Policy, Authorization, and Enforcement Requirements of the Open Pluggable Edge Services (OPES)
RFC 3838

 
Document Type RFC - Informational (August 2004; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 3838 (Informational)
Telechat date
Responsible AD Ted Hardie
Send notices to <mrose+mtr.ietf@dbc.mtview.ca.us>, <hofmann@bell-labs.com>
Network Working Group                                          A. Barbir
Request for Comments: 3838                               Nortel Networks
Category: Informational                                       O. Batuner
                                                              Consultant
                                                                 A. Beck
                                                     Lucent Technologies
                                                                 T. Chan
                                                                   Nokia
                                                                H. Orman
                                               Purple Streak Development
                                                             August 2004

          Policy, Authorization, and Enforcement Requirements
               of the Open Pluggable Edge Services (OPES)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document describes policy, authorization, and enforcement
   requirements for the selection of the services to be applied to a
   given Open Pluggable Edge Services (OPES) flow.

Barbir, et al.               Informational                      [Page 1]
RFC 3838                OPES Policy Requirements             August 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Policy Architecture  . . . . . . . . . . . . . . . . . . . . .  4
       3.1.  Policy Components and Functions  . . . . . . . . . . . .  4
       3.2.  Requirements for Policy Decision Points. . . . . . . . .  5
       3.3.  Requirements for Policy Enforcement Points . . . . . . .  5
   4.  Requirements for Interfaces  . . . . . . . . . . . . . . . . .  6
       4.1.  Service Bindings Requirements  . . . . . . . . . . . . .  7
             4.1.1.  Environment Variables  . . . . . . . . . . . . .  7
             4.1.2.  Requirements for Using State Information . . . .  8
             4.1.3.  Requirements for Passing Information Between
                     Services . . . . . . . . . . . . . . . . . . . .  8
       4.2.  Requirements for Rule and Rules Management . . . . . . .  8
             4.2.1.  Requirements for Rule Providers  . . . . . . . .  8
             4.2.2.  Requirements for Rule Formats and Protocols  . .  9
             4.2.3.  Requirements for Rule Conditions . . . . . . . .  9
             4.2.4.  Requirements for Rule Actions  . . . . . . . . .  9
       4.3.  Requirements for Policy Expression . . . . . . . . . . . 10
   5.  Authentication of Principals and Authorization of Services . . 10
       5.1.  End users, Publishers and Other Considerations . . . . . 11
             5.1.1.  Considerations for End Users . . . . . . . . . . 11
             5.1.2.  Considerations for Publishing Sites. . . . . . . 12
             5.1.3.  Other Considerations . . . . . . . . . . . . . . 12
       5.2.  Authentication . . . . . . . . . . . . . . . . . . . . . 12
       5.3.  Authorization  . . . . . . . . . . . . . . . . . . . . . 13
       5.4.  Integrity and Encryption . . . . . . . . . . . . . . . . 14
             5.4.1.  Integrity and Confidentiality of Authentication
                     and Requests/Responses for Service . . . . . . . 14
             5.4.2.  Integrity and Confidentiality of Application
                     Content  . . . . . . . . . . . . . . . . . . . . 14
       5.5.  Privacy. . . . . . . . . . . . . . . . . . . . . . . . . 14
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 15
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
       7.1.  Normative References . . . . . . . . . . . . . . . . . . 15
       7.2.  Informative References . . . . . . . . . . . . . . . . . 15
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
   9.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 16
   10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 17

Barbir, et al.               Informational                      [Page 2]
RFC 3838                OPES Policy Requirements             August 2004

1.  Introduction

   The Open Pluggable Edge Services (OPES) [1]  architecture enables
   cooperative application services (OPES services) between a data
   provider, a data consumer, and zero or more OPES processors.  The
   application services under consideration analyze and possibly
   transform application-level messages exchanged between the data
Show full document text