DECADE Working Group D. Wang Internet-Draft Huawei Technologies Intended status: Standards Track Y. Yang Expires: May 3, 2012 Yale University Oct 31, 2011 An HTTP-based Decade Resource Protocol draft-wang-decade-drp-01 Abstract This document explorers the design of an HTTP-based DECADE Resource Protocol (DRP), which can be used for content and resource management between a DECADE Client and a DECADE Server, or between two DECADE Servers. We identify the function entities, and present initial protocol message flow and syntax design. The purpose of this document is to get design discussion started, not to provide a complete solution. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 3, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Wang & Yang Expires May 3, 2012 [Page 1] Internet-Draft DRP Oct 2011 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminologies and concepts . . . . . . . . . . . . . . . . . . 3 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Function Entities . . . . . . . . . . . . . . . . . . . . 4 3.3. Protocol Architecture . . . . . . . . . . . . . . . . . . 4 3.4. Object Naming . . . . . . . . . . . . . . . . . . . . . . 4 3.5. Protocol Operations . . . . . . . . . . . . . . . . . . . 4 4. Message Syntax and Processing . . . . . . . . . . . . . . . . 5 4.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.2. Common Message Processing . . . . . . . . . . . . . . . . 6 4.3. DECADE Messages . . . . . . . . . . . . . . . . . . . . . 6 4.3.1. Transport_Query Message . . . . . . . . . . . . . . . 6 4.3.2. Access_Token Message . . . . . . . . . . . . . . . . . 7 4.3.3. Server_States_Query Message . . . . . . . . . . . . . 8 4.3.4. Object_Property_Query Message . . . . . . . . . . . . 10 4.3.5. Object_Property_Set Message . . . . . . . . . . . . . 12 4.3.6. Delete_Data Message . . . . . . . . . . . . . . . . . 13 4.4. Error Response Messages . . . . . . . . . . . . . . . . . 14 5. Integration with an HTTP-based SDT . . . . . . . . . . . . . . 15 5.1. Put_Object Message . . . . . . . . . . . . . . . . . . . . 15 5.2. Get_Object Message . . . . . . . . . . . . . . . . . . . . 16 6. Security Considerations . . . . . . . . . . . . . . . . . . . 18 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 9.1. Normative Reference . . . . . . . . . . . . . . . . . . . 19 9.2. Informative Reference . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 Wang & Yang Expires May 3, 2012 [Page 2] Internet-Draft DRP Oct 2011 1. Introduction The DECADE Architecture document [I-D.ietf-decade-arch-03] identifies a DECADE architecture that consists of two logically independent protocols: the DECADE Resource Protocol (DRP) and the Standard Data Transport (SDT). The formal provides access control and resource scheduling between two DECADE peers, while the latter is used to transfer data objects to and from a DECADE Server. The architecture document observes that the two protocols may be realized on the same wire. In this document, we present an initial design of a DRP based on HTTP. We use the DECADE requirements [I-D.ietf-decade-reqs-04] to guide our design. The purpose of this document is to get design discussions started, not to provide a complete solution. Specifically, the DRP we present provides a signaling layer for transport negotiation, content management, access control and resource control. The SDT is responsible for data put, retrieve, delete, and metadata update, and the implementation of access control and resource control policies. We also show that the HTTP based DRP may be extended to include an HTTP based SDT, achieving a same-wire design, although it is also possible to use another SDT. 2. Terminologies and concepts The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "MAY", "MAY NOT" and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. This draft uses the terms defined in [I-D.ietf-decade-reqs-04] and in [I-D.ietf-decade-arch-03]. DECADE peers: Entities involved in the DRP, such as a DECADE Server or a DECADE Client. 3. Protocol Overview 3.1. Overview DECADE Protocol is spoken between DECADE Client and DECADE Server or between DECADE Servers to manage, store, and retrieve data objects for data distribution. A DECADE Client can be an application server, or embedded in a web browser, etc. Wang & Yang Expires May 3, 2012 [Page 3] Internet-Draft DRP Oct 2011 DECADE needs a mandatory naming scheme, that can be used to achieve content security and de-duplication. In this initial design, we assume that the name space is flat for simplicity. We anticipate that the name scheme should also allow for group operations on a set of data objects with a similar/same attribute. 3.2. Function Entities We consider two primary function entities involved in DECADE: the DECADE Server and the DECADE Client. DECADE Server: A DECADE Server stores DECADE data inside the network, and thereafter manages both the stored data and access to that data [I-D.ietf-decade-arch-02]. DECADE Client: A DECADE Client stores and retrieves data at DECADE Servers [I-D.ietf-decade-arch-02]. 3.3. Protocol Architecture +------+ DRP +------+ |DECADE|<--------------->|DECADE| |Server|<--------------->|Server| +------+ SDT +------+ ^ ^ ^ ^ | | | | DRP| | SDT DRP| |SDT | | | | v v v v +------+ +------+ |DECADE| |DECADE| |Client| |Client| +------+ +------+ 3.4. Object Naming (To be added...) 3.5. Protocol Operations The DRP we present is a request-response protocol. Requests and corresponding responses are exchanged between DECADE Client and Server or between DECADE Servers. In particular, we identify the following operations: Wang & Yang Expires May 3, 2012 [Page 4] Internet-Draft DRP Oct 2011 Access Token: This operation allows the DECADE Server to limit access and resource control of data objects stored on it via authenticated tokens. The token should limit permitted operations to permitted objects by permitted clients during permitted period, as well as priority for bandwidth given to requested operation, and so on. OAUTH is adopted here to realize access and resource control. Query Server Statue (from the system's view): This operation allows a DECADE Client to query statue information of a specific DECADE Server from the server view, e.g., lists of associated objects, resource used/available, and so on. Query Server Statue (from the user's view): This operation allows a DECADE Client to query its related statue information of a specific DECADE Server, e.g., list of associated objects the DECADE Client stored in the Server, the Client's available resources, and so on. Query Object Property: This operation allows a DECADE Client to query object properties with certain authentication, including TTL of object, object size, or object type. Set Object Property: This operation allows a DECADE Client to set data object properties with certain authentication. Delete Data Object: This operation is used to delete data objects from a DECADE Server. Complementing the preceding DRP operations, the following SDT operations may be defined for a complete DECADE Protocol: Put Data Object: This operation is used to write data objects to a DECADE Server. Get Data Object: This operation is used to download data objects from a DECADE Server. 4. Message Syntax and Processing We now present the encoding and processing. 4.1. Encoding The DRP in this document follows the standard request and response formats for HTTP Request and Response messages [RFC2616]. Wang & Yang Expires May 3, 2012 [Page 5] Internet-Draft DRP Oct 2011 Specifically, the header fields in both request and response messages follows the standard rules for HTTP/1.1 Header fields, which MAY be included in the messages if necessary. We use JSON to encode the bodies for both request and response messages. In the following messages, both *** and XXX represent data to be insert, either numeric data or alphanumeric data. 4.2. Common Message Processing After receiving a DECADE protocol message, some basic processing will be performed, regardless of the message type and the receiving entity. Upon receiving a message, the message is examined to ensure that it is properly formed, which is done by the receiver itself. If not, appropriate standard HTTP errors MUST be generated. If the message is found to be incorrectly formed or the length does not match the length encoded in the header, the receiver MUST reply with an HTTP 400 response. If the version number is not supported by the receiver, the receiver MUST reply with an HTTP 400 response. If the receiver is unable to process the message temporarily because it is in an overloaded state, the receiver SHOULD reply with an HTTP 503 response. If the receiver encounters an internal error while attempting to process the message, the receiver MUST generate an HTTP 500 response. 4.3. DECADE Messages 4.3.1. Transport_Query Message After the DECADE Client locating its authenticated DECADE Server, transport capability query MUST be performed between them. A Transport_Query message is used to query the DECADE server about supported transports. A DECADE client will send a request to the DECADE server to ask for the transport protocols supported by the server. And then the DECADE server will send back a reply with the supported transport protocols. DECADE server must listen on the server ports of the supported protocols (e.g. NFS). By that, the DECADE client (active) can impose data operations on the DECADE server using either one of the supported transport protocols Wang & Yang Expires May 3, 2012 [Page 6] Internet-Draft DRP Oct 2011 supported by the DECADE server. Below is an example Transport_Query message: GET /decade/transport/ HTTP/1.1 Host: example.com Content-Length: *** Content-Type: application/decade-transport-req+json X-DECADE-Protocol-Version: 1.0 If the query message is valid, the DECADE Server sends back a response listing the supported SDT protocols. An example is shown below: HTTP/1.1 200 OK Content-Length: *** Content-Type: application/decade-transport-ans+json X-DECADE-Protocol-Version: 1.0 { "transport-protocol": { "HTTP": true; "NFS": true; "WebDAV": true; } } JSON Object: Object { JSONBool HTTP; [OPTIONAL] JSONBool NFS; [OPTIONAL] JSONBool WebDav; [OPTIONAL] } TransportProtocol; Object { TransportProtocol transport-protocol; } When the DECADE Client receive the response from the Server, it will choose a certain protocol it can support and then communicate with the Server via the chosen protocol. 4.3.2. Access_Token Message This operation allows a DECADE Client to obtain an access token from a DECADE Server to limit access and achieve resource control. Specifically, an access token should limit permitted operations to permitted operations to permitted objects by permitted clients during permitted period, as well as priority for bandwidth given to Wang & Yang Expires May 3, 2012 [Page 7] Internet-Draft DRP Oct 2011 requested operation, and so on. In DECADE architecture, a user delegation scheme is proposed. We anticipate that a DECADE Client can generate such Access Token locally as well. An access token to be generated may be depended on the SDT specified, should the token to be carried by the SDT operation. (TBA) 4.3.3. Server_States_Query Message This operation allows state query. The state can be either system- wide or on a particular user. An example message is: POST /decade/state HTTP/1.1 Host: example.com Content-Length: *** Content-Type: application/decade-stat-req+json X-DECADE-Protocol-Version: 1.0 X-DECADE-TOKEN: XXX { "state-request": { "StorageUsed": true; "StorageAvailable": true; "BandwidthUsed": true; "BandwidthAvailable": true; "ObjectNum": true; "ObjectList": true; } "user-type": { "System": true; } "token":XXX; } JSON Object: Object{ JSONBool StorageUsed; [OPTIONAL] JSONBool StorageAvaliable; [OPTIONAL] JSONBool BandwidthUsed; [OPTIONAL] JSONBool BandwidthAvailable; [OPTIONAL] JSONBool ObjectNum; [OPTIONAL] Wang & Yang Expires May 3, 2012 [Page 8] Internet-Draft DRP Oct 2011 JSONBool ObjectList; [OPTIONAL] }ServerState; Object{ JSONBool System; [OPTIONAL] JSONBool User; [OPTIONAL] }UserType; Object{ ObjectOperation permitted-operations<0..*>; JSONObject permitted-objects; JSONObject permitted-clients; JSONNumber expiration-time; JSONNumber priority; }AuthToken; Object{ ServerState server-state; } Object{ UserType user-type; } Object{ AuthToken token; } If a state query message is valid, the DECADE Server responses with corresponding server state. If the "user-type" in the message body is "System", then the server should return the status of resource consumption on this server after verifying the user's access right. Usually the right will be authorized to the system administrator. If the "user-type" in the message body is "User", then the server should return the status of resource consumption of this particular user on this server after verifying the user's access right. An example of the Response is as following: Wang & Yang Expires May 3, 2012 [Page 9] Internet-Draft DRP Oct 2011 HTTP/1.1 200 OK Content-Length: *** Content-Type: application/decade-stat-ans+json X-DECADE-Protocol-Version: 1.0 { "server-state": { "storage-used": ***; "storage-available": ***; "bandwidth-used": ***; "bandwidth-available": ***; "object-number": ***; "object-list": [ "data-object": { "object-name":XXX; } ] } } JSON Object: Object{ JSONNumber storage-used; [OPTIONAL] JSONNumber storage-avaliable; [OPTIONAL] JSONNumber bandwidth-used; [OPTIONAL] JSONNumber object-number; [OPTIONAL] JSONArray object-list["DataObject"]; [OPTIONAL] }ServerState; Object{ JSONString object-name; }DataObject; Object{ DataObject data-object; } 4.3.4. Object_Property_Query Message This operation allows a DECADE Client to query object properties with certain authentication, including TTL of object, object size, and object type. The request message is as following: Wang & Yang Expires May 3, 2012 [Page 10] Internet-Draft DRP Oct 2011 POST /decade/object//property HTTP/1.1 Host: example.com Content-Length: *** Content-Type: application/decade-objprop-query-req+json X-DECADE-Protocol-Version: 1.0 X-DECADE-TOKEN: XXX { "token": XXX; } JSON Object: Object{ ObjectOperation permitted-operations<0..*>; JSONObject permitted-objects; JSONObject permitted-clients; JSONNumber expiration-time; JSONNumber priority; }AuthToken; Object{ AuthToken token; } If the object property query message is valid and successfully proceeded, the DECADE Server replies the request info. An example of the response message is as below: Wang & Yang Expires May 3, 2012 [Page 11] Internet-Draft DRP Oct 2011 HTTP/1.1 200 OK Content-Length: *** Content-Type: application/decade-objprop-query-ans+json X-DECADE-Protocol-Version: 1.0 { "object-property": { "object-type": XXX; "object-size": ***; "owner": XXX; "TTL": ***; } } JSON Object: Object{ JSONString object-type; [OPTIONAL] JSONNumber object-size; [OPTIONAL] JSONString owner; [OPTIONAL] JSONNumber TTL; [OPTIONAL] }ObjectPerperty; Object{ ObjectProperty object-property; } 4.3.5. Object_Property_Set Message This operation allows a DECADE Client to set object properties (metadata). The request message is as following: Wang & Yang Expires May 3, 2012 [Page 12] Internet-Draft DRP Oct 2011 PUT /decade//property HTTP/1.1 Host: example.com Content-Length: *** Content-Type: application/decade-objprop-set-req+json X-DECADE-Protocol-Version: 1.0 X-DEADE-TOKEN: XXX { "object-property": { "TTL": ***; } "token": XXX; } JSON Object: Object{ JSONNumber TTL; [OPTIONAL] }ObjectProperty; Object{ ObjectOperation permitted-operations<0..*>; JSONObject permitted-objects; JSONObject permitted-clients; JSONNumber expiration-time; JSONNumber priority; }AuthToken; Object{ ObjectProperty object-property; } Object{ AuthToken token; } If the object property set message is valid, the DECADE Server replies with the following message: HTTP/1.1 204 NO CONTENT Content-Length: *** Content-Type: application/decade-objprop-set-req-ans+json X-DECADE-Protocol-Version: 1.0 4.3.6. Delete_Data Message This operation is used to delete objects from a DECADE Server. An example of the request message is as following: Wang & Yang Expires May 3, 2012 [Page 13] Internet-Draft DRP Oct 2011 DELETE /decade/ HTTP/1.1 Host: example.com Content-Length: *** Content-Type: application/decade-deledata-req+json X-DECADE-Protocol-Version: 1.0 X-DECADE-TOKEN: XXX { "token": XXX; } Object{ ObjectOperation permitted-operations<0..*>; JSONObject permitted-objects; JSONObject permitted-clients; JSONNumber expiration-time; JSONNumber priority; }AuthToken; Object{ AuthToken token; } An example of the response message is as following: HTTP/1.1 204 NO CONTENT Content-Length: *** Content-Type: application/decade-deledata-req+json X-DECADE-Protocol-Version: 1.0 4.4. Error Response Messages The error response messages for the DECADE protocol are described below: SUCCESSFUL (200 OK): a message has been processed properly and the desired operation has completed. If the message is a request for information, the body will also include the requested information. NO CONTENT (204 NO CONTENT): The server successfully processed the request, but is not returning any content. INVALID SYNTAX (400 Bad Request): Indicates an error in the format of the message/message body. VERSION NOT SUPPORTED (400 Bad Request): Invalid version of the protocol or message bodies. AUTHENTICATION REQUIRED (401 UNAUTHORISED): Authentication is Wang & Yang Expires May 3, 2012 [Page 14] Internet-Draft DRP Oct 2011 required to access this information. MESSAGE FORBIDDEN (403 FORBIDDEN): The requester is not allowed to make this request. OBJECT NOT FOUND (404 NOT FOUND): The requested object cannot be found. SERVER NOT FOUND (404 NOT FOUND): The requested server cannot be found. 5. Integration with an HTTP-based SDT 5.1. Put_Object Message This operation is used to write objects to a DECADE Server. An example of the request message is as following: PUT /decade/ HTTP/1.1 Host: example.com Content-Length: *** Content-Type: application/decade-putdata-req+json X-DECADE-Protocol-Version: 1.0 X-DECADE-TOKEN: XXX { "object-list": [ "data-object": { "object-size": ***; "object-type": XXX; "object-metadata": { "object-type": XXX; "object-size": ***; "TTL": ***; } } ] "token": XXX; } JSON Object: Object{ Wang & Yang Expires May 3, 2012 [Page 15] Internet-Draft DRP Oct 2011 JSONNumber object-size; [OPTIONAL] JSONSting object-type; [OPTIONAL] JSONObject object-metadata: [OPTIONAL] { JSONString owner; JSONNumber TTL; [OPTIONAL] } }DataObject; Object{ JSONArray object-list["DataObject"]; } Object{ ObjectOperation permitted-operations<0..*>; JSONObject permitted-objects; JSONObject permitted-clients; JSONNumber expiration-time; JSONNumber priority; }AuthToken; Object{ AuthToken token; } An example of response message is as below: HTTP/1.1 204 NO CONTENT Content-Length: *** Content-Type: application/decade-putdata-ans+json X-DECADE-Protocol-Version: 1.0 5.2. Get_Object Message This operation is used to download objects from a DECADE Server. An example of the request message is as following: Wang & Yang Expires May 3, 2012 [Page 16] Internet-Draft DRP Oct 2011 POST /decade/ HTTP/1.1 Host: example.com Content-Length: *** Content-Type: application/decade-getdata-req+json X-DECADE-Protocol-Version: 1.0 X-DECADE-TOKEN: XXX { "token": XXX; } Object{ ObjectOperation permitted-operations<0..*>; JSONObject permitted-objects; JSONObject permitted-clients; JSONNumber expiration-time; JSONNumber priority; }AuthToken; Object{ AuthToken token; } An example of the response message is as following: Wang & Yang Expires May 3, 2012 [Page 17] Internet-Draft DRP Oct 2011 HTTP/1.1 200 OK Content-Type: application/decade-getdata-ans+json X-DECADE-Protocol-Version: 1.0 { "data-object": { "object-size": ***; "object-type": XXX; "object-metadata": { "owner": XXX; "TTL": ***; } } } JSON Object: Object{ JSONNumber object-size; [OPTIONAL] JSONSting object-type; [OPTIONAL] JSONObject object-metadata: [OPTIONAL] { JSONString owner; JSONNumber TTL; [OPTIONAL] } }DataObject; Object{ DataObject data-object; } 6. Security Considerations The security considerations described in both [I-D.ietf-decade-arch] and [I-D.ieft-decade-problem-statement] apply to this draft as well. 7. IANA Considerations This draft does not have any IANA considerations. 8. Acknowledgements We would like to express our sincere thanks and appreciation to Zhou Hong for his valuable suggestions and support. Wang & Yang Expires May 3, 2012 [Page 18] Internet-Draft DRP Oct 2011 9. References 9.1. Normative Reference [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", June 1999. 9.2. Informative Reference [I-D.ietf-decade-reqs] Gu, Y., Bryan, D., Yang, Y., and R. Alimi, "DECADE Requirements", September 2011. [I-D.ietf-decade-arch] Alimi , R., Yang, Y., Rahman, A., Kutscher, D., and H. Liu, "DECADE Architecture", July 2011. [I-D.ietf-decade-problem-statement] Song, H., Zong, N., Yang, Y., and R. Alimi, "DECoupled Application Data Enroute (DECADE) Problem Statement". Authors' Addresses Wang Danhua Huawei Technologies No. 101 Software Avenue Nanjing, Jiangsu Province 210001 P.R.China Phone: +86-25-56624734 Fax: +86-25-56624702 Email: wangdanhua@huawei.com Y.Richard Yang Yale University Email: yry@cs.yale.edu Wang & Yang Expires May 3, 2012 [Page 19]