Re: [mile] ROLIE Service and Category Document Location Issue
"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Tue, 03 January 2017 16:24 UTC
Return-Path: <pkampana@cisco.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E6E9129685 for <mile@ietfa.amsl.com>; Tue, 3 Jan 2017 08:24:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.361
X-Spam-Level:
X-Spam-Status: No, score=-17.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id veed6Myg6szA for <mile@ietfa.amsl.com>; Tue, 3 Jan 2017 08:23:57 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D36A129579 for <mile@ietf.org>; Tue, 3 Jan 2017 08:23:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15904; q=dns/txt; s=iport; t=1483460636; x=1484670236; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=IS3IaZaISGRDwp7bSqtrCo4RZUrl/xCm2iTxKcTd8DQ=; b=Tv5foZeX6vrAUCzX+OtNVaEFkm4/71NEzNoTFAGZuPBj42TPgLURQJVh d84NHz/oHsVhCeVpazDeh+agz9R6//hzBCT7S8pzlZxijbH6arWjPMxSY TcA6kTNy5uH1iGE5fdPy2K1s5Iyzcz9b6I35FAQwjDj6rOcTsS4kIOPlr c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DUAwBXz2tY/4MNJK1dGQEBAQEBAQEBAQEBBwEBAQEBgnFGAQEBAQEfX4EMB4VOnEiCXo0VgxmCD4IIKoQegVoCgUtBEgECAQEBAQEBAWIohGgBAQEELVwCAQgRBAEBKAcyFAkIAQEEARIIiGgOsSeKHQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2GRViECYI/gXFMhQ0eBY8Gi3cBhlODEodPkF6JfoQwhA4BJgkogSougyuCMnKHMQGBDAEBAQ
X-IronPort-AV: E=Sophos;i="5.33,455,1477958400"; d="scan'208,217";a="367945607"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 03 Jan 2017 16:23:54 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v03GNs6U007559 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 3 Jan 2017 16:23:54 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 3 Jan 2017 10:23:53 -0600
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Tue, 3 Jan 2017 10:23:53 -0600
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>, "mile@ietf.org" <mile@ietf.org>, "alexey.melnikov@isode.com" <alexey.melnikov@isode.com>
Thread-Topic: ROLIE Service and Category Document Location Issue
Thread-Index: AdJRkaLeZWqJvsa9S0ea5cMxkoznUQUS/BMQ
Date: Tue, 03 Jan 2017 16:23:53 +0000
Message-ID: <2b5ba8381eea42549686cfe6c5e63bf3@XCH-ALN-010.cisco.com>
References: <SN1PR09MB0960603877E8415F6A3A8D0AF0840@SN1PR09MB0960.namprd09.prod.outlook.com>
In-Reply-To: <SN1PR09MB0960603877E8415F6A3A8D0AF0840@SN1PR09MB0960.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [64.102.61.102]
Content-Type: multipart/alternative; boundary="_000_2b5ba8381eea42549686cfe6c5e63bf3XCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/LUS7W7_sYVa95KpivZ6DnvTsZ18>
Subject: Re: [mile] ROLIE Service and Category Document Location Issue
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2017 16:24:00 -0000
+1 on A. As someone mentioned in IETF97, the /.well-known directory is commonly used in many other occasions. For ROLIE, a /.well-known/rolie/servicedoc or repositorydoc URI would suffice I think. Panos From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Banghart, Stephen A. (Fed) Sent: Thursday, December 08, 2016 4:07 PM To: mile@ietf.org; alexey.melnikov@isode.com Subject: [mile] ROLIE Service and Category Document Location Issue As requested at the IETF 97 MILE meeting, I've put together some Use Case examples of using service and category documents that highlight the primary differences between the choices for this issue. Those options are: A: Require that ROLIE repositories place the Service and Category documents in a pre-determined location based on a standardized URL template. This location may be a link or redirect to the actual location. B: ROLIE repositories are not required to place their Service and Category documents at a pre-determined location. The use cases below highlight the need for a well-defined location for the service and category documents to support automated discovery. The use cases illustrate that option B is not really an option if our goal is to support automated discovery and use of ROLIE repositories. Feedback on the approaches described below would be appreciated. If you are not a fan of using well-defined URL templates, then alternate proposals that support these automation use cases would also be appreciated. Thanks, Stephen Banghart Defined Service Document and Category Document Location Examples Service Document Use Case: A ROLIE user agent becomes aware of a host (examplesecurityorg.com<http://examplesecurityorg.com>) that hosts a ROLIE repository. The host is identified by some means, such as by DNS Service Record lookup. However, as the agent only knows the server host name, the agent knows neither the location of the ROLIE feeds nor information about a given feed's contents. Goal: In order to locate the feeds, the operator must find the Atom service document located somewhere on the server. With Defined Location: If the user agent sends a GET request to "https://examplesecurityorg.com/rolie/servicedocument<http://www.examplesecurityorg.com/rolie/servicedocument>", as this is the pre-specified location. This is handled on the server as a redirect to its preferred service document location: "https://examplesecurityorg.com/1234/sec/srvdoc<http://https:/examplesecurityorg.com/1234/sec/srvdoc>". Without Defined Location: The agent must manually search the front-facing section of the site, looking for a stated Atom service document location. Failing that search, the operator must search website documentation or contact admins of the site and request the URL. Neither of these methods support automation and require human interaction. If the URL can be identified using these manual methods, , the agent can now send a GET request to "https://examplesecurityorg.com/1234/sec/srvdoc" to retrieve the service document. This use case is best supported if the ROLIE repository contents can be discovered in an automatable way. A well-defined location for the service document provides a predictable means for collection discovery as long as the host name of the ROLIE repository is known. Category Document Use Case: A ROLIE user agent wants to programmatically populate a list that contains all of the categories provided by a ROLIE repository. The category list will be used to generate search queries tailored to this repository, as the repository may be using any number of global or local categories, such as information-type. This ROLIE repository is also configured to only allow POST requests if they belong to one of the categories specified in the category document. If the user agent intends to write to this repository it must locate the category document. Goal: The tool needs to know the full list of categories supported by the repository. With Defined Location: The user agent sends a get request to "https://examplesecurityorg.com/rolie/categorydocument<http://www.examplesecurityorg.com/rolie/categorydocument>", and parses it to generate a full list of supported categories. This is handled on the server as a redirect to its preferred category document location: "https://examplesecurityorg.com/1234/sec/catdoc". Without Defined Location: If the user agent is only interested in the currently provided categories, it must parse all feeds provided by the repository to generate a list. This activity must be repeated on every connection, incurring a heavy performance and bandwidth cost. If the user agent intends to write to the repository, it must manually search the front-facing section of the site, looking for a stated Atom category document location. Failing that search, the operator must contact admins of the site and request the URL. Neither of these methods support automation and require human interaction. Having completed this task, the agent can now send a GET request to "https://examplesecurityorg.com/1234/sec/catdoc". Having a well-defined location for the category document can simplify and optimize category information discovery.
- [mile] ROLIE Service and Category Document Locati… Banghart, Stephen A. (Fed)
- Re: [mile] ROLIE Service and Category Document Lo… Adam Montville
- Re: [mile] ROLIE Service and Category Document Lo… Panos Kampanakis (pkampana)
- Re: [mile] ROLIE Service and Category Document Lo… Takeshi Takahashi