< draft-ietf-drinks-spp-framework-11.txt | draft-ietf-drinks-spp-framework-12.txt > | |||
---|---|---|---|---|
DRINKS K. Cartwright | DRINKS K. Cartwright | |||
Internet-Draft V. Bhatia | Internet-Draft V. Bhatia | |||
Intended status: Standards Track TNS | Intended status: Standards Track TNS | |||
Expires: January 23, 2016 S. Ali | Expires: February 13, 2016 S. Ali | |||
NeuStar | NeuStar | |||
D. Schwartz | D. Schwartz | |||
XConnect | XConnect | |||
July 22, 2015 | August 12, 2015 | |||
Session Peering Provisioning Framework (SPPF) | Session Peering Provisioning Framework (SPPF) | |||
draft-ietf-drinks-spp-framework-11 | draft-ietf-drinks-spp-framework-12 | |||
Abstract | Abstract | |||
This document specifies the data model and the overall structure for | This document specifies the data model and the overall structure for | |||
a framework to provision session establishment data into Session Data | a framework to provision session establishment data into Session Data | |||
Registries and SIP Service Provider data stores. The framework is | Registries and SIP Service Provider data stores. The framework is | |||
called the Session Peering Provisioning Framework (SPPF). The | called the Session Peering Provisioning Framework (SPPF). The | |||
provisioned data is typically used by network elements for session | provisioned data is typically used by network elements for session | |||
establishment. | establishment. | |||
skipping to change at page 1, line 39 | skipping to change at page 1, line 39 | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on January 23, 2016. | This Internet-Draft will expire on February 13, 2016. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 3, line 14 | skipping to change at page 3, line 14 | |||
8.2. Versioning and Character Encoding . . . . . . . . . . . . 39 | 8.2. Versioning and Character Encoding . . . . . . . . . . . . 39 | |||
9. Security Considerations . . . . . . . . . . . . . . . . . . . 40 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 40 | |||
9.1. Confidentiality and Authentication . . . . . . . . . . . 40 | 9.1. Confidentiality and Authentication . . . . . . . . . . . 40 | |||
9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 40 | 9.2. Authorization . . . . . . . . . . . . . . . . . . . . . . 40 | |||
9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 40 | 9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 40 | |||
9.3.1. DoS Issues Inherited from Substrate Mechanism . . . . 41 | 9.3.1. DoS Issues Inherited from Substrate Mechanism . . . . 41 | |||
9.3.2. DoS Issues Specific to SPPF . . . . . . . . . . . . . 41 | 9.3.2. DoS Issues Specific to SPPF . . . . . . . . . . . . . 41 | |||
9.4. Information Disclosure . . . . . . . . . . . . . . . . . 42 | 9.4. Information Disclosure . . . . . . . . . . . . . . . . . 42 | |||
9.5. Non-repudiation . . . . . . . . . . . . . . . . . . . . . 42 | 9.5. Non-repudiation . . . . . . . . . . . . . . . . . . . . . 42 | |||
9.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 42 | 9.6. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 42 | |||
9.7. Man in the Middle . . . . . . . . . . . . . . . . . . . . 43 | 9.7. Compromised or Malicious Intermediary . . . . . . . . . . 43 | |||
10. Internationalization Considerations . . . . . . . . . . . . . 43 | 10. Internationalization Considerations . . . . . . . . . . . . . 43 | |||
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 | 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 | |||
11.1. URN Assignments . . . . . . . . . . . . . . . . . . . . 43 | 11.1. URN Assignments . . . . . . . . . . . . . . . . . . . . 43 | |||
11.2. Organization Identifier Namespace Registry . . . . . . . 44 | 11.2. Organization Identifier Namespace Registry . . . . . . . 44 | |||
12. Formal Specification . . . . . . . . . . . . . . . . . . . . 44 | 12. Formal Specification . . . . . . . . . . . . . . . . . . . . 44 | |||
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 52 | 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 52 | |||
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 53 | 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 53 | |||
14.1. Normative References . . . . . . . . . . . . . . . . . . 53 | 14.1. Normative References . . . . . . . . . . . . . . . . . . 53 | |||
14.2. Informative References . . . . . . . . . . . . . . . . . 54 | 14.2. Informative References . . . . . . . . . . . . . . . . . 54 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 55 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 55 | |||
skipping to change at page 10, line 44 | skipping to change at page 10, line 44 | |||
Some request and response messages in SPPF include time value(s) | Some request and response messages in SPPF include time value(s) | |||
defined as type xs:dateTime, a built-in W3C XML Schema Datatype. Use | defined as type xs:dateTime, a built-in W3C XML Schema Datatype. Use | |||
of unqualified local time value is disallowed as it can lead to | of unqualified local time value is disallowed as it can lead to | |||
interoperability issues. The value of a time attribute MUST be | interoperability issues. The value of a time attribute MUST be | |||
expressed in Coordinated Universal Time (UTC) format without the | expressed in Coordinated Universal Time (UTC) format without the | |||
timezone digits. | timezone digits. | |||
"2010-05-30T09:30:10Z" is an example of an acceptable time value for | "2010-05-30T09:30:10Z" is an example of an acceptable time value for | |||
use in SPPF messages. "2010-05-30T06:30:10+3:00" is a valid UTC | use in SPPF messages. "2010-05-30T06:30:10+3:00" is a valid UTC | |||
time, but MUST NOT be used in SPPF messages. | time, but not acceptable for use in SPPF messages. | |||
3.3. Extensibility | 3.3. Extensibility | |||
The framework contains various points of extensibility in form of the | The framework contains various points of extensibility in form of the | |||
"ext" elements. Extensions used beyond the scope of private SPPF | "ext" elements. Extensions used beyond the scope of private SPPF | |||
installations need to be documented in an RFC, and the first such | installations need to be documented in an RFC, and the first such | |||
extension is expected to define an IANA registry, holding a list of | extension is expected to define an IANA registry, holding a list of | |||
documented extensions. | documented extensions. | |||
4. Transport Substrate Protocol Requirements | 4. Transport Substrate Protocol Requirements | |||
This section provides requirements for substrate protocols suitable | This section provides requirements for substrate protocols suitable | |||
as "transports" for SPPF. More specifically, this section specifies | to carry SPPF. More specifically, this section specifies the | |||
the services, features, and assumptions that SPPF framework delegates | services, features, and assumptions that SPPF framework delegates to | |||
to the chosen substrate and envelope technologies. | the chosen substrate and envelope technologies. | |||
4.1. Mandatory Substrate | 4.1. Mandatory Substrate | |||
None of the existing transport protocols carried directly over IP, | None of the existing transport protocols carried directly over IP, | |||
appearing as "Protocol" in the IPv4 headers, of "Next Header" in the | appearing as "Protocol" in the IPv4 headers, or "Next Header" in the | |||
IPv6 headers, meet the requirements for a "transport" listed in this | IPv6 headers, meet the requirements listed in this section to carry | |||
section. | SPPF. | |||
Therefore, one choice of "transport" has been provided in the SPP | Therefore, one choice to carry SPPF has been provided in the SPP | |||
Protocol over SOAP document [I-D.ietf-drinks-spp-protocol-over-soap], | Protocol over SOAP document [I-D.ietf-drinks-spp-protocol-over-soap], | |||
using SOAP as the substrate. To encourage interoperability, the SPPF | using SOAP as the substrate. To encourage interoperability, the SPPF | |||
server MUST provide support for this protocol. With time, it is | server MUST provide support for this protocol. With time, it is | |||
possible that other choices may surface that agree with the | possible that other choices may surface that comply with with the | |||
requirements discussed above. | requirements discussed above. | |||
4.2. Connection Oriented | 4.2. Connection Oriented | |||
The SPPF follows a model where a client establishes a connection to a | The SPPF follows a model where a client establishes a connection to a | |||
server in order to further exchange SPPF messages over such a point- | server in order to further exchange SPPF messages over such a point- | |||
to-point connection. A substrate protocol for SPPF will therefore be | to-point connection. A substrate protocol for SPPF will therefore be | |||
connection oriented. | connection oriented. | |||
4.3. Request and Response Model | 4.3. Request and Response Model | |||
Provisioning operations in SPPF follow the request-response model, | Provisioning operations in SPPF follow the request-response model, | |||
where a client sends a request message to initiate a transaction and | where a client sends a request message to initiate a transaction and | |||
the server responds with a response. Multiple subsequent request- | the server responds with a response. Multiple subsequent request- | |||
response exchanges MAY be performed over a single persistent | response exchanges MAY be performed over a single persistent | |||
connection. | connection. | |||
Therefore, a substrate protocol for SPPF will follow the request- | Therefore, a substrate protocol for SPPF will follow the request- | |||
response model by ensuring a response to be sent to the request | response model by ensuring a response is sent to the request | |||
initiator. | initiator. | |||
4.4. Connection Lifetime | 4.4. Connection Lifetime | |||
Some use cases involve provisioning a single request to a network | Some use cases involve provisioning a single request to a network | |||
element. Connections supporting such provisioning requests might be | element. Connections supporting such provisioning requests might be | |||
short-lived, and may be established only on demand, for the duration | short-lived, and may be established only on demand, for the duration | |||
of a few seconds. Other use cases involve either provisioning a | of a few seconds. Other use cases involve either provisioning a | |||
large dataset, or a constant stream of small updates, either of which | large dataset, or a constant stream of small updates, either of which | |||
would likely require long-lived connections, spanning multiple hours | would likely require long-lived connections, spanning multiple hours | |||
skipping to change at page 16, line 46 | skipping to change at page 16, line 46 | |||
</extension> | </extension> | |||
</complexContent> | </complexContent> | |||
</complexType> | </complexType> | |||
A Public Identity object MUST use attributes of PubIdKeyType for its | A Public Identity object MUST use attributes of PubIdKeyType for its | |||
unique identification . Refer to Section 6 for a description of | unique identification . Refer to Section 6 for a description of | |||
Public Identity object. | Public Identity object. | |||
5.3. Response Message Types | 5.3. Response Message Types | |||
The following table contains the list of response types a "transport" | The following table contains the list of response types which MUST by | |||
definition for a substrate protocol MUST define. An SPPF server MUST | defined for a substrate protocol used to carry SPPF. An SPPF server | |||
implement all of the following at minimum. | MUST implement all of the following at minimum. | |||
+---------------------+---------------------------------------------+ | +---------------------+---------------------------------------------+ | |||
| Response Type | Description | | | Response Type | Description | | |||
+---------------------+---------------------------------------------+ | +---------------------+---------------------------------------------+ | |||
| Request Succeeded | A given request succeeded. | | | Request Succeeded | A given request succeeded. | | |||
| | | | | | | | |||
| Request syntax | The syntax of a given request was found | | | Request syntax | The syntax of a given request was found | | |||
| invalid | invalid. | | | invalid | invalid. | | |||
| | | | | | | | |||
| Request too large | The count of entities in the request is | | | Request too large | The count of entities in the request is | | |||
skipping to change at page 39, line 28 | skipping to change at page 39, line 28 | |||
from amongst the response messages defined in the "Response Message | from amongst the response messages defined in the "Response Message | |||
Types" section of the document. | Types" section of the document. | |||
8. XML Considerations | 8. XML Considerations | |||
XML serves as the encoding format for SPPF, allowing complex | XML serves as the encoding format for SPPF, allowing complex | |||
hierarchical data to be expressed in a text format that can be read, | hierarchical data to be expressed in a text format that can be read, | |||
saved, and manipulated with both traditional text tools and tools | saved, and manipulated with both traditional text tools and tools | |||
specific to XML. | specific to XML. | |||
XML is case sensitive. Unless stated otherwise, XML specifications | XML is case sensitive. Unless stated otherwise, the character casing | |||
and examples provided in this document MUST be interpreted in the | of XML specifications in this document MUST be preserved to develop a | |||
character case presented to develop a conforming implementation. | conforming specification. | |||
This section discusses a small number of XML-related considerations | This section discusses a small number of XML-related considerations | |||
pertaining to SPPF. | pertaining to SPPF. | |||
8.1. Namespaces | 8.1. Namespaces | |||
All SPPF elements are defined in the namespaces in the IANA | All SPPF elements are defined in the namespaces in the IANA | |||
Considerations section and in the Formal Framework Specification | Considerations section and in the Formal Framework Specification | |||
section of this document. | section of this document. | |||
skipping to change at page 43, line 7 | skipping to change at page 43, line 7 | |||
Anti-replay protection ensures that a given SPPF object replayed at a | Anti-replay protection ensures that a given SPPF object replayed at a | |||
later time doesn't affect the integrity of the system. SPPF provides | later time doesn't affect the integrity of the system. SPPF provides | |||
at least one mechanism to fight against replay attacks. Use of the | at least one mechanism to fight against replay attacks. Use of the | |||
optional client transaction identifier allows the SPPF client to | optional client transaction identifier allows the SPPF client to | |||
correlate the request message with the response and to be sure that | correlate the request message with the response and to be sure that | |||
it is not a replay of a server response from earlier exchanges. Use | it is not a replay of a server response from earlier exchanges. Use | |||
of unique values for the client transaction identifier is highly | of unique values for the client transaction identifier is highly | |||
encouraged to avoid chance matches to a potential replay message. | encouraged to avoid chance matches to a potential replay message. | |||
9.7. Man in the Middle | 9.7. Compromised or Malicious Intermediary | |||
The SPPF client or Registrar can be a separate entity acting on | The SPPF client or Registrar can be a separate entity acting on | |||
behalf of the Registrant in facilitating provisioning transactions to | behalf of the Registrant in facilitating provisioning transactions to | |||
the Registry. Therefore, even though the substrate layer provides | the Registry. Therefore, even though the substrate layer provides | |||
end-to-end protection for each specific SPPP connection between | end-to-end protection for each specific SPPP connection between | |||
client and server, data might be available in clear text before or | client and server, data might be available in clear text before or | |||
after it traverses a SPPP connection. Therefore, a man-in-the-middle | after it traverses a SPPP connection. Therefore, a man-in-the-middle | |||
attack by one of the actors is a possibility that could affect the | attack by one of the intermediaries is a possibility that could | |||
integrity of the data that belongs to the Registrant and/or expose | affect the integrity of the data that belongs to the Registrant and/ | |||
peering data to unintended actors. | or expose peering data to unintended actors. | |||
10. Internationalization Considerations | 10. Internationalization Considerations | |||
Character encodings to be used for SPPF elements are described in | Character encodings to be used for SPPF elements are described in | |||
Section 8.2. The use of time elements in the protocol is specified | Section 8.2. The use of time elements in the protocol is specified | |||
in Section 3.2. Where human-readable messages that are presented to | in Section 3.2. Where human-readable messages that are presented to | |||
an end user are used in the protocol, those messages SHOULD be tagged | an end user are used in the protocol, those messages SHOULD be tagged | |||
according to [RFC5646], and the substrate protocol MUST support a | according to [RFC5646], and the substrate protocol MUST support a | |||
respective mechanism to transmit such tags together with those human- | respective mechanism to transmit such tags together with those human- | |||
readable messages. | readable messages. | |||
skipping to change at page 53, line 12 | skipping to change at page 53, line 12 | |||
Shockey, Samuel Melloul, Sumanth Channabasappa, Syed Ali, Vikas | Shockey, Samuel Melloul, Sumanth Channabasappa, Syed Ali, Vikas | |||
Bhatia, and Jeremy Barkan. | Bhatia, and Jeremy Barkan. | |||
14. References | 14. References | |||
14.1. Normative References | 14.1. Normative References | |||
[I-D.ietf-drinks-spp-protocol-over-soap] | [I-D.ietf-drinks-spp-protocol-over-soap] | |||
Cartwright, K., Bhatia, V., Mule, J., and A. Mayrhofer, | Cartwright, K., Bhatia, V., Mule, J., and A. Mayrhofer, | |||
"Session Peering Provisioning (SPP) Protocol over SOAP", | "Session Peering Provisioning (SPP) Protocol over SOAP", | |||
draft-ietf-drinks-spp-protocol-over-soap-07 (work in | draft-ietf-drinks-spp-protocol-over-soap-08 (work in | |||
progress), October 2014. | progress), July 2015. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | ||||
<http://www.rfc-editor.org/info/rfc2119>. | ||||
[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and | [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and | |||
Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, | Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, | |||
January 1998, <http://www.rfc-editor.org/info/rfc2277>. | January 1998, <http://www.rfc-editor.org/info/rfc2277>. | |||
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | |||
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | |||
2003, <http://www.rfc-editor.org/info/rfc3629>. | 2003, <http://www.rfc-editor.org/info/rfc3629>. | |||
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | |||
End of changes. 17 change blocks. | ||||
28 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |