Network Working Group                                       M. Caulfield
Internet-Draft                                                  K. Leung
Intended status: Standards Track                                   Cisco
Expires: April 26, 2012                                 October 24, 2011


   Content Distribution Network Interconnection (CDNI) Core Metadata
                 draft-caulfield-cdni-metadata-core-00

Abstract

   The CDNI Metadata Interface enables interconnected CDNs to exchange
   content distribution metadata for the purpose of content acquisition
   and delivery.  The CDNI metadata associated with a piece of content
   provides a downstream CDN with the information necessary for the
   downstream CDN to service content requests on behalf of an upstream
   CDN in accordance with the delivery policies defined by the upstream
   CDN.  This document describes the core set of CDNI metadata that all
   interconnected CDNs must support.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 26, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Caulfield & Leung        Expires April 26, 2012                 [Page 1]


Internet-Draft             CDNI Core Metadata               October 2011


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Core CDNI Metadata . . . . . . . . . . . . . . . . . . . . . .  4
     2.1.  Acquisition Metadata . . . . . . . . . . . . . . . . . . .  4
     2.2.  Delivery Metadata  . . . . . . . . . . . . . . . . . . . .  5
   3.  Metadata Encoding  . . . . . . . . . . . . . . . . . . . . . .  5
     3.1.  ContentSource object . . . . . . . . . . . . . . . . . . .  6
     3.2.  ContentDelivery object . . . . . . . . . . . . . . . . . .  7
     3.3.  MetadataScope object . . . . . . . . . . . . . . . . . . .  7
     3.4.  Authentication object  . . . . . . . . . . . . . . . . . .  7
     3.5.  DeliveryCriteria object  . . . . . . . . . . . . . . . . .  8
     3.6.  DeliveryRules object . . . . . . . . . . . . . . . . . . .  8
     3.7.  Region object  . . . . . . . . . . . . . . . . . . . . . .  8
     3.8.  TimeWindow object  . . . . . . . . . . . . . . . . . . . .  9
     3.9.  Authorization object . . . . . . . . . . . . . . . . . . .  9
     3.10. Reference object . . . . . . . . . . . . . . . . . . . . .  9
   4.  Metadata Transport . . . . . . . . . . . . . . . . . . . . . . 10
   5.  CDNI Metadata Interface Bootstrapping  . . . . . . . . . . . . 10
   6.  Compliance with CDNI Requirements  . . . . . . . . . . . . . . 11
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 11
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12
   10. Normative References . . . . . . . . . . . . . . . . . . . . . 12
   Appendix A.  Example Metadata  . . . . . . . . . . . . . . . . . . 12
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13




















Caulfield & Leung        Expires April 26, 2012                 [Page 2]


Internet-Draft             CDNI Core Metadata               October 2011


1.  Introduction

   Several types of metadata flow through content delivery networks.
   For readability, a number of definitions from
   [I-D.ietf-cdni-problem-statement] related to metadata are quoted
   below:

      Content Metadata: This is metadata about Content.  Content
      Metadata comprises:

      1.  CDNI Metadata: Content Distribution Metadata with inter-CDN
          scope.  For example, CDNI Metadata may include geo-blocking
          information (i.e. information defining geographical areas
          where the content is to be made available or blocked),
          availability windows (i.e. information defining time windows
          during which the content is to be made available or blocked)
          and access control mechanisms to be enforced (e.g.  URI
          signature validation).  CDNI Metadata may also include
          information about desired distribution policy (e.g.
          prepositioned vs dynamic acquisition) and about where/how a
          CDN can acquire the content.  CDNI Metadata may also include
          content management information (e.g. request for deletion of
          Content from Surrogates) across interconnected CDNs. that is
          relevant to the distribution of the content (and therefore
          relevant to a CDN involved in the delivery of that content).
          We refer to this type of metadata as "Content Distribution
          Metadata".  See also the definition of Content Distribution
          Metadata.

      2.  Metadata that is associated with the actual Content (and not
          directly relevant to the distribution of that Content) or
          content representation.  For example, such metadata may
          include information pertaining to the Content's genre, cast,
          rating, etc as well as information pertaining to the Content
          representation's resolution, aspect ratio, etc.

      Content Distribution Metadata: The subset of Content Metadata that
      is relevant to the distribution of the content.  This is the
      metadata required by a CDN in order to enable and control content
      distribution and delivery by the CDN.  In a CDN Interconnection
      environment, some of the Content Distribution Metadata may have an
      intra-CDN scope (and therefore need not be communicated between
      CDNs), while some of the Content Distribution Metadata have an
      inter-CDN scope (and therefore needs to be communicated between
      CDNs).

      CDNI Metadata: Content Distribution Metadata with inter-CDN scope.
      For example, CDNI Metadata may include geo-blocking information



Caulfield & Leung        Expires April 26, 2012                 [Page 3]


Internet-Draft             CDNI Core Metadata               October 2011


      (i.e. information defining geographical areas where the content is
      to be made available or blocked), availability windows (i.e.
      information defining time windows during which the content is to
      be made available or blocked) and access control mechanisms to be
      enforced (e.g.  URI signature validation).  CDNI Metadata may also
      include information about desired distribution policy (e.g.
      prepositioned vs dynamic acquisition) and about where/how a CDN
      can acquire the content.  CDNI Metadata may also include content
      management information (e.g. request for deletion of Content from
      Surrogates) across interconnected CDNs.

   Interconnecting CDNs necessitates the exchange of the CDNI metadata
   as defined above.  The CDNI metadata associated with a piece of
   content (or set of contents) provides a downstream CDN with the
   information necessary for the downstream CDN to service content
   requests on behalf of an upstream CDN in accordance with the delivery
   policies defined by the upstream CDN.

   The CDNI Metadata Interface is introduced by
   [I-D.ietf-cdni-problem-statement], and discussed in
   [I-D.davie-cdni-framework], as one of the four required interfaces
   for CDN interconnection.  The requirements for this interface are
   specified in [I-D.ietf-cdni-requirements].

   This document first describes the core set of CDNI metadata that all
   interconnected CDNs must support.  Then the document describes the
   relationship between the core metadata and the encoding and transport
   for exchanging that metadata.


2.  Core CDNI Metadata

   Although the CDNI Metadata Interface should be flexible enough to
   support the exchange of arbitrary pieces of metadata, a CDN
   implementing the interface must support a set of core metadata.  The
   core CDNI metadata represent common policies for content distribution
   across CDNs.  All CDNI metadata may differ on a per-content-item
   basis or may be shared by a set of content items.  The core CDNI
   Metadata comprises acquisition metadata and delivery metadata.

2.1.  Acquisition Metadata

   If a downstream CDN receives a request for a content that is not yet
   cached by that CDN, it will attempt to acquire it from either an
   upstream CDN or an origin server.  The acquisition metadata for a
   piece of content provides the information needed by a downstream CDN
   to acquire the missing content.  The acquisition metadata includes a
   prioritized list of content sources.  Each content source includes



Caulfield & Leung        Expires April 26, 2012                 [Page 4]


Internet-Draft             CDNI Core Metadata               October 2011


   the following:

   1.  Protocol - acquisition protocol (e.g.  HTTP, FTP, ...).

   2.  URI - either an explicit URI for acquiring the content or a regex
       rule for converting from the content request URI to the
       acquisition URI.

   3.  Authentication - an object describing the authentication type
       (e.g.  HTTP Basic, Digest, etc.) and any parameters for that type
       (e.g. username and password).

2.2.  Delivery Metadata

   Once a piece of content is acquired, the delivery metadata controls
   where, when, how, and to whom the downstream CDN may deliver that
   content.  The delivery metadata includes a list of permissible
   delivery profiles.  Each profile includes criteria and rules for
   delivery.  Profile criteria include the following:

   1.  Protocol - delivery protocol (e.g.  HTTP, FTP, RTSP).

   2.  Region - a geographic region identified by country, AS number, or
       IP subnet.

   3.  Time window - a time period including a start time and an end
       time.

   If a content request matches all the criteria of a profile, then the
   rules for that profile should be applied.  Profile rules include the
   following:

   1.  Allow/deny - flag indicating whether or not the request should be
       permitted.

   2.  Authorization - a list of permissible authorization methods and
       their related parameters (e.g.  URL-signing, token-based, etc.).

   If a content request matches the criteria of multiple profiles in a
   list, it should use the rules of the first matching profile.


3.  Metadata Encoding

   Metadata is encoded as a hierarchy of objects which in practice may
   be implemented in JavaScript Object Notation (JSON), Extensible
   Markup Language (XML), or another variant.  This section describes
   the structure of the data but does not prescribe a particular



Caulfield & Leung        Expires April 26, 2012                 [Page 5]


Internet-Draft             CDNI Core Metadata               October 2011


   encoding (such as JSON or XML).  The language used below uses generic
   terms like "lists", "objects", and "fields" to describe the structure
   of the metadata.

   Each piece of content is associated with a CDNIMetadata object which
   has the following fields:

   1.  acquisitionOptions - an ordered list of ContentSource objects.
       The content sources are listed in order of priority with the
       first being the most desirable option.

   2.  deliveryProfiles - an ordered list of ContentDelivery objects.
       Like the content sources, the content delivery profiles are
       listed in order of priority.

   3.  metadataScope - a single MetadataScope object.

   The CDNIMetadata object fields may be expanded in the future to
   include a richer set of optional metadata.  Proprietary fields may be
   added with the "x-" prefix.

   All fields in the CDNI metadata are optional unless stated otherwise.
   If a field is missing, its default value should be used.  If the
   value of the field is the default, it need not be included.  The
   default value of a list is the empty list, an object is an empty
   object, and a string is an empty string unless stated otherwise.

3.1.  ContentSource object

   The ContentSource object describes a single acquisition point that a
   downstream CDN may contact to acquire the content.  This object has
   the following fields:

   1.  protocol - a string containing the name of the protocol that may
       be used to acquire the content (e.g.  HTTP, FTP, ...).  The
       default protocol is "http".

   2.  uriType - a string containing either "explicit" or "regex" which
       dictates how the uri field should be interpreted.  If the type is
       "explicit", the URI is to be used as is.  If the type is "regex"
       then the uri field specifies a regex substitution that should be
       performed on the content URL for mapping to the explicit URI.
       The default uriType is "explicit".

   3.  uri - a string containing either the URI of the content source or
       a regex substitution to generate the acquisition URI, depending
       on the value of uriType.  This field is required in a
       ContentSource object and its value may not be empty.



Caulfield & Leung        Expires April 26, 2012                 [Page 6]


Internet-Draft             CDNI Core Metadata               October 2011


   4.  auth - a single Authentication object.  If the auth field is
       missing, then authentication is not required for this
       ContentSource.

3.2.  ContentDelivery object

   The ContentDelivery object describes a permissible delivery profile
   for the content.  This object has the following fields:

   1.  deliveryCriteria - an ordered list of DeliveryCriteria objects.

   2.  deliveryRules - a single DeliveryRules object.

3.3.  MetadataScope object

   The MetadataScope object indicates that a CDNIMetadata object applies
   to more than one content and may be used as an optimization by
   downstream CDNs to avoid refetching duplicate metadata.  If a new
   content request meets the criteria in this object, then the entire
   CDNIMetadata object applies to that request and the downstream CDN
   need not refetch it.  The object includes the following fields:

   1.  host - an optional string containing a regex that could be
       checked against the Host header of an incoming HTTP request.

   2.  resource - an optional string containing a regex that could be
       checked against the requested resource name in an incoming HTTP
       request, to determine if the metadata object is associated to the
       requested content item.

   3.  protocol - an optional string containing a protocol name that may
       be checked against the client request protocol (e.g. "http" or
       "ftp").

   If the MetadataGroup object is missing from the CDNIMetadata object,
   then the CDNIMetadata object only applies to the requested content
   and may not be reused for different content requests.

3.4.  Authentication object

   The Authentication object describes an authentication type and its
   parameters.  It provides information for content acquisition such
   that the downstream CDN can be authenticated as a client when
   acquiring content from an upstream CDN or an origin server.  The
   Authentication object contains the following fields:

   1.  type - a string containing the authentication type "basic" or
       "digest".  The type dictates which optional fields are present



Caulfield & Leung        Expires April 26, 2012                 [Page 7]


Internet-Draft             CDNI Core Metadata               October 2011


       and valid in the rest of the object.  The "basic" and "digest"
       types refer to HTTP Basic and Digest access authentication
       [RFC2617] respectively.

   2.  username - a string containing the username for "basic" and
       "digest" types.

   3.  password - a string containing the password for "basic" and
       "digest" types.

3.5.  DeliveryCriteria object

   The DeliveryCriteria object specifies a set of criteria to match
   against incoming content requests including protocol, region, and
   time window.  The object includes the following fields:

   1.  protocol - a string containing the name of a protocol to match
       (e.g. "http", "ftp", ...).

   2.  region - a single Region object.

   3.  timeWindow - a single TimeWindow object.

3.6.  DeliveryRules object

   The DeliveryRules object describes the rules to apply to a particular
   content request in order to deliver a piece of content to the user
   agent on behalf of an upstream CDN.  This object includes the
   following fields:

   1.  allow - a boolean stating whether or not delivery is permitted.

   2.  auth - a single Authorization object.

3.7.  Region object

   The Region object specifies a region where the content is either
   allowed or disallowed.  A region may be described in three ways, only
   one of which needs to be present per Region object.  The object
   includes the following fields:

   1.  country - a string containing the country code for the region.

   2.  bgpAs - a number containing the BGP AS identifier of the region.

   3.  subnet - a string containing a dotted decimal IP address and
       subnet mask.




Caulfield & Leung        Expires April 26, 2012                 [Page 8]


Internet-Draft             CDNI Core Metadata               October 2011


3.8.  TimeWindow object

   The TimeWindow object specifies a time period when a content is
   available or not available.  The object includes the following
   fields:

   1.  startTime - a string containing an ISO 8601 formatted date and
       time in UTC.

   2.  endTime - a string containing the same format as startTime.

3.9.  Authorization object

   The Authorization object describes an authorization type and its
   parameters.  It provides information for content delivery such that
   the user agent can be authenticated as a client when requesting
   content from a downstream CDN.  The Authorization object contains the
   following fields:

   1.  type - a string containing the authorization type "url-signing"
       or "url-token".  The type dictates which optional fields are
       present and valid in the rest of the object.  The "url-signing"
       type refers to URL signing authorization.  The "url-token" type
       refers to token-based authorization.

   2.  algo - a string containing the signature algorithm (e.g. "md5",
       "sha-1", etc.).

   3.  symmetric - a boolean if true, URL signing uses symmetric keys,
       otherwise asymmetric.

   4.  key - a number containing the public key for verifying
       signatures, only valid if "symmetric" field is set to false.

   [Editor's note: parameters for URL signing and URL token
   authorization schemes are TBD.  Private key provisioning and
   distribution are outside the scope of the CDNI Metadata Interface. ]

3.10.  Reference object

   In order to avoid refetching large or common objects, any object may
   be replaced by a Reference object.  For example, the ContentSource
   object could be replaced by a Reference object which points to a URI.
   The downstream CDN should then request the referenced object in order
   to complete the metadata.  This object includes the following fields:

   1.  ref - a string containing a URI which points to the actual
       object.



Caulfield & Leung        Expires April 26, 2012                 [Page 9]


Internet-Draft             CDNI Core Metadata               October 2011


   A Reference object may be distinguished from any other type of object
   by checking for the presence of the "ref" field with a non-empty
   value.


4.  Metadata Transport

   Metadata objects (JSON, XML, etc.) are assumed to be transported over
   HTTP.  This section describes the relationship between the encoding
   and transport layers.

   Given a content request from an end client, when the downstream CDN
   needs to acquire the metadata associated with that content, the
   downstream CDN uses an HTTP GET to query the upstream CDN metadata
   server for the metadata object.

   The parameters to the query request are identical to the fields of
   the MetadataScope object discussed earlier.  This similarity is
   intentional and allows the downstream CDN to avoid refetching the
   same metadata for two different pieces of content (if the metadata is
   the same).  The query parameters are extracted from an incoming
   content request and are as follows:

   1.  host - the value of the Host header in an HTTP request.

   2.  resource - the resource on the request line of the HTTP request.

   3.  protocol - the protocol of the incoming request.

   After extracting these fields from the content request, the
   downstream CDN should first check its existing cache of metadata
   objects for possible matches (using the MetadataScope object).  If no
   match is found, the downstream CDN should then form a request to the
   upstream CDN metadata server, appending the host, resource, and
   protocol as query string parameters.

   The metadata server will respond with a CDNIMetadata object encoded
   in JSON, XML, or some other variant.


5.  CDNI Metadata Interface Bootstrapping

   This document makes a number of assumptions regarding the information
   available to the downstream CDN which is not part of the CDNI Core
   Metadata.  Information such as how a downstream CDN learns the
   address or hostname of the upstream metadata server is briefly
   described below.




Caulfield & Leung        Expires April 26, 2012                [Page 10]


Internet-Draft             CDNI Core Metadata               October 2011


   In the simplest case, the Control Interface will provision the URI of
   the metadata server to the downstream CDN and all metadata requests
   will be sent directly to this server.  The Control Interface could
   also provision an alternative URI in case the primary server is
   unreachable.

   In the case of multiple potential upstream CDNs, the downstream CDN
   must decide which metadata server should handle its request.  It is
   expected that the downstream CDN will be able to determine the
   upstream CDN that redirected that particular request from information
   contained in the received request (e.g. via the URI in case of HTTP
   redirection across CDNs).  With knowledge of which upstream CDN
   routed the request, the downstream CDN can choose the correct
   metadata server.


6.  Compliance with CDNI Requirements

   This section reviews compliance of the solution proposed in this
   document against the relevant set of requirements from
   [I-D.ietf-cdni-requirements].

   [Editor's note: the compliance information will be provided in
   subsequent versions]


7.  IANA Considerations

   This document makes no request of IANA.

   Note to RFC Editor: this section may be removed on publication as an
   RFC.


8.  Security Considerations

   The CDNI Metadata Interface is expected to be secured as a function
   of the transport protocol (e.g.  HTTP authentication).

   If a malicious metadata server is contacted by a downstream CDN, the
   malicious server may provide metadata to the downstream CDN which
   denies service for any piece of content to any user agent.  The
   malicious server may also provide metadata which directs a downstream
   CDN to a malicious origin server instead of the actual origin server.







Caulfield & Leung        Expires April 26, 2012                [Page 11]


Internet-Draft             CDNI Core Metadata               October 2011


9.  Acknowledgements

   The authors would like to thank Francois le Faucheur for his input
   and review.


10.  Normative References

   [I-D.davie-cdni-framework]
              Davie, B. and L. Peterson, "Framework for CDN
              Interconnection", draft-davie-cdni-framework-00 (work in
              progress), July 2011.

   [I-D.ietf-cdni-problem-statement]
              Niven-Jenkins, B., Faucheur, F., and N. Bitar, "Content
              Distribution Network Interconnection (CDNI) Problem
              Statement", draft-ietf-cdni-problem-statement-00 (work in
              progress), September 2011.

   [I-D.ietf-cdni-requirements]
              Leung, K. and Y. Lee, "Content Distribution Network
              Interconnection (CDNI) Requirements",
              draft-ietf-cdni-requirements-01 (work in progress),
              October 2011.

   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
              Leach, P., Luotonen, A., and L. Stewart, "HTTP
              Authentication: Basic and Digest Access Authentication",
              RFC 2617, June 1999.


Appendix A.  Example Metadata

   Below is an example of a JSON object encoding a piece of CDNI
   metadata.  This metadata object applies to any content request with a
   hostname of "origin.example.com" and a resource identifier matching
   the regular expression "*/movies/*".  The "metadataScope" field
   summarizes these properties.  There is a single acquisition option as
   seen in the "acquisitionOptions" list.  The "deliveryProfiles"
   information restricts users in subnet "10.1.2.0/24" or using RTSP
   from accessing this content and allows users using HTTP.
   {
     "acquisitionOptions" :
     [
       {
         "protocol" : "http",
         "uri" : "http://origin.example.com/movies/content.mpg",
         "auth" :



Caulfield & Leung        Expires April 26, 2012                [Page 12]


Internet-Draft             CDNI Core Metadata               October 2011


         {
           "type" : "basic",
           "username" : "abcd",
           "password" : "pass123"
         }
       }
     ],
     "deliveryProfiles" :
     [
       {
         "deliveryCriteria" :
         [
           {
             "region" : { "subnet" : "10.1.2.0/24" },
           },
           {
             "protocol" : "rtsp"
           }
         ],
         "deliveryRules" :
         {
           "allow" : false
         }
       },
       {
         "deliveryCriteria" :
         [
           {
             "protocol" : "http"
           }
         ],
         "deliveryRules" :
         {
           "allow" : true
         }
       }
     ],
     "metadataScope" :
     {
       "host" : "origin.example.com",
       "resource" : "*/movies/*"
     }
   }








Caulfield & Leung        Expires April 26, 2012                [Page 13]


Internet-Draft             CDNI Core Metadata               October 2011


Authors' Addresses

   Matt Caulfield
   Cisco Systems
   1414 Massachusetts Ave
   Boxborough, MA  01719
   USA

   Phone: +1 978 936 9307
   Email: mcaulfie@cisco.com


   Kent Leung
   Cisco Systems
   3625 Cisco Way
   San Jose  95134
   USA

   Phone: +1 408 526 5030
   Email: kleung@cisco.com































Caulfield & Leung        Expires April 26, 2012                [Page 14]