IETF Logo Mail Archive

[mile] ROLIE Service and Category Document Location Issue

"Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov> Thu, 08 December 2016 21:06 UTC

Return-Path: <stephen.banghart@nist.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C48FF1296BA for <mile@ietfa.amsl.com>; Thu, 8 Dec 2016 13:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.641
X-Spam-Level:
X-Spam-Status: No, score=-1.641 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UYL88OiP1LOi for <mile@ietfa.amsl.com>; Thu, 8 Dec 2016 13:06:42 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0131.outbound.protection.outlook.com [23.103.201.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBE78129579 for <mile@ietf.org>; Thu, 8 Dec 2016 13:06:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0F7pKoTtRDdHv+AjcX1UG2D1SqWZzg+lsu/UPvt0F+A=; b=OFmCteb4Xe2lmGgHdjFJAdbbEMQwcW+vblLZY66gZVAbSDRCtzsnUk9v4ya1gQ5izJX7gMEyDH/s9qZqtTu4qHK5x7IEdB/DPZWJ02b7Bzw/ue0Qz3q4VSJesshnUF71cu9H0IRXp2ut1nENTY5/tcCMc7mK8m6rEJggsXkciqo=
Received: from SN1PR09MB0960.namprd09.prod.outlook.com (10.162.102.148) by SN1PR09MB0959.namprd09.prod.outlook.com (10.162.102.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.761.9; Thu, 8 Dec 2016 21:06:39 +0000
Received: from SN1PR09MB0960.namprd09.prod.outlook.com ([10.162.102.148]) by SN1PR09MB0960.namprd09.prod.outlook.com ([10.162.102.148]) with mapi id 15.01.0761.018; Thu, 8 Dec 2016 21:06:39 +0000
From: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
To: "mile@ietf.org" <mile@ietf.org>, "alexey.melnikov@isode.com" <alexey.melnikov@isode.com>
Thread-Topic: ROLIE Service and Category Document Location Issue
Thread-Index: AdJRkaLeZWqJvsa9S0ea5cMxkoznUQ==
Date: Thu, 08 Dec 2016 21:06:39 +0000
Message-ID: <SN1PR09MB0960603877E8415F6A3A8D0AF0840@SN1PR09MB0960.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=stephen.banghart@nist.gov;
x-originating-ip: [129.6.227.79]
x-ms-office365-filtering-correlation-id: 73ee5e8c-2434-4026-27d4-08d41fae1ab5
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:SN1PR09MB0959;
x-microsoft-exchange-diagnostics: 1; SN1PR09MB0959; 7:xfXdejN0fVAC/JD6YRgGEVh4KavsnxTiLSJBPScSDIP32AyYPPT7Bjs3zd0eoUOVzLEzuphDK67rRHmAr3oCcWcsJajacg3zknRsC3qzupW/4aze5Bm+/MwJ9z188ZS4NQZH0X1dIBIDrMhRK7OanU5atVUE08UyJvMk36eJveLggGLOmnvXl/Q46fJDT8NOfg4LlH3PPpJOxIB1+opK/666uBWD179nSDr/fqoEtJgeDpstkzttkTBo867y5xQO2WlcWk9uFtabvukk6tH45J8MQIny7CHmMWK1Az5duNCr794vXXmA1atJY6c/TCZOehHKQSqK2ASxui5RC9zn6TcWSmV46x8/n8FCh1rO6YZ3oSMeTaIyClDqO39x/I+dyBRZHBM9Hqwl4RyzENpJIK3f3zEkYYAYMb+lR+CTdluEzQ6lrLeOrIc9yTPDezTAumG/X5ONvvnqMLoDe+GPNQ==
x-microsoft-antispam-prvs: <SN1PR09MB09597C2B660B905B5F7A418BF0840@SN1PR09MB0959.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(6072148); SRVR:SN1PR09MB0959; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB0959;
x-forefront-prvs: 0150F3F97D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39410400002)(39860400002)(39850400002)(39840400002)(39450400003)(189002)(199003)(74316002)(3660700001)(606004)(66066001)(97736004)(7906003)(6116002)(19610725007)(1680700002)(7736002)(3846002)(102836003)(77096006)(790700001)(33656002)(19625305001)(3280700002)(38730400001)(107886002)(122556002)(2900100001)(106356001)(105586002)(189998001)(101416001)(2906002)(54356999)(76576001)(5001770100001)(19273905006)(16601075003)(8936002)(99286002)(92566002)(5660300001)(6506006)(7696004)(86362001)(81166006)(81156014)(9686002)(68736007)(2501003)(8676002)(50986999)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR09MB0959; H:SN1PR09MB0960.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN1PR09MB0960603877E8415F6A3A8D0AF0840SN1PR09MB0960namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Dec 2016 21:06:39.7291 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB0959
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/k19EgZMbu7caIIc1bf4SV1ap9Kg>
Subject: [mile] ROLIE Service and Category Document Location Issue
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2016 21:06:44 -0000

As requested at the IETF 97 MILE meeting, I've put together some Use Case examples of using service and category documents that highlight the primary differences between the choices for this issue. Those options are:

A: Require that ROLIE repositories place the Service and Category documents in a pre-determined location based on a standardized URL template. This location may be a link or redirect to the actual location.
B: ROLIE repositories are not required to place their Service and Category documents at a pre-determined location.

The use cases below highlight the need for a well-defined location for the service and category documents to support automated discovery. The use cases illustrate that option B is not really an option if our goal is to support automated discovery and use of ROLIE repositories. Feedback on the approaches described below would be appreciated. If you are not a fan of using well-defined URL templates, then alternate proposals that support these automation use cases would also be appreciated.
Thanks,
Stephen Banghart

Defined Service Document and Category Document Location Examples
Service Document
Use Case: A ROLIE user agent becomes aware of a host (examplesecurityorg.com<http://examplesecurityorg.com>) that hosts a ROLIE repository. The host is identified by some means, such as by DNS Service Record lookup. However, as the agent only knows the server host name, the agent knows neither the location of the ROLIE feeds nor information about a given feed's contents.
Goal: In order to locate the feeds, the operator must find the Atom service document located somewhere on the server.
With Defined Location: If the user agent sends a GET request to "https://examplesecurityorg.com/rolie/servicedocument<http://www.examplesecurityorg.com/rolie/servicedocument>", as this is the pre-specified location. This is handled on the server as a redirect to its preferred service document location: "https://examplesecurityorg.com/1234/sec/srvdoc<http://https:/examplesecurityorg.com/1234/sec/srvdoc>".
Without Defined Location: The agent must manually search the front-facing section of the site, looking for a stated Atom service document location. Failing that search, the operator must search website documentation or contact admins of the site and request the URL. Neither of these methods support automation and require human interaction. If the URL can be identified using these manual methods, , the agent can now send a GET request to "https://examplesecurityorg.com/1234/sec/srvdoc" to retrieve the service document.
This use case is best supported if the ROLIE repository contents can be discovered in an automatable way. A well-defined location for the service document provides a predictable means for collection discovery as long as the host name of the ROLIE repository is known.
Category Document
Use Case: A ROLIE user agent wants to programmatically populate a list that contains all of the categories provided by a ROLIE repository. The category list will be used to generate search queries tailored to this repository, as the repository may be using any number of global or local categories, such as information-type. This ROLIE repository is also configured to only allow POST requests if they belong to one of the categories specified in the category document. If the user agent intends to write to this repository it must locate the category document.
 Goal: The tool needs to know the full list of categories supported by the repository.
With Defined Location: The user agent sends a get request to "https://examplesecurityorg.com/rolie/categorydocument<http://www.examplesecurityorg.com/rolie/categorydocument>", and parses it to generate a full list of supported categories. This is handled on the server as a redirect to its preferred category document location: "https://examplesecurityorg.com/1234/sec/catdoc".
Without Defined Location: If the user agent is only interested in the currently provided categories, it must parse all feeds provided by the repository to generate a list. This activity must be repeated on every connection, incurring a heavy performance and bandwidth cost.
If the user agent intends to write to the repository, it must manually search the front-facing section of the site, looking for a stated Atom category document location. Failing that search, the operator must contact admins of the site and request the URL. Neither of these methods support automation and require human interaction. Having completed this task, the agent can now send a GET request to "https://examplesecurityorg.com/1234/sec/catdoc".
Having a well-defined location for the category document can simplify and optimize category information discovery.

v2.23.0 | Report a Bug | By Email