Re: [Simple] Other proposal from View Sharing and Common Notify to reduce presence traffic
Paul Kyzivat <pkyzivat@cisco.com> Fri, 17 October 2008 17:24 UTC
Return-Path: <simple-bounces@ietf.org>
X-Original-To: simple-archive@megatron.ietf.org
Delivered-To: ietfarch-simple-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82B7F3A6A76; Fri, 17 Oct 2008 10:24:02 -0700 (PDT)
X-Original-To: simple@core3.amsl.com
Delivered-To: simple@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B59F3A6A76 for <simple@core3.amsl.com>; Fri, 17 Oct 2008 10:24:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.355
X-Spam-Level:
X-Spam-Status: No, score=-6.355 tagged_above=-999 required=5 tests=[AWL=-0.056, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8sr1Z1QArYLa for <simple@core3.amsl.com>; Fri, 17 Oct 2008 10:23:59 -0700 (PDT)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id B948F3A6780 for <simple@ietf.org>; Fri, 17 Oct 2008 10:23:58 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.33,432,1220227200"; d="scan'208";a="24627902"
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-2.cisco.com with ESMTP; 17 Oct 2008 17:25:02 +0000
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m9HHP2VP023543; Fri, 17 Oct 2008 13:25:02 -0400
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m9HHP283026388; Fri, 17 Oct 2008 17:25:02 GMT
Received: from xfe-rtp-202.amer.cisco.com ([64.102.31.21]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 17 Oct 2008 13:25:02 -0400
Received: from [161.44.174.168] ([161.44.174.168]) by xfe-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 17 Oct 2008 13:25:02 -0400
Message-ID: <48F8CA66.3090409@cisco.com>
Date: Fri, 17 Oct 2008 13:24:54 -0400
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Victoria Beltrán Martínez <vbeltran@entel.upc.edu>
References: <C7FFFFDD779F2047A0FBAC811C5C5A0006F86A83@xmb-rtp-201.amer.cisco.com> <48F7F17F.3010900@genaker.net> <48F8C7C1.2070302@entel.upc.es>
In-Reply-To: <48F8C7C1.2070302@entel.upc.es>
X-OriginalArrivalTime: 17 Oct 2008 17:25:02.0322 (UTC) FILETIME=[49C14D20:01C9307D]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=11074; t=1224264302; x=1225128302; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=pkyzivat@cisco.com; z=From:=20Paul=20Kyzivat=20<pkyzivat@cisco.com> |Subject:=20Re=3A=20[Simple]=20Other=20proposal=20from=20Vi ew=20Sharing=20and=20Common=20Notify=20to=0A=20reduce=20pres ence=20traffic |Sender:=20 |To:=20=3D?windows-1252?Q?Victoria_Beltr=3DE1n_Mart=3DEDnez ?=3D=0A=20<vbeltran@entel.upc.edu>; bh=gLzglXABxTtEDi9ojKar4f811kuUfosT42zmePTY8is=; b=l6W4AgH0ytx3V37pCipY75NVqmnXr4DYdBaGbQNkzsnBGwxdh5DNo4wklO ijuUjNqx5vYkVFAU20M1A4AsjCoxJO+Ah7EwjJ/H2ztReWGaymxso7FT6ekV LHmHvIP7i3;
Authentication-Results: rtp-dkim-1; header.From=pkyzivat@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: simple@ietf.org
Subject: Re: [Simple] Other proposal from View Sharing and Common Notify to reduce presence traffic
X-BeenThere: simple@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/simple>
List-Post: <mailto:simple@ietf.org>
List-Help: <mailto:simple-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="windows-1252"; Format="flowed"
Sender: simple-bounces@ietf.org
Errors-To: simple-bounces@ietf.org
Do you *really* want to trust other domains to enforce your security policies??? I don't. At least not in general. (Maybe there are *some* other domains I would trust to do so.) Thanks, Paul Victoria Beltrán Martínez wrote: > Hi, > > Certainly I considered a mechanism to exchange the policy documents of > watched presentities between watching and watched domains in Common > Subscribe solution. The watching domain (RLS) subscribes to an event > (called “privacy filters”) in presentity domain’s presence server. > Whenever a change in the policy documents for any of the presentity’s > watchers happens, a NOTIFY message with “event=privacy filters” is sent > from presentity’s presence server to watchers’ domain. The watching RLS > maintains one subscription to “privacy filters” event per watched > presentity. This subscription could be explicit if existing watchers > were indicated into the body of SUBSCRIBE messages. In this way, when a > new watcher is added a re-SUBSCRIBE message containing the updated > watcher list is sent and a NOTIFY message with the policy documents will > be received by the RLS in response to this resubscription. However, a > privacy filters subscription could be implicit so that the watcher list > is not needed in SUBSCRIBE messages, a simple SUBSCRIBE creates a > subscription to all the existing watchers of the watched presentity. > Clearly, a trust relationship between watching RLS and watched PS is > needed to share full-state presence and policy documents of watched > presentities. > > When the watching domain subscribes to a presentity, the SUBSCRIBE > message contains the list of existing watchers in order to let the > watched domain know what watchers are watching the presentity. The OK > response from the watched domain includes the list of authorized > watchers to see some view of the presentity’s presence. A view of > presence is defined by a policy document. > > Assuming N watched presentities , with Common Subscribe the watching RLS > will maintain 2*N subscriptions (N for presence event and N for privacy > filters event). In case of View Sharing, the RLS will maintain N*F > setting F as the number of different policy documents per presentity. At > first sight, we can imagine how the performance of VS gets worse as F > increases. > > In addition, the fact that policy documents change rarely allows us one > interesting possibility with Common Subscribe. When a common > subscription is created for a presentity in the watched domain’s > Presence Server, automatically a “logical” subscription to the policy > documents associated to the presentity is created too. In this way, the > watching domain receives two initial NOTIFY messages (or a single > multipart NOTIFY), one contains the presentity’s presence and another > one contains the policy documents. Once the policy documents are > downloaded is more than likely that privacy rules don’t change during > the session, so that we save unnecessary signaling traffic to keep alive > subscriptions to privacy filters events. Anyway, if a change of privacy > rules associated to a presentity happened it would be notified as a > NOTIFY message into the common subscription between the presentity and > the affected watchers’ domain. Now, if there are N presentities, the > total number of subscriptions maintained by the watching RLS is N. I > have called this mechanism as internal privacy filters subscription. > > I did several assumptions to estimate the performance of Common > Subscribe and View Sharing. I supposed the presence federation scenarios > described in section 2.8 of the draft “Presence Interdomain Scaling > Analysis for SIP/SIMPLE”) (ietf-simple-interdomain-scaling-analysis-04). > I considered both implicit and internal privacy filters subscriptions > when Common Subscribe was applied. With View Sharing, I agree with David > that filter-based subscriptions are subject to less frequent change, so > I supposed that each change affected half of the privacy filters on > average (a notification was generated in half of the existing > filter-based subscriptions on average). The number of filter-based > subscriptions between watching and watched domains is equal to the > number of different policy documents associated to watchers in the > watching domain. I considered several numbers of policy documents > depending on the number of watchers per presentity. My calculations show > that Common Subscribe is more scalable than View Sharing and it achieves > around 50% improvement of presence traffic in the majority of cases. > > Regards, > > Victoria > > > En/na David Viamonte ha escrit: >> Hi, >> >> I agree with Sanjay that, at first sight, it seems that for this >> alternate proposal to work, a sharing of (part?) of the Presence >> authorization policies between serving and watching domains is needed. >> On the other hand, making a single "domain-to-domain" subscription as >> Victoria suggests would be the simplest and probably most simple >> mechanism to distribute Presence information across domains. In such >> case the watching domain (RLS) would have responsibility of >> implementing Presence policies about Presentities in remote domains. >> >> In practice, the need for sharing policy documents is implicitly >> mentioned in the "Security Considerations" section of >> "draft-ietf-sipping-presence-scaling-requirements-01". According to >> that section, no decision has been made yet about allowing or >> discouraging such approach (delegating privacy protection from one >> domain to the other). On the contrary, it seems to be left FFS to >> decide whether this is an acceptable security risk or not ("important >> part of work on the requirements and optimizations will be to make >> sure that all the security aspects are covered"). >> >> Furthermore, my understanding is that, in practice, this >> "domain-to-domain single subscription" mechanism does not require the >> complete Presence or Policy documents being exchanged, only those that >> might be applicable to any user in the watching domain (of course, >> including a mechanism to update policies, if needed). In fact, I think >> EXACTLY the same comments in the Security Considerations section of >> the View Sharing draft ("if it generated a subscription from each of >> its subscribers it would be able to determine who from its domain is >> allowed to subscribe and what view they would receive") are applicable >> to Victoria's proposal, so I fail to see substantial security >> differences between both approaches. I could envisage potential >> "logistic" issues, though... >> >> Since I am not a security expert, my conclusion is that getting an >> understanding on whether there are fundamental diferences (from the >> security perspective) between both approaches would be very valuable. >> In case there are not such differences, the proposed alternative looks >> interesting, as it seems to represent a very important simplification >> (in practice, there would be no need to define any SIP extension at >> all). It is fair to say that a mechanism to exchange policies would >> need to be defined (not sure is that is covered elsewhere?). >> >> When it comes to traffic reduction, my understanding is that the >> "common subscription" mechanism "should" be more efficient than the >> view sharing approach. Even though it leads to larger documents being >> exchanged (thus containing more Presence information, which is subject >> to more frequent change), such documents are delivered only once per >> domain, while in the view sharing case documents are delivered to each >> list of watchers sharing a same "policy profile". This is only a >> preliminary comment without having made serious calculations :-) >> >> Just my 2 cents, >> >> David >> >> >> >> >> Sanjay Sinha (sanjsinh) escribió: >>> What about allowed/blocked list that a presentity may have, if there >>> is a single subscription between watcher domain's presence server and >>> the watcher presentity. >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: simple-bounces@ietf.org [mailto:simple-bounces@ietf.org] On >>>> Behalf Of Victoria Beltrán Martínez >>>> Sent: Wednesday, October 15, 2008 1:11 PM >>>> To: simple@ietf.org >>>> Subject: [Simple] Other proposal from View Sharing and Common Notify >>>> to reduce presence traffic >>>> >>>> Hi, >>>> >>>> The Common Notify technique (described in the expired draft "Scaling >>>> Optimizations for Presence in SIP/SIMPLE, >>>> houri-simple-interdomain-scaling-optimizations-00) is intended for >>>> reducing presence traffic between federated domains. Other draft, >>>> "Optimizing Federated Presence with View Sharing" >>>> (ietf-simple-view-sharing-01) has the same intention. From these >>>> proposals, I was thinking the idea of a single subscription between >>>> watcher and watched domains, so that the presence server in the >>>> watcher domain is in charge of subscribing to the watched >>>> presentity. Then, the presence server mantains the list of watchers >>>> that are watching each presentity and this list hasn't to be sent in >>>> NOTIFY messages. In this way, we avoid the increase of signaling >>>> traffic as the number of watchers grows in the case of Common Notify >>>> and as the number of privacy filters grows in the case of View Sharing. >>>> >>>> Have anyone considered this solution? I have read nothing about it. >>>> >>>> I named this solution as Common Subscribe and compared it with >>>> Common Notify and View Sharing. I did several assumptions based on >>>> IETF drafts and I proved that Common Subscribe reduces around 50% >>>> of presence traffic generated by View Sharing and Common Notify. >>>> >>>> thanks, >>>> Victoria >>>> _______________________________________________ >>>> Simple mailing list >>>> Simple@ietf.org >>>> https://www.ietf.org/mailman/listinfo/simple >>>> >>>> >>> _______________________________________________ >>> Simple mailing list >>> Simple@ietf.org >>> https://www.ietf.org/mailman/listinfo/simple >>> >>> ------------------------------------------------------------------------ >>> >>> >>> No virus found in this incoming message. >>> Checked by AVG - http://www.avg.com Version: 8.0.173 / Virus >>> Database: 270.8.1/1728 - Release Date: 16/10/2008 7:38 >>> >>> >> ------------------------------------------------------------------------ >> >> >> No virus found in this outgoing message. >> Checked by AVG - http://www.avg.com Version: 8.0.173 / Virus Database: >> 270.8.1/1728 - Release Date: 16/10/2008 7:38 >> >> > > _______________________________________________ > Simple mailing list > Simple@ietf.org > https://www.ietf.org/mailman/listinfo/simple > _______________________________________________ Simple mailing list Simple@ietf.org https://www.ietf.org/mailman/listinfo/simple
- [Simple] Other proposal from View Sharing and Com… Victoria Beltrán Martínez
- Re: [Simple] Other proposal from View Sharing and… Sanjay Sinha (sanjsinh)
- Re: [Simple] Other proposal from View Sharing and… David Viamonte
- Re: [Simple] Other proposal from View Sharing and… Victoria Beltrán Martínez
- Re: [Simple] Other proposal from View Sharing and… Paul Kyzivat
- Re: [Simple] Other proposal from View Sharing and… Richard Barnes
- Re: [Simple] Other proposal from View Sharing and… Paul Kyzivat
- Re: [Simple] Other proposal from View Sharing and… Jonathan Rosenberg
- Re: [Simple] Other proposal from View Sharing and… Avshalom Houri
- Re: [Simple] Other proposal from View Sharing and… david.viamonte
- Re: [Simple] Other proposal from View Sharing and… Avshalom Houri