Network Working Group P. Rzewski
Request for Comments: 3570 Media Publisher, Inc.
Category: Informational M. Day
Cisco
D. Gilletti
July 2003
Network Working Group P. Rzewski
Request for Comments: 3570 Media Publisher, Inc.
Category: Informational M. Day
Cisco
D. Gilletti
July 2003
Content Internetworking (CDI) Scenarios
内容互联(CDI)场景
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
Abstract
摘要
In describing content internetworking as a technology targeted for use in production networks, it is useful to provide examples of the sequence of events that may occur when two content networks decide to interconnect. The scenarios presented here seek to provide some concrete examples of what content internetworking is, and also to provide a basis for evaluating content internetworking proposals.
在将内容互联描述为用于生产网络的技术时,提供两个内容网络决定互连时可能发生的事件序列的示例非常有用。这里介绍的场景旨在提供内容互联是什么的一些具体示例,并为评估内容互联方案提供基础。
Table of Contents
目录
1. Introduction...................................................2
1.1. Terminology..............................................3
2. Special Cases of Content Networks..............................3
2.1. Publishing Content Network...............................3
2.2. Brokering Content Network................................3
2.3. Local Request-Routing Content Network....................4
3. Content Internetworking Arrangements...........................5
4. Content Internetworking Scenarios..............................5
4.1. General Content Internetworking..........................6
4.2. BCN providing ACCOUNTING INTERNETWORKING and
REQUEST-ROUTING INTERNETWORKING..........................9
4.3. BCN providing ACCOUNTING INTERNETWORKING................11
4.4. PCN ENLISTS multiple CNs................................12
4.5. Multiple CNs ENLIST LCN.................................13
5. Security Considerations.......................................15
5.1. Threats to Content Internetworking......................15
5.1.1. Threats to the CLIENT.............................15
1. Introduction...................................................2
1.1. Terminology..............................................3
2. Special Cases of Content Networks..............................3
2.1. Publishing Content Network...............................3
2.2. Brokering Content Network................................3
2.3. Local Request-Routing Content Network....................4
3. Content Internetworking Arrangements...........................5
4. Content Internetworking Scenarios..............................5
4.1. General Content Internetworking..........................6
4.2. BCN providing ACCOUNTING INTERNETWORKING and
REQUEST-ROUTING INTERNETWORKING..........................9
4.3. BCN providing ACCOUNTING INTERNETWORKING................11
4.4. PCN ENLISTS multiple CNs................................12
4.5. Multiple CNs ENLIST LCN.................................13
5. Security Considerations.......................................15
5.1. Threats to Content Internetworking......................15
5.1.1. Threats to the CLIENT.............................15
5.1.2. Threats to the PUBLISHER..........................17
5.1.3. Threats to a CN...................................17
6. Acknowledgements..............................................18
7. References....................................................18
8. Authors' Addresses............................................19
9. Full Copyright Statement......................................20
5.1.2. Threats to the PUBLISHER..........................17
5.1.3. Threats to a CN...................................17
6. Acknowledgements..............................................18
7. References....................................................18
8. Authors' Addresses............................................19
9. Full Copyright Statement......................................20
In [1], the concept of a "content network" is introduced and described. In addition to describing some general types of content networks, it also describes motivations for allowing content networks to interconnect (defined as "content internetworking").
在[1]中,介绍并描述了“内容网络”的概念。除了描述一些一般类型的内容网络外,它还描述了允许内容网络互连(定义为“内容互联”)的动机。
In describing content internetworking as a technology targeted for use in production networks, it's useful to provide examples of the sequence of events that may occur when two content networks decide to interconnect. Naturally, different types of content networks may be created due to different business motivations, and so many combinations are likely.
在将内容互联描述为生产网络中使用的技术时,提供两个内容网络决定互联时可能发生的事件序列的示例非常有用。当然,由于不同的业务动机,可能会创建不同类型的内容网络,因此可能会有很多组合。
This document first provides detailed examples of special cases of content networks that are specifically designed to participate in content internetworking (Section 2). We then discuss the steps that would be taken in order to "bring up" or "tear down" a content internetworking arrangement (Section 3). Next we provide some detailed examples of how content networks (such as those from Section 2) could interconnect (Section 4). Finally, we describe any security considerations that arise specifically from the examples presented here (Section 5).
本文档首先提供了内容网络特例的详细示例,这些特例是专门为参与内容互联而设计的(第2节)。然后,我们将讨论为“提出”或“拆除”内容互联安排而采取的步骤(第3节)。接下来,我们将提供一些内容网络(如第2节中的内容网络)如何互连的详细示例(第4节)。最后,我们描述了具体从这里给出的示例(第5节)中产生的任何安全注意事项。
The scenarios presented here answer two distinct needs:
这里介绍的场景满足两个不同的需求:
1. To provide some concrete examples of what content internetworking is, and
1. 提供一些具体示例,说明什么是内容互联,以及
2. To provide a basis for evaluating content internetworking proposals.
2. 为评估内容互联提案提供依据。
A number of content internetworking systems have been implemented, but there are few published descriptions. One such description is [2].
已经实现了许多内容互联系统,但很少有公开的描述。其中一种描述是[2]。
Terms in ALL CAPS are defined in [1] except for the following terms defined below in this document: PCN, BCN, and LCN. Additionally, the term SLA is used as an abbreviation for Service Level Agreement.
[1]中定义了所有CAP中的术语,但本文件中定义的以下术语除外:PCN、BCN和LCN。此外,术语SLA用作服务级别协议的缩写。
A CN may have REQUEST-ROUTING, DISTRIBUTION, and ACCOUNTING interfaces. However, some participating networks may gravitate toward particular subsets of the CONTENT INTERNETWORKING interfaces. Others may be seen differently in terms of how they relate to their CLIENT bases. This section describes these refined cases of the general CN case so they may be available for easier reference in the further development of CONTENT INTERNETWORKING scenarios. The special cases described are the Publishing Content Network, the Brokering Content Network, and the Local Request-Routing Content Network.
CN可能具有请求路由、分发和记帐接口。然而,一些参与网络可能会倾向于内容互联接口的特定子集。其他人在与客户群的关系方面可能会有不同的看法。本节介绍了一般CN案例的这些改进案例,以便在内容互联场景的进一步开发中更容易参考。所描述的特殊情况是发布内容网络、代理内容网络和本地请求路由内容网络。
A Publishing Content Network (PCN), maintained by a PUBLISHER, contains an ORIGIN and has a NEGOTIATED RELATIONSHIP with two or more CNs. A PCN may contain SURROGATES for the benefit of serving some CONTENT REQUESTS locally, but does not intend to allow its SURROGATES to serve CONTENT on behalf of other PUBLISHERS.
由出版商维护的发布内容网络(PCN)包含一个来源,并与两个或多个CNs有协商关系。PCN可能包含代理,以便在本地服务某些内容请求,但不允许其代理代表其他发布者服务内容。
Several implications follow from knowing that a particular CN is a PCN. First, the PCN contains the AUTHORITATIVE REQUEST-ROUTING SYSTEM for the PUBLISHER's CONTENT. This arrangement allows the PUBLISHER to determine the distribution of CONTENT REQUESTS among ENLISTED CNs. Second, it implies that the PCN need only participate in a subset of CONTENT INTERNETWORKING. For example, a PCN's DISTRIBUTION INTERNETWORKING SYSTEM need only be able to receive DISTRIBUTION ADVERTISEMENTS, it need not send them. Similarly, a PCN's REQUEST-ROUTING INTERNETWORKING SYSTEM has no reason to send AREA ADVERTISEMENTS. Finally, a PCN's ACCOUNTING INTERNETWORKING SYSTEM need only be able to receive ACCOUNTING data, it need not send it.
知道一个特定的CN是一个PCN会产生一些影响。首先,PCN包含发布者内容的权威请求路由系统。这种安排允许发布者确定内容请求在已登记的CN之间的分布。其次,这意味着PCN只需要参与内容互联的一个子集。例如,PCN的分销互联网系统只需要能够接收分销广告,而不需要发送广告。类似地,PCN的请求路由互连系统没有理由发送区域广告。最后,PCN的会计联网系统只需能够接收会计数据,而无需发送。
A Brokering Content Network (BCN) is a network that does not operate its own SURROGATES. Instead, a BCN operates only CIGs as a service on behalf other CNs. A BCN may therefore be regarded as a "clearinghouse" for CONTENT INTERNETWORKING information.
代理内容网络(BCN)是一种不运行自己的代理的网络。相反,BCN仅将CIGs作为代表其他CNs的服务进行操作。因此,BCN可被视为内容互联信息的“交换所”。
For example, a BCN may choose to participate in DISTRIBUTION INTERNETWORKING and/or REQUEST-ROUTING INTERNETWORKING in order to aggregate ADVERTISEMENTS from one set of CNs into a single update stream for the benefit of other CNs. To name a single specific example, a BCN could aggregate CONTENT SIGNALS from CNs that represent PUBLISHERS into a single update stream for the benefit of CNs that contain SURROGATES. A BCN may also choose to participate in
例如,BCN可以选择参与分发互连和/或请求路由互连,以便将来自一组CNs的广告聚合到单个更新流中,以利于其他CNs。举一个具体的例子,BCN可以将代表发布者的CNs的内容信号聚合到一个更新流中,以利于包含代理的CNs。BCN也可以选择参与
ACCOUNTING INTERNETWORKING in order to aggregate utilization data from several CNs into combined reports for CNs that represent PUBLISHERS.
核算互联网络,以便将来自多个CNs的利用率数据聚合为代表出版商的CNs的组合报告。
This definition of a BCN implies that a BCN's CIGs would implement the sending and/or receiving of any combination of ADVERTISEMENTS and ACCOUNTING data as is necessary to provide desired services to other CONTENT NETWORKS. For example, if a BCN is only interested in aggregating ACCOUNTING data on behalf of other CNs, it would only need to have an ACCOUNTING INTERNETWORKING interface on its CIGs.
BCN的这一定义意味着BCN的CIGs将实现向其他内容网络提供所需服务所需的广告和会计数据的任何组合的发送和/或接收。例如,如果BCN只对代表其他CNs聚合会计数据感兴趣,那么它只需要在其CIG上有一个会计互联接口。
Another type of CN is the Local Request-Routing CONTENT NETWORK (LCN). An LCN is defined as a type of network where CLIENTS' CONTENT REQUESTS are always handled by some local SERVER (such as a caching proxy [1]). In this context, "local" is taken to mean that both the CLIENT and SERVER are within the same administrative domain, and there is an administrative motivation for forcing the local mapping. This type of arrangement is common in enterprises where all CONTENT REQUESTS must be directed through a local SERVER for access control purposes.
另一种类型的CN是本地请求路由内容网络(LCN)。LCN定义为一种网络类型,其中客户端的内容请求始终由某个本地服务器(如缓存代理[1])处理。在这种情况下,“本地”意味着客户机和服务器都在同一个管理域中,并且有强制本地映射的管理动机。这种类型的安排在企业中很常见,所有内容请求都必须通过本地服务器进行定向,以便进行访问控制。
As implied by the name, the LCN creates an exception to the rule that there is a single AUTHORITATIVE REQUEST-ROUTING SYSTEM for a particular item of CONTENT. By directing CONTENT REQUESTS through the local SERVER, CONTENT RESPONSES may be given to CLIENTS without first referring to the AUTHORITATIVE REQUEST-ROUTING SYSTEM. Knowing this to be true, other CNs may seek a NEGOTIATED RELATIONSHIP with an LCN in order to perform DISTRIBUTION into the LCN and receive ACCOUNTING data from it. Note that once SERVERS participate in DISTRIBUTION INTERNETWORKING and ACCOUNTING INTERNETWORKING, they effectively take on the role of SURROGATES. However, an LCN would not intend to allow its SURROGATES to be accessed by non-local CLIENTS.
正如名称所暗示的,LCN创建了一个例外,即对于特定内容项有一个单一的权威请求路由系统。通过通过本地服务器引导内容请求,可以向客户端提供内容响应,而无需首先参考权威请求路由系统。了解到这一点后,其他CNs可能会寻求与LCN的协商关系,以便向LCN进行分配并从LCN接收会计数据。请注意,一旦服务器参与分发互联网络和记帐互联网络,它们将有效地扮演代理角色。但是,LCN不打算允许非本地客户端访问其代理。
This set of assumptions implies multiple things about the LCN's CONTENT INTERNETWORKING relationships. First, it is implied that the LCN's DISTRIBUTION INTERNETWORKING SYSTEM need only be able to send DISTRIBUTION ADVERTISEMENTS, it need not receive them. Second, it is implied that an LCN's ACCOUNTING INTERNETWORKING SYSTEM need only be able to send ACCOUNTING data, it need not receive it. Finally, due to the locally defined REQUEST-ROUTING, the LCN would not participate in REQUEST-ROUTING INTERNETWORKING.
这组假设暗示了LCN内容互联关系的多个方面。首先,这意味着LCN的分销互联网系统只需要能够发送分销广告,而不需要接收广告。其次,这意味着LCN的会计联网系统只需要能够发送会计数据,而不需要接收会计数据。最后,由于本地定义的请求路由,LCN不会参与请求路由互连。
When the controlling interests of two CNs decide to interconnect their respective networks (such as for business reasons), it is expected that multiple steps would need to occur.
当两个CNs的控股权益决定互连其各自的网络时(例如出于业务原因),预计需要采取多个步骤。
The first step would be the creation of a NEGOTIATED RELATIONSHIP. This relationship would most likely take the form of a legal document that describes the services to be provided, cost of services, SLAs, and other stipulations. For example, if an ORIGINATING CN wished to leverage another CN's reach into a particular country, this would be laid out in the NEGOTIATED RELATIONSHIP.
第一步是建立谈判关系。这种关系最有可能以法律文件的形式出现,该文件描述了要提供的服务、服务成本、SLA和其他规定。例如,如果一个发起CN希望利用另一个CN进入某个特定国家,这将在谈判关系中加以规定。
The next step would be to configure CONTENT INTERNETWORKING protocols on the CIGs of the respective CNs in order to technically support the terms of the NEGOTIATED RELATIONSHIP. To follow our previous example, this could include the configuration of the ENLISTED CN's CIGs in a particular country to send DISTRIBUTION ADVERTISEMENTS to the CIGs of the ORIGINATING CN. In order to configure these protocols, technical details (such as CIG addresses/hostnames and authentication information) would be exchanged by administrators of the respective CNs.
下一步将是在各个CNs的CIG上配置内容互联协议,以便在技术上支持协商关系的条款。按照前面的示例,这可能包括在特定国家/地区配置已登记CN的CIG,以便向发起CN的CIG发送分发广告。为了配置这些协议,各个CNs的管理员将交换技术细节(如CIG地址/主机名和身份验证信息)。
Note also that some terms of the NEGOTIATED RELATIONSHIP would be upheld through means outside the scope of CDI protocols. These could include non-technical terms (such as financial settlement) or other technical terms (such as SLAs).
还请注意,谈判关系的某些条款将通过CDI协议范围之外的方式得到维护。这些可能包括非技术性条款(如财务结算)或其他技术性条款(如SLA)。
In the event that the controlling interests of two CNs no longer wish to have their networks interconnected, it is expected that these tasks would be undone. That is, the protocol configurations would be changed to cease the movement of ADVERTISEMENTS and/or ACCOUNTING data between the networks, and the NEGOTIATED RELATIONSHIP would be legally terminated.
如果两个CNs的控股权益不再希望其网络相互连接,预计这些任务将被撤销。也就是说,将更改协议配置以停止网络之间的广告和/或记帐数据的移动,并且协商的关系将合法终止。
This section provides several scenarios that may arise in CONTENT INTERNETWORKING implementations.
本节提供了内容互联实现中可能出现的几种场景。
Note that we obviously cannot examine every single permutation. Specifically, it should be noted that:
注意,我们显然不能检查每一个排列。具体而言,应当指出:
o Any one of the interconnected CNs may have other CONTENT INTERNETWORKING arrangements that may or may not be transitive to the relationships being described in the diagram.
o 互连的CNs中的任何一个都可以具有其他内容互连安排,这些内容互连安排可以传递到图中描述的关系,也可以不传递到图中描述的关系。
o The graphical figures do not illustrate the CONTENT REQUEST paths. It is assumed that a REQUEST-ROUTING SYSTEM eventually returns to the CLIENT the IP address of the SURROGATE deemed appropriate to honor the CLIENT's CONTENT REQUEST.
o 这些图形没有说明内容请求路径。假设请求路由系统最终将代理服务器的IP地址返回给客户机,代理服务器被认为是满足客户机的内容请求的适当地址。
The scenarios described include a general case, two cases in which BCNs provide limited interfaces, a case in which a PCN enlists the services of multiple CNs, and a case in which multiple CNs enlist the services of an LCN.
所描述的场景包括一个一般情况、两个BCN提供有限接口的情况、一个PCN登记多个CNs的服务的情况以及一个多个CNs登记LCN的服务的情况。
This scenario considers the general case where two or more existing CNs wish to establish a CONTENT INTERNETWORKING relationship in order to provide increased scale and reach for their existing customers. It assumes that all of these CNs already provide REQUEST-ROUTING, DISTRIBUTION, and ACCOUNTING services and that they will continue to provide these services to existing customers as well as offering them to other CNs.
此场景考虑了两个或多个现有CNs希望建立内容互联关系的一般情况,以便为其现有客户提供更大的规模和覆盖范围。它假设所有这些CNs已经提供请求路由、分发和记帐服务,并且它们将继续向现有客户提供这些服务,并向其他CNs提供这些服务。
In this scenario, these CNs would interconnect with others via a CIG that provides a REQUEST-ROUTING INTERNETWORKING SYSTEM, a DISTRIBUTION INTERNETWORKING SYSTEM, and an ACCOUNTING INTERNETWORKING SYSTEM. The net result of this interconnection would be that a larger set of SURROGATES will now be available to the CLIENTS.
在这种情况下,这些CNs将通过CIG与其他CNs互连,CIG提供请求路由互连系统、分发互连系统和记帐互连系统。这种互连的最终结果是,客户现在可以使用更大的代理集。
Figure 1 shows three CNs which have interconnected to provide greater scale and reach to their existing customers. They are all participating in DISTRIBUTION INTERNETWORKING, REQUEST-ROUTING INTERNETWORKING, and ACCOUNTING INTERNETWORKING.
图1显示了三个相互连接的CNs,它们可以为现有客户提供更大的规模和范围。他们都参与了分销网络、请求路由网络和计费网络。
As a result of the NEGOTIATED RELATIONSHIPS it is assumed that:
根据协商关系,假设:
1. CONTENT that has been INJECTED into any one of these ORIGINATING CNs may be distributed into any other ENLISTED CN.
1. 注入这些原始CN中的任何一个的内容可以分发到任何其他登记的CN中。
2. Commands affecting the DISTRIBUTION of CONTENT may be issued within the ORIGINATING CN, or may also be issued within the ENLISTED CN. The latter case allows local decisions to be made about DISTRIBUTION within the ENLISTED CN, but such commands would not control DISTRIBUTION within the ORIGINATING CN.
2. 影响内容分发的命令可以在原始CN内发出,也可以在登记的CN内发出。后一种情况允许就登记的CN内的分发做出本地决定,但此类命令不会控制原始CN内的分发。
3. ACCOUNTING information regarding CLIENT access and/or DISTRIBUTION actions will be made available to the ORIGINATING CN by the ENLISTED CN.
3. 登记的CN将向发起CN提供有关客户端访问和/或分发操作的会计信息。
4. The ORIGINATING CN would provide this ACCOUNTING information to the PUBLISHER based on existing Service Level Agreements (SLAs).
4. 发起CN将根据现有服务水平协议(SLA)向发布者提供该会计信息。
5. CONTENT REQUESTS by CLIENTS may be directed to SURROGATES within any of the ENLISTED CNs.
5. 客户端的内容请求可定向到任何已登记CNs内的代理。
The decision of where to direct an individual CONTENT REQUEST may be dependent upon the DISTRIBUTION and REQUEST-ROUTING policies associated with the CONTENT being requested as well as the specific algorithms and methods used for directing these requests. For example, a REQUEST-ROUTING policy for a piece of CONTENT may indicate multiple versions exist based on the spoken language of a CLIENT. Therefore, the REQUEST-ROUTING SYSTEM of an ENLISTED CN would likely direct a CONTENT REQUEST to a SURROGATE known to be holding a version of CONTENT of a language that matches that of a CLIENT.
将单个内容请求定向到何处的决定可能取决于与被请求的内容相关联的分发和请求路由策略以及用于定向这些请求的特定算法和方法。例如,一段内容的请求路由策略可以指示基于客户端的口语存在多个版本。因此,已登记CN的请求路由系统可能会将内容请求定向到已知持有与客户端内容版本匹配的语言内容版本的代理。
Figure 1 - General CONTENT INTERNETWORKING
图1-互联网的一般内容
+--------------+ +--------------+
| CN A | | CN B |
|..............| +---------+ +---------+ |..............+
| REQ-ROUTING |<=>| |<=>| |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| |<=>| |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ \^ \ \ ^/ ^/ ^/ | ^
v | \\ \\ \\ // // // v |
+--------------+ \\ \\ \\ // // // +--------------+
| SURROGATES | \\ v\ v\ /v /v // | SURROGATES |
+--------------+ \\+---------+// +--------------+
^ | v| |v ^ |
| | | CONTENT | | |
| | |INTWRKING| | |
| | | GATEWAY | | |
| | | | | |
| | +---------+ | |
| | ^| ^| ^| | |
| | || || || | |
| | |v |v |v | |
| | +--------------+ | |
| | | CN C | | |
| | |..............| | |
| | | REQ-ROUTING | | |
| | |..............| | |
\ \ | DISTRIBUTION | / /
\ \ |..............| / /
\ \ | ACCOUNTING | / /
\ \ |--------------| / /
\ \ | ^ / /
\ \ v | / /
\ \ +--------------+ / /
\ \ | SURROGATES | / /
\ \ +--------------+ / /
\ \ | ^ / /
\ \ | | / /
\ \ v | / /
\ \ +---------+ / /
\ \-->| CLIENTS |---/ /
\----| |<---/
+---------+
+--------------+ +--------------+
| CN A | | CN B |
|..............| +---------+ +---------+ |..............+
| REQ-ROUTING |<=>| |<=>| |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| |<=>| |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ \^ \ \ ^/ ^/ ^/ | ^
v | \\ \\ \\ // // // v |
+--------------+ \\ \\ \\ // // // +--------------+
| SURROGATES | \\ v\ v\ /v /v // | SURROGATES |
+--------------+ \\+---------+// +--------------+
^ | v| |v ^ |
| | | CONTENT | | |
| | |INTWRKING| | |
| | | GATEWAY | | |
| | | | | |
| | +---------+ | |
| | ^| ^| ^| | |
| | || || || | |
| | |v |v |v | |
| | +--------------+ | |
| | | CN C | | |
| | |..............| | |
| | | REQ-ROUTING | | |
| | |..............| | |
\ \ | DISTRIBUTION | / /
\ \ |..............| / /
\ \ | ACCOUNTING | / /
\ \ |--------------| / /
\ \ | ^ / /
\ \ v | / /
\ \ +--------------+ / /
\ \ | SURROGATES | / /
\ \ +--------------+ / /
\ \ | ^ / /
\ \ | | / /
\ \ v | / /
\ \ +---------+ / /
\ \-->| CLIENTS |---/ /
\----| |<---/
+---------+
4.2. BCN providing ACCOUNTING INTERNETWORKING and REQUEST-ROUTING INTERNETWORKING
4.2. BCN提供计费互连和请求路由互连
This scenario describes the case where a single entity (BCN A) performs ACCOUNTING INTERNETWORKING and REQUEST-ROUTING INTERNETWORKING functions, but has no inherent DISTRIBUTION or DELIVERY capabilities. A potential configuration which illustrates this concept is given in Figure 2.
此场景描述了单个实体(BCN a)执行记帐网络互连和请求路由网络互连功能,但没有固有的分发或交付功能的情况。图2中给出了一个说明此概念的潜在配置。
In the scenario shown in Figure 2, BCN A is responsible for collecting ACCOUNTING information from multiple CONTENT NETWORKS (CN A and CN B) to provide a clearinghouse/settlement function, as well as providing a REQUEST-ROUTING service for CN A and CN B.
在图2所示的场景中,BCN A负责从多个内容网络(CN A和CN B)收集会计信息,以提供清算所/结算功能,并为CN A和CN B提供请求路由服务。
In this scenario, CONTENT is injected into either CN A or CN B and its DISTRIBUTION between these CNs is controlled via the DISTRIBUTION INTERNETWORKING SYSTEMS within the CIGs. The REQUEST-ROUTING SYSTEM provided by BCN A is informed of the ability to serve a piece of CONTENT from a particular CONTENT NETWORK by the REQUEST-ROUTING SYSTEMS within the interconnected CIGs.
在这种情况下,内容被注入CN A或CN B,其在这些CN之间的分发通过CIGs内的分发网络系统进行控制。由BCN A提供的请求路由系统通过互连CIG内的请求路由系统被告知能够为来自特定内容网络的内容提供服务。
BCN A collects statistics and usage information via the ACCOUNTING INTERNETWORKING SYSTEM and disseminates that information to CN A and CN B as appropriate.
BCN A通过会计互联系统收集统计数据和使用信息,并酌情将这些信息分发给CN A和CN B。
As illustrated in Figure 2, there are separate REQUEST-ROUTING SYSTEMS employed within CN A and CN B. If the REQUEST-ROUTING SYSTEM provided by BCN A is the AUTHORITATIVE REQUEST-ROUTING SYSTEM for a given piece of CONTENT this is not a problem. However, each individual CN may also provide the AUTHORITATIVE REQUEST-ROUTING SYSTEM for some portion of its PUBLISHER customers. In this case care must be taken to ensure that the there is one and only one AUTHORITATIVE REQUEST-ROUTING SYSTEM identified for each given CONTENT object.
如图2所示,CN A和CN B中采用了独立的请求路由系统。如果BCN A提供的请求路由系统是给定内容的权威请求路由系统,则这不是问题。然而,每个单独的CN也可以为其部分发行者客户提供权威的请求路由系统。在这种情况下,必须注意确保为每个给定内容对象标识一个且只有一个权威的请求路由系统。
Figure 2 - BCN providing ACCOUNTING INTERNETWORKING and REQUEST-ROUTING INTERNETWORKING
图2-BCN提供计费互连和请求路由互连
+--------------+
| BCN A |
|..............| +-----------+
| REQ-ROUTING |<===>| |
|..............| | CONTENT |
| ACCOUNTING |<===>| INTWRKING |
+--------------+ | GATEWAY |
| |
+-----------+
^| ^| ^| ^|
+--------------+ // // \\ \\ +--------------+
| CN A | |v |v |v |v | CN B |
|..............| +---------+ +---------+ |..............|
| REQ-ROUTING |<=>| | | |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| | | |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ | ^
v | v |
+--------------+ +--------------+
| SURROGATES | | SURROGATES |
+--------------+ +--------------+
^ \ ^ /
\ \ / /
\ \ / /
\ \ / /
\ \ +---------+ / /
\ \---->| CLIENTS |-----/ /
\------| |<-----/
+---------+
+--------------+
| BCN A |
|..............| +-----------+
| REQ-ROUTING |<===>| |
|..............| | CONTENT |
| ACCOUNTING |<===>| INTWRKING |
+--------------+ | GATEWAY |
| |
+-----------+
^| ^| ^| ^|
+--------------+ // // \\ \\ +--------------+
| CN A | |v |v |v |v | CN B |
|..............| +---------+ +---------+ |..............|
| REQ-ROUTING |<=>| | | |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| | | |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ | ^
v | v |
+--------------+ +--------------+
| SURROGATES | | SURROGATES |
+--------------+ +--------------+
^ \ ^ /
\ \ / /
\ \ / /
\ \ / /
\ \ +---------+ / /
\ \---->| CLIENTS |-----/ /
\------| |<-----/
+---------+
This scenario describes the case where a single entity (BCN A) performs ACCOUNTING INTERNETWORKING to provide a clearinghouse/ settlement function only. In this scenario, BCN A would enter into NEGOTIATED RELATIONSHIPS with multiple CNs that each perform their own DISTRIBUTION INTERNETOWRKING and REQUEST-ROUTING INTERNETWORKING as shown in FIGURE 3.
此场景描述了单个实体(BCN a)执行会计联网以仅提供清算所/结算功能的情况。在这种情况下,BCN A将与多个CNs建立协商关系,每个CNs执行其自己的分发INTERNETWORKING和请求路由INTERNETWORKING,如图3所示。
Figure 3 - BCN providing ACCOUNTING INTERNETWORKING
图3-BCN提供会计联网
+--------------+
| BCN A |
|..............| +-----------+
| ACCOUNTING |<===>| |
+--------------+ | CONTENT |
| INTWRKING |
| GATEWAY |
| |
+-----------+
^| ^|
+--------------+ // \\ +--------------+
| CN A | |v |v | CN B |
|..............| +---------+ +---------+ |..............|
| REQ-ROUTING |<=>| |<=>| |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| | | |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ | ^
v | v |
+--------------+ +--------------+
| SURROGATES | | SURROGATES |
+--------------+ +--------------+
^ \ ^ /
\ \ / /
\ \ / /
\ \ / /
\ \ +---------+ / /
\ \---->| CLIENTS |-----/ /
\------| |<-----/
+---------+
+--------------+
| BCN A |
|..............| +-----------+
| ACCOUNTING |<===>| |
+--------------+ | CONTENT |
| INTWRKING |
| GATEWAY |
| |
+-----------+
^| ^|
+--------------+ // \\ +--------------+
| CN A | |v |v | CN B |
|..............| +---------+ +---------+ |..............|
| REQ-ROUTING |<=>| |<=>| |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| | | |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ | ^
v | v |
+--------------+ +--------------+
| SURROGATES | | SURROGATES |
+--------------+ +--------------+
^ \ ^ /
\ \ / /
\ \ / /
\ \ / /
\ \ +---------+ / /
\ \---->| CLIENTS |-----/ /
\------| |<-----/
+---------+
In the previously enumerated scenarios, PUBLISHERS have not been discussed. Much of the time, it is assumed that the PUBLISHERS will allow CNs to act on their behalf. For example, a PUBLISHER may designate a particular CN to be the AUTHORITATIVE REQUEST-ROUTING SYSTEM for its CONTENT. Similarly, a PUBLISHER may rely on a particular CN to aggregate all its ACCOUNTING data, even though that data may originate at SURROGATES in multiple distant CNs. Finally, a PUBLISHER may INJECT content only into a single CN and rely on that CN to ENLIST other CNs to obtain scale and reach.
在前面列举的场景中,未讨论发布者。大多数情况下,假设出版商将允许CNs代表他们行事。例如,发布者可以指定特定CN作为其内容的权威请求路由系统。类似地,发布者可能依赖特定CN来聚合其所有会计数据,即使这些数据可能来自多个远程CN中的代理。最后,发布者可能只将内容注入单个CN,并依赖该CN征募其他CN以获得规模和覆盖范围。
However, a PUBLISHER may wish to maintain more control and take on the task of ENLISTING CNs itself, therefore acting as a PCN (Section 2.1). This scenario, shown in Figure 4, describes the case where a PCN wishes to directly enter into NEGOTIATED RELATIONSHIPS with multiple CNs. In this scenario, the PCN would operate its own CIG and enter into DISTRIBUTION INTERNETWORKING, ACCOUNTING INTERNETWORKING, and REQUEST-ROUTING INTERNETWORKING relationships with two or more CNs.
然而,出版商可能希望保持更多的控制权,并承担登记CNs本身的任务,因此充当PCN(第2.1节)。如图4所示,该场景描述了PCN希望直接与多个CNs建立协商关系的情况。在这种情况下,PCN将运行自己的CIG,并与两个或多个CNs建立分销互联、会计互联和请求路由互联关系。
Figure 4 - PCN ENLISTS multiple CNs
图4-PCN登记多个CNs
+--------------+
| PCN |
|..............| +-----------+
| REQ-ROUTING |<=>| |<---\
|..............| | CONTENT |----\\
| DISTRIBUTION |<=>| INTWRKING | \\
|..............| | GATEWAY |--\ \\
| ACCOUNTING |<=>| |<-\\ \\
+--------------+ +-----------+ \\ \\
^| ^| ^| ^| \\ ||
+--------------+ || || || \\ || || +--------------+
| CN A | |v |v |v \v |v |v | CN B |
|..............| +---------+ +---------+ |..............|
| REQ-ROUTING |<=>| | | |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING| |INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| | | |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ | ^
v | v |
+--------------+ +--------------+
| SURROGATES | | SURROGATES |
+--------------+ +--------------+
^ \ ^ /
\ \ / /
\ \ / /
\ \ / /
\ \ +---------+ / /
\ \---->| CLIENTS |-----/ /
\------| |<-----/
+---------+
+--------------+
| PCN |
|..............| +-----------+
| REQ-ROUTING |<=>| |<---\
|..............| | CONTENT |----\\
| DISTRIBUTION |<=>| INTWRKING | \\
|..............| | GATEWAY |--\ \\
| ACCOUNTING |<=>| |<-\\ \\
+--------------+ +-----------+ \\ \\
^| ^| ^| ^| \\ ||
+--------------+ || || || \\ || || +--------------+
| CN A | |v |v |v \v |v |v | CN B |
|..............| +---------+ +---------+ |..............|
| REQ-ROUTING |<=>| | | |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING| |INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| | | |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ | ^
v | v |
+--------------+ +--------------+
| SURROGATES | | SURROGATES |
+--------------+ +--------------+
^ \ ^ /
\ \ / /
\ \ / /
\ \ / /
\ \ +---------+ / /
\ \---->| CLIENTS |-----/ /
\------| |<-----/
+---------+
A type of CN described in Section 2.3 is the LCN. In this scenario, we imagine a tightly administered CN (such as within an enterprise) has determined that all CONTENT REQUESTS from CLIENTS must be serviced locally. Likely due to a large CLIENT base in the LCN, multiple CNs determine they would like to engage in DISTRIBUTION INTERNETWORKING with the LCN in order to extend control over CONTENT objects held in the LCN's SURROGATES. Similarly, the CNs would like to engage in ACCOUNTING INTERNETWORKING with the LCN in order to receive ACCOUNTING data regarding the usage of the content in the local SURROGATES. This scenario is shown in Figure 5. Although this diagram shows a DISTRIBUTION INTERNETWORKING connection between CN A
第2.3节中描述的CN类型为LCN。在这个场景中,我们设想一个严格管理的CN(例如在企业内部)已经确定来自客户端的所有内容请求都必须在本地提供服务。可能是由于LCN中的大型客户群,多个CNs确定他们希望与LCN进行分发互联,以扩展对LCN代理中的内容对象的控制。同样,CNs希望与LCN进行会计互联,以便接收有关本地代理中内容使用情况的会计数据。此场景如图5所示。尽管此图显示了CN和a之间的分布互连连接
and CN B, it should be recognized that this connection is optional and not a requirement in this scenario.
和CN B,应该认识到这种连接是可选的,在这种情况下不是必需的。
Figure 5 - Multiple CNs ENLIST LCN
图5-多个CNs登记LCN
+--------------+ +--------------+
| CN A | | CN B |
+..............| +---------+ +---------+ |..............+
| REQ-ROUTING |<=>| |<=>| |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| |<=>| |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ \^ \^ ^/ ^/ | ^
v | \\ \\ // // v |
+--------------+ \\ \\ // // +--------------+
| SURROGATES | v\ v\ /v /v | SURROGATES |
+--------------+ +---------+ +--------------+
| |
| CONTENT |
|INTWRKING|
| GATEWAY |
| |
+---------+
^| ^|
|| ||
|v |v
+--------------+
| LCN A |
|..............|
| DISTRIBUTION |
|..............|
| ACCOUNTING |
|--------------|
| ^
v |
+--------------+
| SURROGATES |
+--------------+
| ^
| |
v |
+---------+
| CLIENTS |
| |
+---------+
+--------------+ +--------------+
| CN A | | CN B |
+..............| +---------+ +---------+ |..............+
| REQ-ROUTING |<=>| |<=>| |<=>| REQ-ROUTING |
|..............| | CONTENT | | CONTENT | |..............|
| DISTRIBUTION |<=>|INTWRKING|<=>|INTWRKING|<=>| DISTRIBUTION |
|..............| | GATEWAY | | GATEWAY | |..............|
| ACCOUNTING |<=>| |<=>| |<=>| ACCOUNTING |
+--------------+ +---------+ +---------+ +--------------+
| ^ \^ \^ ^/ ^/ | ^
v | \\ \\ // // v |
+--------------+ \\ \\ // // +--------------+
| SURROGATES | v\ v\ /v /v | SURROGATES |
+--------------+ +---------+ +--------------+
| |
| CONTENT |
|INTWRKING|
| GATEWAY |
| |
+---------+
^| ^|
|| ||
|v |v
+--------------+
| LCN A |
|..............|
| DISTRIBUTION |
|..............|
| ACCOUNTING |
|--------------|
| ^
v |
+--------------+
| SURROGATES |
+--------------+
| ^
| |
v |
+---------+
| CLIENTS |
| |
+---------+
Security concerns with respect to Content Internetworking can be generally categorized into trust within the system and protection of the system from threats. The trust model utilized with Content Internetworking is predicated largely on transitive trust between the ORIGIN, REQUEST-ROUTING INTERNETWORKING SYSTEM, DISTRIBUTION INTERNETWORKING SYSTEM, ACCOUNTING INTERNETWORING SYSTEM, and SURROGATES. Network elements within the Content Internetworking system are considered to be "insiders" and therefore trusted.
与内容互联有关的安全问题通常可分为系统内的信任和保护系统免受威胁。内容互联使用的信任模型主要基于源站、请求路由互联系统、分发互联系统、计费互联系统和代理之间的可传递信任。内容互联系统内的网络元素被视为“内部人”,因此值得信任。
The following sections document key threats to CLIENTs, PUBLISHERs, and CNs. The threats are classified according to the party that they most directly harm, but, of course, a threat to any party is ultimately a threat to all. (For example, having a credit card number stolen may most directly affect a CLIENT; however, the resulting dissatisfaction and publicity will almost certainly cause some harm to the PUBLISHER and CN, even if the harm is only to those organizations' reputations.)
以下章节记录了客户、出版商和CNs面临的主要威胁。威胁按其最直接伤害的一方分类,但当然,对任何一方的威胁最终都是对所有人的威胁。(例如,信用卡号被盗可能对客户产生最直接的影响;然而,由此产生的不满和宣传几乎肯定会对出版商和CN造成一些损害,即使损害的只是这些组织的声誉。)
Because the SURROGATE's location may differ from that of the ORIGIN, the use of a SURROGATE may inadvertently or maliciously defeat any location-based security settings employed by the CLIENT. And since the SURROGATE's location is generally transparent to the CLIENT, the CLIENT may be unaware that its protections are no longer in force. For example, a CN may relocate CONTENT from a Internet Explorer user's "Internet Web Content Zone" to that user's "Local Intranet Web Content Zone". If the relocation is visible to the Internet Explorer browser but otherwise invisible to the user, the browser may be employing less stringent security protections than the user is expecting for that CONTENT. (Note that this threat differs, at least in degree, from the substitution of security parameters threat below, as Web Content Zones can control whether or not, for example, the browser executes unsigned active content.)
由于代理的位置可能不同于源位置,因此使用代理可能会无意或恶意破坏客户端使用的任何基于位置的安全设置。由于代理人的位置通常对客户是透明的,客户可能不知道其保护措施已不再有效。例如,CN可以将内容从Internet Explorer用户的“Internet Web内容区域”重新定位到该用户的“本地Intranet Web内容区域”。如果重新定位对Internet Explorer浏览器可见,但对用户不可见,则浏览器使用的安全保护可能比用户对该内容的期望要低。(请注意,此威胁至少在程度上不同于下面的安全参数替换威胁,因为Web内容区域可以控制浏览器是否执行未签名的活动内容。)
In the case of CONTENT with value, CLIENTs may be inappropriately charged for viewing content that they did not successfully access. Conversely, some PUBLISHERs may reward CLIENTs for viewing certain
对于有价值的内容,客户端可能会因查看未成功访问的内容而被不适当地收取费用。相反,一些出版商可能会奖励观看特定内容的客户
CONTENT (e.g., programs that "pay" users to surf the Web). Should a CN fail to deliver appropriate accounting information, the CLIENT may not receive appropriate credit for viewing the required CONTENT.
内容(例如,“付费”用户上网的程序)。如果CN未能提供适当的会计信息,客户可能无法获得查看所需内容的适当信用。
A CN that does not deliver the appropriate CONTENT may provide the user misleading information (either maliciously or inadvertently). This threat can be manifested as a failure of either the DISTRIBUTION SYSTEM (inappropriate content delivered to appropriate SURROGATEs) or REQUEST-ROUTING SYSTEM (request routing to inappropriate SURROGATEs, even though they may have appropriate CONTENT), or both. A REQUEST-ROUTING SYSTEM may also fail by forwarding the CLIENT request when no forwarding is appropriate, or by failing to forward the CLIENT request when forwarding is appropriate.
不提供适当内容的CN可能(恶意或无意)向用户提供误导性信息。这种威胁可以表现为分发系统(不适当的内容交付给适当的代理)或请求路由系统(请求路由到不适当的代理,即使他们可能有适当的内容)的故障,或者两者都有。请求路由系统也可能由于在没有合适的转发时转发客户端请求而失败,或者由于在合适的转发时未能转发客户端请求而失败。
A CN that does not forward the CLIENT appropriately may deny the CLIENT access to CONTENT.
未适当转发客户端的CN可能会拒绝客户端访问内容。
CNs may inadvertently or maliciously expose private information (passwords, buying patterns, page views, credit card numbers) as it transmits from SURROGATEs to ORIGINs and/or PUBLISHERs.
CNs可能会在从代理传输到来源和/或发布者时无意或恶意地泄露私人信息(密码、购买模式、页面浏览量、信用卡号码)。
If a SURROGATE does not duplicate completely the security facilities of the ORIGIN (e.g., encryption algorithms, key lengths, certificate authorities) CONTENT delivered through the SURROGATE may be less secure than the CLIENT expects.
如果代理服务器没有完全复制源服务器的安全设施(例如,加密算法、密钥长度、证书颁发机构),则通过代理服务器交付的内容的安全性可能低于客户端的预期。
If a SURROGATE does not employ the same security policies and procedures as the ORIGIN, the CLIENT's private information may be treated with less care than the CLIENT expects. For example, the operator of a SURROGATE may not have as rigorous protection for the CLIENT's password as does the operator of the ORIGIN server. This threat may also manifest itself if the legal jurisdiction of the SURROGATE differs from that of the ORIGIN, should, for example, legal differences between the jurisdictions require or permit different treatment of the CLIENT's private information.
如果代理未采用与源站相同的安全策略和程序,则客户的私人信息可能会受到比客户预期的更少的关注。例如,代理服务器的操作员对客户端密码的保护可能不如原始服务器的操作员严格。如果代理的法律管辖权与来源地的法律管辖权不同,例如,如果管辖权之间的法律差异要求或允许对客户的私人信息进行不同的处理,则这种威胁也可能表现出来。
If a CN does not deliver accurate accounting information, the PUBLISHER may be unable to charge CLIENTs for accessing CONTENT or it may reward CLIENTs inappropriately. Inaccurate accounting information may also cause a PUBLISHER to pay for services (e.g., content distribution) that were not actually rendered. Invalid accounting information may also effect PUBLISHERs indirectly by, for example, undercounting the number of site visitors (and, thus, reducing the PUBLISHER's advertising revenue).
如果CN没有提供准确的会计信息,出版商可能无法向访问内容的客户收取费用,或者可能会不适当地奖励客户。不准确的会计信息还可能导致出版商为实际未提供的服务(如内容分发)付费。无效的会计信息也可能间接影响出版商,例如,对网站访问者的数量计算不足(从而减少出版商的广告收入)。
A CN that does not distribute CONTENT appropriately may deny CLIENTs access to CONTENT.
不适当分发内容的CN可能会拒绝客户端访问内容。
If a SURROGATE does not duplicate completely the security services of the ORIGIN (e.g., encryption algorithms, key lengths, certificate authorities, client authentication) CONTENT stored on the SURROGATE may be less secure than the PUBLISHER prefers.
如果代理服务器没有完全复制源服务器的安全服务(例如,加密算法、密钥长度、证书颁发机构、客户端身份验证),则存储在代理服务器上的内容的安全性可能低于发布服务器的偏好。
If a SURROGATE does not employ the same security policies and procedures as the ORIGIN, the CONTENT may be treated with less care than the PUBLISHER expects. This threat may also manifest itself if the legal jurisdiction of the SURROGATE differs from that of the ORIGIN, should, for example, legal differences between the jurisdictions require or permit different treatment of the CONTENT.
如果代理服务器未采用与源服务器相同的安全策略和过程,则可能会比发布服务器预期的更谨慎地处理内容。如果代理的法律管辖权与来源地的法律管辖权不同,例如,如果管辖权之间的法律差异要求或允许对内容进行不同处理,则这种威胁也可能表现出来。
If a CN is unable to collect or receive accurate accounting information, it may be unable to collect compensation for its services from PUBLISHERs.
如果CN无法收集或接收准确的会计信息,则可能无法从发布者处收取服务报酬。
Misuse of a CN may make that CN's facilities unavailable, or available only at reduced functionality, to legitimate customers or the CN provider itself. Denial of service attacks can be targeted at a CN's ACCOUNTING SYSTEM, DISTRIBUTION SYSTEM, or REQUEST-ROUTING SYSTEM.
滥用CN可能会使该CN的设施无法提供给合法客户或CN提供商本身,或只能在功能减少的情况下提供。拒绝服务攻击可以针对CN的记帐系统、分发系统或请求路由系统。
To the extent that a CN acts as either a CLIENT or a PUBLISHER (such as, for example, in transitive implementations) such a CN may be exposed to any or all of the threats described above for both roles.
在CN充当客户端或发布者(例如,在可传递实现中)的情况下,这样的CN可能暴露于上述两个角色的任何或所有威胁。
The authors acknowledge the contributions and comments of Fred Douglis (AT&T), Raj Nair (Cisco), Gary Tomlinson (CacheFlow), John Scharber (CacheFlow), Nalin Mistry (Nortel), Steve Rudkin (BT), Christian Hoertnagl (IBM), Christian Langkamp (Oxford University), and Don Estberg (Activate).
作者感谢Fred Douglis(AT&T)、Raj Nair(Cisco)、Gary Tomlinson(CacheFlow)、John Scharber(CacheFlow)、Nalin Mistry(北电)、Steve Rudkin(BT)、Christian Hoertnagl(IBM)、Christian Langkamp(牛津大学)和Don Estberg(牛津大学)的贡献和评论。
[1] Day, M., Cain, B., Tomlinson, G. and P. Rzewski, "A Model for Content Internetworking (CDI)", RFC 3466, February 2003.
[1] Day,M.,Cain,B.,Tomlinson,G.和P.Rzewski,“内容互联网(CDI)模型”,RFC 3466,2003年2月。
[2] Biliris, A., Cranor, C., Douglis, F., Rabinovich, M., Sibal, S., Spatscheck, O. and W. Sturm, "CDN Brokering", Proceedings of the 6th International Workshop on Web Caching and Content Distribution, Boston, MA, June 2001.
[2] Bilis,A.,Cranor,C.,Douglis,F.,Rabinovich,M.,Sibal,S.,Spatscheck,O.和W.Sturm,“CDN代理”,第六届网络缓存和内容分发国际研讨会论文集,马萨诸塞州波士顿,2001年6月。
Mark S. Day Cisco Systems 1414 Massachusetts Avenue Boxborough, MA 01719 US
美国马萨诸塞州伯斯堡马萨诸塞大道1414号思科系统公司,邮编01719
Phone: +1 978 936 1089
EMail: mday@alum.mit.edu
Phone: +1 978 936 1089
EMail: mday@alum.mit.edu
Don Gilletti 21 22nd Ave. San Mateo, CA 94403 US
美国加利福尼亚州圣马特奥市第22大道21号唐·吉莱蒂邮编94403
Phone +1 408 569 6813 EMail: dgilletti@yahoo.com
电话+1408 569 6813电子邮件:dgilletti@yahoo.com
Phil Rzewski 30 Jennifer Place San Francisco, CA 94107 US
Phil Rzewski 30珍妮佛CA旧金山94107美国
Phone: +1 650 303 3790
EMail: philrz@yahoo.com
Phone: +1 650 303 3790
EMail: philrz@yahoo.com
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。