< draft-ietf-drinks-spp-protocol-over-soap-08.txt | draft-ietf-drinks-spp-protocol-over-soap-09.txt > | |||
---|---|---|---|---|
DRINKS K. Cartwright | DRINKS K. Cartwright | |||
Internet-Draft V. Bhatia | Internet-Draft V. Bhatia | |||
Intended status: Standards Track TNS | Intended status: Standards Track TNS | |||
Expires: January 23, 2016 J-F. Mule | Expires: September 25, 2016 J-F. Mule | |||
CableLabs | CableLabs | |||
A. Mayrhofer | A. Mayrhofer | |||
enum.at GmbH | enum.at GmbH | |||
July 22, 2015 | March 24, 2016 | |||
Session Peering Provisioning (SPP) Protocol over SOAP | Session Peering Provisioning (SPP) Protocol over SOAP | |||
draft-ietf-drinks-spp-protocol-over-soap-08 | draft-ietf-drinks-spp-protocol-over-soap-09 | |||
Abstract | Abstract | |||
The Session Peering Provisioning Framework (SPPF) specifies the data | The Session Peering Provisioning Framework (SPPF) specifies the data | |||
model and the overall structure to provision session establishment | model and the overall structure to provision session establishment | |||
data into Session Data Registries and SIP Service Provider data | data into Session Data Registries and SIP Service Provider data | |||
stores. To utilize this framework one needs a substrate protocol. | stores. To utilize this framework one needs a substrate protocol. | |||
Given that Simple Object Access Protocol (SOAP) is currently widely | Given that Simple Object Access Protocol (SOAP) is currently widely | |||
used for messaging between elements of such provisioning systems, | used for messaging between elements of such provisioning systems, | |||
this document specifies the usage of SOAP (via HTTPS) as the | this document specifies the usage of SOAP (via HTTPS) as the | |||
skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on January 23, 2016. | This Internet-Draft will expire on September 25, 2016. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
skipping to change at page 2, line 31 ¶ | skipping to change at page 2, line 31 ¶ | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
3. SOAP Features and Protocol Layering . . . . . . . . . . . . . 4 | 3. SOAP Features and Protocol Layering . . . . . . . . . . . . . 4 | |||
4. HTTP(s) Features and SPP Protocol over SOAP . . . . . . . . . 7 | 4. HTTP(s) Features and SPP Protocol over SOAP . . . . . . . . . 7 | |||
5. Authentication, Integrity and Confidentiality . . . . . . . . 7 | 5. Authentication, Integrity and Confidentiality . . . . . . . . 7 | |||
6. Language Identification . . . . . . . . . . . . . . . . . . . 7 | 6. Language Identification . . . . . . . . . . . . . . . . . . . 7 | |||
7. SPP Protocol SOAP Data Structures . . . . . . . . . . . . . . 7 | 7. SPP Protocol SOAP Data Structures . . . . . . . . . . . . . . 7 | |||
7.1. Concrete Object Key Types . . . . . . . . . . . . . . . . 8 | 7.1. Concrete Object Key Types . . . . . . . . . . . . . . . . 8 | |||
7.1.1. Generic Object Key . . . . . . . . . . . . . . . . . 8 | 7.1.1. Generic Object Key . . . . . . . . . . . . . . . . . 8 | |||
7.1.2. Public Identity Object Key . . . . . . . . . . . . . 9 | 7.1.2. Public Identifier Object Key . . . . . . . . . . . . 9 | |||
7.1.3. SED Group Offer Key . . . . . . . . . . . . . . . . . 10 | 7.1.3. SED Group Offer Key . . . . . . . . . . . . . . . . . 10 | |||
7.2. Operation Request and Response Structures . . . . . . . . 10 | 7.2. Operation Request and Response Structures . . . . . . . . 11 | |||
7.2.1. Add Operation Structure . . . . . . . . . . . . . . . 11 | 7.2.1. Add Operation Structure . . . . . . . . . . . . . . . 11 | |||
7.2.2. Delete Operation Structure . . . . . . . . . . . . . 14 | 7.2.2. Delete Operation Structure . . . . . . . . . . . . . 14 | |||
7.2.3. Accept Operation Structure . . . . . . . . . . . . . 17 | 7.2.3. Accept Operation Structure . . . . . . . . . . . . . 17 | |||
7.2.4. Reject Operation Structure . . . . . . . . . . . . . 20 | 7.2.4. Reject Operation Structure . . . . . . . . . . . . . 20 | |||
7.2.5. Batch Operation Structure . . . . . . . . . . . . . . 23 | 7.2.5. Batch Operation Structure . . . . . . . . . . . . . . 23 | |||
7.2.6. Get Operation Structure . . . . . . . . . . . . . . . 26 | 7.2.6. Get Operation Structure . . . . . . . . . . . . . . . 26 | |||
7.2.7. Get SED Group Offers Operation Structure . . . . . . 27 | 7.2.7. Get SED Group Offers Operation Structure . . . . . . 27 | |||
7.2.8. Generic Query Response . . . . . . . . . . . . . . . 29 | 7.2.8. Generic Query Response . . . . . . . . . . . . . . . 29 | |||
7.2.9. Get Server Details Operation Structure . . . . . . . 29 | 7.2.9. Get Server Details Operation Structure . . . . . . . 29 | |||
7.3. Response Codes and Messages . . . . . . . . . . . . . . . 31 | 7.3. Response Codes and Messages . . . . . . . . . . . . . . . 31 | |||
7.4. Minor Version Identifier . . . . . . . . . . . . . . . . 33 | 7.4. Minor Version Identifier . . . . . . . . . . . . . . . . 33 | |||
8. Protocol Operations . . . . . . . . . . . . . . . . . . . . . 33 | 8. Protocol Operations . . . . . . . . . . . . . . . . . . . . . 33 | |||
9. SPP Protocol over SOAP WSDL Definition . . . . . . . . . . . 33 | 9. SPP Protocol over SOAP WSDL Definition . . . . . . . . . . . 33 | |||
10. SPP Protocol over SOAP Examples . . . . . . . . . . . . . . . 44 | 10. SPP Protocol over SOAP Examples . . . . . . . . . . . . . . . 45 | |||
10.1. Add Destination Group . . . . . . . . . . . . . . . . . 45 | 10.1. Add Destination Group . . . . . . . . . . . . . . . . . 45 | |||
10.2. Add SED Records . . . . . . . . . . . . . . . . . . . . 47 | 10.2. Add SED Records . . . . . . . . . . . . . . . . . . . . 47 | |||
10.3. Add SED Records -- URIType . . . . . . . . . . . . . . . 48 | 10.3. Add SED Records -- URIType . . . . . . . . . . . . . . . 48 | |||
10.4. Add SED Group . . . . . . . . . . . . . . . . . . . . . 49 | 10.4. Add SED Group . . . . . . . . . . . . . . . . . . . . . 49 | |||
10.5. Add Public Identity -- Successful COR claim . . . . . . 51 | 10.5. Add Public Identifier -- Successful COR claim . . . . . 51 | |||
10.6. Add LRN . . . . . . . . . . . . . . . . . . . . . . . . 53 | 10.6. Add LRN . . . . . . . . . . . . . . . . . . . . . . . . 53 | |||
10.7. Add TN Range . . . . . . . . . . . . . . . . . . . . . . 54 | 10.7. Add TN Range . . . . . . . . . . . . . . . . . . . . . . 54 | |||
10.8. Add TN Prefix . . . . . . . . . . . . . . . . . . . . . 55 | 10.8. Add TN Prefix . . . . . . . . . . . . . . . . . . . . . 55 | |||
10.9. Enable Peering -- SED Group Offer . . . . . . . . . . . 57 | 10.9. Enable Peering -- SED Group Offer . . . . . . . . . . . 57 | |||
10.10. Enable Peering -- SED Group Offer Accept . . . . . . . . 58 | 10.10. Enable Peering -- SED Group Offer Accept . . . . . . . . 58 | |||
10.11. Add Egress Route . . . . . . . . . . . . . . . . . . . . 59 | 10.11. Add Egress Route . . . . . . . . . . . . . . . . . . . . 59 | |||
10.12. Remove Peering -- SED Group Offer Reject . . . . . . . . 61 | 10.12. Remove Peering -- SED Group Offer Reject . . . . . . . . 61 | |||
10.13. Get Destination Group . . . . . . . . . . . . . . . . . 62 | 10.13. Get Destination Group . . . . . . . . . . . . . . . . . 62 | |||
10.14. Get Public Identity . . . . . . . . . . . . . . . . . . 64 | 10.14. Get Public Identifier . . . . . . . . . . . . . . . . . 64 | |||
10.15. Get SED Group Request . . . . . . . . . . . . . . . . . 65 | 10.15. Get SED Group Request . . . . . . . . . . . . . . . . . 65 | |||
10.16. Get SED Group Offers Request . . . . . . . . . . . . . . 67 | 10.16. Get SED Group Offers Request . . . . . . . . . . . . . . 67 | |||
10.17. Get Egress Route . . . . . . . . . . . . . . . . . . . . 69 | 10.17. Get Egress Route . . . . . . . . . . . . . . . . . . . . 69 | |||
10.18. Delete Destination Group . . . . . . . . . . . . . . . . 71 | 10.18. Delete Destination Group . . . . . . . . . . . . . . . . 71 | |||
10.19. Delete Public Identity . . . . . . . . . . . . . . . . . 72 | 10.19. Delete Public Identifier . . . . . . . . . . . . . . . . 72 | |||
10.20. Delete SED Group Request . . . . . . . . . . . . . . . . 73 | 10.20. Delete SED Group Request . . . . . . . . . . . . . . . . 73 | |||
10.21. Delete SED Group Offers Request . . . . . . . . . . . . 74 | 10.21. Delete SED Group Offers Request . . . . . . . . . . . . 74 | |||
10.22. Delete Egress Route . . . . . . . . . . . . . . . . . . 76 | 10.22. Delete Egress Route . . . . . . . . . . . . . . . . . . 76 | |||
10.23. Batch Request . . . . . . . . . . . . . . . . . . . . . 77 | 10.23. Batch Request . . . . . . . . . . . . . . . . . . . . . 77 | |||
11. Security Considerations . . . . . . . . . . . . . . . . . . . 79 | 11. Security Considerations . . . . . . . . . . . . . . . . . . . 79 | |||
11.1. Vulnerabilities . . . . . . . . . . . . . . . . . . . . 80 | 11.1. Vulnerabilities . . . . . . . . . . . . . . . . . . . . 80 | |||
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 | 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 | |||
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 80 | 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 81 | |||
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 81 | 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 81 | |||
14.1. Normative References . . . . . . . . . . . . . . . . . . 81 | 14.1. Normative References . . . . . . . . . . . . . . . . . . 81 | |||
14.2. Informative References . . . . . . . . . . . . . . . . . 81 | 14.2. Informative References . . . . . . . . . . . . . . . . . 82 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 | |||
1. Introduction | 1. Introduction | |||
SPPF, defined in [I-D.draft-ietf-drinks-spp-framework], is best | SPPF, defined in [I-D.draft-ietf-drinks-spp-framework], is best | |||
supported by a transport and messaging infrastructure that is | supported by a transport and messaging infrastructure that is | |||
connection oriented, request-response oriented, easily secured, | connection oriented, request-response oriented, easily secured, | |||
supports propagation through firewalls in a standard fashion, and | supports propagation through firewalls in a standard fashion, and | |||
that is easily integrated into back-office systems. This is due to | that is easily integrated into back-office systems. This is due to | |||
the fact that the client side of SPPF is likely to be integrated with | the fact that the client side of SPPF is likely to be integrated with | |||
skipping to change at page 6, line 20 ¶ | skipping to change at page 6, line 20 ¶ | |||
respectively, of the SOAP operation. | respectively, of the SOAP operation. | |||
SOAP faults are not used by the SPP Protocol over SOAP. All success | SOAP faults are not used by the SPP Protocol over SOAP. All success | |||
and error responses are specified in Section 7.3 of this document. | and error responses are specified in Section 7.3 of this document. | |||
However, if a SOAP fault were to occur, perhaps due to failures in | However, if a SOAP fault were to occur, perhaps due to failures in | |||
the SOAP message handling layer of a SOAP library, the client | the SOAP message handling layer of a SOAP library, the client | |||
application should capture and handle the fault. Specifics on how to | application should capture and handle the fault. Specifics on how to | |||
handle such SOAP faults, if they should occur, will be specific to | handle such SOAP faults, if they should occur, will be specific to | |||
the chosen SOAP implementation. | the chosen SOAP implementation. | |||
This document RECOMMENDS SOAP 1.2 [SOAPREF] or higher, and WSDL 1.1 | Implementations MUST use SOAP 1.2 [SOAPREF] or higher, and MUST | |||
[WSDLREF] or higher. | support SOAP 1.2. Implementations SHOULD use WSDL 1.1 [WSDLREF], and | |||
MUST NOT use earlier versions. Use of WSDL versions greater than 1.1 | ||||
may introduce interopability problems with implementations that use | ||||
1.1. | ||||
SPPF is a request/reply framework that allows a client application to | SPPF is a request/reply framework that allows a client application to | |||
submit provisioning data and query requests to a server. The SPPF | submit provisioning data and query requests to a server. The SPPF | |||
data structures are designed to be protocol agnostic. Concerns | data structures are designed to be protocol agnostic. Concerns | |||
regarding encryption, non-repudiation, and authentication are beyond | regarding encryption, non-repudiation, and authentication are beyond | |||
the scope of this document. For more details, please refer to | the scope of this document. For more details, please refer to | |||
Section 4 ("Substrate Protocol Requirements") of | Section 4 ("Substrate Protocol Requirements") of | |||
[I-D.draft-ietf-drinks-spp-framework]. | [I-D.draft-ietf-drinks-spp-framework]. | |||
As illustrated in the previous diagram, SPPF can be viewed as a set | As illustrated in the previous diagram, SPPF can be viewed as a set | |||
skipping to change at page 7, line 14 ¶ | skipping to change at page 7, line 16 ¶ | |||
4. HTTP(s) Features and SPP Protocol over SOAP | 4. HTTP(s) Features and SPP Protocol over SOAP | |||
While SOAP is not tied to HTTP(S), for reasons described in the | While SOAP is not tied to HTTP(S), for reasons described in the | |||
introduction, HTTP(S) is a good choice as the substrate protocol for | introduction, HTTP(S) is a good choice as the substrate protocol for | |||
the SPP Protocol SOAP messages. HTTP 1.1 includes the "persistent | the SPP Protocol SOAP messages. HTTP 1.1 includes the "persistent | |||
connection" feature, which allows multiple HTTP request/response | connection" feature, which allows multiple HTTP request/response | |||
pairs to be transported across a single HTTP connection. This is an | pairs to be transported across a single HTTP connection. This is an | |||
important performance optimization feature, particularly when the | important performance optimization feature, particularly when the | |||
connections is an HTTPS connection where the relatively time | connections is an HTTPS connection where the relatively time | |||
consuming SSL handshake has occurred. | consuming TLS handshake has occurred. | |||
Implementations compliant with this document MUST use HTTP 1.1 | Implementations compliant with this document MUST use HTTP 1.1 | |||
[RFC2616] or higher. Also, implementations SHOULD use persistent | [RFC7230] or higher. Also, implementations SHOULD use persistent | |||
connections. | connections. | |||
5. Authentication, Integrity and Confidentiality | 5. Authentication, Integrity and Confidentiality | |||
To accomplish authentication, conforming SPP Protocol over SOAP | To accomplish authentication, conforming SPP Protocol over SOAP | |||
Clients and Servers MUST use HTTP Digest Authentication as defined in | Clients and Servers MUST use HTTP Digest Authentication as defined in | |||
[RFC2617]. | [RFC2617]. | |||
To achieve integrity and privacy, conforming SPP Protocol over SOAP | To achieve integrity and privacy, conforming SPP Protocol over SOAP | |||
Clients and Servers MUST support Transport Layer Security (TLS) as | Clients and Servers MUST support Transport Layer Security (TLS) as | |||
defined in [RFC5246] as the secure transport mechanism. | defined in [RFC5246] as the secure transport mechanism. Use of TLS | |||
MUST follow the recommendations contained in [RFC7525] | ||||
6. Language Identification | 6. Language Identification | |||
Section 9 of [I-D.draft-ietf-drinks-spp-framework] requires protocols | Section 9 of [I-D.draft-ietf-drinks-spp-framework] requires protocols | |||
to provide a mechanism to transmit language tags together with human- | to provide a mechanism to transmit language tags together with human- | |||
readable messages. When conforming SPP Protocol SOAP servers use | readable messages. When conforming SPP Protocol SOAP servers use | |||
such tagging, the XML "lang" attribute ([W3C.REC-xml-20081126], | such tagging, the XML "lang" attribute ([W3C.REC-xml-20081126], | |||
Section 2.12) MUST be used. Clients MAY use the HTTP "Accept- | Section 2.12) MUST be used. Clients MAY use the HTTP "Accept- | |||
Language" header field (see Section 14.4 of [RFC2616]) in order to | Language" header field (see Section 5.3.5 of [RFC7231]) in order to | |||
indicate their language preference. | indicate their language preference. | |||
7. SPP Protocol SOAP Data Structures | 7. SPP Protocol SOAP Data Structures | |||
SPP Protocol over SOAP uses a set of XML based data structures for | SPP Protocol over SOAP uses a set of XML based data structures for | |||
all the supported operations and any parameters that those operations | all the supported operations and any parameters that those operations | |||
are applied to. As also mentioned earlier in this document, these | are applied to. As also mentioned earlier in this document, these | |||
XML structures are envelope-independent and substrate-independent. | XML structures are envelope-independent and substrate-independent. | |||
Refer the "Protocol Operations" (Section 8) of this document for a | Refer the "Protocol Operations" (Section 8) of this document for a | |||
description of all the operations that MUST be supported. | description of all the operations that MUST be supported. | |||
skipping to change at page 9, line 18 ¶ | skipping to change at page 9, line 20 ¶ | |||
<simpleType name="ObjKeyTypeEnum"> | <simpleType name="ObjKeyTypeEnum"> | |||
<restriction base="token"> | <restriction base="token"> | |||
<enumeration value="SedGrp"/> | <enumeration value="SedGrp"/> | |||
<enumeration value="DestGrp"/> | <enumeration value="DestGrp"/> | |||
<enumeration value="SedRec"/> | <enumeration value="SedRec"/> | |||
<enumeration value="EgrRte"/> | <enumeration value="EgrRte"/> | |||
</restriction> | </restriction> | |||
</simpleType> | </simpleType> | |||
7.1.2. Public Identity Object Key | 7.1.2. Public Identifier Object Key | |||
Public Identity type objects can further be of various sub-types like | Public Identifier type objects can further be of various sub-types | |||
a Telephone Number (TN), Routing Number (RN), TN Prefix, URI, or a TN | like a Telephone Number (TN), Routing Number (RN), TN Prefix, URI, or | |||
Range and cannot be cleanly identified with the attributes in the | a TN Range and cannot be cleanly identified with the attributes in | |||
generic ObjKeyType. The definition of PubIdKeyType is as below: | the generic ObjKeyType. The definition of PubIdKeyType is as below: | |||
<complexType name="PubIdKeyType"> | <complexType name="PubIdKeyType"> | |||
<complexContent> | <complexContent> | |||
<extension base="sppfb:PubIdKeyType"> | <extension base="sppfb:PubIdKeyType"> | |||
<sequence> | <sequence> | |||
<element name="rant" type="sppfb:OrgIdType"/> | <element name="rant" type="sppfb:OrgIdType"/> | |||
<choice> | <choice> | |||
<element name="number" | <element name="number" | |||
type="sppfb:NumberType"/> | type="sppfb:NumberType"/> | |||
<element name="range" | <element name="range" | |||
skipping to change at page 32, line 50 ¶ | skipping to change at page 32, line 50 ¶ | |||
+--------+--------------------------+-------------------------------+ | +--------+--------------------------+-------------------------------+ | |||
Table 1: Response Codes Numbering Scheme and Messages | Table 1: Response Codes Numbering Scheme and Messages | |||
Response message for response code 2001 is "parameterized" with the | Response message for response code 2001 is "parameterized" with the | |||
following parameter: "[Maximum requests supported]". When the | following parameter: "[Maximum requests supported]". When the | |||
request is too large, this parameter MUST be used to indicate the | request is too large, this parameter MUST be used to indicate the | |||
maximum number of requests supported by the server in a single | maximum number of requests supported by the server in a single | |||
protocol operation. | protocol operation. | |||
Response could 2000 SHOULD be used when the XML Schema validation of | ||||
requests fails. | ||||
Each of the object level response messages are "parameterized" with | Each of the object level response messages are "parameterized" with | |||
the following parameters: "AttributeName" and "AttributeValue". | the following parameters: "AttributeName" and "AttributeValue". | |||
For example, if an SPPF client sends a request to delete a | For example, if an SPPF client sends a request to delete a | |||
Destination Group with a name "TestDG", and it does not already | Destination Group with a name "TestDG", and it does not already | |||
exist, then the error message returned should be: "Attribute value | exist, then the error message returned should be: "Attribute value | |||
invalid. AttrName:dgName AttrVal:TestDG". | invalid. AttrName:dgName AttrVal:TestDG". | |||
The use of these parameters MUST adhere to the rules defined in | The use of these parameters MUST adhere to the rules defined in | |||
Section 5.3 of [I-D.draft-ietf-drinks-spp-framework]. | Section 5.3 of [I-D.draft-ietf-drinks-spp-framework]. | |||
skipping to change at page 51, line 21 ¶ | skipping to change at page 51, line 21 ¶ | |||
<clientTransId>txn_1479</clientTransId> | <clientTransId>txn_1479</clientTransId> | |||
<serverTransId>tx_12345</serverTransId> | <serverTransId>tx_12345</serverTransId> | |||
<overallResult> | <overallResult> | |||
<code>1000</code> | <code>1000</code> | |||
<msg>Request Succeeded.</msg> | <msg>Request Succeeded.</msg> | |||
</overallResult> | </overallResult> | |||
</ns3:spppAddResponse> | </ns3:spppAddResponse> | |||
</S:Body> | </S:Body> | |||
</S:Envelope> | </S:Envelope> | |||
10.5. Add Public Identity -- Successful COR claim | 10.5. Add Public Identifier -- Successful COR claim | |||
SSP2 activates a TN public identity by associating it with a valid | SSP2 activates a TN public identifier by associating it with a valid | |||
destination group. Further, SSP2 puts forth a claim that it is the | destination group. Further, SSP2 puts forth a claim that it is the | |||
carrier-of-record for the TN. | carrier-of-record for the TN. | |||
<soapenv:Envelope | <soapenv:Envelope | |||
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | |||
xmlns:urn="urn:ietf:params:xml:ns:sppf:soap:1" | xmlns:urn="urn:ietf:params:xml:ns:sppf:soap:1" | |||
xmlns:urn1="urn:ietf:params:xml:ns:sppf:base:1" | xmlns:urn1="urn:ietf:params:xml:ns:sppf:base:1" | |||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |||
<soapenv:Header/> | <soapenv:Header/> | |||
<soapenv:Body> | <soapenv:Body> | |||
skipping to change at page 59, line 5 ¶ | skipping to change at page 59, line 5 ¶ | |||
<rant>iana-en:222</rant> | <rant>iana-en:222</rant> | |||
<name>SED_GRP_SSP2_1</name> | <name>SED_GRP_SSP2_1</name> | |||
<type>SedGrp</type> | <type>SedGrp</type> | |||
</sedGrpKey> | </sedGrpKey> | |||
<offeredTo>iana-en:111</offeredTo> | <offeredTo>iana-en:111</offeredTo> | |||
</sedGrpOfferKey> | </sedGrpOfferKey> | |||
</urn:spppAcceptRequest> | </urn:spppAcceptRequest> | |||
</soapenv:Body> | </soapenv:Body> | |||
</soapenv:Envelope> | </soapenv:Envelope> | |||
Registry confirms that the request has been processed successfully. | Registry confirms that the request has been processed successfully. | |||
From this point forward, if SSP1 looks up a public identity through | From this point forward, if SSP1 looks up a public identifier through | |||
the query resolution server, where the public identity is part of the | the query resolution server, where the public identifier is part of | |||
destination group by way of "SED_GRP_SSP2_1" session establishment | the destination group by way of "SED_GRP_SSP2_1" session | |||
data association, SSP2 ingress SBE information will be shared with | establishment data association, SSP2 ingress SBE information will be | |||
SSP1. | shared with SSP1. | |||
<?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
<S:Envelope | <S:Envelope | |||
xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> | xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> | |||
<S:Body> | <S:Body> | |||
<ns3:spppAcceptResponse | <ns3:spppAcceptResponse | |||
xmlns:ns2="urn:ietf:params:xml:ns:sppf:base:1" | xmlns:ns2="urn:ietf:params:xml:ns:sppf:base:1" | |||
xmlns:ns3="urn:ietf:params:xml:ns:sppf:soap:1"> | xmlns:ns3="urn:ietf:params:xml:ns:sppf:soap:1"> | |||
<clientTransId>txn_1479</clientTransId> | <clientTransId>txn_1479</clientTransId> | |||
<serverTransId>tx_12350</serverTransId> | <serverTransId>tx_12350</serverTransId> | |||
skipping to change at page 62, line 5 ¶ | skipping to change at page 62, line 5 ¶ | |||
<rant>iana-en:222</rant> | <rant>iana-en:222</rant> | |||
<name>SED_GRP_SSP2_1</name> | <name>SED_GRP_SSP2_1</name> | |||
<type>SedGrp</type> | <type>SedGrp</type> | |||
</sedGrpKey> | </sedGrpKey> | |||
<offeredTo>iana-en:111</offeredTo> | <offeredTo>iana-en:111</offeredTo> | |||
</sedGrpOfferKey> | </sedGrpOfferKey> | |||
</urn:spppRejectRequest> | </urn:spppRejectRequest> | |||
</soapenv:Body> | </soapenv:Body> | |||
</soapenv:Envelope> | </soapenv:Envelope> | |||
Registry confirms that the request has been processed successfully. | Registry confirms that the request has been processed successfully. | |||
From this point forward, if SSP1 looks up a public identity through | From this point forward, if SSP1 looks up a public identifier through | |||
the query resolution server, where the public identity is part of the | the query resolution server, where the public identifier is part of | |||
destination group by way of "SED_GRP_SSP2_1" session establishment | the destination group by way of "SED_GRP_SSP2_1" session | |||
data association, SSP2 ingress SBE information will not be shared | establishment data association, SSP2 ingress SBE information will not | |||
with SSP1 and hence SSP2 ingress SBE will not be returned in the | be shared with SSP1 and hence SSP2 ingress SBE will not be returned | |||
query response. | in the query response. | |||
<?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
<S:Envelope | <S:Envelope | |||
xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> | xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> | |||
<S:Body> | <S:Body> | |||
<ns3:spppRejectResponse | <ns3:spppRejectResponse | |||
xmlns:ns2="urn:ietf:params:xml:ns:sppf:base:1" | xmlns:ns2="urn:ietf:params:xml:ns:sppf:base:1" | |||
xmlns:ns3="urn:ietf:params:xml:ns:sppf:soap:1"> | xmlns:ns3="urn:ietf:params:xml:ns:sppf:soap:1"> | |||
<clientTransId>txn_1479</clientTransId> | <clientTransId>txn_1479</clientTransId> | |||
<serverTransId>tx_12350</serverTransId> | <serverTransId>tx_12350</serverTransId> | |||
skipping to change at page 64, line 5 ¶ | skipping to change at page 64, line 5 ¶ | |||
<resultObj xsi:type="ns2:DestGrpType"> | <resultObj xsi:type="ns2:DestGrpType"> | |||
<ns2:rant>iana-en:222</ns2:rant> | <ns2:rant>iana-en:222</ns2:rant> | |||
<ns2:rar>iana-en:223</ns2:rar> | <ns2:rar>iana-en:223</ns2:rar> | |||
<ns2:cDate>2012-10-22T09:30:10Z</ns2:cDate> | <ns2:cDate>2012-10-22T09:30:10Z</ns2:cDate> | |||
<ns2:dgName>DEST_GRP_SSP2_1</ns2:dgName> | <ns2:dgName>DEST_GRP_SSP2_1</ns2:dgName> | |||
</resultObj> | </resultObj> | |||
</ns3:spppGetResponse> | </ns3:spppGetResponse> | |||
</S:Body> | </S:Body> | |||
</S:Envelope> | </S:Envelope> | |||
10.14. Get Public Identity | 10.14. Get Public Identifier | |||
SSP2 obtains the last provisioned record associated with a given TN. | SSP2 obtains the last provisioned record associated with a given TN. | |||
<?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
<soapenv:Envelope | <soapenv:Envelope | |||
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | |||
xmlns:urn="urn:ietf:params:xml:ns:sppf:soap:1" | xmlns:urn="urn:ietf:params:xml:ns:sppf:soap:1" | |||
xmlns:urn1="urn:ietf:params:xml:ns:sppf:base:1" | xmlns:urn1="urn:ietf:params:xml:ns:sppf:base:1" | |||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |||
<soapenv:Header/> | <soapenv:Header/> | |||
skipping to change at page 72, line 42 ¶ | skipping to change at page 72, line 42 ¶ | |||
xmlns:ns3="urn:ietf:params:xml:ns:sppf:soap:1"> | xmlns:ns3="urn:ietf:params:xml:ns:sppf:soap:1"> | |||
<serverTransId>tx_12354</serverTransId> | <serverTransId>tx_12354</serverTransId> | |||
<overallResult> | <overallResult> | |||
<code>1000</code> | <code>1000</code> | |||
<msg>Request Succeeded.</msg> | <msg>Request Succeeded.</msg> | |||
</overallResult> | </overallResult> | |||
</ns3:spppDelResponse> | </ns3:spppDelResponse> | |||
</S:Body> | </S:Body> | |||
</S:Envelope> | </S:Envelope> | |||
10.19. Delete Public Identity | 10.19. Delete Public Identifier | |||
SSP2 chooses to de-activate the TN and remove it from the registry. | SSP2 chooses to de-activate the TN and remove it from the registry. | |||
<?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
<soapenv:Envelope | <soapenv:Envelope | |||
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" | |||
xmlns:urn="urn:ietf:params:xml:ns:sppf:soap:1" | xmlns:urn="urn:ietf:params:xml:ns:sppf:soap:1" | |||
xmlns:urn1="urn:ietf:params:xml:ns:sppf:base:1" | xmlns:urn1="urn:ietf:params:xml:ns:sppf:base:1" | |||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |||
<soapenv:Header/> | <soapenv:Header/> | |||
skipping to change at page 79, line 43 ¶ | skipping to change at page 79, line 43 ¶ | |||
<overallResult> | <overallResult> | |||
<code>1000</code> | <code>1000</code> | |||
<msg>Request Succeeded.</msg> | <msg>Request Succeeded.</msg> | |||
</overallResult> | </overallResult> | |||
</ns3:spppBatchResponse> | </ns3:spppBatchResponse> | |||
</S:Body> | </S:Body> | |||
</S:Envelope> | </S:Envelope> | |||
11. Security Considerations | 11. Security Considerations | |||
The base security considerations of SPPP outlined in Section 9 of | ||||
[I-D.draft-ietf-drinks-spp-framework] also apply to SPP Protocol over | ||||
SOAP implementations. Additionally, the following must be | ||||
considered: | ||||
SPP Protocol over SOAP is used to query and update session peering | SPP Protocol over SOAP is used to query and update session peering | |||
data and addresses, so the ability to access this protocol should be | data and addresses, so the ability to access this protocol should be | |||
limited to users and systems that are authorized to query and update | limited to users and systems that are authorized to query and update | |||
this data. Because this data is sent in both directions, it may not | this data. Because this data is sent in both directions, it may not | |||
be sufficient for just the client or user to be authenticated with | be sufficient for just the client or user to be authenticated with | |||
the server. The identity of the server should also be authenticated | the server. The identity of the server should also be authenticated | |||
by the client, which is often accomplished using the TLS certificate | by the client, which is often accomplished using the TLS certificate | |||
exchange and validation described in [RFC2818]. | exchange and validation described in [RFC2818]. | |||
11.1. Vulnerabilities | 11.1. Vulnerabilities | |||
skipping to change at page 81, line 17 ¶ | skipping to change at page 81, line 26 ¶ | |||
14. References | 14. References | |||
14.1. Normative References | 14.1. Normative References | |||
[I-D.draft-ietf-drinks-spp-framework] | [I-D.draft-ietf-drinks-spp-framework] | |||
Cartwright, K., Bhatia, V., Ali, S., and D. Schwartz, | Cartwright, K., Bhatia, V., Ali, S., and D. Schwartz, | |||
"Session Peering Provisioning Framework", draft-ietf- | "Session Peering Provisioning Framework", draft-ietf- | |||
drinks-spp-framework-08 (work in progress), July 2015. | drinks-spp-framework-08 (work in progress), July 2015. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | ||||
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., | <http://www.rfc-editor.org/info/rfc2119>. | |||
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext | ||||
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. | ||||
[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | |||
Leach, P., Luotonen, A., and L. Stewart, "HTTP | Leach, P., Luotonen, A., and L. Stewart, "HTTP | |||
Authentication: Basic and Digest Access Authentication", | Authentication: Basic and Digest Access Authentication", | |||
RFC 2617, DOI 10.17487/RFC2617, June 1999, | RFC 2617, DOI 10.17487/RFC2617, June 1999, | |||
<http://www.rfc-editor.org/info/rfc2617>. | <http://www.rfc-editor.org/info/rfc2617>. | |||
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | |||
DOI 10.17487/RFC3688, January 2004, | DOI 10.17487/RFC3688, January 2004, | |||
<http://www.rfc-editor.org/info/rfc3688>. | <http://www.rfc-editor.org/info/rfc3688>. | |||
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
(TLS) Protocol Version 1.2", RFC 5246, | (TLS) Protocol Version 1.2", RFC 5246, | |||
DOI 10.17487/RFC5246, August 2008, | DOI 10.17487/RFC5246, August 2008, | |||
<http://www.rfc-editor.org/info/rfc5246>. | <http://www.rfc-editor.org/info/rfc5246>. | |||
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | ||||
Protocol (HTTP/1.1): Message Syntax and Routing", | ||||
RFC 7230, DOI 10.17487/RFC7230, June 2014, | ||||
<http://www.rfc-editor.org/info/rfc7230>. | ||||
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | ||||
Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | ||||
DOI 10.17487/RFC7231, June 2014, | ||||
<http://www.rfc-editor.org/info/rfc7231>. | ||||
[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
"Recommendations for Secure Use of Transport Layer | ||||
Security (TLS) and Datagram Transport Layer Security | ||||
(DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May | ||||
2015, <http://www.rfc-editor.org/info/rfc7525>. | ||||
[SOAPREF] Gudgin, M., Hadley, M., Moreau, J., and H. Nielsen, "SOAP | [SOAPREF] Gudgin, M., Hadley, M., Moreau, J., and H. Nielsen, "SOAP | |||
Version 1.2 Part 1: Messaging Framework", W3C | Version 1.2 Part 1: Messaging Framework", W3C | |||
Recommendation REC-SOAP12-part1-20030624, June 2002. | Recommendation REC-SOAP12-part1-20030624, June 2002. | |||
14.2. Informative References | 14.2. Informative References | |||
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, | [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, | |||
DOI 10.17487/RFC2818, May 2000, | DOI 10.17487/RFC2818, May 2000, | |||
<http://www.rfc-editor.org/info/rfc2818>. | <http://www.rfc-editor.org/info/rfc2818>. | |||
End of changes. 30 change blocks. | ||||
44 lines changed or deleted | 70 lines changed or added | |||
This html diff was produced by rfcdiff 1.44. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |