Network Working Group S. Sun Request for Comments: 3650 L. Lannom Category: Informational B. Boesch CNRI November 2003
Network Working Group S. Sun Request for Comments: 3650 L. Lannom Category: Informational B. Boesch CNRI November 2003
Handle System Overview
手柄系统概述
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
IESG Note
IESG注释
Several groups within the IETF and IRTF have discussed the Handle System and its relationship to existing systems of identifiers. The IESG wishes to point out that these discussions have not resulted in IETF consensus on the described Handle System, nor on how it might fit into the IETF architecture for identifiers. Though there has been discussion of handles as a form of URI, specifically as a URN, these documents describe an alternate view of how namespaces and identifiers might work on the Internet and include characterizations of existing systems which may not match the IETF consensus view.
IETF和IRTF中的几个小组讨论了句柄系统及其与现有标识符系统的关系。IESG希望指出,这些讨论并没有导致IETF就所述句柄系统达成共识,也没有导致IETF如何将其纳入IETF标识符体系结构。尽管已经讨论过句柄作为URI的一种形式,特别是作为URN,但这些文档描述了名称空间和标识符在Internet上如何工作的另一种视图,并包括可能与IETF一致性视图不匹配的现有系统的特征。
Abstract
摘要
This document provides an overview of the Handle System in terms of its namespace and service architecture, as well as its relationship to other Internet services such as DNS, LDAP/X.500, and URNs. The Handle System is a general-purpose global name service that allows secured name resolution and administration over networks such as the Internet. The Handle System manages handles, which are unique names for digital objects and other Internet resources.
本文档概述了Handle系统的名称空间和服务体系结构,以及它与其他Internet服务(如DNS、LDAP/X.500和URNs)的关系。Handle System是一种通用的全局名称服务,允许通过Internet等网络进行安全的名称解析和管理。句柄系统管理句柄,句柄是数字对象和其他Internet资源的唯一名称。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Motivations. . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Handle Namespace . . . . . . . . . . . . . . . . . . . . . . . 7 4. Handle System Architecture . . . . . . . . . . . . . . . . . . 8 5. Handle System Security . . . . . . . . . . . . . . . . . . . . 11 6. The Handle System and other Internet Services. . . . . . . . . 12 6.1. Domain Name Service (DNS). . . . . . . . . . . . . . . . 13 6.2. Directory Services (X.500/LDAP). . . . . . . . . . . . . 13 6.3. Uniform Resource Identifier (URI)/Uniform Resource Name (URN). . . . . . . . . . . . . . . . . . . . . . . . . . 14 7. Security Considerations. . . . . . . . . . . . . . . . . . . . 15 7.1. General Security Practice. . . . . . . . . . . . . . . . 15 7.2. Privacy Protection . . . . . . . . . . . . . . . . . . . 16 7.3. Caching and Proxy Servers. . . . . . . . . . . . . . . . 16 7.4. Mirroring. . . . . . . . . . . . . . . . . . . . . . . . 17 7.5. Denial of Service (DoS). . . . . . . . . . . . . . . . . 17 8. History of the Handle System . . . . . . . . . . . . . . . . . 18 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 10. References and Bibliography. . . . . . . . . . . . . . . . . . 19 11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 20 12. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 21
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Motivations. . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Handle Namespace . . . . . . . . . . . . . . . . . . . . . . . 7 4. Handle System Architecture . . . . . . . . . . . . . . . . . . 8 5. Handle System Security . . . . . . . . . . . . . . . . . . . . 11 6. The Handle System and other Internet Services. . . . . . . . . 12 6.1. Domain Name Service (DNS). . . . . . . . . . . . . . . . 13 6.2. Directory Services (X.500/LDAP). . . . . . . . . . . . . 13 6.3. Uniform Resource Identifier (URI)/Uniform Resource Name (URN). . . . . . . . . . . . . . . . . . . . . . . . . . 14 7. Security Considerations. . . . . . . . . . . . . . . . . . . . 15 7.1. General Security Practice. . . . . . . . . . . . . . . . 15 7.2. Privacy Protection . . . . . . . . . . . . . . . . . . . 16 7.3. Caching and Proxy Servers. . . . . . . . . . . . . . . . 16 7.4. Mirroring. . . . . . . . . . . . . . . . . . . . . . . . 17 7.5. Denial of Service (DoS). . . . . . . . . . . . . . . . . 17 8. History of the Handle System . . . . . . . . . . . . . . . . . 18 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 10. References and Bibliography. . . . . . . . . . . . . . . . . . 19 11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 20 12. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 21
This document provides an overview of the Handle System, a distributed information system designed to provide an efficient, extensible, and secured global name service for use on networks such as the Internet. The Handle System includes an open protocol, a namespace, and a reference implementation of the protocol. The protocol enables a distributed computer system to store names, or handles, of digital resources and resolve those handles into the information necessary to locate, access, and otherwise make use of the resources. These associated values can be changed as needed to reflect the current state of the identified resource without changing the handle. This allows the name of the item to persist over changes of location and other current state information. Each handle may have its own administrator(s) and administration can be done in a distributed environment. The Handle System supports secured handle resolution. Security services such as data confidentiality, data integrity, and non-repudiation are provided upon client request.
本文档概述了Handle系统,这是一种分布式信息系统,旨在提供一种高效、可扩展和安全的全局名称服务,以在Internet等网络上使用。句柄系统包括一个开放协议、一个名称空间和该协议的一个参考实现。该协议使分布式计算机系统能够存储数字资源的名称或句柄,并将这些句柄解析为定位、访问和以其他方式使用这些资源所需的信息。可以根据需要更改这些关联值,以反映已标识资源的当前状态,而无需更改句柄。这允许项的名称在位置和其他当前状态信息的更改期间保持不变。每个句柄可能有自己的管理员,可以在分布式环境中进行管理。句柄系统支持安全句柄解析。应客户要求提供数据保密性、数据完整性和不可否认性等安全服务。
The Handle System provides a confederated name service that allows any existing local namespace to join the global handle namespace by obtaining a unique Handle System naming authority. Local names and their value-binding(s) remains intact after joining the Handle System. Any handle request to the local namespace may be processed
Handle系统提供联合名称服务,该服务允许任何现有本地命名空间通过获得唯一的Handle系统命名授权加入全局Handle命名空间。加入句柄系统后,本地名称及其值绑定保持不变。可以处理对本地命名空间的任何句柄请求
by a service interface speaking the Handle System protocol. Combined with the unique naming authority, any local name is guaranteed unique under the global handle namespace.
通过一个说Handle系统协议的服务接口。与唯一命名机构相结合,任何本地名称在全局句柄命名空间下都保证是唯一的。
There are several services used today to provide name service for Internet resources. Among these, the Domain Name System (DNS) [2,3] is the most widely used. DNS is designed "to provide a mechanism for naming resources in such a way that the names are mappable into IP addresses and are usable in different hosts, networks, protocol families, internets, and administrative organizations" [3]. The growth of the Internet has raised demands for various extensions to DNS. There are also attempts to use DNS as a general-purpose resource naming system. However, the importance of DNS in basic network routing has led to great caution in implementing any DNS extension or overloading the DNS for general-purpose resource naming. An additional factor which argues against using DNS as a general-purpose naming service is the DNS administrative model. DNS names are typically managed by the network administrator(s) at the DNS zone level. There is no provision for per-name administrative structure and no facilities for anyone other than the network administrator to create or manage DNS names. This is appropriate for domain name administration, but less so for general-purpose resource naming.
现在有几种服务用于为Internet资源提供名称服务。其中,域名系统(DNS)[2,3]使用最为广泛。DNS被设计为“提供一种命名资源的机制,使名称可以映射到IP地址,并可在不同的主机、网络、协议系列、互联网和管理组织中使用”[3]。互联网的发展对DNS的各种扩展提出了要求。也有人试图将DNS用作通用资源命名系统。然而,DNS在基本网络路由中的重要性导致在实现任何DNS扩展或为通用资源命名而重载DNS时非常谨慎。反对将DNS用作通用命名服务的另一个因素是DNS管理模型。DNS名称通常由网络管理员在DNS区域级别进行管理。没有规定每个名称的管理结构,也没有为网络管理员以外的任何人创建或管理DNS名称提供任何便利。这适用于域名管理,但不适用于通用资源命名。
The Handle System has been designed from the start to serve as a general-purpose naming service. It is designed to accommodate very large numbers of entities and to allow distributed administration over the public Internet. The Handle System data model allows access control to be defined at the level of each of the data values associated with a given handle. Each handle can further define its own set of administrators that are independent from the network or host administrator.
Handle系统从一开始就被设计为通用命名服务。它旨在容纳大量的实体,并允许通过公共互联网进行分布式管理。Handle系统数据模型允许在与给定句柄关联的每个数据值的级别定义访问控制。每个句柄可以进一步定义自己的一组独立于网络或主机管理员的管理员。
Traditional URLs (Uniform Resource Locators) [4] allow certain Internet resources to be named as a combination of a DNS name and local name. The local name may be a local file path, or a reference to some local service (e.g., a cgi-bin script). This combination of a DNS name and a local name provides a flexible administrative model for naming and managing individual Internet resources. However, the URL practice also has some key limitations. Most URL schemes (e.g., http) are defined for resolution only. Any URL administration has to be done either at the local host, or via some other network service such as NFS. Using a URL as a name typically ties the Internet resource to its current network location. For example, a URL will be tied to its local file path when the file path is part of the URL. When the resource moves from one location to another for whatever reason, the URL breaks. It is especially difficult to work around
传统URL(统一资源定位器)[4]允许将某些Internet资源命名为DNS名称和本地名称的组合。本地名称可以是本地文件路径,也可以是对某个本地服务(例如cgi bin脚本)的引用。DNS名称和本地名称的这种组合为命名和管理单个Internet资源提供了灵活的管理模型。然而,URL实践也有一些关键限制。大多数URL方案(如http)仅为解析而定义。任何URL管理都必须在本地主机上完成,或者通过NFS等其他网络服务完成。使用URL作为名称通常会将Internet资源与其当前网络位置绑定。例如,当文件路径是URL的一部分时,URL将绑定到其本地文件路径。当资源出于任何原因从一个位置移动到另一个位置时,URL会中断。这是特别困难的工作
this problem when the reason for the location change is change in ownership of an asset, as ownership is generally reflected in the domain name.
当位置变化的原因是资产所有权的变化时,会出现此问题,因为所有权通常反映在域名中。
The Handle System is designed to overcome these limitations and to add significant functionality. Specifically, the Handle System is designed with the following objectives:
手柄系统旨在克服这些限制并增加重要功能。具体而言,手柄系统的设计目标如下:
- Uniqueness: Every handle is globally unique within the Handle System.
- 唯一性:每个句柄在句柄系统中都是全局唯一的。
- Persistence: Handles may be used as persistent identifiers for Internet resources. A handle does not have to be derived from the entity that it names. While an existing name, or even a mnemonic, may be included in a handle for convenience, the only operational connection between a handle and the entity it names is maintained within the Handle System. This of course does not guarantee persistence, which is a function of administrative care. But it does allow the same name to persist over changes of location, ownership, and other state conditions. For example, when a named resource moves from one location to another, the handle may be kept valid by updating its value in the Handle System to reflect the new location.
- 持久性:句柄可以用作Internet资源的持久标识符。句柄不必从其命名的实体派生。虽然为了方便起见,句柄中可能包含现有名称,甚至助记符,但句柄和它命名的实体之间的唯一操作连接是在句柄系统中维护的。当然,这并不能保证持久性,这是行政照管的一种功能。但它确实允许相同的名称在位置、所有权和其他状态发生变化时保持不变。例如,当命名资源从一个位置移动到另一个位置时,可以通过在句柄系统中更新其值以反映新位置来保持句柄的有效性。
- Multiple Instances: A single handle can refer to multiple instances of a resource, at different and possibly changing locations in a network. Applications can take advantage of this to increase performance and reliability. For example, a network service may define multiple entry points for its service with a single handle so as to distribute the service load.
- 多实例:单个句柄可以引用网络中不同且可能不断变化的位置上的资源的多个实例。应用程序可以利用这一点来提高性能和可靠性。例如,网络服务可以使用单个句柄为其服务定义多个入口点,以便分配服务负载。
- Multiple Attributes: A single handle can refer to multiple attributes of a resource, including associated services, available through any method at different and possibly changing network locations. Handles can thus be used as persistent entry points into an evolving world of services associated with identified resources.
- 多属性:单个句柄可以引用资源的多个属性,包括关联的服务,这些属性可以通过任何方法在不同且可能不断变化的网络位置上使用。因此,句柄可以作为持久入口点,进入与已识别资源相关联的不断发展的服务世界。
- Extensible Namespace: Existing local namespaces may join the handle namespace by acquiring a unique handle naming authority. This allows local namespaces to be introduced into a global context while avoiding conflict with existing namespaces. Use of naming authorities also allows delegation of service, both resolution and administration, to a local handle service.
- 可扩展名称空间:现有的本地名称空间可以通过获取唯一的句柄命名权限来加入句柄名称空间。这允许将本地名称空间引入到全局上下文中,同时避免与现有名称空间发生冲突。使用命名权限还允许将服务(解析和管理)委托给本地句柄服务。
- International Support: The handle namespace is based on Unicode 3.0 [17], which includes most of the characters currently used around the world. This allows handles to be used in any native environment. The handle protocol mandates UTF-8 [5] as the encoding used for handles.
- 国际支持:句柄名称空间基于Unicode 3.0[17],其中包括目前世界各地使用的大多数字符。这允许在任何本机环境中使用句柄。句柄协议要求UTF-8[5]作为句柄的编码。
- Distributed Service Model: The Handle System defines a hierarchical service model such that any local handle namespace may be serviced by a corresponding local handle service, by the global service, or by both. The global service, known as the Global Handle Registry, can be used to dispatch any handle service request to the responsible local handle service. The distributed service model allows replication of any given service into multiple service sites, and each service site may further distribute its service into a cluster of individual servers. (Note that local here refers only to namespace and administrative concerns. A local handle service could in fact have many service sites distributed across the Internet.)
- 分布式服务模型:句柄系统定义了一个分层服务模型,使得任何本地句柄命名空间都可以由相应的本地句柄服务、全局服务或两者提供服务。全局服务(称为全局句柄注册表)可用于将任何句柄服务请求分派给负责的本地句柄服务。分布式服务模型允许将任何给定服务复制到多个服务站点中,并且每个服务站点可以进一步将其服务分发到单个服务器的集群中。(请注意,此处的local仅指名称空间和管理问题。一个本地句柄服务实际上可以在Internet上分布许多服务站点。)
- Secured Name Service: The Handle System allows secured name resolution and administration over the public Internet. The Handle System protocol defines standard mechanisms for both client and server authentication, as well as service authorization. It also provides security options to assure data integrity and confidentiality.
- 安全名称服务:Handle系统允许通过公共互联网进行安全名称解析和管理。Handle系统协议定义了客户端和服务器身份验证以及服务授权的标准机制。它还提供了安全选项,以确保数据的完整性和机密性。
- Distributed Administration Service: Each handle may define its own administrator(s) or administrator group(s). Ownership of each handle is defined in terms of its administrator or administrator groups. This, combined with the Handle System authentication protocol, allows any handle to be managed securely over the public network by its administrator at any network location.
- 分布式管理服务:每个句柄可以定义自己的管理员或管理员组。每个句柄的所有权是根据其管理员或管理员组定义的。这与Handle系统身份验证协议相结合,允许其管理员在任何网络位置通过公共网络安全地管理任何句柄。
- Efficient Resolution Service: The handle protocol is designed to allow highly efficient name resolution performance. To avoid resolution being affected by computationally costly administration service, separate service interfaces (i.e., server processes and their associated communication ports) for handle name resolution and administration may be defined by any handle service.
- 高效解析服务:handle协议旨在实现高效的名称解析性能。为了避免解析受到计算成本高昂的管理服务的影响,任何句柄服务都可以定义用于句柄名称解析和管理的单独服务接口(即,服务器进程及其关联的通信端口)。
This document provides an overview of the handle namespace and service architecture. It also compares the Handle System with other existing Internet services, protocols, and specifications (e.g., DNS [2, 3], URLs [4], X.500/LDAP [6,7,8], and URN [9,10]). Details of the handle system data and service model, as well as its communication protocol, are specified in separate documents. They
本文档概述了句柄命名空间和服务体系结构。它还将Handle系统与其他现有互联网服务、协议和规范(例如DNS[2,3]、URL[4]、X.500/LDAP[6,7,8]和URN[9,10])进行了比较。handle系统数据和服务模型及其通信协议的详细信息在单独的文档中指定。他们
can be found under the Handle System website at http://www.handle.net.
可在Handle System网站下找到,网址为http://www.handle.net.
Since there are a number of name related projects in the Internet community, it is worth defining exactly where we believe the Handle System fits. Unfortunately, that is particularly hard because the other primary naming schemes either take an abstract services approach (e.g., URI/URN), or an approach to name resolution absent of a self-contained framework for reliable yet distributed administration of the underlying databases (e.g., DNS). This makes categorizing the Handle System difficult.
由于互联网社区中有许多与姓名相关的项目,因此有必要准确定义我们认为Handle系统适合的位置。不幸的是,这一点尤其困难,因为其他主要命名方案要么采用抽象服务方法(例如URI/URN),要么采用名称解析方法,而缺乏一个独立的框架来可靠地分布式管理底层数据库(例如DNS)。这使得对句柄系统进行分类变得困难。
The Handle System crosses boundaries. Looked at as a name resolution system, it might be compared to DNS. If used to implement a URI/URN namespace, it could be used with any URI/URN scheme. If used for distributed information updates and administration, it could be considered a simplified-version of a distributed database system.
手柄系统跨越边界。将其视为名称解析系统,可以将其与DNS进行比较。如果用于实现URI/URN命名空间,则它可以与任何URI/URN方案一起使用。如果用于分布式信息更新和管理,则可以将其视为分布式数据库系统的简化版本。
It is probably best to view the Handle System as a name-attribute binding service with a specific protocol for securely creating, updating, maintaining, and accessing a distributed database. It is designed to be an enabling service for secured information and resource sharing over networks such as the public Internet. Applications of the Handle System could include meta-data services for digital publications, identity management services for virtual identities, or any other applications that require resolution and/or administration of globally unique identifiers.
最好将Handle系统视为一个名称属性绑定服务,使用特定的协议来安全地创建、更新、维护和访问分布式数据库。它被设计成一种支持通过公共互联网等网络共享安全信息和资源的服务。Handle系统的应用可以包括用于数字出版物的元数据服务、用于虚拟身份的身份管理服务,或者需要解析和/或管理全局唯一标识符的任何其他应用。
In the spirit of exploration, the Handle System has been designed to have high performance for name resolution and to push the boundaries of distributed access control and administration. Unlike most conventional systems (even distributed systems) that are designed to have a relatively small number of broadly empowered administrators, the Handle System allows extremely fine granularity of administrative control. It has a unique self-contained administrative framework that de-couples the ownership of each handle from the system administrators and allows access control to be defined for each handle value.
本着探索的精神,Handle系统被设计为具有高性能的名称解析,并突破了分布式访问控制和管理的界限。与大多数传统系统(甚至分布式系统)不同的是,Handle系统的设计目标是拥有相对较少的广泛授权的管理员,它允许极其精细的管理控制粒度。它有一个独特的自包含管理框架,可以从系统管理员那里分离每个句柄的所有权,并允许为每个句柄值定义访问控制。
It should be noted, that as with all real systems, the Handle System is a compromise between a number of technical and practical concerns. There are also different opinions within the IETF on where the Handle System fits in relation to other existing Internet name services. It is with the goal of exposing a broader community to the concepts, approach, specific decisions, tradeoffs and results that we are writing this RFC.
应该注意的是,与所有实际系统一样,手柄系统是一个介于技术和实际问题之间的折衷方案。在IETF中,对于句柄系统与其他现有互联网名称服务的关系,也有不同的意见。我们撰写本RFC的目的是让更广泛的社区了解概念、方法、具体决策、权衡和结果。
Every handle consists of two parts: its naming authority, otherwise known as its prefix, and a unique local name under the naming authority, otherwise known as its suffix:
每个句柄由两部分组成:其命名机构(也称为前缀)和命名机构下的唯一本地名称(称为后缀):
<Handle> ::= <Handle Naming Authority> "/" <Handle Local Name>
<Handle> ::= <Handle Naming Authority> "/" <Handle Local Name>
The naming authority and local name are separated by the ASCII character "/". The collection of local names under a naming authority defines the local handle namespace for that naming authority. Any local name must be unique under its local namespace. The uniqueness of a naming authority and a local name under that authority ensures that any handle is globally unique within the context of the Handle System.
命名机构和本地名称由ASCII字符“/”分隔。命名机构下的本地名称集合定义该命名机构的本地句柄命名空间。任何本地名称在其本地命名空间下都必须是唯一的。命名机构和该机构下的本地名称的唯一性可确保任何句柄在句柄系统的上下文中是全局唯一的。
For example, "10.1045/january99-bearman" is a handle for an article published in D-Lib magazine [12]. Its naming authority is "10.1045" and its local name is "january99-bearman". The handle namespace can be considered a superset of many local namespaces, with each local namespace having a unique naming authority under the Handle System. The naming authority identifies the administrative unit of creation, although not necessarily continuing administration, of the associated handles. Each naming authority is guaranteed to be globally unique within the Handle System. Any existing local namespace can join the global handle namespace by obtaining a unique naming authority so that any local name under the namespace can be globally referenced as a combination of the naming authority and the local name as shown above.
例如,“10.1045/1999年1月bearman”是D-Lib杂志上发表的一篇文章的句柄[12]。其命名机构为“10.1045”,当地名称为“1999年1月贝尔曼”。句柄名称空间可以被视为许多本地名称空间的超集,每个本地名称空间在句柄系统下都具有唯一的命名权限。命名机构标识关联句柄的创建管理单元(尽管不一定是继续管理)。每个命名机构都保证在Handle系统中是全局唯一的。任何现有的本地名称空间都可以通过获得唯一的命名机构来加入全局句柄名称空间,这样名称空间下的任何本地名称都可以作为命名机构和本地名称的组合进行全局引用,如上所示。
Naming authorities under the Handle System are defined in a hierarchical fashion resembling a tree structure. Each node and leaf of the tree is given a label that corresponds to a naming authority segment. The parent node notifies the parent naming authority of its child nodes. Unlike DNS, handle naming authorities are constructed left to right, concatenating the labels from the root of the tree to the node that represents the naming authority. Each label is separated by the octet used for ASCII character "." (0x2E). For example, a naming authority for the National Digital Library Program ("ndlp") at the Library of Congress ("loc") is defined as "loc.ndlp".
Handle系统下的命名权限以类似于树结构的分层方式定义。树的每个节点和叶子都有一个对应于命名机构段的标签。父节点将其子节点通知父命名机构。与DNS不同,句柄命名权限是从左到右构造的,将标签从树的根连接到表示命名权限的节点。每个标签由用于ASCII字符“”的八位字节分隔(0x2E)。例如,国会图书馆(“loc”)的国家数字图书馆计划(“ndlp”)命名机构被定义为“loc.ndlp”。
Each naming authority may have many child naming authorities registered underneath. Any child naming authority can only be registered by its parent after its parent naming authority has been registered. However, there is no intrinsic administrative relationship between the namespaces represented by the parent and child naming authorities. The parent namespace and its child
每个命名机构可能有多个子命名机构在下面注册。任何子命名机构只能在其父命名机构注册后由其父命名机构注册。但是,由父命名机构和子命名机构表示的名称空间之间没有内在的管理关系。父命名空间及其子命名空间
namespaces may be served by different handle services, and they may or may not share any administration privileges.
名称空间可以由不同的句柄服务提供,它们可以共享也可以不共享任何管理权限。
Handles may consist of any printable characters from the Universal Character Set (UCS-2) of ISO/IEC 10646, which is the exact character set defined by Unicode v3.0 [17]. The UCS-2 character set encompasses most characters used in every major language written today. To allow compatibility with most of the existing systems and to prevent ambiguity among different encodings, the Handle System protocol mandates UTF-8 to be the only encoding used for handles. The UTF-8 encoding preserves any ASCII encoded names so as to allow maximum compatibility with existing systems without causing naming conflict. Some encoding issues over the global namespace and the choice of UTF-8 encoding are discussed in [13].
句柄可以由ISO/IEC 10646的通用字符集(UCS-2)中的任何可打印字符组成,该字符集是Unicode v3.0定义的精确字符集[17]。UCS-2字符集包含了当今所有主要语言中使用的大多数字符。为了与大多数现有系统兼容,并防止不同编码之间的歧义,Handle系统协议要求UTF-8是句柄使用的唯一编码。UTF-8编码保留任何ASCII编码的名称,以便在不引起命名冲突的情况下最大限度地与现有系统兼容。[13]中讨论了全局名称空间上的一些编码问题以及UTF-8编码的选择。
By default, handles are case sensitive. However, any individual handle service may define its namespace such that ASCII characters within any handle under that namespace are case insensitive.
默认情况下,句柄区分大小写。但是,任何单个句柄服务都可以定义其命名空间,以便该命名空间下任何句柄中的ASCII字符不区分大小写。
The Handle System defines a hierarchical service model. The top level consists of a single handle service, known as the Global Handle Registry (GHR). The lower level consists of all other handle services, generically known as Local Handle Services (LHS).
Handle系统定义了一个分层服务模型。顶层由单个句柄服务组成,称为全局句柄注册表(GHR)。较低级别由所有其他句柄服务组成,通常称为本地句柄服务(LHS)。
The Global Handle Registry can be used to manage any handle namespace. It is unique among handle services only in that it provides the service used to manage naming authorities, all of which are managed as handles. The naming authority handle provides information that clients can use to access and utilize the local handle service for handles under the naming authority.
全局句柄注册表可用于管理任何句柄命名空间。它在handle服务中的独特之处在于,它提供了用于管理命名权限的服务,所有命名权限都作为句柄进行管理。命名机构句柄提供了客户机可以用来访问和利用本地句柄服务的信息,这些信息用于命名机构下的句柄。
Local Handle Services are intended to be hosted by organizations with administrative responsibility for handles under certain naming authorities. A Local Handle Service may be responsible for any number of local handle namespaces, each identified by a unique naming authority. The Local Handle Service and its responsible set of local handle namespaces must be registered with the Global Handle Registry.
本地句柄服务由在某些命名机构下负责句柄管理的组织托管。本地句柄服务可以负责任意数量的本地句柄名称空间,每个名称空间由唯一的命名机构标识。本地句柄服务及其负责的本地句柄命名空间集必须在全局句柄注册表中注册。
One important aspect of the Handle System is its distributed architecture. The Handle System as a whole consists of a number of individual handle services. Each of these services may consist of one or more service sites. Each service site is a complete replication of every other site in the service in terms of handle resolution. Each service site may consist of one or more handle servers. All handles, and hence all handle requests, directed at a given service site will be evenly distributed across these handle
Handle系统的一个重要方面是其分布式体系结构。把手系统作为一个整体由许多单独的把手服务组成。这些服务中的每一项都可能由一个或多个服务站点组成。就句柄解析而言,每个服务站点都是服务中每个其他站点的完整复制。每个服务站点可能由一个或多个句柄服务器组成。指向给定服务站点的所有句柄以及所有句柄请求将均匀分布在这些句柄上
servers. The Handle System as a whole may consist of any number of handle services. There are no design limits on the number of handle services or on the number of sites which make up each service, nor are there any limits on the number of servers that make up each site. Replication among any service site does not require that each site contain the same number of servers. In other words, while each site will have the same replicated set of handles, each site may allocate that set of handles across a different number of servers. This distributed approach is intended to aid scalability, accommodate any large-scale of operation, and mitigate problems of single point failure.
服务器。把手系统作为一个整体可以由任意数量的把手服务组成。handle服务的数量或构成每个服务的站点的数量没有设计限制,构成每个站点的服务器的数量也没有任何限制。任何服务站点之间的复制不要求每个站点包含相同数量的服务器。换句话说,虽然每个站点将具有相同的已复制句柄集,但每个站点可以跨不同数量的服务器分配该句柄集。这种分布式方法旨在帮助实现可伸缩性,适应任何大规模操作,并缓解单点故障问题。
Figure 3.1 illustrates a potential handle service that consists of two service sites: one located on the U.S. east coast and the other on the U.S. west coast. The east coast service site consists of four server computers. The west coast service site, with more powerful computers deployed, decides two servers will suffice. The number of service sites for any handle service, as well as the number of servers that are used by any service site, may be added or removed dynamically depending on the service requirement.
图3.1显示了一个潜在的手柄服务,该服务由两个服务站点组成:一个位于美国东海岸,另一个位于美国西海岸。东海岸服务站点由四台服务器计算机组成。西海岸服务站点部署了更强大的计算机,决定两台服务器就足够了。根据服务要求,可以动态添加或删除任何handle服务的服务站点数量以及任何服务站点使用的服务器数量。
------------------------- ------------------ | --------- --------- | | ----- ----- | | | | | | | | | S | | S | | | | server1 | | server2 | | | | E | | E | | | | | | | | | | R | | R | | | --------- --------- | | | V | | V | | | --------- --------- | | | E | | E | | | | | | | | | | R | | R | | | | Server3 | | Server4 | | | | | | | | | | | | | | | | 1 | | 2 | | | --------- --------- | | ----- ----- | ------------------------- ------------------
------------------------- ------------------ | --------- --------- | | ----- ----- | | | | | | | | | S | | S | | | | server1 | | server2 | | | | E | | E | | | | | | | | | | R | | R | | | --------- --------- | | | V | | V | | | --------- --------- | | | E | | E | | | | | | | | | | R | | R | | | | Server3 | | Server4 | | | | | | | | | | | | | | | | 1 | | 2 | | | --------- --------- | | ----- ----- | ------------------------- ------------------
Handle Service Site 1 Handle Service Site 2 (US East Coast) (US West Coast)
手柄服务点1手柄服务点2(美国东海岸)(美国西海岸)
Figure 3.1: Handle service configured with two service sites
图3.1:使用两个服务站点配置的句柄服务
Each handle service manages a distinct sub-namespace under the Handle System. Namespaces under different handle services may not overlap. The sub-namespace typically consists of handles under a number of naming authorities. The handle service is called the "home" service of these naming authorities and is the only one that provides resolution and administration service for handles under these naming authorities. Before resolving a handle, a client has to determine the "home" service of the handle in question. The "home" service of each handle is the "home" service of its naming authority and is
每个句柄服务在句柄系统下管理一个不同的子命名空间。不同句柄服务下的名称空间不能重叠。子命名空间通常由多个命名权限下的句柄组成。句柄服务被称为这些命名机构的“主”服务,是唯一为这些命名机构下的句柄提供解析和管理服务的服务。在解析句柄之前,客户端必须确定相关句柄的“主”服务。每个句柄的“主”服务是其命名机构的“主”服务,并且是
registered at the Global Handle Registry. Clients can find the "home" service for each handle by querying the naming authority handle at the Global Handle Registry.
在全局句柄注册表中注册。客户端可以通过查询全局句柄注册表中的命名机构句柄来找到每个句柄的“主”服务。
The Global Handle Registry maintains naming authority handles. Each naming authority handle maintains the service information that describes the "home" service of the naming authority. The service information lists the service sites of the given handle service, as well as the interface to each handle server within each site. To find the "home" service for any handle, a client can query the Global Handle Registry for the service information associated with the corresponding naming authority handle. The service information provides the necessary information for clients to communicate with the "home" service.
全局句柄注册表维护命名机构句柄。每个命名机构句柄维护描述命名机构的“主”服务的服务信息。服务信息列出了给定句柄服务的服务站点,以及每个站点中每个句柄服务器的接口。要查找任何句柄的“主”服务,客户端可以在全局句柄注册表中查询与相应命名机构句柄关联的服务信息。服务信息为客户提供与“家庭”服务通信所需的信息。
Figure 3.2 shows an example of a typical handle resolution process. In this case, the "home" service is a Local Handle Service. The client is trying to resolve the handle "10.1045/july95-arms" and has to find its "home" service from the Global Handle Registry. The "home" service can be found by sending a query to the Global Handle Registry for the naming authority handle for "10.1045". The Global Handle Registry returns the service information of the Local Handle Service that is responsible for handles under the naming authority "10.1045". The service information allows the client to communicate with the Local Handle Service to resolve the handle "10.1045/july95- arms".
图3.2显示了典型句柄解析过程的示例。在这种情况下,“home”服务是本地句柄服务。客户端正在尝试解析句柄“10.1045/july95 arms”,必须从全局句柄注册表中找到其“主”服务。“home”服务可以通过向全局句柄注册表发送查询来找到“10.1045”的命名机构句柄。全局句柄注册表返回负责命名机构“10.1045”下句柄的本地句柄服务的服务信息。服务信息允许客户端与本地句柄服务通信,以解析句柄“10.1045/july95-arms”。
------------------------ | | 4. Result of client request | Client with global | <-------------------------------. | service information | | | | ----------------------------. | ------------------------ 3. Request to responsible | | | ^ Local Handle Service | | 1. Client | | | | query for | | | | naming | | 2. Service information | | authority | | for "10.1045" V | "10.1045" | | ---------------------- | | | | V | | Local Handle Service | --------------- | responsible for the | | | | naming authority | | Global Handle | | "10.1045" | | Registry | | | | | ---------------------- ---------------
------------------------ | | 4. Result of client request | Client with global | <-------------------------------. | service information | | | | ----------------------------. | ------------------------ 3. Request to responsible | | | ^ Local Handle Service | | 1. Client | | | | query for | | | | naming | | 2. Service information | | authority | | for "10.1045" V | "10.1045" | | ---------------------- | | | | V | | Local Handle Service | --------------- | responsible for the | | | | naming authority | | Global Handle | | "10.1045" | | Registry | | | | | ---------------------- ---------------
Figure 3.2: Handle resolution starting with global
图3.2:从全局开始的句柄解析
To improve resolution performance, any client may choose to cache the service information returned from the Global Handle Registry and use it for subsequent queries. A separate handle caching server, either stand-alone or as a piece of a general caching mechanism, may also be used to provide shared caching within a local community. Given a cached resolution result, subsequent queries of the same handle may be answered locally without contacting any handle service. Given cached service information, clients can send their requests directly to the correct Local Handle Service without contacting the Global Handle Registry.
为了提高解析性能,任何客户端都可以选择缓存从全局句柄注册表返回的服务信息,并将其用于后续查询。单独的句柄缓存服务器(独立的或作为通用缓存机制的一部分)也可用于在本地社区内提供共享缓存。给定缓存的解析结果,相同句柄的后续查询可以在本地应答,而无需联系任何句柄服务。给定缓存的服务信息,客户端可以直接将其请求发送到正确的本地句柄服务,而无需联系全局句柄注册表。
The Handle System provides handle resolution and administration service over networks such as the public Internet. Each handle can be assigned a set of values. Clients use the handle resolution service to resolve any handle into its set of values. Each value has a data type and a unique value index. Clients can query for specific handle values based on data type or value index.
手柄系统通过公共互联网等网络提供手柄解析和管理服务。可以为每个控制柄指定一组值。客户端使用句柄解析服务将任何句柄解析为其值集。每个值都有一个数据类型和唯一的值索引。客户端可以根据数据类型或值索引查询特定句柄值。
The handle administration service answers requests from clients to manage handles. These include adding handles, deleting handles or updating their values. It also manages naming authorities via naming authority handles. Each handle can have its own administrator(s), and each administrator can be granted a certain set of permissions.
句柄管理服务回答来自客户端的管理句柄的请求。这些操作包括添加句柄、删除句柄或更新其值。它还通过命名权限句柄管理命名权限。每个句柄都可以有自己的管理员,并且每个管理员都可以被授予特定的权限集。
The handle system authentication protocol authenticates the handle administrator before fulfilling any administrative request.
句柄系统身份验证协议在满足任何管理请求之前对句柄管理员进行身份验证。
The Handle System provides security services such as client and server authentication, data confidentiality and integrity, and non-repudiation. By default, handle resolution does not require any client authentication. However, resolution requests for confidential data assigned to any handle (by its administrator), as well as any administration requests (e.g., adding or deleting handle values) require authentication of the client for proper authorization. The server will decide, during the authorization process, whether or not the client has permission to access those confidential handle values, or has permission to add or update handles and handle values. When authentication is required, the handle server will issue a challenge to the requesting client before carrying out the client's request. To satisfy the authentication requirement, the client must send back the correct response identifying itself as a qualified administrator. The handle server will respond to the initial request only after successful authentication of the client. Handle clients may choose to use either secret key or public key cryptography for authentication. Handle System authentication can also be carried out via third party authentication services. To ensure data integrity, clients may request digitally signed responses from any handle server. They may also set up secured communication sessions with handle servers so that any exchanged information can be encrypted (for data confidentiality) using a session key. Handle servers can also provide confidentiality by encrypting the handle data before sending it to the client.
Handle系统提供安全服务,如客户端和服务器身份验证、数据机密性和完整性以及不可否认性。默认情况下,句柄解析不需要任何客户端身份验证。但是,对于分配给任何句柄(由其管理员)的机密数据的解析请求,以及任何管理请求(例如,添加或删除句柄值),都需要客户端验证以获得适当授权。在授权过程中,服务器将决定客户端是否有权访问这些机密句柄值,或者是否有权添加或更新句柄和句柄值。当需要身份验证时,句柄服务器将在执行客户端请求之前向请求客户端发出质询。为了满足身份验证要求,客户机必须返回正确的响应,将自己标识为合格的管理员。只有在成功验证客户端后,句柄服务器才会响应初始请求。Handle客户端可以选择使用密钥或公钥加密进行身份验证。句柄系统身份验证也可以通过第三方身份验证服务执行。为了确保数据完整性,客户端可以从任何handle服务器请求数字签名响应。他们还可以设置与句柄服务器的安全通信会话,以便使用会话密钥对任何交换的信息进行加密(为了数据保密)。句柄服务器还可以通过在将句柄数据发送到客户端之前对其进行加密来提供机密性。
The Handle System provides service options for secured information exchange between the client and server. This does not, of course, guarantee the truthfulness of handle values. Incorrect values assigned to any handle by its administrator may very well mislead clients. On the other hand, a handle value may contain references to other handle values to provide additional credentials. For example, a handle value R (e.g., a claim) may contain a reference to some other handle value that contains the digital signature (from a creditable source) upon the value R. Clients who trust the signature could then trust the handle value R.
Handle系统为客户端和服务器之间的安全信息交换提供服务选项。当然,这并不能保证句柄值的真实性。管理员为任何句柄分配的不正确值很可能会误导客户端。另一方面,句柄值可能包含对其他句柄值的引用,以提供附加凭据。例如,句柄值R(例如,声明)可能包含对某个其他句柄值的引用,该句柄值包含值R上的数字签名(来自可信来源)。信任签名的客户端随后可以信任句柄值R。
There are a number of existing and proposed Internet identifier services or specifications that, by design or intent, cover some of the functionalities proposed for the Handle System. This section briefly reviews them in relationship to the Handle System.
有许多现有和拟议的互联网标识符服务或规范,通过设计或意图,涵盖了为Handle系统提议的一些功能。本节简要回顾了它们与把手系统的关系。
The Domain Name Service, or DNS, was originally designed and is heavily used for mapping domain names into IP Addresses for network routing purposes. RFC 1034 [2] and RFC 1035 [3] provide detailed descriptions of its design and implementation. The growth of the Internet has increased demands for various extensions to DNS, even its possible use as a general purpose resource naming system. However, any such use has the potential to slow down the network address translation and/or affect its effectiveness in network routing. DNS implementations typically do not scale well when a large amount of data is associated with any particular DNS name. It is therefore generally considered inappropriate to use DNS as a general-purpose naming service.
域名服务(DNS)最初是设计的,主要用于将域名映射到IP地址以进行网络路由。RFC 1034[2]和RFC 1035[3]提供了其设计和实现的详细说明。Internet的发展增加了对DNS的各种扩展的需求,甚至可能将其用作通用资源命名系统。然而,任何此类使用都有可能减慢网络地址转换和/或影响其在网络路由中的有效性。当大量数据与任何特定DNS名称关联时,DNS实现通常不能很好地扩展。因此,通常认为将DNS用作通用命名服务是不合适的。
An additional factor that argues against using DNS as a general-purpose naming service is the DNS administrative model. DNS names are typically managed by the network administrator(s) at the DNS zone level. There is no provision for a per-name administrative structure. No facilities are provided for anyone other than network administrators to create or manage DNS names. This is appropriate for domain name administration but less so for general-purpose name administration.
反对将DNS用作通用命名服务的另一个因素是DNS管理模型。DNS名称通常由网络管理员在DNS区域级别进行管理。没有规定每个名称的管理结构。除了网络管理员之外,没有为任何人提供创建或管理DNS名称的工具。这适用于域名管理,但不适用于通用名称管理。
The Handle System differs from DNS in its distributed administration and service model, as well as its security features. The handle system protocol includes security options to assure confidentiality and integrity during data transmission. Each handle can have its own administrator, independent from the server administrator. The handle system protocol allows any handle administrator to manage his or her handles securely over the public network. Additionally, the Handle System service model allows any of its service sites to dynamically configure its service distribution among a cluster of servers to accommodate increased service requests. This also allows less powerful computers to be used together to support any arbitrarily large number of handles.
Handle系统在其分布式管理和服务模型以及安全特性方面与DNS不同。handle系统协议包括安全选项,以确保数据传输期间的机密性和完整性。每个句柄都可以有自己的管理员,独立于服务器管理员。handle系统协议允许任何handle管理员通过公共网络安全地管理其句柄。此外,Handle系统服务模型允许其任何服务站点在服务器集群中动态配置其服务分布,以适应增加的服务请求。这也允许功能较弱的计算机一起使用,以支持任意数量的句柄。
X.500 [6] is the OSI Directory Standard defined by the ISO and the ITU. It is designed "to provide a white pages service that would return either the telephone numbers or X.400 O/R addresses of people", and is "concerned mainly with providing the name server service for Open Systems Interconnection (OSI) applications" [7]. X.500 defines a hierarchical data and information model with a set of protocols to allow global name lookup and search. The protocol, however, has proved difficult to implement and there has been difficulty in getting "client access integrated into existing
X.500[6]是ISO和ITU定义的OSI目录标准。它被设计为“提供白页服务,返回人们的电话号码或X.400 O/R地址”,并且“主要关注为开放系统互连(OSI)应用程序提供名称服务器服务”[7]。X.500定义了一个分层数据和信息模型,其中包含一组允许全局名称查找和搜索的协议。然而,事实证明,该协议很难实现,而且很难将“客户端访问”集成到现有系统中
products" [14]. LDAP (Lightweight Directory Access Protocol) [8] has overcome many of these difficulties by making the protocol simpler and easier to implement. Some concern remains, however, that as LDAP is emerging from a local directory access protocol (LDAP v2) into a distributed service protocol (LDAP v3), it faces many issues not addressed in its original design, resulting in new complications.
产品“[14]。LDAP(轻量级目录访问协议)[8]通过使协议更简单、更易于实现,克服了其中的许多困难。然而,一些问题仍然存在,因为LDAP正在从本地目录访问协议(LDAP v2)发展为分布式服务协议(LDAP v3),它面临许多原始设计中未解决的问题,导致新的复杂性。
The fundamental difference between a name resolution service such as the Handle System, and a directory service such as LDAP, is search capability. The added functionality of being able to search a directory service necessarily carries with it added complexity, thus affects its efficiency. A pure name service, such as the Handle System, can be designed solely around efficient resolution of known items without addressing functions and data structures required for discovery of unknown items based on incomplete criteria.
名称解析服务(如Handle系统)与目录服务(如LDAP)之间的根本区别在于搜索能力。能够搜索目录服务的附加功能必然会增加复杂性,从而影响其效率。纯名称服务(如Handle系统)可以仅围绕已知项的有效解析进行设计,而无需根据不完整的条件寻址发现未知项所需的函数和数据结构。
Directory services, such as LDAP or WHOIS++ [15,16], may be used in tandem with the Handle System to provide reverse lookup service. Existing corporate directory services, for example, could provide interfaces to both services. The Handle System interface would provide a highly efficient name resolution service. The directory service interface would provide extended search capability. Handles could also be used in LDAP service referral. For example, an LDAP service may be referenced as a handle. Doing so will make the reference persistent overtime, independent of location change.
目录服务,如LDAP或WHOIS++[15,16],可与Handle系统一起使用,以提供反向查找服务。例如,现有的公司目录服务可以为这两个服务提供接口。Handle系统接口将提供高效的名称解析服务。目录服务接口将提供扩展的搜索功能。句柄也可以用于LDAP服务引用。例如,LDAP服务可以作为句柄引用。这样做将使引用持续超时,与位置更改无关。
Uniform Resource Identifier (URI) [23] defines a uniform, yet extensible naming mechanism for identifying Internet resources in web applications. Uniform Resource Name (URN) [11], a subset of URI, defines a namespace registration mechanism for persistent namespaces under URI. URI/URN represents most of the Internet name services used in web applications. This section discusses the relationship of the Handle System to URI/URN and how applications may utilize the Handle System within the URI/URN context.
统一资源标识符(URI)[23]定义了一种统一但可扩展的命名机制,用于在web应用程序中标识Internet资源。统一资源名(uniformresourcename,URN)[11]是URI的子集,它为URI下的持久名称空间定义了名称空间注册机制。URI/URN代表web应用程序中使用的大多数Internet名称服务。本节讨论句柄系统与URI/URN的关系,以及应用程序如何在URI/URN上下文中使用句柄系统。
The Handle System provides a general-purpose name service for the Internet. Like DNS or X.500 directory service, the Handle System defines its namespace outside of any URI/URN namespace. Handles can be transcribed and resolved directly, without any URI/URN scheme as a prefix. For example, a library application may resolve the handle "10.1045/july95-arms" directly into its set of handle values. No URI/URN scheme will be needed in this case.
Handle系统为Internet提供通用名称服务。与DNS或X.500目录服务一样,句柄系统在任何URI/URN命名空间之外定义其命名空间。句柄可以直接转录和解析,无需任何URI/URN方案作为前缀。例如,库应用程序可以将句柄“10.1045/july95 arms”直接解析为其句柄值集。在这种情况下不需要URI/URN方案。
The Handle System may be used for applications that require a persistent name service. The Handle System provides the necessary mechanisms to allow persistent names to be registered as handles.
句柄系统可用于需要持久名称服务的应用程序。句柄系统提供了必要的机制,允许将持久名称注册为句柄。
Specific naming authorities may be defined to host those handles designed to be persistent. However, the persistence of handles depends more on administrative policies than the technology itself. Such policies are beyond the Handle System service, as described in this set of documents.
可以定义特定的命名权限来承载那些设计为持久的句柄。但是,句柄的持久性更多地取决于管理策略,而不是技术本身。如本系列文档所述,此类策略超出了Handle System服务的范围。
On the other hand, the Handle System can also be used for applications where persistent names are not required. Such handles may have a short life-time and they may also be used to identify different objects at different times.
另一方面,句柄系统也可以用于不需要持久名称的应用程序。此类手柄的使用寿命较短,也可用于在不同时间识别不同的对象。
Different web applications may be developed using the Handle System as the underlying name service. Each of these applications may define its own URI/URN namespace for its application needs. For example, application FOO may have a URI namespace "foo:" registered to identify any FOO services on the web. In the mean time, application BAR may have a URN namespace "URN:BAR" registered to identify any BAR object that needs a persistent name. Both FOO and BAR applications may use handles (under their respective naming authority) in naming and resolving to services and/or objects. This is similar in DNS, where there are different URI schemes (e.g., "telnet", "ftp", "mailto", etc.) defined for different applications, all using the DNS service.
可以使用Handle系统作为底层名称服务来开发不同的web应用程序。这些应用程序中的每一个都可以为其应用程序需求定义自己的URI/URN命名空间。例如,应用程序FOO可能注册了一个URI名称空间“FOO:”来标识web上的任何FOO服务。同时,应用程序BAR可能会注册一个URN名称空间“URN:BAR”,以标识任何需要持久名称的BAR对象。FOO和BAR应用程序在命名和解析服务和/或对象时都可以使用句柄(在各自的命名权限下)。这在DNS中是类似的,在DNS中,为不同的应用程序定义了不同的URI方案(例如,“telnet”、“ftp”、“mailto”等),所有这些都使用DNS服务。
The IETF and IRTF have discussed the Handle System in the realm of URI-related work. There are different opinions on whether the Handle System will fit into a specific URI or URN namespace. There are also concerns on where the Handle System fits in relation to other existing name services on the Internet. Such discussions are out of the scope of this document.
IETF和IRTF讨论了URI相关工作领域中的句柄系统。对于句柄系统是否适合特定的URI或URN命名空间,存在不同的意见。还有人担心句柄系统与互联网上其他现有名称服务的关系。此类讨论超出了本文件的范围。
This section is meant to inform people of security limitations of the Handle System, as well as precautions that should be taken by application developers, service providers, and Handle System clients. Specific security considerations regarding the Handle System protocol [21], as well as its data and service model [22], are addressed in separate documents.
本节旨在告知人们Handle系统的安全限制,以及应用程序开发人员、服务提供商和Handle系统客户端应采取的预防措施。关于Handle系统协议[21]及其数据和服务模型[22]的具体安全注意事项在单独的文档中进行了说明。
The security of the Handle System depends on both client and server host security at every step in the transaction. It assumes the client host has not been tampered with and that client software will reliably convey the received data to the client. The client of any handle service must also assume that any handle servers involved have not been compromised. To trust the Global Handle Registry is to
句柄系统的安全性取决于事务中每个步骤的客户端和服务器主机安全性。它假定客户端主机未被篡改,并且客户端软件将可靠地将接收到的数据传输给客户端。任何handle服务的客户端还必须假定所涉及的任何handle服务器都没有被破坏。要信任全局句柄注册表,需要
believe that the Global Handle Registry will correctly direct the client request to the responsible Local Handle Service. To trust a Local Handle Service is to believe that the Local Handle Service will correctly return the data that was assigned to the handle by its administrator. A Local Handle Service typically supports a set of naming authorities. Thus, trusting a Local Handle Service would imply trusting those naming authorities.
相信全局句柄注册表将正确地将客户端请求定向到负责的本地句柄服务。信任本地句柄服务就是相信本地句柄服务将正确返回由其管理员分配给句柄的数据。本地句柄服务通常支持一组命名权限。因此,信任本地句柄服务意味着信任那些命名机构。
The integrity of the Handle System depends heavily on the integrity of the global service information. Invalid global service information may mislead clients into inappropriate Local Handle Services. It may also allow attackers to forge server signatures. The Global Handle Registry must take extreme caution in protecting the global service information and the public key pair used to sign the global service information. Client applications should only accept the global service information from the Global Handle Registry. They should check its integrity upon each update.
句柄系统的完整性在很大程度上取决于全局服务信息的完整性。无效的全局服务信息可能会误导客户端使用不适当的本地句柄服务。它还允许攻击者伪造服务器签名。全局句柄注册表在保护全局服务信息和用于对全局服务信息签名的公钥对时必须格外小心。客户端应用程序应仅接受全局句柄注册表中的全局服务信息。他们应该在每次更新时检查其完整性。
For efficiency reasons, handle servers will not generate or return a digital signature for every service response, unless specifically requested by clients. To assure data integrity, clients must explicitly ask the server to return the digital signature. To protect sensitive data from exposure, clients may establish a communication session with the server and ask the server to encrypt any data using the session key.
出于效率考虑,handle服务器不会为每个服务响应生成或返回数字签名,除非客户机特别要求。为了确保数据完整性,客户端必须明确要求服务器返回数字签名。为了保护敏感数据不被暴露,客户端可以与服务器建立通信会话,并要求服务器使用会话密钥加密任何数据。
By default, most handle data stored in the Handle System is publicly accessible, unless otherwise specified by the handle administrator. Handle administrators must pay attention when adding handle values that contain private information. They may choose to mark these handle values readable only by the handle administrator(s), or to store these as encrypted handle values, so that these values can only be read within a controlled audience.
默认情况下,除非handle管理员另有指定,否则存储在handle系统中的大多数handle数据都是可公开访问的。添加包含私有信息的句柄值时,句柄管理员必须注意。他们可以选择将这些句柄值标记为仅由句柄管理员可读,或者将其存储为加密的句柄值,以便这些值只能在受控访问群体中读取。
Log files generated by the handle server are another vulnerable point where client privacy may be under attack. Operators of handle servers must protect such information carefully.
handle服务器生成的日志文件是客户端隐私可能受到攻击的另一个漏洞。handle服务器的操作员必须仔细保护此类信息。
Besides performance gains and other value-added services, both proxy and caching servers present themselves as men-in-the-middle, and as such are vulnerable to man-in-the-middle attacks. It is important to know that proxy and caching servers are not part of any handle service. They are clients of the Handle System. Service responses from proxy and caching servers cannot be authenticated via the Handle
除了性能提升和其他增值服务外,代理服务器和缓存服务器都表现为中间人,因此容易受到中间人攻击。必须知道,代理服务器和缓存服务器不是任何句柄服务的一部分。他们是Handle系统的客户。无法通过句柄对来自代理服务器和缓存服务器的服务响应进行身份验证
System protocol. The trust between the client and its immediate proxy/caching server has to be setup independently, regardless of the number of proxy/caching servers that are in the middle of the communication path.
系统协议。客户端和它的直接代理/缓存服务器之间的信任必须独立设置,而不管在通信路径中间的代理/缓存服务器的数量。
By using proxy and caching servers, clients assume that the servers will submit their requests and relay any responses from the Handle System without mishandling any of the contents. They also assume that the servers will protect any sensitive information on their behalf.
通过使用代理服务器和缓存服务器,客户机假定服务器将提交其请求并中继来自Handle系统的任何响应,而不会错误处理任何内容。他们还假设服务器将代表他们保护任何敏感信息。
Proxy and caching server operators should protect the systems on which such servers are running as they would protect any system that contains or transports sensitive information. In particular, log information gathered at proxies often contain highly sensitive personal information, and/or information about organizations. Such information should be carefully guarded, and appropriate guidelines for their use developed and followed.
代理和缓存服务器操作员应保护运行此类服务器的系统,因为它们将保护包含或传输敏感信息的任何系统。特别是,在代理处收集的日志信息通常包含高度敏感的个人信息和/或有关组织的信息。应仔细保护此类信息,并制定和遵循适当的使用指南。
Caching servers provide additional potential vulnerabilities because the contents of the cache represent an attractive target for malicious exploitation. Potential attacks on the cache can reveal private data for a handle user, or information still kept after a user believes that they have been removed from the network. Therefore, cache contents should be protected as sensitive information.
缓存服务器提供了额外的潜在漏洞,因为缓存内容是恶意攻击的诱人目标。对缓存的潜在攻击可能会泄露handle用户的私有数据,或者在用户认为这些数据已从网络中删除后仍保留的信息。因此,缓存内容应作为敏感信息进行保护。
Handle System clients should be aware of possible delays in content replication among mirroring sites. They should consider sending their request to the primary service site for any time-sensitive data. Selection of mirroring sites by service administrators must be done carefully. Each mirroring site must follow the same security procedures in order to ensure data integrity. Software tools may be applied to ensure data consistency among mirroring sites.
Handle系统客户端应该知道镜像站点之间的内容复制可能会延迟。他们应该考虑将他们的请求发送给主服务站点,以获取任何时间敏感数据。服务管理员必须仔细选择镜像站点。每个镜像站点必须遵循相同的安全过程,以确保数据完整性。可以应用软件工具来确保镜像站点之间的数据一致性。
As with any public service, the Handle System is subject to denial of service attacks. No general solutions are available to protect against such attacks in today's technology. Server implementations may be developed to be aware of such attacks and notify administrators when they happen. Stateless cookies [19, 20] are one means of mitigating some of the effects of DoS attacks on hosts that perform authentication, integrity, and encryption services. Server
与任何公共服务一样,Handle系统也会受到拒绝服务攻击。在当今的技术中,没有通用的解决方案可以防止此类攻击。服务器实现可能会被开发为了解此类攻击,并在攻击发生时通知管理员。无状态Cookie[19,20]是一种减轻DoS攻击对执行身份验证、完整性和加密服务的主机的影响的方法。服务器
implementations, moreover, need to be upgradeable to take advantage of new security technologies, including anti-DoS technologies as these become available.
此外,实现需要能够升级,以利用新的安全技术,包括可用的反DoS技术。
The Handle System was originally conceived and developed at CNRI as part of an overall digital object architecture. The first public implementation was created at CNRI in the fall of 1994 in an effort led by David Ely. The overall digital object architecture, including the Handle System, was later described in a paper by Robert Kahn and Robert Wilensky [1] in 1995. Development continued at CNRI as part of the Computer Science Technical Reports (CSTR) project, funded by the Defense Advanced Projects Agency (DARPA) under Grant Number MDA-972-92-J-1029 and MDA-972-99-1-0018. One aspect of this early digital library project, which was also a major factor in the evolution of the Networked Computer Science Technical Reference Library (NCSTRL) [18] and related activities, was to develop a framework for the underlying infrastructure of digital libraries.
手柄系统最初是作为整体数字对象体系结构的一部分在CNRI构思和开发的。1994年秋天,在大卫·伊利(David Ely)的领导下,CNRI创建了第一个公共实施。罗伯特·卡恩(Robert Kahn)和罗伯特·威伦斯基(Robert Wilensky)[1]在1995年的一篇论文中描述了整个数字对象体系结构,包括手柄系统。作为计算机科学技术报告(CSTR)项目的一部分,CNRI继续进行开发,该项目由国防高级项目局(DARPA)资助,资助号为MDA-972-92-J-1029和MDA-972-99-1-0018。这一早期数字图书馆项目的一个方面,也是网络计算机科学技术参考图书馆(NCSTRL)[18]和相关活动发展的一个主要因素,是为数字图书馆的基础设施开发一个框架。
Early adopters of the Handle System included the Library of Congress, the Defense Technical Information Center (DTIC), and the International DOI Foundation (IDF). Feedback from these organizations as well as NCSTRL, other digital library projects, and related IETF efforts as mentioned above, have all contributed to the evolution of the Handle System. The current status and available software, for both client and server, can be found at http://www.handle.net.
早期使用的手柄系统包括国会图书馆,国防技术信息中心(DTIC)和国际DOI基金会(IDF)。这些组织的反馈以及NCSTRL、其他数字图书馆项目以及上述相关IETF工作都对Handle系统的发展做出了贡献。有关客户端和服务器的当前状态和可用软件,请访问http://www.handle.net.
This work is derived from the earlier versions of the Handle System implementation. Design ideas are based on those discussed within the Handle System development team, including David Ely, Charles Orth, Allison Yu, Sean Reilly, Jane Euler, Catherine Rey, Stephanie Nguyen, Jason Petrone, and Helen She. Their contributions to this work are gratefully acknowledged.
这项工作源自Handle系统实现的早期版本。设计理念基于Handle系统开发团队讨论的内容,包括David Ely、Charles Orth、Allison Yu、Sean Reilly、Jane Euler、Catherine Rey、Stephanie Nguyen、Jason Petrone和Helen She。感谢他们对这项工作的贡献。
The authors also thank Russ Housley (housley@vigilsec.com), Ted Hardie (hardie@qualcomm.com), and Mark Baugher (mbaugher@cisco.com) for their extensive review and comments, as well as recommendations received from other members of the IETF/IRTF community.
作者还感谢Russ Housley(housley@vigilsec.com),特德·哈迪(hardie@qualcomm.com),以及马克·鲍尔(mbaugher@cisco.com)感谢他们的广泛审查和评论,以及IETF/IRTF社区其他成员提出的建议。
[1] Kahn, R. and R. Wilensky, "A Framework for Distributed Digital Object Services", D-Lib Magazine, 1995.
[1] Kahn,R.和R.Wilensky,“分布式数字对象服务框架”,D-Lib杂志,1995年。
[2] Mockapetris, P., "Domain Names - Concepts and Facilities", STD 13, RFC 1034, November 1987.
[2] Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[3] Mockapetris, P., "Domain Names - Implementation and Specification", STD 13, RFC 1035, November 1987.
[3] Mockapetris,P.,“域名-实现和规范”,STD 13,RFC 10351987年11月。
[4] Berners-Lee, T., Masinter, L. and M. McCahill, "Uniform Resource Locators (URL)", RFC 1738, December 1994.
[4] Berners Lee,T.,Masinter,L.和M.McCahill,“统一资源定位器(URL)”,RFC 17381994年12月。
[5] Yergeau, F., "UTF-8, a transformation format of Unicode and ISO 10646", RFC 2044, October 1996.
[5] “UTF-8,Unicode和ISO10646的转换格式”,RFC 2044,1996年10月。
[6] ITU-T Rec. X.500, "The Directory: Overview of Concepts, Models, and Services", 1993.
[6] ITU-T Rec.X.500,“目录:概念、模型和服务概述”,1993年。
[7] D. W. Chadwick, "Understanding X.500 - The Directory", Chapman & Hall ISBN: 0-412-43020-7.
[7] 查德威克,“理解X.500——目录”,查普曼和霍尔ISBN:0-412-43020-7。
[8] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997.
[8] Wahl,M.,Howes,T.和S.Kille,“轻量级目录访问协议(v3)”,RFC 2251,1997年12月。
[9] Sollins, K. and L. Masinter, "Functional Requirements for Uniform Resource Names", RFC 1737, December 1994.
[9] Sollins,K.和L.Masinter,“统一资源名称的功能要求”,RFC 1737,1994年12月。
[10] Sollins, K. "Architectural Principles of Uniform Resource Name Resolution", RFC 2276, January 1998.
[10] Sollins,K.“统一资源名称解析的架构原则”,RFC 2276,1998年1月。
[11] IETF Uniform Resource Names (URN) Working Group, April 1998.
[11] IETF统一资源名称(URN)工作组,1998年4月。
[12] D-Lib Magazine, http://www.dlib.org
[12] D-Lib Magazine, http://www.dlib.org
[13] Sam X. Sun, "Internationalization of the Handle System - A Persistent Global Name Service", Proceeding of 12th International Unicode Conference, April 1998.
[13] Sam X.Sun,“手柄系统的国际化-持久的全球名称服务”,第12届国际Unicode会议论文集,1998年4月。
[14] D. Goodman, C. Robbins, "Understanding LDAP & X.500", August 1997.
[14] D.Goodman,C.Robbins,“理解LDAP和X.500”,1997年8月。
[15] Deutsch P., Schoultz R., Faltstrom P. and C. Weider, "Architecture of the WHOIS++ service", RFC 1835, August 1995.
[15] Deutsch P.,Schoultz R.,Faltstrom P.和C.Weider,“WHOIS++服务的体系结构”,RFC 18351995年8月。
[16] Weider, C., Fullton, J. and S. Spero, "Architecture of the Whois++ Index Service", RFC 1913, February 1996.
[16] Weider,C.,Fullton,J.和S.Spero,“Whois++索引服务的体系结构”,RFC1913,1996年2月。
[17] The Unicode Consortium, "The Unicode Standard, Version v3.0", Addison-Wesley Pub Co; ISBN: 0201616335.
[17] Unicode联盟,“Unicode标准,v3.0版”,Addison Wesley Pub Co;国际标准书号:0201616335。
[18] The Networked Computer Science Technical Reports Library (NCSTRL), http://www.ncstrl.org/
[18] The Networked Computer Science Technical Reports Library (NCSTRL), http://www.ncstrl.org/
[19] Karn, P. and W. Simpson, "Photuris: Session-Key Management Protocol", RFC 2522, March 1999.
[19] Karn,P.和W.Simpson,“Photuris:会话密钥管理协议”,RFC2521999年3月。
[20] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998.
[20] Harkins,D.和D.Carrel,“互联网密钥交换(IKE)”,RFC 2409,1998年11月。
[21] Sun, S., Reilly, S. and L. Lannom, "Handle System Namespace and Service Definition", RFC 3651, November 2003.
[21] Sun,S.,Reilly,S.和L.Lannom,“句柄系统名称空间和服务定义”,RFC 3651,2003年11月。
[22] Sun, S., Reilly, S., Lannom, L. and J. Petrone, "Handle System Protocol (ver 2.1) Specification", RFC 3652, November 2003.
[22] Sun,S.,Reilly,S.,Lannom,L.和J.Petrone,“手柄系统协议(2.1版)规范”,RFC 36522003年11月。
[23] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998.
[23] Berners Lee,T.,Fielding,R.和L.Masinter,“统一资源标识符(URI):通用语法”,RFC 2396,1998年8月。
Sam X. Sun Corporation for National Research Initiatives (CNRI) 1895 Preston White Dr., Suite 100 Reston, VA 20191
Sam X.Sun国家研究计划公司(CNRI)1895 Preston White博士,弗吉尼亚州莱斯顿100号套房,邮编20191
Phone: 703-262-5316 EMail: ssun@cnri.reston.va.us
电话:703-262-5316电子邮件:ssun@cnri.reston.va.us
Larry Lannom Corporation for National Research Initiatives (CNRI) 1895 Preston White Dr., Suite 100 Reston, VA 20191
拉里·兰诺姆国家研究计划公司(CNRI)1895普雷斯顿·怀特博士,弗吉尼亚州莱斯顿100号套房,邮编:20191
Phone: 703-620-8990 EMail: llannom@cnri.reston.va.us
电话:703-620-8990电子邮件:llannom@cnri.reston.va.us
Brian Boesch Corporation for National Research Initiatives (CNRI) 1895 Preston White Dr., Suite 100 Reston, VA 20191
Brian Boesch国家研究计划公司(CNRI)1895 Preston White博士,弗吉尼亚州雷斯顿100号套房,邮编20191
Phone: 703-262-5316 EMail: bboesch@cnri.reston.va.us
电话:703-262-5316电子邮件:bboesch@cnri.reston.va.us
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。