Internet DRAFT - draft-mcd-identifier-access-query

draft-mcd-identifier-access-query



Internet Engineering Task Force                                 C. Ma
Internet Draft                                                J. Chen
Intended status: Informational                                  X. Fan
Expires: June 21, 2024                                         M. Chen
                                                                Z. Li
             China Academy of Information and Communications Technology
                                                      December 21, 2023



     Industrial Internet Identifier Data Access Protocol (IIIDAP) Query
                                  Format
                   draft-mcd-identifier-access-query-08


Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on June 21, 2024.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with



Ma, et al.              Expires June 21, 2024                 [Page 1]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Abstract

   This document describes uniform patterns to construct HTTP URLs that
   may be used to retrieve identifier information from Second-Level
   Nodes (SLN) using "RESTful" web access patterns. These uniform
   patterns define the query syntax for the Industrial Internet
   Identifier Data Access Protocol (IIIDAP).

Table of Contents


   1. Introduction ................................................ 2
   2. Conventions used in this document............................ 3
      2.1. Acronyms and Abbreviations.............................. 3
   3. Path Segment Specification................................... 4
      3.1. Lookup Path Segment Specification....................... 4
         3.1.1. Identifier Path Segment Specification.............. 4
         3.1.2. Name Path Segment Specification.................... 5
         3.1.3. Help Path Segment Specification.................... 5
      3.2. Search Path Segment Specification....................... 6
         3.2.1. Name Search........................................ 6
   4. Query Processing ............................................ 6
      4.1. Partial String Searching................................ 7
      4.2. Associated Records...................................... 7
   5. Internationalization Considerations.......................... 8
      5.1. Character Encoding Considerations....................... 8
   6. Security Considerations...................................... 9
   7. IANA Considerations ......................................... 9
   8. References .................................................. 9
      8.1. Normative References................................... 10
      8.2. Informative References................................. 10

1. Introduction

   This document describes a specification for querying identifier data
   using a RESTful web service and uniform query patterns. The service
   is implemented using the Hypertext Transfer Protocol (HTTP)
   [RFC9110] and the conventions described in [IDENTIFIER-HTTP]. These
   uniform patterns define the query syntax for the Industrial Internet
   Identifier Data Access Protocol (IIIDAP).




Ma, et al.              Expires June 21, 2024                 [Page 2]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   The intent of the patterns described here are to enable queries of
   the identifier information by identifiers or names. [RFC3986]
   patterns specified in this document are only applicable to the HTTP
   [RFC9110] GET and HEAD methods. As described in Section 4.1 of
   [IDENTIFIER-HTTP], HEAD method can be used to determine, if an
   object exists (or not) without returning IIIDAP-encoded results; GET
   method can be used to retrieve detailed results.

   This document does not describe the results or entities returned
   from issuing the described URLs with an HTTP GET. The specification
   of these entities is described in [IDENTIFIER-RESPONSES].

   Additionally, resource management, provisioning, and update
   functions are out of scope for this document. Second-Level Nodes
   (SLN) have various and divergent methods covering these functions,
   and it is unlikely a uniform approach is needed for
   interoperability.

   HTTP contains mechanisms for servers to authenticate clients and for
   clients to authenticate servers (from which authorization schemes
   may be built), so such mechanisms are not described in this
   document. Policy, provisioning, and processing of authentication and
   authorization are out of scope for this document as deployments will
   have to make choices based on local criteria. Supported
   authentication mechanisms are described in [IDENTIFIER-SECURITY].

2. Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2.1. Acronyms and Abbreviations

   TLN: Top-Level Nodes

   SLN: Second-Level Nodes

   ELN: Enterprise-Level Nodes

   NFC: Unicode Normalization Form C [Unicode-UAX15]

   NFKC: Unicode Normalization Form KC [Unicode-UAX15]

   IIIDAP: Industrial Internet Identifier Data Access Protocol




Ma, et al.              Expires June 21, 2024                 [Page 3]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   REST: Representational State Transfer. The term was first described
   in a doctoral dissertation [REST].

   RESTful: An adjective that describes a service using HTTP and the
   principles of REST.

3. Path Segment Specification

   The base URLs used to construct IIIDAP queries are maintained in an
   TLN described in [IDENTIFIER-AUTHORIZATION]. Queries are formed by
   retrieving an appropriate base URL from the TLN and appending a path
   segment specified in either Sections 3.1 or 3.2. Generally, a TLN or
   other service provider will provide a base URL that identifies the
   protocol, host, and port, and this will be used as a base URL that
   the complete URL is resolved against, as per Section 5 of RFC 3986
   [RFC3986]. For example, if the base URL is
   "https://example.com/iiidap/", all IIIDAP query URLs will begin with
   "https://example.com/iiidap/".

   The bootstrap registry does not support searching for identifier
   information through query fields that are not part of a global
   namespace, including "name" and "help". A base URL for an associated
   object is required to construct a complete query.

3.1. Lookup Path Segment Specification

   The resource type path segments for exact match lookup are:

   o 'identifier': Used to identify the identifier information of SLN
      or ELN query using a string identifier.

   o 'name': Used to identify the identifier information of SLN or ELN
      query using a node (SLN or ELN) name.

3.1.1. Identifier Path Segment Specification

   Syntax: identifier/<Identifier of SLN or ELN>

   Take Handle Protocol [RFC3651] as an example, Identifier format of
   TLN is XX; identifier format of SLD is XX.YY; identifier format of
   ELD is XX.YY.ZZ; XX, YY, ZZ are UTF-8 encoded character strings,
   which use any characters from the Unicode 2.0 standard except the
   ASCII character '/' (0x2F). Therefore, queries for information about
   identifiers are of the form /identifier/XX.YY/...(for SLN) or
   /identifier/XX.YY.ZZZ/...(for ELN)




Ma, et al.              Expires June 21, 2024                 [Page 4]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   For example, identifier of a TLN can be 86; identifier of a SLN can
   be 86.100; identifier of a TLN can be 86.100.1; Identifiers of
   TLN/SLN/ELN are usually called identifiers prefix in Industry
   Internet Identifier System. Identifier suffix is used to identify a
   product or component in an enterprise. Prefixes and suffixes are
   joined by backslashes. The prefix and suffix together constitute the
   globally qualified identity for a product or component. Naming rules
   of identifier suffix is beyond the scope of this specification. The
   length of an identifier of must range from 2 to 255 number
   characters.

   For example, the following URL would be used to find identifier
   information for the most specific identifier of a SLN containing
   86.100:

      https://example.com/iiidap/identifier/86.100

   The following URL would be used to find identifier information for
   the most specific identifier of an ELN containing 86.100.1:

      https://example.com/iiidap/identifier/86.100.1

3.1.2. Name Path Segment Specification

   Syntax: name/<name of SLN or ELN>

   Queries for identifier information regarding name of SLN or ELN are
   of the form /name/XXX/... where XXX is the name of a SLN or ELN. XXX
   is a string of length from 1 to 255. It can contain non-US-ASCII
   characters. The detailed requirements for character encoding are
   specified in Section 5.1.

   For example, the following URL would be used to find identifier
   information of the node named "mengniu":

      https://example.com/iiidap/name/mengniu

3.1.3. Help Path Segment Specification

   Syntax: help

   The help path segment can be used to request helpful information
   (command syntax, terms of service, privacy policy, rate-limiting
   policy, supported authentication methods, supported extensions,
   technical support contact, etc.) from an IIIDAP server. The response
   to "help" should provide basic information that a client needs to



Ma, et al.              Expires June 21, 2024                 [Page 5]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   successfully use the service. The following URL would be used to
   return "help" information:

      https://example.com/iiidap/help

3.2. Search Path Segment Specification

   Pattern matching semantics are described in Section 4.1. The name
   path segment for search is:

   o 'names': Used to identify a SLN or ELN identifier information
      search using a pattern to match a fully qualified SLN/ELN name.

   IIIDAP search path segments are formed using a concatenation of the
   plural form of the object being searched for and an HTTP query
   string. The HTTP query string is formed using a concatenation of the
   question mark character ('?', US-ASCII value 0x003F), the JSON
   object value associated with the object being searched for, the
   equal sign character ('=', US-ASCII value 0x003D), and the search
   pattern. Search pattern query processing is described more fully in
   Section 4. For the name described in this document, the plural
   object forms are "names".

3.2.1. Name Search

   Syntax: names?name=<name search pattern>

   Searches for identifier information by name are specified using this
   form:

   names?name=XXXX

   XXXX is a search pattern representing a name of SLN OR ELN. The
   following URL would be used to find identifier information for SLN
   or ELN names matching the "example*" pattern:



      https://example.com/iiidap/names?name=example*

4. Query Processing

   Servers indicate the success or failure of query processing by
   returning an appropriate HTTP response code to the client. Response
   codes not specifically identified in this document are described in
   [IDENTIFIER-HTTP].



Ma, et al.              Expires June 21, 2024                 [Page 6]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


4.1. Partial String Searching

   Partial string searching uses the asterisk ('*', US-ASCII value
   0x002A) character to match zero or more trailing characters. A
   character string representing multiple names MAY be concatenated to
   the end of the search pattern to limit the scope of the search. For
   example, the search pattern "exam*" will match "example1" and
   "example2". The search pattern "ex*mple" will match "example". If an
   asterisk appears in a search string, any label that contains the
   non-asterisk characters in sequence plus zero or more characters in
   sequence in place of the asterisk would match. Additional pattern
   matching processing is beyond the scope of this specification.

   If a server receives a search request but cannot process the request
   because it does not support a particular style of partial match
   searching, it SHOULD return an HTTP 422 (Unprocessable Entity)
   [RFC4918] response. When returning a 422 error, the server MAY also
   return an error response body as specified in Section 6 of
   [IDENTIFIER-RESPONSES] if the requested media type is one that is
   specified in [IDENTIFIER-HTTP].

   Partial matching is not feasible across combinations of Unicode
   characters because Unicode characters can be combined with each
   other. Servers SHOULD NOT partially match combinations of Unicode
   characters where a legal combination is possible. It should be
   noted, though, that it may not always be possible to detect cases
   where a character could have been combined with another character,
   but was not, because characters can be combined in many different
   ways.

   Clients should avoid submitting a partial match search of Unicode
   characters where a Unicode character may be legally combined with
   another Unicode character or characters. Partial match searches with
   incomplete combinations of characters where a character must be
   combined with another character or characters are invalid. Partial
   match searches with characters that may be combined with another
   character or characters are to be considered non-combined characters
   (that is, if character x may be combined with character y but
   character y is not submitted in the search string, then character x
   is a complete character and no combinations of character x are to be
   searched).

4.2. Associated Records

   Conceptually, any query-matching record in a server's database might
   be a member of a set of related records, related in some fashion as
   defined by the server. The entire set ought to be considered as


Ma, et al.              Expires June 21, 2024                 [Page 7]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   candidates for inclusion when constructing the response. However,
   the construction of the final response needs to be mindful of
   privacy and other data-releasing policies when assembling the IIIDAP
   response set.

   Note too that due to the nature of searching, there may be a list of
   query-matching records. Each one of those is subject to being a
   member of a set as described in the previous paragraph. What is
   ultimately returned in a response will be the union of all the sets
   that has been filtered by whatever policies are in place.

   Note that this model includes arrangements for associated names,
   including those that are linked by policy mechanisms and names bound
   together for some other purposes. Note also that returning
   information that was not explicitly selected by an exact-match
   lookup, including additional names that match a relatively fuzzy
   search as well as lists of names that are linked together, may cause
   privacy issues.

   Note that there might not be a single, static information return
   policy that applies to all clients equally. Client identity and
   associated authorizations can be a relevant factor in determining
   how broad the response set will be for any particular query.

5. Internationalization Considerations

5.1. Character Encoding Considerations

   Servers can expect to receive search patterns from clients that
   contain character strings encoded in different forms supported by
   HTTP. It is entirely possible to apply filters and normalization
   rules to search patterns prior to making character comparisons, but
   this type of processing is more typically needed to determine the
   validity of registered strings than to match patterns.

   An IIIDAP client submitting a query string containing non-US-ASCII
   characters converts such strings into Unicode in UTF-8 encoding. It
   then performs any local case mapping deemed necessary. Strings are
   normalized using Normalization Form C (NFC) [Unicode-UAX15]; note
   that clients might not be able to do this reliably. UTF-8 encoded
   strings are then appropriately percent-encoded [RFC3986] in the
   query URL.

   After parsing any percent-encoding, an IIIDAP server treats each
   query string as Unicode in UTF-8 encoding. If a string is not valid
   UTF-8, the server can immediately stop processing the query and
   return an HTTP 400 (Bad Request) response.


Ma, et al.              Expires June 21, 2024                 [Page 8]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   For everything else, servers map fullwidth and halfwidth characters
   to their decomposition equivalents. Servers convert strings to the
   same coded character set of the target data that is to be looked up
   or searched, and each string is normalized using the same
   normalization that was used on the target data. In general, storage
   of strings as Unicode is RECOMMENDED. For the purposes of
   comparison, Normalization Form KC (NFKC) [Unicode-UAX15] with case
   folding is used to maximize predictability and the number of
   matches. Note the use of case-folded NFKC as opposed to NFC in this
   case.

6. Security Considerations

   Security services for the operations specified in this document are
   described in "Security Services for the Industrial Internet
   Identifier Data Access Protocol (IIIDAP)" [IDENTIFIER-SECURITY].

   Search functionality typically requires more server resources (such
   as memory, CPU cycles, and network bandwidth) when compared to basic
   lookup functionality. This increases the risk of server resource
   exhaustion and subsequent denial of service due to abuse. This risk
   can be mitigated by developing and implementing controls to restrict
   search functionality to identified and authorized clients. If those
   clients behave badly, their search privileges can be suspended or
   revoked. Rate limiting as described in Section 5.5 of "HTTP Usage in
   the Industrial Internet Identifier Data Access Protocol (IIIDAP)"
   [IDENTIFIER-HTTP] can also be used to control the rate of received
   search requests. Server operators can also reduce their risk by
   restricting the amount of information returned in response to a
   search request.

   Search functionality also increases the privacy risk of disclosing
   object relationships that might not otherwise be obvious.

   Note that there might not be a single, static information return
   policy that applies to all clients equally. Client identity and
   associated authorizations can be a relevant factor in determining
   how broad the response set will be for any particular query.



7. IANA Considerations

8. References

   References to IIIDAP are subject to the latest edition.



Ma, et al.              Expires June 21, 2024                 [Page 9]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


8.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
             Resource Identifier (URI): Generic Syntax", STD 66, RFC
             3986, January 2005,
             <http://www.rfc-editor.org/info/rfc3986>.

   [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed
             Authoring and Versioning (WebDAV)", RFC 4918, June 2007,
             <http://www.rfc-editor.org/info/rfc4918>.

   [RFC9110] Fielding, R., Ed., M. Nottingham, Ed. and J. Reschke, Ed.,
             " HTTP Semantics", RFC 9110, June 2022,
             <http://www.rfc-editor.org/info/rfc9110>.

   [Unicode-UAX15]
             The Unicode Consortium, "Unicode Standard Annex #15:
             Unicode Normalization Forms", September 2013,
             <http://www.unicode.org/reports/tr15/>.

8.2. Informative References

   [RFC3651] Sun, S., Reilly, S. and L. Lannom, "Handle System
             Namespace and Service Definition", RFC 3651, November
             2003, <http://www.rfc-editor.org/info/rfc3651>.

   [REST]    Fielding, R., "Architectural Styles and the Design of
             Network-based Software Architectures", Ph.D. Dissertation,
             University of California, Irvine, 2000,
             <http://www.ics.uci.edu/~fielding/pubs/dissertation/
             fielding_dissertation.pdf>.



   [IDENTIFIER-HTTP]
             Ma, C., "HTTP Usage in the Industrial Internet Identifier
             Data Access Protocol (IIIDAP)", Work in Progress, draft-
             ma-identifier-access-http, December 2023.

   [IDENTIFIER-SECURITY]
             Ma, C., "Security Services for the Industrial Internet
             Identifier Data Access Protocol (IIIDAP)", Work in
             Progress, draft-mcd-identifier-access-security, December
             2023.


Ma, et al.              Expires June 21, 2024                [Page 10]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   [IDENTIFIER-RESPONSES]
             Ma, C., "JSON Responses for the Industrial Internet
             Identifier Data Access Protocol (IIIDAP)", Work in
             Progress, draft-mcd-identifier-access-responce, December
             2023.

   [IDENTIFIER-AUTHORIZATION]
             Ma, C., "Finding the Authoritative Industrial Internet
             Identifier Data (IIIDAP) Service", Work in Progress,
             draft-mcd-identifier-access-authority, December 2023.






































Ma, et al.              Expires June 21, 2024                [Page 11]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


Authors' Addresses

   Chendi Ma
   CAICT
   No.52 Huayuan North Road, Haidian District
   Beijing, Beijing, 100191
   China

   Phone: +86 177 1090 9864
   Email: machendi@caict.ac.cn


   Chen Jian
   CAICT
   No.52 Huayuan North Road, Haidian District
   Beijing, Beijing, 100191
   China

   Phone: +86 138 1103 3332
   Email: chenjian3@caict.ac.cn


   Xiaotian Fan
   CAICT
   No.52 Huayuan North Road, Haidian District
   Beijing, Beijing, 100191
   China

   Phone: +86 134 0108 6945
   Email: fanxiaotian@caict.ac.cn


   Meilan Chen
   CAICT
   No.52 Huayuan North Road, Haidian District
   Beijing, Beijing, 100191
   China

   Phone: +86 139 1143 7301
   Email: chenmeilan@caict.ac.cn









Ma, et al.              Expires June 21, 2024                [Page 12]

Internet-Draft     Identifier Data Query Protocol    December 21, 2023


   Zhiping Li
   CAICT
   No.52 Huayuan North Road, Haidian District
   Beijing, Beijing, 100191
   China

   Phone: +86 185 1107 1386
   Email: lizhiping@caict.ac.cn








































Ma, et al.              Expires June 21, 2024                [Page 13]