsAuth object to Metadata
>
> Authentication for Delivery
> We were unsure what sort of authentication, if any, should be supported by
> the base metadata draft. We agreed to send a separate email to the list
> inquiring on this topic.
> --> Matt to send email on expect authentication techniques
>
> Query Parameters Modification
> In the working group meeting on Tuesday, it was noted that the current
> ability to remove query parameters when caching a resource is not
> sufficient for base interoperability. Instead a more flexible scheme is
> needed which instructs a dCDN to remove certain query parameters before
> caching, acquiring, or looking up metadata for a piece of a content.
> --> Matt to update query parameter modification text
>
> Acquisition Source object
> We discussed some ambiguity in the Source object section. It is not
> currently clear how a dCDN should really use a Source object to acquire
> content from the uCDN, especially for the HTTP redirection case.
> --> Matt to clarify Source section
>
> Editors notes
> A number of editors notes identify missing areas of the draft.
> --> Above items either address or obviate all current editors notes
- [CDNi] Notes from today's Informal Metadata Meeti… Matt Caulfield (mcaulfie)
- Re: [CDNi] Notes from today's Informal Metadata M… Kevin J Ma