Network Working Group B. Aiken Request for Comments: 2768 J. Strassner Category: Informational Cisco Systems B. Carpenter IBM I. Foster Argonne National Laboratory C. Lynch Coalition for Networked Information J. Mambretti ICAIR R. Moore UCSD B. Teitelbaum Advanced Networks & Services, Inc. February 2000
Network Working Group B. Aiken Request for Comments: 2768 J. Strassner Category: Informational Cisco Systems B. Carpenter IBM I. Foster Argonne National Laboratory C. Lynch Coalition for Networked Information J. Mambretti ICAIR R. Moore UCSD B. Teitelbaum Advanced Networks & Services, Inc. February 2000
Network Policy and Services: A Report of a Workshop on Middleware
网络策略和服务:中间件研讨会的报告
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
An ad hoc middleware workshop was held at the International Center for Advanced Internet Research in December 1998. The Workshop was organized and sponsored by Cisco, Northwestern University's International Center for Advanced Internet Research (iCAIR), IBM, and the National Science Foundation (NSF). The goal of the workshop was to identify existing middleware services that could be leveraged for new capabilities as well as identifying additional middleware services requiring research and development. The workshop participants discussed the definition of middleware in general, examined the applications perspective, detailed underlying network transport capabilities relevant to middleware services, and then covered various specific examples of middleware components. These included APIs, authentication, authorization, and accounting (AAA) issues, policy framework, directories, resource management, networked information discovery and retrieval services, quality of service,
1998年12月,在国际先进互联网研究中心举办了一次特别的中间件研讨会。该研讨会是由思科、西北大学国际互联网研究中心(ICAIR)、IBM和国家科学基金会(NSF)组织和赞助的。研讨会的目标是确定可用于新功能的现有中间件服务,以及确定需要研究和开发的其他中间件服务。研讨会参与者一般讨论了中间件的定义,研究了应用程序视角,详细介绍了与中间件服务相关的底层网络传输能力,然后介绍了中间件组件的各种具体示例。其中包括API、身份验证、授权和记帐(AAA)问题、策略框架、目录、资源管理、网络信息发现和检索服务、服务质量、,
security, and operational tools. The need for a more organized framework for middleware R&D was recognized, and a list of specific topics needing further work was identified.
安全和操作工具。认识到需要为中间件研发建立一个更有组织的框架,并确定了需要进一步工作的特定主题列表。
Table of Contents
目录
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Contextual Framework . . . . . . . . . . . . . . . . . . . . 3 2.0 What is Middleware? . . . . . . . . . . . . . . . . . . . . 4 3.0 Application Perspective . . . . . . . . . . . . . . . . . . 6 4.0 Exemplary Components . . . . . . . . . . . . . . . . . . . . 7 5.0 Application Programming Interfaces and Signaling . . . . . . 8 6.0 IETF AAA . . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.0 Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8.0 Directories . . . . . . . . . . . . . . . . . . . . . . . . 12 9.0 Resource Management . . . . . . . . . . . . . . . . . . . . 15 10.0 Networked Information Discovery and Retrieval Services . . . 17 11.0 Network QOS . . . . . . . . . . . . . . . . . . . . . . . . 18 12.0 Authentication, authorization, and access management . . . . 21 13.0 Network Management, Performance, and Operations . . . . . . 22 14.0 Middleware to support multicast applications . . . . . . . . 23 15.0 Java and Jini TM . . . . . . . . . . . . . . . . . . . . . . 24 16.0 Security Considerations . . . . . . . . . . . . . . . . . . 24 17.0 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . 24 18.0 Participants . . . . . . . . . . . . . . . . . . . . . . . . 26 19.0 URLs/references . . . . . . . . . . . . . . . . . . . . . . 27 20.0 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 27 21.0 Full Copyright Statement . . . . . . . . . . . . . . . . . . 29
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.0 Contextual Framework . . . . . . . . . . . . . . . . . . . . 3 2.0 What is Middleware? . . . . . . . . . . . . . . . . . . . . 4 3.0 Application Perspective . . . . . . . . . . . . . . . . . . 6 4.0 Exemplary Components . . . . . . . . . . . . . . . . . . . . 7 5.0 Application Programming Interfaces and Signaling . . . . . . 8 6.0 IETF AAA . . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.0 Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8.0 Directories . . . . . . . . . . . . . . . . . . . . . . . . 12 9.0 Resource Management . . . . . . . . . . . . . . . . . . . . 15 10.0 Networked Information Discovery and Retrieval Services . . . 17 11.0 Network QOS . . . . . . . . . . . . . . . . . . . . . . . . 18 12.0 Authentication, authorization, and access management . . . . 21 13.0 Network Management, Performance, and Operations . . . . . . 22 14.0 Middleware to support multicast applications . . . . . . . . 23 15.0 Java and Jini TM . . . . . . . . . . . . . . . . . . . . . . 24 16.0 Security Considerations . . . . . . . . . . . . . . . . . . 24 17.0 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . 24 18.0 Participants . . . . . . . . . . . . . . . . . . . . . . . . 26 19.0 URLs/references . . . . . . . . . . . . . . . . . . . . . . 27 20.0 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 27 21.0 Full Copyright Statement . . . . . . . . . . . . . . . . . . 29
Introduction
介绍
This document describes the term "middleware" as well as its requirements and scope. Its purpose is to facilitate communication between developers of both collaboration based and high-performance distributed computing applications and developers of the network infrastructure. Generally, in advanced networks, middleware consists of services and other resources located between both the applications and the underlying packet forwarding and routing infrastructure, although no consensus currently exists on the precise lines of demarcation that would define those domains. This document is being developed within the context of existing standards efforts. Consequently, this document defines middleware core components within the framework of the current status of middleware-related standards activities, especially within the IETF and the Desktop Management Task Force (DMTF). The envisioned role of the IETF is to lead the work in defining the underlying protocols that could be used to support a middleware infrastructure. In this context, we will leverage the information modeling work, as well as the advanced XML
本文档描述了术语“中间件”及其要求和范围。其目的是促进基于协作和高性能分布式计算应用程序的开发人员与网络基础设施的开发人员之间的通信。通常,在高级网络中,中间件由位于应用程序和底层数据包转发和路由基础设施之间的服务和其他资源组成,尽管目前在定义这些域的精确界限上没有达成共识。本文件是在现有标准工作的背景下编制的。因此,本文档在中间件相关标准活动的当前状态框架内定义了中间件核心组件,特别是在IETF和桌面管理任务组(DMTF)内。IETF的预期角色是领导定义可用于支持中间件基础设施的底层协议的工作。在本文中,我们将利用信息建模工作以及高级XML
and CIM/DEN-LDAP mapping work, being done in the DMTF. (The recently constituted Grid Forum is also pursuing relevant activities.)
和CIM/DEN-LDAP映射工作,在DMTF中完成。(最近成立的网格论坛也在开展相关活动。)
This document also addresses the impact of middleware on Internet protocol development. As part of its approach to describing middleware, this document has initially focused on the intersections among middleware components and application areas that already have well defined activities underway.
本文档还讨论了中间件对Internet协议开发的影响。作为描述中间件方法的一部分,本文档最初将重点放在中间件组件和应用程序领域之间的交叉点上,这些领域已经有了定义良好的活动。
This document is a product of an ad hoc Middleware Workshop held on December 4-5 1998. The Workshop was organized and sponsored by Cisco, Northwestern University's International Center for Advanced Internet Research (iCAIR), IBM, and the National Science Foundation (NSF). The goal of the workshop was to define the term middleware and its requirements on advanced network infrastructures as well as on distributed applications. These definitions will enable a set of core middleware components to subsequently be specified, both for supporting advanced application environments as well as for providing a basis for other middleware services.
本文档是1998年12月4日至5日举行的特别中间件研讨会的成果。该研讨会是由思科、西北大学国际互联网研究中心(ICAIR)、IBM和国家科学基金会(NSF)组织和赞助的。研讨会的目标是定义术语中间件及其对高级网络基础设施和分布式应用程序的要求。这些定义将允许随后指定一组核心中间件组件,用于支持高级应用程序环境以及为其他中间件服务提供基础。
Although this document is focused on a greater set of issues than just Internet protocols, the concepts and issues put forth here are extremely relevant to the way networks and protocols need to evolve as we move into the implementation stage of "the network is the computer". Therefore, this document is offered to the IETF, DMTF, Internet2, Next Generation Internet (NGI), NSF Partnerships for Advanced Computational Infrastructure (PACI), the interagency Information Technology for the 21st Century (IT2) program, the Grid Forum, the Worldwide Web Consortium, and other communities for their consideration.
尽管本文件的重点不只是互联网协议,而是更大范围的问题,但本文提出的概念和问题与我们进入“网络就是计算机”的实施阶段时网络和协议需要发展的方式极为相关。因此,本文件提供给IETF、DMTF、Internet2、下一代互联网(NGI)、NSF先进计算基础设施合作伙伴关系(PACI)、21世纪跨机构信息技术(IT2)计划、网格论坛、全球网络联盟和其他社区供其考虑。
This document is organized as follows: Section 1 provides a contextual framework. Section 2 defines middleware. Section 3 discusses application requirements. Subsequent sections discuss requirements and capabilities for middleware as defined by applications and middleware practitioners. These sections will also discuss the required underlying transport infrastructure, administrative policy and management, exemplary core middleware components, provisioning issues, network environment and implementation issues, and research areas.
本文件组织如下:第1节提供了一个上下文框架。第2节定义了中间件。第3节讨论了应用程序需求。后续章节将讨论应用程序和中间件实践者定义的中间件的需求和功能。这些章节还将讨论所需的底层传输基础设施、管理政策和管理、示范性核心中间件组件、供应问题、网络环境和实施问题以及研究领域。
Middleware can be defined to encompass a large set of services. For example, we chose to focus initially on the services needed to support a common set of applications based on a distributed network environment. A consensus of the Workshop was that there was really no core set of middleware services in the sense that all applications
中间件可以定义为包含大量服务。例如,我们最初选择关注支持基于分布式网络环境的公共应用程序集所需的服务。研讨会的一个共识是,在所有应用程序
required them. This consensus does not diminish the importance of application domain-specific middleware, or the flexibility needed in determining customized approaches. Many communities (e.g., Internet2, NGI, and other advanced Internet constituencies) may decide on their own set of common middleware services and tools; however, they should strive for interoperability whenever possible. The topics in this workshop were chosen to encourage discussion about the nature and scope of middleware per se as distinct from specific types of applications; therefore, many relevant middleware topics were not discussed.
需要他们。这一共识不会降低特定于应用领域的中间件的重要性,也不会降低确定定制方法所需的灵活性。许多社区(例如,Internet2、NGI和其他高级互联网用户群)可能会决定自己的一套通用中间件服务和工具;但是,他们应该尽可能争取互操作性。本研讨会中的主题旨在鼓励讨论中间件本身的性质和范围,以区别于特定类型的应用程序;因此,许多相关的中间件主题没有被讨论。
Another consensus of the Workshop that helped provide focus was that, although middleware could be conceptualized as hierarchical, or layered, such an approach was not helpful, and indeed had been problematic and unproductive in earlier efforts.
研讨会的另一个共识是,尽管中间件可以被概念化为分层的,或分层的,但这种方法并没有帮助,而且在早期的工作中确实存在问题且没有成效。
The better approach would be to consider middleware as an unstructured, often orthogonal, collection of components (such as resources and services) that could be utilized either individually or in various subsets. This working assumption avoided extensive theological modeling discussions, and enables work to proceed on various middleware issues independently.
更好的方法是将中间件视为非结构化的、通常是正交的组件集合(例如资源和服务),这些组件可以单独使用或在不同的子集中使用。这种工作假设避免了广泛的神学建模讨论,并使工作能够独立地处理各种中间件问题。
An important goal of the Workshop was to identify any middleware or network-related research or development that would be required to advance the state of the art to support advanced application environments, such as those being developed and pursued by NGI and Internet2. Consequently, discussion focused on those areas that had the maximum opportunity for such advances.
研讨会的一个重要目标是确定任何中间件或与网络相关的研究或开发,这些研究或开发是推动先进技术以支持先进的应用环境所必需的,例如NGI和Internet2正在开发和追求的应用环境。因此,讨论的重点是那些有最大机会取得这种进展的领域。
The Workshop participants agreed on the existence of middleware, but quickly made it clear that the definition of middleware was dependent on the subjective perspective of those trying to define it. Perhaps it was even dependent on when the question was asked, since the middleware of yesterday (e.g., Domain Name Service, Public Key Infrastructure, and Event Services) may become the fundamental network infrastructure of tomorrow. Application environment users and programmers see everything below the API as middleware. Networking gurus see anything above IP as middleware. Those working on applications, tools, and mechanisms between these two extremes see it as somewhere between TCP and the API, with some even further classifying middleware into application-specific upper middleware, generic middle middleware, and resource-specific lower middleware. The point was made repeatedly that middleware often extends beyond the "network" into the compute, storage, and other resources that the network connects. For example, a video serving application will want
研讨会参与者同意中间件的存在,但很快就明确了中间件的定义取决于试图定义它的人的主观观点。也许这甚至取决于问题的提出时间,因为昨天的中间件(如域名服务、公钥基础设施和事件服务)可能成为明天的基础网络基础设施。应用程序环境用户和程序员将API下面的所有内容都视为中间件。网络专家将IP之上的任何东西都视为中间件。那些研究介于这两个极端之间的应用程序、工具和机制的人认为它介于TCP和API之间,有些人甚至进一步将中间件分为特定于应用程序的上层中间件、通用的中间中间件和特定于资源的下层中间件。有人反复强调,中间件往往超越“网络”,扩展到网络连接的计算、存储和其他资源。例如,视频服务应用程序需要
to access resource discovery and allocation services not just for networks but also for the archives and computers required to serve and process the video stream. Through the application of general set theory and rough consensus, we roughly characterize middleware as those services found above the transport (i.e., over TCP/IP) layer set of services but below the application environment (i.e., below application-level APIs).
访问资源发现和分配服务,不仅针对网络,还针对服务和处理视频流所需的档案和计算机。通过应用一般集合理论和粗略共识,我们大致将中间件描述为在传输(即TCP/IP)层服务集合之上但在应用程序环境之下(即应用程序级API之下)的服务。
Some of the earliest conceptualizations of middleware originated with the distributed operating research of the late 1970s and early 1980s, and was further advanced by the I-WAY project at SC'95. The I-WAY linked high performance computers nation-wide over high performance networks such that the resulting environment functioned as a single high performance environment. As a consequence of that experiment, the researchers involved re-emphasized the fact that effective high performance distributed computing required distributed common computing and networking resources, including libraries and utilities for resource discovery, scheduling and monitoring, process creation, communication and data transport.
中间件的一些最早概念起源于20世纪70年代末和80年代初的分布式操作研究,并在SC'95的I-WAY项目中得到进一步推进。I-WAY通过高性能网络将全国范围内的高性能计算机连接在一起,这样产生的环境就可以作为一个单一的高性能环境运行。作为该实验的结果,参与的研究人员再次强调,有效的高性能分布式计算需要分布式通用计算和网络资源,包括用于资源发现、调度和监控、进程创建、通信和数据传输的库和实用程序。
Subsequent research and development through the Globus project of such middleware resources demonstrated that their capabilities for optimizing advanced application performance in distributed domains.
通过Globus项目对此类中间件资源进行的后续研究和开发证明了它们在分布式域中优化高级应用程序性能的能力。
In May 1997, a Next Generation Internet (NGI) workshop on NGI research areas resulted in a publication, "Research Challenges for the Next Generation Internet", which yields the following description of middleware. "Middleware can be viewed as a reusable, expandable set of services and functions that are commonly needed by many applications to function well in a networked environment". This definition could further be refined to include persistent services, such as those found within an operating system, distributed operating environments (e.g., JAVA/JINI), the network infrastructure (e.g., DNS), and transient capabilities (e.g., run time support and libraries) required to support client software on systems and hosts.
1997年5月,关于下一代互联网(NGI)研究领域的下一代互联网(NGI)研讨会产生了一份出版物,“下一代互联网的研究挑战”,该出版物对中间件进行了以下描述。“中间件可以看作是一组可重用、可扩展的服务和功能,许多应用程序通常需要这些服务和功能才能在网络环境中正常运行”。该定义可以进一步细化,以包括持久性服务,例如在操作系统、分布式操作环境(如JAVA/JINI)、网络基础设施(如DNS)和支持系统和主机上的客户端软件所需的瞬时能力(如运行时支持和库)。
In summary, there are many views of what is middleware. The consensus of many at the workshop was that given the dynamic morphing nature of middleware, it was more important to identify some core middleware services and start working on them than it was to come to a consensus on a dictionary-like definition of the term.
总之,关于什么是中间件,有很多观点。研讨会上许多人的共识是,考虑到中间件的动态变形性质,识别一些核心中间件服务并开始使用它们比在类似词典的术语定义上达成共识更重要。
Systems involving strong middleware components to support networked information discovery have also been active research areas since at least the late 1980s. For example, consider Archie or the Harvest project, to cite two examples. One could easily argue that the site logs used by Archie or the broker system and harvest agents were an important middleware tool, and additional work in this area is
至少自20世纪80年代末以来,涉及强大中间件组件以支持网络信息发现的系统也一直是活跃的研究领域。例如,考虑Archie或收获项目,举两个例子。可以很容易地说,Archie或broker系统和harvest代理使用的站点日志是一个重要的中间件工具,在这一领域的额外工作非常重要
urgently needed in order to improve the efficiency and scope of web-based indexing services.
迫切需要提高基于web的索引服务的效率和范围。
"As long ago" as 1994, the Internet Architecture Board held a workshop on "Information Infrastructure for the Internet" reported in RFC 1862, which in many ways covered similar issues. Although its recommendations were summarized as follows:
“早在1994年”,互联网体系结构委员会就举办了一次关于“互联网信息基础设施”的研讨会,该研讨会在RFC 1862中有报道,在许多方面涵盖了类似的问题。虽然其建议概述如下:
- increased focus on a general caching and replication architecture - a rapid deployment of name resolution services, and - the articulation of a common security architecture for information applications."
- 更加关注通用缓存和复制体系结构—快速部署名称解析服务,以及—为信息应用程序构建通用安全体系结构。”
it is clear that this work is far from done.
显然,这项工作远未完成。
Finally, this workshop noted that there is a close linkage between middleware as a set of standards and protocols and the infrastructure needed to make the middleware meaningful. For example, the DNS protocol would be of limited significance without the system of DNS servers, and indeed the administrative infrastructure of name registry; NTP, in order to be useful, requires the existence of time servers; newer middleware services such as naming, public key registries and certificate authorities, will require even more extensive server and administrative infrastructure in order to become both useful and usable services.
最后,本次研讨会指出,作为一组标准和协议的中间件与使中间件有意义所需的基础设施之间存在着密切的联系。例如,如果没有DNS服务器系统,甚至没有名称注册的管理基础设施,DNS协议的意义将是有限的;NTP为了有用,需要时间服务器的存在;更新的中间件服务,如命名、公钥注册和证书颁发机构,将需要更广泛的服务器和管理基础设施,以便成为有用和可用的服务。
From an applications perspective, the network is just another type of resource that it needs to use and manage. The set of middleware services and requirements necessary to support advanced applications are defined by a vision that includes and combines applications in areas such as: distributed computing, distributed data bases, advanced video services, teleimmersion (i.e., a capability for providing a compelling real-life experience in a virtual environment based for example on CAVE technologies), extensions with haptics, electronic commerce, distance education, interactive collaborative research, high-rate instrumentation (60 MByte/s and above sustained), including use of online scientific facilities (e.g. microscopes, telescopes, etc.), effectively managing large amounts of data, computation and information Grids, adaptable and morphing network infrastructure, proxies and agents, and electronic persistent presence (EPP). Many of these applications are "bleeding edge" with respect to currently deployed applications on the commodity Internet and hence have unique requirements. Just as the Web was an advanced application in the early 1990s, many of the application areas defined above will not become commonplace in the immediate future. However, they all possess the capability to change the way the network is used
从应用程序的角度来看,网络只是它需要使用和管理的另一种资源。支持高级应用程序所需的中间件服务和需求集由一个愿景定义,该愿景包括并结合了以下领域的应用程序:分布式计算、分布式数据库、高级视频服务、远程沉浸(即,在基于洞穴技术的虚拟环境中提供令人信服的真实生活体验的能力)、触觉扩展、电子商务、远程教育、交互式协作研究、高速仪器(持续60 MByte/s及以上),包括使用在线科学设施(例如显微镜、望远镜等),有效地管理大量数据、计算和信息网格、适应性和变形的网络基础设施、代理和代理以及电子持久存在(EPP)。其中许多应用程序都是“前沿”就目前在商品互联网上部署的应用程序而言,这些应用程序具有独特的要求。正如Web在20世纪90年代初是一种高级应用程序一样,上述定义的许多应用程序领域在不久的将来将不会变得普遍。但是,它们都具有改变网络使用方式的能力D
as well as our definition of infrastructure, much as the Web and Mosaic changed it in the early 90s. A notable recent trend in networks is the increasing amount of HTTP, voice, and video traffic, and it was noted that voice and video particularly need some form of QoS and associated middleware to manage it.
正如我们对基础设施的定义一样,Web和Mosaic在90年代初改变了它。网络中最近一个值得注意的趋势是HTTP、语音和视频通信量不断增加,人们注意到语音和视频尤其需要某种形式的QoS和相关中间件来管理。
A quick review of the requirements for teleimmersion highlight the requirement for multiple concurrent logical network channels, each with its own latency, jitter, burst, and bandwidth QoS; yet all being coordinated through a single middleware interface to the application. For security and efficiency those using online instruments require the ability to steer the devices and change parameters as a direct result of real-time analysis performed on the data as it is received from the instruments. Therefore, network requirements encompass high bandwidth, low latency, and security, which must all be coordinated through middleware. Large databases, archives, and digital libraries are becoming a mainstay for researchers and industry. The requirements they will place on the network and on middleware will be extensive, including support of authentication, authorization, access management, quality of service, networked information discovery and retrieval tools, naming and service location, to name only a few. They also require middleware to support collection building and self-describing data. Distributed computing environments (e.g., Globus, Condor, Legion, etc.) are quickly evolving into the computing and information Grids of the future. These Grids not only require adaptive and manageable network services but also require a sophisticated set of secure middleware capabilities to provide easy-to-use APIs to the application.
快速回顾远程沉浸的需求,强调对多个并发逻辑网络通道的需求,每个通道都有自己的延迟、抖动、突发和带宽QoS;然而,所有这些都是通过一个中间件接口协调到应用程序的。为了安全和效率,使用在线仪器的人需要能够控制设备并改变参数,这是从仪器接收数据时对数据进行实时分析的直接结果。因此,网络需求包括高带宽、低延迟和安全性,这些都必须通过中间件进行协调。大型数据库、档案和数字图书馆正在成为研究人员和行业的支柱。他们对网络和中间件的要求将是广泛的,包括对身份验证、授权、访问管理、服务质量、网络信息发现和检索工具、命名和服务位置等的支持。它们还需要中间件来支持集合构建和自描述数据。分布式计算环境(例如Globus、Condor、Legion等)正在迅速演变为未来的计算和信息网格。这些网格不仅需要自适应和可管理的网络服务,还需要一组复杂的安全中间件功能,以便为应用程序提供易于使用的API。
Many application practitioners were adamant that they also required the capability for "pass through" services. This refers to the ability to bypass the middleware and directly access the underlying infrastructure such as the operating system or network), even though they were eager to make use of middleware services and see more of it developed to support their own applications. In addition, authentication and access control, as well as security, are required for all of the applications mentioned above, albeit at different levels.
许多应用程序从业者坚持认为,他们还需要“传递”服务的能力。这是指绕过中间件并直接访问底层基础设施(如操作系统或网络)的能力,尽管他们渴望使用中间件服务,并看到更多的中间件服务被开发以支持他们自己的应用程序。此外,上述所有应用程序都需要身份验证和访问控制以及安全性,尽管级别不同。
In an attempt to describe middleware and discuss pertinent issues relating to its development and deployment, an exemplary set of services were selected for discussion. These services were chosen to stimulate discussion and not as an attempt to define an exclusive set of middleware services. Also, it is the intent of this effort not to duplicate existing IETF efforts or those of other standards bodies (e.g., the DMTF), but rather to leverage those efforts, and indeed to
为了描述中间件并讨论与其开发和部署相关的问题,选择了一组示例性服务进行讨论。选择这些服务是为了激发讨论,而不是试图定义一组独占的中间件服务。此外,这项工作的目的不是重复现有的IETF工作或其他标准机构(如DMTF)的工作,而是利用这些工作,实际上是为了
highlight areas where work was already advanced to a stage that might be approaching deployment.
突出工作已经推进到可能接近部署阶段的领域。
Applications require the ability to explicitly request resources based on their immediate usage needs. These requests have associated network management controls and network resource implications; however, fulfillment of these requests may require multiple intermediate steps. Given the preliminary state of middleware definition, there currently is no common framework, much less a method, for an application to signal its need for a set of desired network services, including quality and priority of service as well as attendant resource requirements. However, given the utility of middleware, especially with regard to optimization for advanced applications, preliminary models for both quality and priority of service and resource management exist and continue to evolve. however, without an agreed-to framework for standards in this area, there is the risk of multiple competing standards that may further delay the deployment of a middleware-rich infrastructure. This framework should probably include signaling methods, access/admission controls, and a series of defined services and resources. In addition, it should include service levels, priority considerations, scheduling, a Service-Level-Agreement (SLA) function, and a feedback mechanism for notifying applications or systems when performance is below the SLA specification or when an application violates the SLA. Any such mechanism implies capabilities for: 1) an interaction with some type of policy implementation and enforcement, 2) dynamic assessment of available network resources, 3) policy monitoring, 4) service guarantees, 5) conflict resolution, and 6) restitution for lack of performance.
应用程序需要能够根据即时使用需求显式请求资源。这些请求具有相关的网络管理控制和网络资源含义;但是,实现这些请求可能需要多个中间步骤。鉴于中间件定义的初步状态,目前还没有通用的框架,更不用说一种方法,用于应用程序表示其对一组期望的网络服务的需求,包括服务的质量和优先级以及伴随的资源需求。然而,考虑到中间件的效用,特别是在高级应用程序的优化方面,服务质量和优先级以及资源管理的初步模型已经存在并将继续发展。但是,如果在这一领域没有一个商定的标准框架,则存在多个相互竞争的标准的风险,这可能会进一步推迟部署中间件丰富的基础设施。该框架可能包括信令方法、访问/许可控制以及一系列定义的服务和资源。此外,它还应包括服务级别、优先级考虑、调度、服务级别协议(SLA)功能,以及当性能低于SLA规范或应用程序违反SLA时通知应用程序或系统的反馈机制。任何此类机制都意味着以下能力:1)与某种类型的策略实施和强制执行进行交互,2)动态评估可用网络资源,3)策略监控,4)服务保障,5)冲突解决,以及6)恢复性能不足。
Application programmers are concerned with minimizing the interfaces that they must learn to access middleware services. Thus the unification of common services behind a single API is of great interest to middleware users. Examples of common APIs that may be achievable are:
应用程序程序员关心的是最小化他们必须学会访问中间件服务的接口。因此,将公共服务统一到一个API后面是中间件用户非常感兴趣的。可以实现的常见API示例有:
* Environmental discovery interface, whether for discovering hardware resources, network status and capabilities, data sets, applications, remote services, or user information. * Remote execution interface, whether for distributed metacomputing applications, or for access to a digital library presentation service, or a Java analysis service. * Data management interface, whether for manipulating data within distributed caches, or replication of data between file systems, or archival storage of data.
* 环境发现接口,无论是用于发现硬件资源、网络状态和功能、数据集、应用程序、远程服务还是用户信息。*远程执行接口,无论是用于分布式元计算应用程序,还是用于访问数字图书馆表示服务或Java分析服务。*数据管理接口,无论是用于在分布式缓存中操作数据,还是用于在文件系统之间复制数据,还是用于数据的存档存储。
* Process management interface, whether for composing data movement with remote execution, or for linking together multiple processing steps.
* 流程管理接口,无论是用于通过远程执行组合数据移动,还是用于将多个处理步骤链接在一起。
The IETF AAA (authentication, authorization, and accounting) effort is but one of many IETF security initiatives. It depends heavily on a Public key infrastructure, which is intended to provide a framework which will support a range of trust/hierarchy environments and a range of usage environments (RFC1422 is an example of one such model).
IETF AAA(身份验证、授权和记帐)工作只是许多IETF安全计划中的一个。它严重依赖于公钥基础设施,该基础设施旨在提供一个框架,该框架将支持一系列信任/层次结构环境和一系列使用环境(RFC1422就是这样一个模型的示例)。
The IETF AAA working group has recently been formed. IETF AAA working group efforts are focused on many issues pertaining to middleware, including defining processes for access/admission control and identification (process for determining a unique entity), authentication (process for validating that identity), authorization (process for determining an eligibility for resource requests/utilization) and accounting (at least to the degree that resource utilization is recorded). To some degree, AAA provides for addressing certain levels of security, but only at a preliminary level. Currently, AAA protocols exist, although not as an integrated model or standard. One consideration for AAA is to provide for various levels of granularity. Even if we don't yet have an integrated model, it is currently possible to provide for basic AAA mechanisms that can be used as a basis to support SLAs. Any type of AAA implementation requires a policy management framework, to which it must be linked. Currently, a well-formulated linking mechanism has not been defined.
IETF AAA工作组最近成立。IETF AAA工作组的工作重点是与中间件相关的许多问题,包括定义访问/许可控制和识别过程(确定唯一实体的过程)、身份验证(验证该身份的过程)、授权(确定资源请求/利用资格的过程)和会计(至少在记录资源利用的程度上)。在某种程度上,AAA提供了解决某些级别的安全问题的方法,但仅限于初步级别。目前,AAA协议已经存在,但不是作为一个集成模型或标准。AAA的一个考虑因素是提供不同级别的粒度。即使我们还没有一个集成的模型,目前也可以提供基本的AAA机制,作为支持SLA的基础。任何类型的AAA实施都需要策略管理框架,必须与之链接。目前,尚未确定一个完善的联系机制。
Middleware AAA requirements are also driven by the distributed interoperation that can occur between middleware services. The distribution of application support across multiple autonomous systems will require self-consistent third-party mechanisms for authentication as well as data movement. Conceptually, an application may need access to data that is under control of a remote collection, to support the execution of a procedure at a third site.
中间件AAA需求也由中间件服务之间可能发生的分布式互操作驱动。跨多个自治系统分发应用程序支持将需要用于身份验证和数据移动的自一致第三方机制。从概念上讲,应用程序可能需要访问受远程收集控制的数据,以支持在第三个站点执行过程。
The data flow needs to be directly from the collection to the execution platform for efficiency. At the same time, the procedure will need access permission to the data set while it is acting on behalf of the requestor. How the authentication is done between the remote procedure and the remote data collection entities raises significant issues related to transitivity of trust, and will require establishment of a trust policy for third-party mechanisms. This is exacerbated when a collection of entities, such as is required for visualization applications, is involved.
为了提高效率,数据流需要直接从采集到执行平台。同时,当该过程代表请求者行事时,它将需要对数据集的访问权限。如何在远程过程和远程数据收集实体之间进行身份验证引起了与信任传递性相关的重大问题,需要为第三方机制建立信任策略。当涉及一组实体(如可视化应用程序所需的实体)时,这种情况会加剧。
The IETF Policy Framework working group is addressing a policy framework definition language, a policy architecture model, policy terminology and, specifically, a policy model that can be used for signaled as well as provisioned QoS. The policy meta-model links high-level business requirements, such as those that can be specified in an SLA, to low-level device implementation mechanisms, ranging from specific access control and management of services, objects and other resources to configuration of mechanisms necessary to provide a given service.
IETF策略框架工作组正在研究策略框架定义语言、策略架构模型、策略术语,特别是可用于信号和供应QoS的策略模型。策略元模型将高级业务需求(如SLA中可以指定的需求)链接到低级设备实现机制,从服务、对象和其他资源的特定访问控制和管理到提供给定服务所需的机制配置。
Polices are an integral component of all middleware services, and will be found within most middleware services in one form or another. Policies are often represented as an "if condition then action" tuple. Policies can be both complex and numerous; therefore, policy management services must be able to identify and resolve policy conflicts. They also need to support both static (i.e. loaded at boot time via a configuration file) and dynamic (i.e. the configuration of a policy enforcing device may change based on an event) modes.
策略是所有中间件服务的一个组成部分,在大多数中间件服务中都会以某种形式出现。策略通常表示为“如果条件然后操作”元组。政策既复杂又繁多;因此,策略管理服务必须能够识别和解决策略冲突。它们还需要支持静态(即,在引导时通过配置文件加载)和动态(即,策略实施设备的配置可能会根据事件发生变化)模式。
A generalized policy management architecture (as suggested by the IETF policy architecture draft) includes a policy management service, a dedicated policy repository, at least one policy decision point (PDP), and at least one policy enforcement point (PEP). The policy management service supports the specification, editing, and administration of policy, through a graphical user interface as well as programmatically. The policy repository provides storage and retrieval of policies as well as policy components. These policy components contain definitional information, and may be used to build more complex policies, or may be used as part of the policy decision and/or enforcement process. The PDP (e.g. resource manager, such as a bandwidth broker or an intra-domain policy server) is responsible for handling events and making decisions based on those events (e.g., at time x do y) and updating the PEP configuration appropriately. In addition, it may be responsible for providing the initial configuration of the PEP. The PEP (e.g., router, firewall or host) enforces policy based on the "if condition then action" rule sets it has received from the PDP.
通用策略管理体系结构(如IETF策略体系结构草案所建议)包括策略管理服务、专用策略存储库、至少一个策略决策点(PDP)和至少一个策略实施点(PEP)。策略管理服务通过图形用户界面以及编程方式支持策略的规范、编辑和管理。策略存储库提供策略以及策略组件的存储和检索。这些策略组件包含定义信息,可用于构建更复杂的策略,或用作策略决策和/或实施过程的一部分。PDP(例如,资源管理器,例如带宽代理或域内策略服务器)负责处理事件,并根据这些事件(例如,在时间x do y)做出决策,并适当更新PEP配置。此外,它可能负责提供PEP的初始配置。PEP(如路由器、防火墙或主机)根据其从PDP收到的“如果条件,则采取行动”规则集实施策略。
Policy information may be communicated from the PDP to the PEP through a variety of protocols, such as COPS or DIAMETER. A proxy may be used to translate information contained in these protocols to forms that devices can consume (e.g., command line interface commands or SNMP sets). Additional information, contained in Policy Information Bases (PIBs), may also be used to translate from an intermediate specification to specific functions and capabilities of
策略信息可以通过各种协议(例如COP或DIAMETER)从PDP传送给PEP。代理可用于将这些协议中包含的信息转换为设备可以使用的形式(例如,命令行界面命令或SNMP集)。包含在策略信息库(PIB)中的附加信息也可用于将中间规范转换为
a device. For example, a policy may specify "if source IP address is 198.10.20.132, then remark traffic with a DSCP of 5". The PIB would be used to translate the device-specific meaning of the conditioning specified by the DiffServ code point of 5 (e.g., a specific set of queue and threshold settings).
装置。例如,策略可以指定“如果源IP地址为198.10.20.132,则使用5的DSCP标记流量”。PIB将用于转换DiffServ代码点5(例如,一组特定的队列和阈值设置)指定的条件的设备特定含义。
Policy requires AAA functions, not only for access control, but also to establish the trust relationships that will enable distributed policy interactions. PDPs may require the requesting end systems and applications to be authenticated before the PDP will honor any requests. The PDP and PEP must be authenticated to each other to reduce the probability of spoofing. This will be true whichever protocol is utilized for supporting communications between these entities. Audit trails are essential for all of these transactions. In addition, trust management policies will need to be developed as well as the supporting middleware mechanisms to enable inter-domain policy negotiation.
策略需要AAA功能,不仅用于访问控制,还用于建立信任关系,以支持分布式策略交互。PDP可要求在PDP接受任何请求之前,对请求的终端系统和应用程序进行身份验证。PDP和PEP必须相互认证,以减少欺骗的可能性。无论使用哪种协议来支持这些实体之间的通信,这都是正确的。审计跟踪对于所有这些事务都至关重要。此外,还需要开发信任管理策略以及支持中间件机制,以实现域间策略协商。
Ultimately, many policy processes link entities to resources, And therefore require interactions with entity identification mechanisms, resource identification mechanisms, and allocation mechanisms. The distributed computing community has already started efforts developing policy definition languages and systems. Globus uses its Resource Services Language (RSL) to define the resources and policies associated with them. Condor uses a matchmaking bidding technique to match those providing and those acquiring services. Similarly, the IETF has several policy definition languages in varying stages of development, including RPSL, RPCL, SPSL, PFDL, PAX, and Keynote. Ultimately, these efforts should be merged into a single specification (or at least a smaller group of specifications) to enable distributed computing applications to be able to effectively communicate and utilize network resources and services.
最终,许多策略流程将实体与资源联系起来,因此需要与实体标识机制、资源标识机制和分配机制进行交互。分布式计算社区已经开始努力开发策略定义语言和系统。Globus使用其资源服务语言(RSL)来定义与其关联的资源和策略。Condor使用配对竞价技术来匹配提供和获取服务的人。类似地,IETF在不同的开发阶段有几种策略定义语言,包括RPSL、RPCL、SPSL、PFDL、PAX和Keynote。最终,这些工作应该合并到一个规范(或者至少是一个较小的规范组)中,以使分布式计算应用程序能够有效地通信和利用网络资源和服务。
Directories play a crucial role in policy systems. Directories are ideally suited for storing and retrieving policy information, due to their exceptionally high read rates, ability to intelligently replicate all or part of their information, per-attribute access control, and use of containment. To this end, the IETF Policy Framework working group (in conjunction with the DMTF) is developing a core information model and LDAP schema that can be used to represent policy information that applications can use. This core model is used to provide common representation and structure of policy information. Applications can then subclass all or part of the classes in this core schema to meet their own specific needs, while retaining the ability to communicate and interoperate with each other.
目录在政策体系中起着至关重要的作用。目录非常适合存储和检索策略信息,因为它们的读率极高,能够智能地复制其全部或部分信息、每个属性访问控制和使用控制。为此,IETF策略框架工作组(与DMTF一起)正在开发一个核心信息模型和LDAP模式,可用于表示应用程序可以使用的策略信息。该核心模型用于提供策略信息的通用表示和结构。然后,应用程序可以在此核心模式中对所有或部分类进行子类化,以满足它们自己的特定需求,同时保持相互通信和互操作的能力。
Directories are critical resource components that provide support to many other elements in the middleware environment, especially policy. As network-based environment evolves, it will no longer be viable to encode policy information directly into each individual application. The prevailing model in use today is for each application to store its view of a device's data (e.g., configuration) in its own private data store.These data include relevant information concerning network resources and services as well as clients wanting to use those resources (e.g., people, processes, and applications). The same resource (or aspects of that resource, such as its physical vs. logical characteristics) may be represented in several data stores. Even if the device is modeled the same way in each data store, each application only has access to its own data. This leads to duplication of data and data synchronization problems.
目录是为中间件环境中的许多其他元素(尤其是策略)提供支持的关键资源组件。随着基于网络的环境的发展,将策略信息直接编码到每个应用程序中将不再可行。目前使用的主流模式是,每个应用程序将其设备数据视图(如配置)存储在自己的专用数据存储中。这些数据包括有关网络资源和服务以及希望使用这些资源的客户端(如人员、流程和应用程序)的相关信息。同一资源(或该资源的方面,例如其物理特性与逻辑特性)可以在多个数据存储器中表示。即使在每个数据存储中以相同的方式对设备进行建模,每个应用程序也只能访问自己的数据。这会导致数据重复和数据同步问题。
The promise of technologies like CIM and DEN is to enable each application to store data describing the resources that they manage in a single directory using a common format and access protocol. This results in the data describing the resource being represented only once. Defining a logically centralized common repository, where resources and services are represented in a common way, enables applications of different types to utilize and share information about resources and services that they use.
CIM和DEN等技术的承诺是使每个应用程序能够使用通用格式和访问协议在单个目录中存储描述其管理的资源的数据。这导致描述资源的数据只被表示一次。定义一个逻辑上集中的公共存储库(其中资源和服务以公共方式表示),使不同类型的应用程序能够利用和共享有关其使用的资源和服务的信息。
Not only does this solve the data duplication and synchronization problems, it also provides inherent extensibility in describing the characteristics of an object - a single entity can be represented by multiple directory objects, each representing a different aspect of the entity. Different applications can be responsible for managing the different objects that together make up a higher-level object, even if the applications themselves can not communicate with each other. This enables these applications to effectively share and reuse data. This provides significant benefits for users and applications. In the short term, users and applications will benefit from having all of the data in one place. In the long term, users and applications will be able to take advantage of data managed by other applications.
这不仅解决了数据复制和同步问题,还提供了描述对象特征的固有扩展性—单个实体可以由多个目录对象表示,每个目录对象表示实体的不同方面。不同的应用程序可以负责管理组成更高级别对象的不同对象,即使应用程序本身无法相互通信。这使这些应用程序能够有效地共享和重用数据。这为用户和应用程序提供了巨大的好处。在短期内,用户和应用程序将受益于将所有数据放在一个地方。从长远来看,用户和应用程序将能够利用由其他应用程序管理的数据。
Directories are key to supporting advanced network-based application environments. Directory purists say that the directory is not middleware; rather, it is a dumb storage device that is made into an intelligent repository by encapsulating it within middleware. Although a directory associates attributes with objects, what makes it different from a database are four key things:
目录是支持高级基于网络的应用程序环境的关键。目录纯粹主义者说目录不是中间件;相反,它是一个哑存储设备,通过将其封装在中间件中而成为智能存储库。尽管目录将属性与对象相关联,但它与数据库的区别在于四个关键点:
- directory objects are essentially independent of each other, whereas database objects are related to each other (sometimes in very complex ways) - directories organize their information using the notion of containment, which is not naturally implemented in databases - directory objects can have specific access controls assigned to an object and even attributes of an object - directories, unlike databases, are optimized to perform a high number of reads vs. writes.
- 目录对象本质上是相互独立的,而数据库对象是相互关联的(有时是以非常复杂的方式)-目录使用包含的概念组织其信息,这不是在数据库中自然实现的—目录对象可以为对象分配特定的访问控制,甚至对象的属性—与数据库不同,目录经过优化以执行大量的读写操作。
Directories use a common core schema, supporting a common set of syntaxes and matching rules, that defines the characteristics of their data. This enables a common access protocol to be used to store and retrieve data.
目录使用公共核心模式,支持一组公共语法和匹配规则,这些规则定义了它们的数据的特征。这使得可以使用公共访问协议来存储和检索数据。
Containment can be used for many purposes, including associating roles with objects. This is critical in order to support a real world environment, where people and elements may assume different roles based on time or other context.Containment may also be used to provide different naming scopes for a given set of data.
包含可用于多种目的,包括将角色与对象关联。这对于支持真实环境至关重要,因为在真实环境中,人员和元素可能根据时间或其他上下文承担不同的角色。还可以使用包含为给定的数据集提供不同的命名范围。
Directories use attribute inheritance - subclasses inherit the attributes of their superclasses. This enables one to define generalized access control at a container (e.g., a group) and then refine the access control on an individual basis for objects that are inside that container (e.g., different objects have different access privileges).
目录使用属性继承-子类继承其超类的属性。这使我们能够在容器(例如,组)上定义通用访问控制,然后针对容器内的对象(例如,不同的对象具有不同的访问权限)在单个基础上细化访问控制。
Currently, directories are used mostly to represent people, servers, printers, and other similar objects. CIM, DEN, and other similar efforts have encouraged directories to be used to contain common objects in a managed environment. For networked applications, this enables clients of the network (e.g., users and applications) to be bound to services available in the network in a transparent manner. The "Grid" community is making extensive use of directory services for this purpose, using them to maintain information about the structure and state of not only networks but also computers, storage systems, software, and people. The DMTF is using directories to contain CIM and DEN information, which enables a common information model to be applied to objects in a managed environment. The IETF is using directories for many different purposes, not the least of which is to contain common policy information for users and applications of an environment, as well as services and configuration information of network devices.
目前,目录主要用于表示人员、服务器、打印机和其他类似对象。CIM、DEN和其他类似的工作鼓励使用目录来包含托管环境中的公共对象。对于网络应用程序,这使得网络的客户端(例如,用户和应用程序)能够以透明的方式绑定到网络中可用的服务。为此,“网格”社区正在广泛使用目录服务,使用它们不仅维护网络的结构和状态信息,还维护计算机、存储系统、软件和人员的结构和状态信息。DMTF使用目录来包含CIM和DEN信息,这使得公共信息模型能够应用于托管环境中的对象。IETF为许多不同的目的使用目录,其中最重要的是包含用户和环境应用程序的公共策略信息,以及网络设备的服务和配置信息。
CIM and DEN are conceptual information models for describing the management of entities ranging from network elements to protocols to hosts and services. CIM and DEN are platform- and technology-independent. DEN is an extension of CIM that, among other things, describes how to map CIM data into a form usable by LDAP.
CIM和DEN是概念信息模型,用于描述从网络元素到协议到主机和服务的实体管理。CIM和DEN独立于平台和技术。DEN是CIM的一个扩展,它描述了如何将CIM数据映射到LDAP可用的形式。
The CIM Specification describes the meta schema, information model, language, naming, and mapping techniques to other management models, such as SNMP MIBs and DMTF MIFs. DEN provides a good start on a model that addresses the management of the network and its elements; DEN is an extension of CIM to include the management of networks as a whole and not just the individual elements. DEN addresses the requirements for abstracting a complex entity, such as a router, into multiple components that can be used to manage individual aspects of that complex entity. The DEN information model, like CIM, incorporates both static and dynamic information. DEN provides a mapping to directories for the storage and retrieval of data. DEN will also rely heavily on the use of AAA services in order to maintain the integrity of the directory and its policies as well as to manage the distribution of policies among the policy repositories, PDPs and PEPs. Resource managers and applications will also rely heavily on directories for the storage of policy and security information necessary for the management and allocation of resources.
CIM规范描述了元模式、信息模型、语言、命名以及到其他管理模型(如SNMP MIB和DMTF MIF)的映射技术。DEN为解决网络及其元素管理问题的模型提供了良好的开端;DEN是CIM的一个扩展,它将网络作为一个整体进行管理,而不仅仅是单个元素。DEN解决了将复杂实体(如路由器)抽象为多个组件的需求,这些组件可用于管理该复杂实体的各个方面。DEN信息模型与CIM一样,包含静态和动态信息。DEN提供到目录的映射,用于存储和检索数据。DEN还将严重依赖AAA服务的使用,以维护目录及其策略的完整性,并管理策略存储库、PDP和PEP之间的策略分发。资源管理器和应用程序也将严重依赖目录来存储管理和分配资源所需的策略和安全信息。
Since much of the information associated with a person, agent or element is stored in a directory, and access to that information will be controlled with appropriate security mechanisms, many voiced the need for a single user/process sign on.
由于与个人、代理或元素相关的大部分信息存储在目录中,并且对这些信息的访问将由适当的安全机制控制,因此许多人表示需要单用户/进程登录。
Future advanced applications (e.g., NGI, Internet2, PACI, Grids) may require a variety of PDPs to manage a variety of resource types (i.e., QOS, security, etc.). In this case, a general model would have to be developed that defines the protocols and mechanisms used by cooperating resource managers (i.e., PDPs) of different domains and different genres of resource (i.e., network, security, storage, proxy agents, online facility, etc.). For policies to be implemented in a coherent fashion, it is necessary to have a mechanism that discovers and tracks resources and utilization.
未来的高级应用程序(如NGI、Internet2、PACI、网格)可能需要各种PDP来管理各种资源类型(即QOS、安全性等)。在这种情况下,必须开发一个通用模型,定义不同领域和不同类型资源(即网络、安全、存储、代理、在线设施等)的协作资源管理器(即PDP)使用的协议和机制。为了以一致的方式实施政策,必须有一个发现和跟踪资源和利用情况的机制。
There is an architectural issue of central importance, which has most recently surfaced in the directory area. Many applications, and many middleware components, need what is essentially a highly scalable, distributed database service. In other words, people want to take the best of what directories and databases have to offer. This would result in a distributed, replicated database that can use containment to effectively organize and scope its information. It would be able to have exceptional read response time, and also offer transactional and relational integrity. It would support simple and complex
有一个非常重要的体系结构问题,最近出现在目录区。许多应用程序和许多中间件组件都需要本质上高度可扩展的分布式数据库服务。换句话说,人们希望充分利用目录和数据库提供的功能。这将产生一个分布式、复制的数据库,它可以使用容器来有效地组织和确定其信息的范围。它将能够有异常的读取响应时间,并且还提供事务和关系完整性。它将支持简单和复杂
queries. Such a service has never been defined as a middleware component; the complexities involved in specifying and implementing such a service are certainly formidable. However, in the absence of such a general service, many middleware components have attempted to use the closest service available, which is deployed - historically first using DNS, and more recently, directory services.
查询。这样的服务从未被定义为中间件组件;指定和实现这样的服务所涉及的复杂性当然是巨大的。然而,在缺乏这种通用服务的情况下,许多中间件组件试图使用最近的可用服务,这是部署的——历史上首先使用DNS,最近使用目录服务。
It will be important to clarify the limitations of the appropriate use of directory services, and to consider whether a more general data storage and retrieval service may be required, or whether directory services can be seamlessly integrated (from the point-of-view of the applications using them) with other forms of storage and retrieval (such as relational databases) in order to provide an integrated directory service with these capabilities.
明确使用目录服务的局限性,并考虑是否需要更通用的数据存储和检索服务,或者目录服务是否可以无缝集成(从应用程序的角度来看)与其他形式的存储和检索将是很重要的。(如关系数据库)以提供具有这些功能的集成目录服务。
Policy implementation processes need to be linked to Resource Managers in a more sophisticated way than those that currently exist. Such processes must be dynamic, and able to reflect changes in their environment (e.g., adjust the quality of service provided to an application based on environmental changes, such as congestion or new users with higher priorities logging onto the system). We need to determine how different types of resource managers learn about one another and locate each other - as well as deal with associated cross-domain security issues. Another aspect of this problem is developing a resource definition language that can describe the individual elements of the resource being utilized, whether that is a network, processor, agent, memory or storage. This will require developing an appropriate metadata representation and underlying meta schema that can be applied to multiple resource types.
政策执行过程需要以一种比目前存在的更复杂的方式与资源管理者联系起来。此类流程必须是动态的,并且能够反映其环境的变化(例如,根据环境变化调整向应用程序提供的服务质量,例如拥塞或具有更高优先级的新用户登录到系统)。我们需要确定不同类型的资源管理器如何相互了解和定位,以及如何处理相关的跨域安全问题。这个问题的另一个方面是开发一种资源定义语言,它可以描述正在使用的资源的各个元素,无论是网络、处理器、代理、内存还是存储器。这将需要开发适当的元数据表示和可应用于多种资源类型的底层元模式。
Some models of resource managers are currently being used to provide for the management of distributed computing and Grid environments (e.g., Condor, Globus, and Legion). These resource managers provide languages, clients, and servers to support accessing various types of distributed computing resources (e.g. processors, memory, storage and network access). There is a broad interest in the distributed and parallel computing communities in developing an automated access control architecture, using policies, to support the evolving IETF differentiated services architecture. However, this work has not yet been incorporated into any IETF working group charter. The term "bandwidth broker" has been used to refer to the agents that will implement this functionality through network resource management, policy control, and automated edge device configuration. The IETF Policy Framework working group is currently working on a policy architecture framework, information model, and policy definition language that is targeted initially at policy management within a
一些资源管理器模型目前正用于管理分布式计算和网格环境(例如Condor、Globus和Legion)。这些资源管理器提供语言、客户端和服务器,以支持访问各种类型的分布式计算资源(例如处理器、内存、存储和网络访问)。分布式和并行计算社区广泛关注使用策略开发自动访问控制体系结构,以支持不断发展的IETF区分服务体系结构。然而,这项工作尚未纳入任何IETF工作组章程。术语“带宽代理”用于指将通过网络资源管理、策略控制和自动边缘设备配置来实现此功能的代理。IETF政策框架工作组目前正在研究一种政策架构框架、信息模型和政策定义语言,该语言最初针对的是一个组织内的政策管理
single domain. However, this work is fundamental in defining inter-domain policy management issues, such as those that are required in implementing a network resource manager / bandwidth broker. Many resource managers being deployed today rely on directory services for storing policy information as well as X.509 for certificate-based authentication and authorization to these resources. Middleware will be required to translate the needs of distributed and parallel computing applications within and across different policy domains. It is crucial that a standard means for representing and using resource management be developed.
单一域。然而,这项工作对于定义域间策略管理问题(例如,实现网络资源管理器/带宽代理所需的问题)至关重要。今天部署的许多资源管理器依赖于目录服务来存储策略信息,以及X.509来对这些资源进行基于证书的身份验证和授权。中间件将被要求在不同的策略域内和跨不同的策略域转换分布式和并行计算应用程序的需求。开发一种表示和使用资源管理的标准方法至关重要。
Advance reservation of resources, as well as dynamic requests for resources, is a crucial aspect of any resource management system. Advance reservations are more of a policy issue than a provisioning issue; however, the mechanisms for exchanging and propagating such requests between resource managers located within different administrative domains is a currently unsolved problem that needs to be addressed. In addition, it is important to address the issue of possible deadlock and/or the inefficient use of resources (i.e., the time period between a request, or set of requests, being initiated and honored and resources being allocated). There is also a need for rendezvous management in resource allocation services, where an application must gather resource reservations involving multiple sites and services.
提前预订资源以及动态请求资源是任何资源管理系统的一个关键方面。提前预订更像是一个政策问题,而不是供应问题;然而,在位于不同管理域内的资源管理器之间交换和传播此类请求的机制是一个目前尚未解决的问题,需要加以解决。此外,解决可能出现的死锁和/或资源使用效率低下的问题(即启动和执行一个请求或一组请求与分配资源之间的时间段)也很重要。在资源分配服务中还需要集合管理,其中应用程序必须收集涉及多个站点和服务的资源预订。
A mesh of cooperating resource managers, which interact with each other using standards based protocols (e.g. COPS), could be the model for a resource management infrastructure. Each of these may manage different sets of resources. For example, one may be a bandwidth broker that only manages network bandwidth, while another may be a general-purpose resource manager that manages security, IP address allocation, storage, processors, agents, and other network resources. There are already plans for middleware resource managers that not only allocate the resources but also manage the composition of a group of services that may include security services, billing services, shaping of multimedia composite images, etc.). Another form of resource manager may provide mapping between a set of related services (i.e., mapping an IP based RSVP request to an ATM SVC, as was demonstrated in a pilot project on the vBNS).
协作资源管理器的网格可以作为资源管理基础设施的模型,这些资源管理器使用基于标准的协议(如COP)相互交互。其中每一个都可以管理不同的资源集。例如,一个可以是仅管理网络带宽的带宽代理,而另一个可以是管理安全性、IP地址分配、存储、处理器、代理和其他网络资源的通用资源管理器。已经有了中间件资源管理器的计划,这些资源管理器不仅分配资源,而且还管理一组服务的组合,这些服务可能包括安全服务、计费服务、多媒体复合图像的成形等)。另一种形式的资源管理器可以提供一组相关服务之间的映射(即,将基于IP的RSVP请求映射到ATM SVC,如vBNS上的试点项目所示)。
Resource managers depend on the use of locator services to find other resource managers as well as to locate the AAA server(s) for the requestor and the associated directories containing applicable policy information. They may also need to query the network to determine if a policy request for bandwidth can be satisfied. It is essential that these (and other) different uses of resource management be integrated to provide an end-to-end service for applications and users alike.
资源管理器依赖于定位器服务的使用来查找其他资源管理器,以及查找请求者的AAA服务器和包含适用策略信息的关联目录。他们可能还需要查询网络,以确定是否可以满足带宽的策略请求。集成这些(和其他)不同的资源管理用途,以便为应用程序和用户提供端到端服务,这一点至关重要。
There are a wide range of middleware services broadly related to the discovery and retrieval of networked information. Because such a broad range of applications (and not just high-performance, distributed, or parallel applications) requires these services, this area is under very active development and new requirements are constantly emerging.
有一系列广泛的中间件服务与网络信息的发现和检索广泛相关。由于如此广泛的应用程序(而不仅仅是高性能、分布式或并行应用程序)需要这些服务,因此该领域正在进行非常积极的开发,新的需求不断涌现。
Perhaps the most basic service in this area is persistent naming and location services (and infrastructure) that can resolve names to locations (i.e., URLs). The IETF has done considerable work in defining a syntax for Uniform Resource Identifiers (URIs), which are intended to be persistent name spaces administered by a wide range of agencies. URIs are resolved to URLs using resolver services; there are a number of different proposals for such resolver services, and some implementations exist such as the CNRI Handler Service. Many organizations are beginning to establish and manage URI namespaces, notably the publishing community with their Digital Object Identifier (DOI). however, there are many unresolved questions, such as how to most effectively deal with the situation where the resource named by a URI exists in multiple places on the network (e.g., find the "closest" mirror in terms of network connectivity and resource availability). There is a need for an extensive set of infrastructure around resolvers, including how resources are registered and identifiers are assigned, the ongoing management of data about the current location of resources that are identified by a specific URI, and the operation of sets of resolvers for various name spaces. Finally, given a URI, one needs to locate the resolver services that are connected with that namespace; the IETF has done initial work on resolution service location for URI namespaces.
也许这个领域最基本的服务是持久命名和位置服务(和基础设施),它可以将名称解析为位置(即URL)。IETF在为统一资源标识符(URI)定义语法方面做了大量工作,URI是由各种机构管理的持久名称空间。URI使用解析器服务解析为URL;对于这种解析器服务有许多不同的建议,并且存在一些实现,例如CNRI处理程序服务。许多组织正在开始建立和管理URI名称空间,特别是发布社区及其数字对象标识符(DOI)。但是,还有许多未解决的问题,例如如何最有效地处理由URI命名的资源存在于网络上多个位置的情况(例如,在网络连接和资源可用性方面查找“最近的”镜像)。需要围绕冲突解决程序建立一套广泛的基础设施,包括如何注册资源和分配标识符,对特定URI标识的资源当前位置相关数据的持续管理,以及对各种名称空间的冲突解决程序集的操作。最后,给定URI,需要定位与该名称空间连接的解析器服务;IETF已经完成了URI名称空间解析服务位置的初步工作。
URIs are intended to be processed primarily by machines; they are not intended to necessarily be easy to remember, though they are intended to be robust under transcription (not sensitive to whitespace, for example). More recently, the IETF has begun work on defining requirements for human friendly identifier systems that might be used to register and resolve mnemonic names.
URI主要由机器处理;它们并不一定容易记住,尽管它们在转录下是健壮的(例如,对空格不敏感)。最近,IETF已经开始定义人性化标识符系统的要求,这些系统可能用于注册和解析助记名称。
Another set of issues revolves around various types of metadata - descriptive, ratings, provenance, rights management, and the like, that may be associated with objects on the network. The Resource Description Framework (RDF) from the Worldwide Web Consortium (W3C) provides a syntax for attaching such descriptions to network objects and for encoding the descriptions; additional middleware work is needed to locate metadata associated with objects that may be stored in repositories, and to retrieve such metadata. Validation of metadata is a key issue, and both IETF and W3C are working on XML
另一组问题围绕着各种类型的元数据——可能与网络上的对象相关联的描述性元数据、评级元数据、出处元数据、权限管理元数据等等。来自世界网络联盟(W3C)的资源描述框架(RDF)提供了一种语法,用于将此类描述附加到网络对象并对描述进行编码;需要额外的中间件工作来定位与存储库中可能存储的对象相关联的元数据,并检索此类元数据。元数据的验证是一个关键问题,IETF和W3C都在研究XML
canonicalization algorithms that can be used in conjunction with public key infrastructure to sign metadata assertions. However, such an approach implies a complex set of trust relationships and hierarchies that will need to be managed, and policies that will need to be specified for the use of these trust relationships in retrieval.
规范化算法,可与公钥基础设施结合使用,对元数据断言进行签名。但是,这种方法意味着需要管理一组复杂的信任关系和层次结构,以及在检索中使用这些信任关系时需要指定的策略。
There is specific work going on in defining various types of metadata for applications such as rights management; ultimately this will imply the development of middleware services. It will also impact the use of directory, database, and similar services in the storage, access, and retrieval of this information. Similarly, there will be a need for services to connect descriptive metadata and identifiers (URNs).
正在为应用程序定义各种类型的元数据,例如权限管理;最终,这将意味着中间件服务的开发。它还将影响目录、数据库和类似服务在存储、访问和检索这些信息时的使用。类似地,将需要连接描述性元数据和标识符(URN)的服务。
(See also the NSF/ERCIM report on metadata research issues at http://www.ercim.org/publication/ws-proceedings/EU-NSF/metadata.html http://www.ercim.org/publication/ws-proceedings/EU-NSF/metadata.ps http://www.ercim.org/publication/ws-proceedings/EU-NSF/metadata.pdf
(See also the NSF/ERCIM report on metadata research issues at http://www.ercim.org/publication/ws-proceedings/EU-NSF/metadata.html http://www.ercim.org/publication/ws-proceedings/EU-NSF/metadata.ps http://www.ercim.org/publication/ws-proceedings/EU-NSF/metadata.pdf
Finally, there is a need for a set of middleware services which build upon the research work already integrated into services such as Archie and Harvest. These services permit the efficient extraction of metadata about the contents of network information objects and services without necessarily retrieving and inspecting those services. This includes the ability to dispatch "indexing agents" or "knowbots" that can run at a site to compute such indexing, under appropriate security and authentication constraints. In addition, a set of "push-based" broker services which aggregate, filter and collect metadata from multiple sites and provide them to interested applications are also required. Such services can provide a massive performance, quality, comprehensiveness and timeliness improvement for today's webcrawler-based indexing services.
最后,需要一组中间件服务,这些服务建立在已经集成到诸如Archie和Harvest等服务中的研究工作的基础上。这些服务允许有效提取有关网络信息对象和服务内容的元数据,而无需检索和检查这些服务。这包括在适当的安全和身份验证约束下,调度“索引代理”或“知识机器人”的能力,这些代理可以在站点上运行,以计算此类索引。此外,还需要一组“基于推送”的代理服务,用于聚合、过滤和收集来自多个站点的元数据,并将其提供给感兴趣的应用程序。这些服务可以为今天基于webcrawler的索引服务提供巨大的性能、质量、全面性和及时性改进。
As noted earlier, applications may need to explicitly request resources available in the network to meet their requirements for certain types of communication, or in order to provide service with an appropriate guarantee of one or metrics, such as bandwidth, jitter, latency, and loss. One type of request that has been the focus of much effort recently is for services beyond best effort, particularly with respect to services running over IP. This is particularly important for the advanced applications noted previously (e.g., visualization and teleimmersion) as well as the emerging importance of voice and video, especially voice and video operating with lower bandwidth or voice and video co-mingled with data. One perspective on this issue is to consider the effect of multiple drops
如前所述,应用程序可能需要明确请求网络中可用的资源,以满足其对特定类型通信的需求,或者为了提供具有一个或多个度量(例如带宽、抖动、延迟和丢失)的适当保证的服务。最近,一种备受关注的请求类型是对尽力而为之外的服务的请求,特别是对于在IP上运行的服务。这对于前面提到的高级应用(例如,可视化和远程沉浸)以及语音和视频的新兴重要性尤其重要,尤其是使用较低带宽或语音和视频与数据混合的语音和视频。这个问题的一个观点是考虑多个液滴的影响。
in a single RTT, which is catastrophic for TCP applications but may be of no special significance for real-time traffic. Providing for improved services can be accomplished through a variety of quality of service (QoS) and class of service (CoS) mechanisms. The first IETF model was the Integrated Services (IntServ) model, which used RSVP as the signaling mechanism. Since this model requires state in every router for every session and to manage the traffic flows, it is generally recognized to have scaling limits. However, it is very appropriate for certain situations.
在单个RTT中,这对于TCP应用程序来说是灾难性的,但对于实时流量来说可能没有特殊意义。提供改进的服务可以通过各种服务质量(QoS)和服务类别(CoS)机制来实现。第一个IETF模型是综合服务(IntServ)模型,它使用RSVP作为信令机制。由于该模型要求每个会话的每个路由器中都有状态,并且需要管理流量,因此通常认为它具有扩展限制。但是,它非常适合某些情况。
Differentiated Services, or DiffServ, grew out of a reaction against the perceived scalability problems with the IETF IntServ model. DiffServ is an architecture for implementing scalable service differentiation in the Internet. Scalability is achieved by aggregating traffic through the use of IP-layer packet marking. Packets are classified and marked to receive a particular per-hop forwarding behavior on nodes along their path. Sophisticated classification, marking, policing, and shaping operations need only be implemented at network boundaries or hosts. Network resources are allocated to traffic streams by service provisioning policies which govern how traffic is marked and conditioned upon entry to a differentiated services-capable network, and how that traffic is forwarded within that network. These simple PHBs are combined with a much larger number of policing policies enforced at the network edge to provide a broad and flexible range of services, without requiring state or complex forwarding decisions to be performed in the core and distribution layers.
区分服务(Differential Services,简称DiffServ)是针对IETF IntServ模型的可伸缩性问题做出的反应。DiffServ是一种用于在Internet上实现可扩展服务差异化的体系结构。可伸缩性是通过使用IP层数据包标记聚合流量来实现的。对数据包进行分类和标记,以在其路径上的节点上接收特定的每跳转发行为。复杂的分类、标记、管理和塑造操作只需要在网络边界或主机上实施。网络资源通过服务供应策略分配给流量流,服务供应策略控制流量在进入具有区分服务能力的网络时如何标记和调节,以及流量在该网络内如何转发。这些简单的PHB与在网络边缘强制实施的大量策略相结合,以提供广泛而灵活的服务范围,而无需在核心层和分发层执行状态或复杂的转发决策。
Recently, the idea of "tunneling" RSVP over a DiffServ-capable network has generated significant interest. This attempts to combine the best features of both IntServ and DiffServ while mitigating the disadvantages of each. This in turn has led the IETF to study ways to ensure that Differv and Inteserv can not only coexist, but are also interoperable.
最近,在具有区分服务能力的网络上“隧道”RSVP的想法引起了极大的兴趣。这试图将IntServ和DiffServ的最佳特性结合起来,同时缓解两者的缺点。这反过来又促使IETF研究如何确保Differv和Inteserv不仅可以共存,而且可以互操作。
The practical realization of either or both architectures depends on many middleware components, some of which are described in this document. The workshop discussion mainly focused on DiffServ mechanisms and on what effect such mechanisms would have on middleware and its ability to monitor and manage the network infrastructure for the benefit of the applications. Both IntServ and DiffServ only fully make sense if linked to a policy mechanism. This mechanism must be able to make policy decisions, detect and resolve conflicts in policies, and enforce and monitor policies.
其中一种或两种体系结构的实际实现取决于许多中间件组件,本文档中描述了其中一些组件。研讨会的讨论主要集中在区分服务机制以及这些机制对中间件的影响,以及中间件为应用程序的利益而监控和管理网络基础设施的能力。只有链接到策略机制时,IntServ和DiffServ才完全有意义。该机制必须能够做出策略决策、检测和解决策略中的冲突,以及执行和监控策略。
Workshop participants almost unanimously agreed that they also required a scalable inter-domain resource manager (e.g., a bandwidth broker). Currently, if an RSVP session is run, each router along a
研讨会参与者几乎一致认为,他们还需要一个可扩展的域间资源管理器(例如,带宽代理)。当前,如果运行RSVP会话,则每个路由器将沿着
path becomes involved, with flow policing at each hop. Bandwidth Broker models include the bandwidth broker, a policy decision point (which makes admission control and policy decisions) and the policy enforcement points (i.e., edge routers) which provide for policing at the first hop and for remarking aggregate flows so that subsequent routers need only deal with the aggregate flows.
路径变得复杂,每个跃点都有流量监控。带宽代理模型包括带宽代理、策略决策点(进行准入控制和策略决策)和策略实施点(即边缘路由器),它们提供在第一跳时的策略管理和标记聚合流,以便后续路由器只需要处理聚合流。
IETF protocols that could be used to implement a Bandwidth Broker model (e.g., COPS, Diameter, and others) were also discussed. The Diameter protocol is interesting in this context, because it provides set up mechanisms for basic network resource allocations and reallocations, as well as optional allocations.- All of these can be used for various types of bandwidth broker implementations, including those directed at QoS, using RSVP type information. Diameter currently does not provide path information, but instead relies on network pathway information established at ingress and egress nodes. However, the status of Diameter is still open in the IETF.
还讨论了可用于实现带宽代理模型的IETF协议(例如COPS、Diameter等)。Diameter协议在这种情况下很有趣,因为它为基本网络资源分配和重新分配以及可选分配提供了设置机制。-所有这些都可以用于各种类型的带宽代理实现,包括使用RSVP类型信息的QoS实现。Diameter目前不提供路径信息,而是依赖于在入口和出口节点建立的网络路径信息。然而,Diameter的状态在IETF中仍然是开放的。
COPS was initially developed as a mechanism for establishing RSVP policy within a domain and remains intra-domain centric. It is a useful intra-domain mechanism for allocating bandwidth resources within a policy context. Work is now being conducted to use COPS for establishing policy associated with a DiffServ-capable network. COPS is designed to facilitate communication between the PDP and the PEP, carrying policy decisions and other information.
COPS最初是作为一种机制开发的,用于在域内建立RSVP策略,并保持以域内为中心。它是一种有用的域内机制,用于在策略上下文中分配带宽资源。目前正在开展工作,以使用COP建立与具有区分服务功能的网络相关的策略。COP旨在促进PDP和政治公众人物之间的沟通,传达政策决策和其他信息。
To implement any type of Bandwidth Broker model, it is necessary to establish a mechanism for policy exchanges. The Internet2's Qbone working group is currently working to define a prototype inter-domain bandwidth broker signaling protocol. This work is being coordinated with IETF efforts.
要实现任何类型的带宽代理模型,必须建立策略交换机制。Internet2的Qbone工作组目前正致力于定义域间带宽代理信令协议的原型。这项工作正在与IETF的工作进行协调。
Another mechanism is required for traffic shaping and SLA policing and enforcement. One mechanism is fair queuing in its various forms, which has been described as TDM emulation without the time and space components. Techniques have been used for several years for fair queuing for low speed lines. For DS-3 with 40 byte packets and OC-3c speeds with 200-byte packets, weighted fair queuing uses a deficit round-robin algorithm that allows it to scale. It is capable of flow discrimination based on stochastically hashing the flows. An additional expansion of this technique is to preface this technique with class indicators. Currently, classification techniques are based on IP precedence. However, classification will soon be achieved in many routers using Diffserv code points (DSCPs) to specify the type of conditioning to be applied. The complete requirements of policing for DiffServ implementations, e.g., via bandwidth brokers, have not yet been fully explored or defined.
需要另一种机制来进行流量整形、SLA监管和执行。一种机制是各种形式的公平排队,它被描述为没有时间和空间成分的TDM仿真。多年来,低速线路的公平排队技术一直在使用。对于具有40字节数据包的DS-3和具有200字节数据包的OC-3c速度,加权公平队列使用允许其扩展的赤字循环算法。它能够基于流的随机散列进行流鉴别。这项技术的另一个扩展是在这项技术之前添加类指示符。目前,分类技术是基于IP优先级的。然而,分类将很快在许多路由器中实现,使用区分服务码点(DSCP)来指定要应用的条件类型。对于区分服务实现(例如,通过带宽代理)的完整监管要求尚未得到充分探索或定义。
Network monitoring capabilities (i.e., querying the network for state information on a micro and macro level) that support middleware and application services were identified as a core requirement. In fact, a network instrumentation and measurement infrastructure, upon which a set of intelligent network management middleware services can be built, is absolutely critical.
支持中间件和应用程序服务的网络监控功能(即在微观和宏观层面上查询网络状态信息)被确定为核心需求。事实上,网络仪表和测量基础设施是绝对关键的,在此基础上可以构建一组智能网络管理中间件服务。
Current mechanisms (e.g. ICMP, SNMP) were not deemed robust enough for middleware and applications developers to determine the state of the network, or to verify that they were receiving the specific type of treatment they had requested. This was judged especially true of a network providing QoS or CoS. Indeed, it is not at all clear that SNMP, for example, is even the right architectural model for middleware to use to enable applications to determine the state of the network. Other capabilities, such as OcxMon, RTFM, new MIBs, and active measurement techniques (e.g., IPPM one-way delay metrics) need to be made available to middleware services and applications.
目前的机制(如ICMP、SNMP)被认为不够稳健,中间件和应用程序开发人员无法确定网络状态,也无法验证他们是否收到了他们所请求的特定类型的治疗。对于提供QoS或CoS的网络来说,这一点尤其正确。事实上,现在还不清楚SNMP是否是中间件用来让应用程序确定网络状态的正确体系结构模型。其他功能,如OcxMon、RTFM、新mib和主动测量技术(如IPPM单向延迟度量)需要提供给中间件服务和应用程序。
The provisioning of differentiated services takes the Internet one step away from its "dumb" best effort status. As the complexity of the network increases (e.g. VPNs, QoS, CoS, VoIP, etc.), more attention must be paid to providing the end-user/customer or network administrator with the tools they require to securely and dynamically manage an adaptable network infrastructure. Differentiated services means that theoretically some traffic gets better service than other traffic; subsequently, one can expect to pay for better service, which means that accounting and billing services will be one of the important middleware core components that others will rely upon. The model and protocols necessary to accomplish this are not developed yet.
提供差异化服务使互联网从“愚蠢”的尽力而为状态中走了一步。随着网络复杂性的增加(如VPN、QoS、CoS、VoIP等),必须更加注意为最终用户/客户或网络管理员提供安全、动态管理适应性网络基础设施所需的工具。区分服务是指理论上某些流量比其他流量得到更好的服务;随后,人们可以期望为更好的服务付费,这意味着会计和计费服务将是其他人将依赖的重要中间件核心组件之一。实现这一点所需的模型和协议尚未开发。
The IETF's AAA working group is focusing on the requirements for supporting authentication, authorization, accounting, and auditing of access to and services provided by network resource managers (e.g., bandwidth brokers). These processes constitute an important security infrastructure that will be relied upon by middleware and applications. However, these components are only basic security components. A public key infrastructure (PKI) was identified as a crucial security service infrastructure component. For example, the PKI will be required to support the transitivity of authentication, authorization, and access control and, where appropriate, accounting and billing. It was noted that, except for issues dealing with group security and possibly more efficient and simple management, there are no real technical challenges preventing the wide scale deployment of a PKI support structure at this time. Instead, the main obstacles to overcome are mostly political and economic in nature. However,
IETF的AAA工作组专注于支持对网络资源管理器(如带宽代理)的访问和服务的认证、授权、记帐和审核的需求。这些过程构成了中间件和应用程序将依赖的重要安全基础设施。但是,这些组件只是基本的安全组件。公钥基础设施(PKI)被确定为重要的安全服务基础设施组成部分。例如,PKI将被要求支持身份验证、授权和访问控制的传递性,并在适当情况下支持记帐和计费。有人指出,除了涉及集团安全和可能更有效、更简单的管理的问题外,目前不存在妨碍大规模部署PKI支持结构的真正技术挑战。相反,需要克服的主要障碍主要是政治和经济性质的。然而
additional middleware may be required to better facilitate a PKI. That being said, some people believe that we do have some large technical security challenges, revocation lists and security with respect to changing group memberships being two examples.
可能需要额外的中间件来更好地促进PKI。尽管如此,一些人认为我们确实存在一些重大的技术安全挑战,撤销列表和更改组成员身份方面的安全就是两个例子。
Middleware and security support is also required for newer applications (e.g., proxy agents that would act on a process or application's behalf and gather the necessary certificates for access and using resources). A particularly difficult example is remote collaboration. Accessing a particular resource may require a user and/or application to gather certificates from more than one policy-controlling agent. It is also true that an entity may have various identities that are dependent on the task they are performing (usage or role based) or the context of the application. In order for the PKI to become truly functional on a ubiquitous level, there needs to exist a set of independent signing authorities that can vouch for the top-level certificate authorities.
较新的应用程序也需要中间件和安全支持(例如,代理代理将代表流程或应用程序,并收集访问和使用资源所需的证书)。一个特别困难的例子是远程协作。访问特定资源可能需要用户和/或应用程序从多个策略控制代理收集证书。同样,实体可能具有各种标识,这些标识取决于其执行的任务(基于用途或角色)或应用程序的上下文。为了使PKI在普遍存在的级别上真正发挥作用,需要存在一组独立的签名机构,可以为顶级证书机构提供担保。
There are also higher-level middleware services which will build on public key infrastructure, notary services and provenance verification. As we move from a relatively dumb network (e.g. best effort IP) to an Internet with embedded intelligence (e.g., DiffServ, IntServ, bandwidth brokers, directory-enabled networks, etc.), the secure exchange of information will become even more important. In addition, as we start to provide differentiated services, accounting and statistics gathering will become much more important. We also need to provide for the integrity and security of collecting, analyzing, and transporting network management and monitoring information. And the issues of data privacy and integrity, along with addressing denial of service and non-repudiation, cannot be ignored.
还有更高级别的中间件服务,它们将构建在公钥基础设施、公证服务和来源验证之上。随着我们从一个相对哑的网络(如尽力而为的IP)转向一个具有嵌入式智能的互联网(如DiffServ、IntServ、带宽代理、目录启用网络等),信息的安全交换将变得更加重要。此外,随着我们开始提供差异化服务,会计和统计数据收集将变得更加重要。我们还需要提供收集、分析和传输网络管理和监控信息的完整性和安全性。数据隐私和完整性问题以及拒绝服务和不可否认性问题不容忽视。
Network management capabilities were identified as being paramount to the success of middleware deployment, and subsequently to the success of the application. Many of the issues addressed here are not part of standard NOC operations. In a more complex world of QoS, CoS, and micro prioritization, reactions to network failures must be handled differently than current procedures. Allocations are more dynamic, especially additions, deletions, and changes with additional sets of requirements, such as priorities and new types of inter-domain interactions. These will inevitably increase the complexity of network management.
网络管理能力被认为是中间件部署成功以及应用程序成功的关键。这里讨论的许多问题不是国家奥委会标准运作的一部分。在一个更加复杂的QoS、CoS和微优先级的世界中,对网络故障的反应必须以不同于当前程序的方式处理。分配更具动态性,尤其是添加、删除和更改,以及附加的需求集,例如优先级和新类型的域间交互。这些将不可避免地增加网络管理的复杂性。
There are many microscopic and macroscopic network management projects focusing on making both active and passive network statistics and information available to end-users. Current visual
有许多微观和宏观的网络管理项目侧重于向最终用户提供主动和被动网络统计数据和信息。当前视觉
debugging and analysis capabilities (e.g., those developed by NLANR/CAIDA) are crucial tools for network administrators and designers for understanding their networks. In addition, current network management techniques and mechanisms, which were designed for network designers and managers, need to be adapted to provide a dynamic and relevant set of information to the middleware or application service software. This will allow the programs to dynamically adapt to the changing state of the network infrastructure while ensuring the integrity and security of the network and other resources.
调试和分析功能(例如,NLANR/CAIDA开发的功能)是网络管理员和设计师了解其网络的关键工具。此外,为网络设计者和管理者设计的当前网络管理技术和机制需要进行调整,以便为中间件或应用程序服务软件提供一组动态和相关的信息。这将允许程序动态地适应网络基础设施不断变化的状态,同时确保网络和其他资源的完整性和安全性。
Another aspect of network management that has not received the necessary attention, is the need for modeling and analysis tools for network and middleware designers. CIM and DEN show great promise in providing a common framework for modeling the management of network elements and services as well as users, applications, and other resources of the network. Undoubtedly, middleware designers will place new requirements on CIM and DEN that will cause these approaches to evolve.
网络管理的另一个没有得到必要关注的方面是,需要为网络和中间件设计者提供建模和分析工具。CIM和DEN在为网络元素和服务以及用户、应用程序和其他网络资源的管理建模提供公共框架方面显示出巨大的潜力。毫无疑问,中间件设计者将对CIM和DEN提出新的要求,这将导致这些方法的发展。
IP multicast - that is, the routing and forwarding of mutlicast packets in an IP-based network, is in the view of the workshop part of the basic network infrastructure. The Internet Group Multicast Protocol, which manages the joining and leaving of multicast groups, could also be considered a basic network service. However, there is a tremendous need for middleware services to make multicast useable for various applications, much like TCP played a key role in making IP applications useable. Specifically, one might reasonably want middleware services to provide authenticated control of multicast services. Examples of these services include the creation and joining of multicast groups, multicast address management, multicast channel directories (there has already been considerable work in this area), various forms of reliable multicast services (this has been an IRTF research area), and to secure multicast groups through various cryptographic strategies. In addition, because of the large impact that multicast can have on a network, multicast management middleware services, particularly in conjunction with QoS, will be needed, as will services to link together multicasting within various networks that do not directly interchange multicast routing information. It should be noted, however, that several security issues with multicast, especially groups with dynamic membership policies, still need to be resolved.
IP多播-即在基于IP的网络中路由和转发多播数据包,是基本网络基础设施的车间部分。Internet组多播协议管理多播组的加入和离开,也可以被视为一种基本的网络服务。然而,有一个巨大的需求中间件服务,使多播可用于各种应用程序,就像TCP发挥了关键作用,使IP应用程序可用。具体地说,人们可能合理地希望中间件服务提供对多播服务的认证控制。这些服务的示例包括多播组的创建和加入、多播地址管理、多播信道目录(在该领域已经有大量工作)、各种形式的可靠多播服务(这一直是IRTF的研究领域),以及通过各种密码策略保护多播组。此外,由于多播可能对网络产生巨大影响,因此将需要多播管理中间件服务,特别是与QoS结合使用的服务,以及将不直接交换多播路由信息的各种网络内的多播链接在一起的服务。但是,应该注意,多播的几个安全问题,特别是具有动态成员身份策略的组,仍然需要解决。
Java was chosen as an example of a heterogeneous runtime support system for the sake of discussion as to whether it could be qualified as a development language particularly suitable for the development of middleware. The consensus was that the Java language and compilers are important in the current distributed model of the Internet and for the support of middleware (i.e., middleware written using Java). Also, a virtual Java machine located on a system can be considered middleware as much as any operating system or network operating systems would be considered middleware. Jini middleware technology not only defines a set of protocols for discovery, join, and lookup, but also a leasing and transaction mechanism to provide resilience in a dynamic networked environment. Java and Jini will be dependent on a functioning PKI, especially for signed applets. That being said, there are security concerns with both Java and Jini that need to be addressed, such as allowing the downloading of applets and servlets.
选择Java作为异构运行时支持系统的示例,是为了讨论它是否可以作为一种特别适合中间件开发的开发语言。大家一致认为,Java语言和编译器在当前的Internet分布式模型中以及在支持中间件(即使用Java编写的中间件)方面非常重要。此外,位于系统上的虚拟Java机器可以被视为中间件,就像任何操作系统或网络操作系统都可以被视为中间件一样。Jini中间件技术不仅定义了一组用于发现、连接和查找的协议,还定义了一种租赁和事务机制,以在动态网络环境中提供弹性。Java和Jini将依赖于运行正常的PKI,特别是对于已签名的小程序。话虽如此,Java和Jini都存在需要解决的安全问题,例如允许下载小程序和servlet。
This document is a report of a workshop in which security was a common theme, as can be seen by the references to security through out the document; but the workshop did not reach any specific recommendations for new security-related terminology.
本文件是一次研讨会的报告,在研讨会上,安全是一个共同的主题,从文件中对安全的提及可以看出这一点;但研讨会没有就新的安全相关术语达成任何具体建议。
Middleware may have components and services that only exist in the persistent infrastructure, but it will also have components that enable and support end-to-end (i.e. application to application or host to host) interaction across multiple autonomous administrative domains. A set of core persistent middleware services is required to support the development of a richer set of middleware services which can be aggregated or upon which applications will be based (e.g., an onion or layered model). This set of core middleware services will help applications leverage the services and capabilities of the underlying network infrastructure, along with enabling applications to adjust in changes to the network. The particular set of such services utilized by an application or process will be a function of the requirements of the application field or affinity group (e.g., network management or high energy physics applications) wishing to utilize the network or distributed data/computation infrastructure. This document discusses some of the basic and core middleware services, which include, but are not limited to: directories, name/address resolution services, security services (i.e., authentication, authorization, accounting, and access control), network management, network monitoring, time servers, and accounting. Network level capabilities, such as multicast and DiffServ, are not
中间件可能具有仅存在于持久性基础架构中的组件和服务,但它也将具有支持跨多个自治管理域的端到端(即应用程序到应用程序或主机到主机)交互的组件。需要一组核心持久性中间件服务来支持更丰富的中间件服务集的开发,这些服务集可以聚合或基于应用程序(例如,洋葱或分层模型)。这组核心中间件服务将帮助应用程序利用底层网络基础设施的服务和功能,同时使应用程序能够根据网络的变化进行调整。应用程序或过程使用的这类服务的特定集合将是希望利用网络或分布式数据/计算基础设施的应用领域或亲缘组(例如,网络管理或高能物理应用)的需求的函数。本文档讨论一些基本和核心中间件服务,包括但不限于:目录、名称/地址解析服务、安全服务(即身份验证、授权、记帐和访问控制)、网络管理、网络监控、时间服务器和记帐。网络级别的功能,如多播和区分服务,不受限制
classified as middleware; rather, they are enabling infrastructure services upon which middleware will be built or which middleware may use and manage. A second level of important middleware services, which builds upon these core set of services, may include accounting/billing, resource managers, single sign-on services, globally unique names, metadata servers, and locators.
分类为中间件;相反,他们正在启用基础设施服务,在这些基础设施服务上将构建中间件,或者可以使用和管理中间件。基于这些核心服务集的第二级重要中间件服务可能包括记帐/计费、资源管理器、单点登录服务、全局唯一名称、元数据服务器和定位器。
A recognized goal is to provide a set of middleware services that enable access to and management of the underlying network infrastructure and support applications wishing to make use of that network-based infrastructure. It appears necessary to agree to a framework of services for the support, provisioning and operations, and management of the network. Today, we have piecemeal activities already being pursued in various standards organizations. These include efforts in the IETF and DMTF (e.g., AAA, Policy Framework, DiffServ, DEN, CIM, etc.), as well as in the advanced application environments (e.g., Grid Forum, the PACIs, NGI, Internet2, etc.). Both of these efforts require the integration and management of many infrastructure components, not just networks; however, we have no overall framework that pulls all of these together, or a mechanism to coordinate all of these activities. We are just embarking on the development of a rich plan of middleware services. Consequently, we have a lot of work yet to be done. For instance, as we move into an electronic persistent presence (EPP) environment where multiple instances of an identity or person (or even their proxy agents) are supported, we will require enhanced locator and brokering services. The directory (e.g., DNS or X.500) and locator services of today may not be appropriate for this task.
一个公认的目标是提供一组中间件服务,支持对底层网络基础设施的访问和管理,并支持希望利用基于网络的基础设施的应用程序。似乎有必要就网络的支持、供应、运营和管理达成一致。今天,我们已经在各种标准组织中开展零碎的活动。其中包括IETF和DMTF(如AAA、政策框架、DiffServ、DEN、CIM等)以及高级应用环境(如网格论坛、PACIs、NGI、Internet2等)中的工作。这两项工作都需要集成和管理许多基础设施组件,而不仅仅是网络;然而,我们没有将所有这些活动结合在一起的总体框架,也没有协调所有这些活动的机制。我们刚刚开始开发丰富的中间件服务计划。因此,我们还有很多工作要做。例如,随着我们进入一个电子持久存在(EPP)环境,其中支持身份或个人(甚至其代理)的多个实例,我们将需要增强的定位器和代理服务。今天的目录(如DNS或X.500)和定位服务可能不适合此任务。
One goal of the workshop was to identify research and development areas in middleware that federal agencies and industry may choose to support. The workshop highlighted a few areas that may benefit from additional R&D support. These areas include, but are not limited to:
研讨会的一个目标是确定联邦机构和行业可能选择支持的中间件研发领域。研讨会强调了几个可能受益于额外研发支持的领域。这些领域包括但不限于:
- inter-domain resource management architecture and protocols (e.g., inter-domain bandwidth brokers) - resource languages that describe and enable the management of a wide variety of resources (e.g., networks, data bases, storage, online facilities, etc. - avoiding deadlock and ensuring efficiency with resource managers - network management tools and APIs that provide macroscopic and microscopic real-time infrastructure - information to middleware services and applications (not just MIBs and SNMP access) - domain and inter-domain accounting and billing - monitoring and verification services of contracted infrastructure services - enhanced locators that can locate resources and resource managers
- 域间资源管理体系结构和协议(例如,域间带宽代理)-描述并支持管理各种资源的资源语言(例如,网络、数据库、存储、在线设施等-避免死锁并确保资源管理器的效率-提供宏观和微观实时基础设施的网络管理工具和API-中间件服务和应用程序的信息(不仅仅是MIB和SNMP访问)-域和域间记帐和计费-合同基础设施服务的监控和验证服务-可定位资源和资源管理器的增强定位器
- cross administrative policy negotiation and authentication - middleware bypass (i.e. access to raw system or network resources metadata (i.e., data that is used to describe data found in directories or exchanged between services such as resource managers, PDPs, PEPs, directories, accounting and billing services, etc.) - middleware support for mobile or nomadic use - support for availability of resources (i.e. replication and load balancing
- 跨管理策略协商和身份验证-中间件旁路(即访问原始系统或网络资源元数据(即用于描述目录中的数据或在资源管理器、PDP、PEP、目录、记帐和计费服务等服务之间交换的数据)-支持移动或游牧使用的中间件-支持资源可用性(即复制和负载平衡
This workshop was just one small step in identifying relevant middleware topics, technologies and players. Even though this workshop did not arrive at a consensual definition of middleware, it did identify the need for additional work. Specifically, further work is needed to identify and qualify middleware services for specific affinity groups (e.g. Internet2, Education, the PACIs, Grids, etc.) as well as to define a macroscopic framework that incorporates the middleware work of the IETF, DMTF and other relevant organizations such as the Grid Forum.
本次研讨会只是确定相关中间件主题、技术和参与者的一小步。尽管本次研讨会没有就中间件的定义达成一致意见,但它确实确定了额外工作的必要性。具体而言,需要进一步的工作来确定和鉴定特定亲缘团体(如Internet2、教育、PACIs、网格等)的中间件服务,并定义一个宏观框架,该框架包含IETF、DMTF和其他相关组织(如网格论坛)的中间件工作。
Deb Agarwal <deba@george.lbl.gov>, Bob Aiken <raiken@cisco.com>, Guy Almes <almes@internet2.edu>, Chase Bailey <chase@cisco.com>, Fred Baker <fred@cisco.com>, Pete Beckman <beckman@lanl.gov>, Javad Boroumand <jborouma@nsf.gov>, Scott Bradner <sob@harvard.edu>, George Brett <ghbrett@mindspring.com>, Rich Carlson <racarlson@anl.gov>, Brian Carpenter <bcarpent@uk.ibm.com>, Charlie Catlett <catlett@ncsa.uiuc.edu>, Bill Cheng <wtcheng@us.ibm.com>, Kim Claffy <kc@caida.org>, Bill Decker <Wdecker@nsf.gov>, Christine Falsetti <cfalsetti@arc.nasa.gov>, Ian Foster <foster@mcs.anl.gov>, Andrew Grimshaw <grimshaw@cs.virginia.edu>, Ed Grossman <egrossma@ncsa.uiuc.edu>, Ted Hanss <ted@internet2.edu>, Ron Hutchins <ron@oit.gatech.edu>, Larry Jackson <jackson@ncsa.uiuc.edu>, Bill Johnston <Wejohnston@lbl.gov>, Juerg von Kaenel <jvk@us.ibm.com>, Miron Livny <miron@cs.wisc.edu>, Cliff Lynch <cliff@cni.org>, Joel Mambretti <j-mambretti@nwu.edu>, Reagan Moore <moore@sdsc.edu>, Klara Nahstedt <klara@cs.uiuc.edu>, Mike Nelson <mrn@us.ibm.com>, Bill Nitzberg <nitzberg@nas.nasa.gov>, Hilarie Orman <ho@darpa.mil>, John Schnizlein <jschnizl@cisco.com>, Rick Stevens <stevens@mcs.anl.gov>, John Strassner <johns@cisco.com>, Ben Teitelbaum <ben@advanced.org>, George Vanecek <g.vanecek@att.com>, Ken Klingenstein <Ken.Klingenstein@Colorado.EDU>, Arvind Krishna <akrishna@us.ibm.com>, Dilip Kandlur <kandlur@us.ibm.com
Deb Agarwal <deba@george.lbl.gov>, Bob Aiken <raiken@cisco.com>, Guy Almes <almes@internet2.edu>, Chase Bailey <chase@cisco.com>, Fred Baker <fred@cisco.com>, Pete Beckman <beckman@lanl.gov>, Javad Boroumand <jborouma@nsf.gov>, Scott Bradner <sob@harvard.edu>, George Brett <ghbrett@mindspring.com>, Rich Carlson <racarlson@anl.gov>, Brian Carpenter <bcarpent@uk.ibm.com>, Charlie Catlett <catlett@ncsa.uiuc.edu>, Bill Cheng <wtcheng@us.ibm.com>, Kim Claffy <kc@caida.org>, Bill Decker <Wdecker@nsf.gov>, Christine Falsetti <cfalsetti@arc.nasa.gov>, Ian Foster <foster@mcs.anl.gov>, Andrew Grimshaw <grimshaw@cs.virginia.edu>, Ed Grossman <egrossma@ncsa.uiuc.edu>, Ted Hanss <ted@internet2.edu>, Ron Hutchins <ron@oit.gatech.edu>, Larry Jackson <jackson@ncsa.uiuc.edu>, Bill Johnston <Wejohnston@lbl.gov>, Juerg von Kaenel <jvk@us.ibm.com>, Miron Livny <miron@cs.wisc.edu>, Cliff Lynch <cliff@cni.org>, Joel Mambretti <j-mambretti@nwu.edu>, Reagan Moore <moore@sdsc.edu>, Klara Nahstedt <klara@cs.uiuc.edu>, Mike Nelson <mrn@us.ibm.com>, Bill Nitzberg <nitzberg@nas.nasa.gov>, Hilarie Orman <ho@darpa.mil>, John Schnizlein <jschnizl@cisco.com>, Rick Stevens <stevens@mcs.anl.gov>, John Strassner <johns@cisco.com>, Ben Teitelbaum <ben@advanced.org>, George Vanecek <g.vanecek@att.com>, Ken Klingenstein <Ken.Klingenstein@Colorado.EDU>, Arvind Krishna <akrishna@us.ibm.com>, Dilip Kandlur <kandlur@us.ibm.com
Please see http://www.mcs.anl.gov/middleware98 for copies of the slides presented at the workshop as well as a list of related URLs on applications, middleware and network services.
请看http://www.mcs.anl.gov/middleware98 获取研讨会上演示的幻灯片副本以及应用程序、中间件和网络服务的相关URL列表。
Editor: Bob Aiken EMail: raiken@cisco.com
编辑:Bob Aiken电子邮件:raiken@cisco.com
Authors:
作者:
Bob Aiken Cisco Systems, Inc. 6519 Debold Rd. Sabillasville, Md. 21780 USA
Bob Aiken Cisco Systems,Inc.美国马里兰州萨比拉斯维尔德博尔德路6519号,邮编:21780
Phone: +1 301 271 2919 EMail: raiken@cisco.com
Phone: +1 301 271 2919 EMail: raiken@cisco.com
John Strassner Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134
约翰·斯特拉斯纳思科系统公司,加利福尼亚州圣何塞市西塔斯曼大道170号,邮编95134
Phone: +1 408 527 1069 EMail: johns@cisco.com
Phone: +1 408 527 1069 EMail: johns@cisco.com
Brian E. Carpenter IBM United Kingdom Laboratories MP 185, Hursley Park Winchester, Hampshire SO21 2JN, UK
Brian E.Carpenter IBM英国实验室MP 185,英国汉普郡温彻斯特赫斯利公园SO21 2JN
EMail: brian@hursley.ibm.com
EMail: brian@hursley.ibm.com
Ian Foster Argonne National Laboratory The University of Chicago Argonne, IL 60439 USA
伊恩福斯特阿贡国家实验室,芝加哥大学阿贡,IL 60439美国
Phone: +1 630 252 4619 EMail: foster@mcs.anl.gov
Phone: +1 630 252 4619 EMail: foster@mcs.anl.gov
Clifford Lynch Coalition for Networked Information 21 Dupont Circle Washington, DC 20036
Clifford Lynch网络信息联盟21杜邦圈华盛顿特区20036
Phone: +1 202 296 5098 EMail: cliff@cni.org
Phone: +1 202 296 5098 EMail: cliff@cni.org
Joe Mambretti International Center for Advanced Internet Research 1890 Maple, Suite 150 Northwestern University, Evanston, Illinois 60201
乔·曼布雷蒂国际高级互联网研究中心1890年美国伊利诺伊州埃文斯顿西北大学枫树150室60201
Phone: +1 847 467 3911 EMail: j-mambretti@nwu.edu
Phone: +1 847 467 3911 EMail: j-mambretti@nwu.edu
Reagan Moore University of California, San Diego NPACI/SDSC, MC 0505 9500 Gilman Drive La Jolla, CA 92093-0505 USA
里根穆尔加利福尼亚大学,圣地亚哥NPACI/SDSC,MC 0505 9500吉尔曼驱动拉霍拉,CA 92093-0505美国
EMail: moore@sdsc.edu
EMail: moore@sdsc.edu
Benjamin Teitelbaum Advanced Networks & Services, Inc.
Benjamin Teitelbaum高级网络与服务公司。
EMail: ben@internet2.edu
EMail: ben@internet2.edu
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。