Network Working Group                                             S. Sun
Request for Comments: 3651                                     S. Reilly
Category: Informational                                        L. Lannom
                                                                    CNRI
                                                           November 2003
        
Network Working Group                                             S. Sun
Request for Comments: 3651                                     S. Reilly
Category: Informational                                        L. Lannom
                                                                    CNRI
                                                           November 2003
        

Handle System Namespace and Service Definition

句柄系统命名空间和服务定义

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2003). All Rights Reserved.

版权所有(C)互联网协会(2003年)。版权所有。

IESG Note

IESG注释

Several groups within the IETF and IRTF have discussed the Handle System and it relationship to existing systems of identifiers. The IESG wishes to point out that these discussions have not resulted in IETF consensus on the described Handle System nor on how it might fit into the IETF architecture for identifiers. Though there has been discussion of handles as a form of URI, specifically as a URN, these documents describe an alternate view of how namespaces and identifiers might work on the Internet and include characterizations of existing systems which may not match the IETF consensus view.

IETF和IRTF中的几个小组讨论了句柄系统以及它与现有标识符系统的关系。IESG希望指出,这些讨论没有导致IETF就所述句柄系统达成共识,也没有导致IETF如何将其纳入IETF标识符体系结构。尽管已经讨论过句柄作为URI的一种形式,特别是作为URN,但这些文档描述了名称空间和标识符在Internet上如何工作的另一种视图,并包括可能与IETF一致性视图不匹配的现有系统的特征。

Abstract

摘要

The Handle System is a general-purpose global name service that allows secured name resolution and administration over the public Internet. This document provides a detailed description of the Handle System namespace, and its data, service, and operation models. The namespace definition specifies the handle syntax and its semantic structure. The data model defines the data structures used by the Handle System protocol and any pre-defined data types for carrying out the handle service. The service model provides definitions of various Handle System components and explains how they work together over the network. Finally, the Handle System operation model describes its service operation in terms of messages transmitted between client and server, and the client authentication process based on the Handle System authentication protocol.

Handle系统是一种通用的全局名称服务,允许通过公共互联网进行安全的名称解析和管理。本文档详细描述了Handle系统名称空间及其数据、服务和操作模型。名称空间定义指定句柄语法及其语义结构。数据模型定义了Handle系统协议使用的数据结构以及用于执行Handle服务的任何预定义数据类型。服务模型提供了各种句柄系统组件的定义,并解释了它们如何在网络上协同工作。最后,Handle系统操作模型根据客户端和服务器之间传输的消息描述其服务操作,以及基于Handle系统认证协议的客户端认证过程。

Table of Contents
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Handle System Namespace. . . . . . . . . . . . . . . . . . . .  3
   3.  Handle System Data Model . . . . . . . . . . . . . . . . . . .  4
       3.1.  Handle Value Set . . . . . . . . . . . . . . . . . . . .  4
       3.2.  Pre-defined Handle Data Types. . . . . . . . . . . . . .  9
             3.2.1.  Handle Administrator: HS_ADMIN . . . . . . . . . 10
             3.2.2.  Service Site Information: HS_SITE. . . . . . . . 14
             3.2.3.  Naming Authority Delegation Service:
                     HS_NA_DELEGATE . . . . . . . . . . . . . . . . . 19
             3.2.4.  Service Handle: HS_SERV. . . . . . . . . . . . . 20
             3.2.5.  Alias Handle: HS_ALIAS . . . . . . . . . . . . . 21
             3.2.6.  Primary Site: HS_PRIMARY . . . . . . . . . . . . 21
             3.2.7.  Handle Value List: HS_VLIST. . . . . . . . . . . 22
   4.  Handle System Service Model. . . . . . . . . . . . . . . . . . 22
       4.1.  Handle System Service Components . . . . . . . . . . . . 23
             4.1.1.  Global Handle Registry (GHR) . . . . . . . . . . 23
             4.1.2.  Local Handle Service (LHS) . . . . . . . . . . . 26
       4.2.  Handle System Middle-Ware Components . . . . . . . . . . 27
             4.2.1.  Handle System Caching Service. . . . . . . . . . 27
             4.2.2.  Handle System Proxy Server . . . . . . . . . . . 28
       4.3.  Handle System Client Components. . . . . . . . . . . . . 28
   5.  Handle System Operation Model. . . . . . . . . . . . . . . . . 29
       5.1.  Handle System Service Request and Response . . . . . . . 30
       5.2.  Handle System Authentication Protocol. . . . . . . . . . 32
   6.  Security Considerations. . . . . . . . . . . . . . . . . . . . 37
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 38
   8.  References and Bibliography. . . . . . . . . . . . . . . . . . 38
   9.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 40
   10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 41
        
Table of Contents
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Handle System Namespace. . . . . . . . . . . . . . . . . . . .  3
   3.  Handle System Data Model . . . . . . . . . . . . . . . . . . .  4
       3.1.  Handle Value Set . . . . . . . . . . . . . . . . . . . .  4
       3.2.  Pre-defined Handle Data Types. . . . . . . . . . . . . .  9
             3.2.1.  Handle Administrator: HS_ADMIN . . . . . . . . . 10
             3.2.2.  Service Site Information: HS_SITE. . . . . . . . 14
             3.2.3.  Naming Authority Delegation Service:
                     HS_NA_DELEGATE . . . . . . . . . . . . . . . . . 19
             3.2.4.  Service Handle: HS_SERV. . . . . . . . . . . . . 20
             3.2.5.  Alias Handle: HS_ALIAS . . . . . . . . . . . . . 21
             3.2.6.  Primary Site: HS_PRIMARY . . . . . . . . . . . . 21
             3.2.7.  Handle Value List: HS_VLIST. . . . . . . . . . . 22
   4.  Handle System Service Model. . . . . . . . . . . . . . . . . . 22
       4.1.  Handle System Service Components . . . . . . . . . . . . 23
             4.1.1.  Global Handle Registry (GHR) . . . . . . . . . . 23
             4.1.2.  Local Handle Service (LHS) . . . . . . . . . . . 26
       4.2.  Handle System Middle-Ware Components . . . . . . . . . . 27
             4.2.1.  Handle System Caching Service. . . . . . . . . . 27
             4.2.2.  Handle System Proxy Server . . . . . . . . . . . 28
       4.3.  Handle System Client Components. . . . . . . . . . . . . 28
   5.  Handle System Operation Model. . . . . . . . . . . . . . . . . 29
       5.1.  Handle System Service Request and Response . . . . . . . 30
       5.2.  Handle System Authentication Protocol. . . . . . . . . . 32
   6.  Security Considerations. . . . . . . . . . . . . . . . . . . . 37
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 38
   8.  References and Bibliography. . . . . . . . . . . . . . . . . . 38
   9.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 40
   10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 41
        
1. Introduction
1. 介绍

The Handle System manages handles as globally unique names for Internet resources. It was originally conceived and described in a paper by Robert Kahn and Robert Wilensky [22] in 1995. The Handle System provides a general-purpose global name service that allows handles to be resolved and administrated securely over the public Internet. The Handle System categorizes its service into two categories: the handle resolution service and the handle administration service. Clients use handle resolution service to resolve handles into their values. The handle administration service deals with client requests to manage these handles, including adding and deleting handles, and updating handle values.

句柄系统将句柄作为Internet资源的全局唯一名称进行管理。它最初是由Robert Kahn和Robert Wilensky在1995年的一篇论文中构思和描述的[22]。句柄系统提供通用全局名称服务,允许通过公共Internet安全地解析和管理句柄。Handle系统将其服务分为两类:Handle解析服务和Handle管理服务。客户端使用句柄解析服务将句柄解析为其值。句柄管理服务处理管理这些句柄的客户端请求,包括添加和删除句柄,以及更新句柄值。

The document "Handle System Overview" [1] provides an architectural overview of the Handle System, and its relationship to other Internet services such as DNS [2,3] and LDAP[4]. This document provides a

文档“Handle System Overview”[1]提供了Handle系统的体系结构概述及其与其他Internet服务(如DNS[2,3]和LDAP[4])的关系。本文件提供了一个

detailed description of the Handle System namespace, its data and service model, and its operation model. It assumes that readers are familiar with the basic concepts of the Handle System as described in the overview document.

Handle系统名称空间、其数据和服务模型及其操作模型的详细描述。假设读者熟悉概述文档中描述的手柄系统的基本概念。

The namespace definition specifies the handle syntax and its semantic structure. The data model defines the data structures used by the Handle System protocol and any pre-defined data types for carrying out the handle service. The service model provides definitions of various Handle System components and explains how they work together over the network. Finally, the Handle System operation model describes its service operation in terms of messages transmitted between client and server, and the client authentication process based on the Handle System authentication protocol.

名称空间定义指定句柄语法及其语义结构。数据模型定义了Handle系统协议使用的数据结构以及用于执行Handle服务的任何预定义数据类型。服务模型提供了各种句柄系统组件的定义,并解释了它们如何在网络上协同工作。最后,Handle系统操作模型根据客户端和服务器之间传输的消息描述其服务操作,以及基于Handle系统认证协议的客户端认证过程。

2. Handle System Namespace
2. 句柄系统命名空间

Handles are character strings that may consist of a wide range of characters. Every handle in the Handle System consists of two parts: its naming authority, followed by a unique local name under the naming authority. The naming authority and the local name are separated by the ASCII character "/" (octet 0x2F). The following table provides the handle syntax definition in ABNF [5] notation:

句柄是字符串,可以由许多字符组成。handle系统中的每个句柄由两部分组成:其命名机构,后跟命名机构下唯一的本地名称。命名机构和本地名称由ASCII字符“/”(八位字节0x2F)分隔。下表提供了ABNF[5]表示法中的句柄语法定义:

       <Handle>          = <NamingAuthority> "/" <LocalName>
        
       <Handle>          = <NamingAuthority> "/" <LocalName>
        
       <NamingAuthority> = *(<NamingAuthority>  ".") <NAsegment>
        
       <NamingAuthority> = *(<NamingAuthority>  ".") <NAsegment>
        
       <NAsegment>       = 1*(%x00-2D / %x30-3F / %x41-FF )
                         ; any octets that map to UTF-8 encoded
                         ; Unicode 2.0 characters except
                         ; octets '0x2E' and '0x2F' (which
                         ; correspond to the ASCII characters '.',
                         ; and '/').
        
       <NAsegment>       = 1*(%x00-2D / %x30-3F / %x41-FF )
                         ; any octets that map to UTF-8 encoded
                         ; Unicode 2.0 characters except
                         ; octets '0x2E' and '0x2F' (which
                         ; correspond to the ASCII characters '.',
                         ; and '/').
        
       <LocalName>       = *(%x00-FF)
                         ; any octets that map to UTF-8 encoded
                         ; Unicode 2.0 characters
        
       <LocalName>       = *(%x00-FF)
                         ; any octets that map to UTF-8 encoded
                         ; Unicode 2.0 characters
        

Table 2.1: Handle syntax

表2.1:句柄语法

   As shown in Table 2.1, both <NamingAuthority> and <LocalName> are
   UTF-8 [6] encoded character strings.  The Handle System protocol
   mandates UTF-8 encoding for handles transferred over the wire.  The
   <LocalName> may consist of any characters from the Unicode 2.0
   standard [7].  The <NamingAuthority> may use any characters from the
   Unicode 2.0 standard except the ASCII character '/' (0x2F), which is
        
   As shown in Table 2.1, both <NamingAuthority> and <LocalName> are
   UTF-8 [6] encoded character strings.  The Handle System protocol
   mandates UTF-8 encoding for handles transferred over the wire.  The
   <LocalName> may consist of any characters from the Unicode 2.0
   standard [7].  The <NamingAuthority> may use any characters from the
   Unicode 2.0 standard except the ASCII character '/' (0x2F), which is
        

reserved to separate the <NamingAuthority> from the <LocalName>. A <NamingAuthority> may consist of multiple non-empty <NAsegment>s, each of which separated by the ASCII character '.' (octet 0x2E).

保留以将<NamingAuthority>与<LocalName>分开。<NamingAuthority>可以由多个非空<NAsegment>s组成,每个非空<NAsegment>s由ASCII字符“.”(八位字节0x2E)分隔。

Naming authorities are defined in a hierarchical fashion resembling a tree structure. Each node and leaf of the tree is given a label that corresponds to a naming authority segment (<NAsegment>). The parent node represents the parent naming authority. Naming authorities are constructed left to right, concatenating the labels from the root of the tree to the node that represents the naming authority. Each label (or its <NAsegment>) is separated by the character '.' (octet 0x2E). For example, the naming authority for the Digital Object Identifier (DOI) project is "10". It is a root-level naming authority as it has no parent naming authority for itself. It can, however, have many child naming authorities. For example, "10.1045" is a child naming authority of "10" for the D-Lib Magazine.

命名机构以类似于树结构的分层方式定义。树的每个节点和叶都有一个对应于命名机构段(<NAsegment>)的标签。父节点表示父命名机构。命名机构是从左到右构造的,将标签从树的根连接到表示命名机构的节点。每个标签(或其<NAsegment>)由字符“.”(八位字节0x2E)分隔。例如,数字对象标识符(DOI)项目的命名机构是“10”。它是根级别的命名机构,因为它本身没有父级命名机构。但是,它可以有许多儿童命名机构。例如,“10.1045”是D-Lib杂志的子命名权限“10”。

By default, handles are case sensitive. However, a handle service, global or local, may implement its namespace so that ASCII characters under the namespace are treated as case insensitive. For example, the global handle service, formally known as the Global Handle Registry (GHR), is implemented such that ASCII characters are treated as case insensitive. Since the GHR manages all handles for naming authorities, ASCII characters in naming authorities are treated as case insensitive.

默认情况下,句柄区分大小写。但是,句柄服务(全局或本地)可以实现其名称空间,以便名称空间下的ASCII字符被视为不区分大小写。例如,全局句柄服务(正式称为全局句柄注册表(GHR))的实现使得ASCII字符被视为不区分大小写。由于GHR管理命名机构的所有句柄,命名机构中的ASCII字符被视为不区分大小写。

3. Handle System Data Model
3. 处理系统数据模型

The Handle System provides a name-to-value binding service over the public Internet. Each handle may have a set of values assigned to it. The Handle System maintains the value set of each handle and will return it in response to any handle resolution request. The Handle System data model defines the conceptual data structure for these values. The data model used by the protocol may not be the exact physical data model used for storage in any specific implementation. Rather, it is the data model followed by the Handle System protocol as specified in the "Handle System Protocol Specification" [8].

Handle系统通过公共Internet提供名称到值绑定服务。每个控制柄都可以指定一组值。句柄系统维护每个句柄的值集,并将在响应任何句柄解析请求时返回该值集。Handle系统数据模型定义这些值的概念数据结构。协议使用的数据模型可能不是任何特定实现中用于存储的确切物理数据模型。而是“Handle System protocol Specification”[8]中规定的Handle System协议所遵循的数据模型。

3.1. Handle Value Set
3.1. 句柄值集

Each handle may have a set of values assigned to it. These handle values use a common data structure for its data. For example, each handle value has a unique index number that distinguishes it from other values in the value set. It also has a specific data type that defines the syntax and semantics of the data in its data field. Besides these, each handle value contains a set of administrative information such as TTL and permissions. Figure 3.1 shows the handle

每个控制柄都可以指定一组值。这些句柄值对其数据使用公共数据结构。例如,每个句柄值都有一个唯一的索引号,可以将其与值集中的其他值区分开来。它还有一个特定的数据类型,用于定义其数据字段中数据的语法和语义。除此之外,每个句柄值还包含一组管理信息,如TTL和权限。图3.1显示了手柄

"10.1045/may99-payette" with a set of three handle values. One of these values (with index number set to 1) is shown in detail. (Note that the encoding of the length for each field is not shown in Figure 3.1. Also, the empty <reference> field consists of a 4-byte integer whose value is zero.)

带有一组三个句柄值的“10.1045/may99 payette”。其中一个值(索引编号设置为1)将详细显示。(请注意,图3.1中未显示每个字段的长度编码。此外,空<reference>字段由一个值为零的4字节整数组成。)

Handle "10.1045/may99-payette"

处理“10.1045/1999年5月付款人”

| | V

||V

        -------------------------------------------------------------
       |        <index>:            3                                |
      -------------------------------------------------------------  |
     |        <index>:            2                                | |
    -------------------------------------------------------------  | |
   |                                                             | | |
   |  <index>:           1                                       | | |
   |  <type>:            URL                                     | | |
   |  <data>:            http://www.dlib.org/dlib...             | | |
   |  <TTL>:             {Relative: 24 hours}                    | | |
   |  <permission>:      PUBLIC_READ, ADMIN_WRITE                | | |
   |  <timestamp>:       927314334000                            | | |
   |  <reference>:       {empty}                                 | |-
   |                                                             |-
    -------------------------------------------------------------
        
        -------------------------------------------------------------
       |        <index>:            3                                |
      -------------------------------------------------------------  |
     |        <index>:            2                                | |
    -------------------------------------------------------------  | |
   |                                                             | | |
   |  <index>:           1                                       | | |
   |  <type>:            URL                                     | | |
   |  <data>:            http://www.dlib.org/dlib...             | | |
   |  <TTL>:             {Relative: 24 hours}                    | | |
   |  <permission>:      PUBLIC_READ, ADMIN_WRITE                | | |
   |  <timestamp>:       927314334000                            | | |
   |  <reference>:       {empty}                                 | |-
   |                                                             |-
    -------------------------------------------------------------
        

Figure 3.1: Handle "10.1045/may99-payette" and its set of values

图3.1:句柄“10.1045/may99 payette”及其值集

In Figure 3.1, it shows a handle value whose its index is set to 1. The data type for the handle value is URL. The URL data as stated in the <data> field is "http://www.dlib.org/dlib...". The TTL (time to live) entry suggests that the value record should be cached no more than 24 hours before the source of the information to be consulted again. The <permission> field grants anyone permission to read, but only the administrator to update the value. The <reference> field is empty. It may contain a list of references to other handle values as credentials for this handle value.

在图3.1中,它显示了一个句柄值,其索引设置为1。句柄值的数据类型为URL。<data>字段中所述的URL数据为“http://www.dlib.org/dlib...". TTL(生存时间)条目建议在再次查询信息源之前不超过24小时缓存值记录。<permission>字段授予任何人读取权限,但仅授予管理员更新该值的权限。<reference>字段为空。它可能包含对其他句柄值的引用列表,作为此句柄值的凭据。

Thus a handle value may be thought of as a record that consists of a group of data fields. Each of these data fields is defined as follows:

因此,句柄值可以看作是由一组数据字段组成的记录。这些数据字段的定义如下:

<index> An unsigned 32-bit integer that uniquely identifies a handle value from other handle values.

<index>一个无符号32位整数,它从其他句柄值中唯一标识句柄值。

<type> A UTF8-string that identifies the data type for the value record. Note that throughout this document, a UTF8-string is defined as a data structure that consists of a 4-byte unsigned integer followed by an UTF-8 encoded character string. The integer specifies the number of octets in the character string.

<type>标识值记录数据类型的UTF8字符串。请注意,在本文档中,UTF8字符串被定义为一种数据结构,由一个4字节无符号整数后跟一个UTF-8编码字符串组成。整数指定字符串中的八位字节数。

The <type> field identifies the data type that defines the syntax and semantics of data in the next <data> field. The data type may be registered with the Handle System to avoid potential conflicts. The Handle System has a reserved naming authority "0.TYPE" for registered data types. For example, "URL" (as shown in Figure 3.1) is a registered data type. It is registered as the handle "0.TYPE/URL". The handle may have a value that explains the syntax and semantics of the data type.

<type>字段标识定义下一个<data>字段中数据的语法和语义的数据类型。数据类型可以在Handle系统中注册,以避免潜在的冲突。Handle系统具有注册数据类型的保留命名权限“0.TYPE”。例如,“URL”(如图3.1所示)是一种已注册的数据类型。它被注册为句柄“0.TYPE/URL”。句柄可以有一个值来解释数据类型的语法和语义。

Data types under the Handle System may be hierarchical. Each level of the hierarchy may be named in terms of a UTF8-String with no '.' (0x2E) characters. The '.' character is used to mark the boundary between hierarchy levels. For example, the Handle System data type "a.b" may be considered as a sub-type "b" under the type "a". Similarly, handle values of <type> "a.b.x", "a.b.y" and "a.b.z" may be considered as handle values under the common type hierarchy "a.b".

Handle系统下的数据类型可能是分层的。层次结构的每一级都可以用不带“.”(0x2E)字符的UTF8字符串命名。“.”字符用于标记层次结构级别之间的边界。例如,手柄系统数据类型“a.b”可被视为类型“a”下的子类型“b”。类似地,<type>“a.b.x”、“a.b.y”和“a.b.z”的句柄值可被视为公共类型层次结构“a.b”下的句柄值。

For any handle values, the UTF8-string in the <type> field may not end with the '.' character. In other words, no Handle System data type should end with the '.' character. However, the '.' character may appear in the end of the <type> parameter in a handle query. This is used to query for all handle values under a common type hierarchy. For example, one may query for all handle values under the type hierarchy "a.b" (e.g., handle values of <type> "a.b.x", "a.b.y" and "a.b.z") by setting the <type> parameter to "a.b.". Note here that the <type> parameter ends with the '.' character. Details of the handle query operation can be found in the Handle System protocol specification [8].

对于任何句柄值,<type>字段中的UTF8字符串不能以“.”字符结尾。换句话说,任何句柄系统数据类型都不应以“.”字符结尾。但是,句柄查询中,“.”字符可能出现在<type>参数的末尾。这用于查询公共类型层次结构下的所有句柄值。例如,可以通过将<type>参数设置为“a.b.”来查询类型层次结构“a.b.”(例如<type>“a.b.x”、“a.b.y”和“a.b.z”)下的所有句柄值。请注意,<type>参数以“.”字符结尾。有关句柄查询操作的详细信息,请参见句柄系统协议规范[8]。

<data> A sequence of octets (preceded by its length in a 4-byte unsigned integer) that describes the resource identified by the handle. The syntax and semantics of these octets are identified by the <type> field.

<data>描述由句柄标识的资源的八位字节序列(以4字节无符号整数开头)。这些八位字节的语法和语义由<type>字段标识。

<permission> An eight-bit bit-mask for access control of the handle value. Access control is defined in terms of read, write, and execute

<permission>用于句柄值访问控制的八位掩码。访问控制定义为读、写和执行

permissions, applicable to either general public or handle administrator(s). Each handle value can have its permission field specified as any combination of the following bits:

权限,适用于一般公共或句柄管理员。每个句柄值都可以将其权限字段指定为以下位的任意组合:

PUBLIC_WRITE (0x01) permission that allows anyone to modify or delete the handle value.

PUBLIC_WRITE(0x01)权限,允许任何人修改或删除句柄值。

PUBLIC_READ (0x02) permission that allows anyone to read the handle value.

PUBLIC_READ(0x02)权限,允许任何人读取句柄值。

ADMIN_WRITE (0x04) permission that allows any handle administrator to update or delete the handle value.

ADMIN_WRITE(0x04)权限,允许任何句柄管理员更新或删除句柄值。

ADMIN_READ (0x08)_ permission that allows the handle value to be read by any handle administrator with AUTHORITIVE_READ privilege.

ADMIN_READ(0x08)\权限,允许任何具有AUTHORITIVE_READ权限的句柄管理员读取句柄值。

PUBLIC_EXECUTE (0x10) permission that allows anyone to execute the program identified by the handle value on the handle host as anonymous user. Because of the security risks this may have brought up, implementations may choose not to support such permission, or provide options so that it can be disabled at deployment.

PUBLIC_EXECUTE(0x10)权限,允许任何人以匿名用户身份在句柄主机上执行由句柄值标识的程序。由于这可能带来安全风险,实现可能选择不支持此类权限,或者提供选项以便在部署时禁用。

ADMIN_EXECUTE (0x20) permission that allows handle administrator(s) to run the program identified by the handle value on the handle server. The handle server must authenticate the handle administrator before executing the program. The handle administrator must have an established account on the handle server. The execution of the handle value should assume the same privilege as the one given to the account for the handle administrator. Because of the security risks this may have brought up, implementations may choose not to support such permission, or provide options so that it can be disabled at deployment.

ADMIN_EXECUTE(0x20)权限,允许句柄管理员在句柄服务器上运行由句柄值标识的程序。在执行程序之前,句柄服务器必须对句柄管理员进行身份验证。句柄管理员必须在句柄服务器上具有已建立的帐户。句柄值的执行应采用与为句柄管理员授予帐户的权限相同的权限。由于这可能带来安全风险,实现可能选择不支持此类权限,或者提供选项以便在部署时禁用。

Note that a handle value with no PUBLIC_READ nor ADMIN_READ permission can not leave the handle server. It may be used, for example, to store secret keys for authentication purposes. A handle value with neither PUBLIC_WRITE nor ADMIN_WRITE permission makes the handle value immutable and cannot be deleted by any handle administrator (via the Handle System protocol).

请注意,没有公共读取或管理读取权限的句柄值不能离开句柄服务器。例如,它可用于存储用于认证目的的密钥。既不具有PUBLIC_WRITE权限也不具有ADMIN_WRITE权限的句柄值使句柄值不可变,并且任何句柄管理员(通过句柄系统协议)都无法删除该句柄值。

The administrator for a given handle must specify the permission for each handle value. Implementations may choose PUBLIC_READ and ADMIN_WRITE as the default permission for each handle value. Handle servers must check permissions before fulfilling any client request.

给定句柄的管理员必须为每个句柄值指定权限。实现可以选择PUBLIC_READ和ADMIN_WRITE作为每个句柄值的默认权限。句柄服务器必须在满足任何客户端请求之前检查权限。

<TTL> An octet followed by a 4-byte integer that specifies the Time-To-Live of the value record. It is used to describe how long the value record can be cached before the source of the information should again be consulted. A zero value for a TTL indicates that the value record should only be used for the transaction in progress and should not be cached. Any non-zero TTL is defined in terms of a TTL type (specified in the first octet), followed by the TTL value (the 32-bit unsigned integer that follows the TTL type). The TTL type indicates whether the TTL value is absolute or relative. The absolute TTL value defines the time to live in terms of seconds since 00:00:00 UTC, January 1st 1970. A relative TTL specifies the time to live in terms of the number of seconds elapsed since the value was obtained by the client from any handle server.

<TTL>一个八位字节,后跟一个4字节整数,指定值记录的生存时间。它用于描述在再次查询信息源之前,值记录可以缓存多长时间。TTL的零值表示值记录应仅用于正在进行的事务,而不应缓存。任何非零TTL都是根据TTL类型(在第一个八位字节中指定)定义的,后跟TTL值(TTL类型后面的32位无符号整数)。TTL类型指示TTL值是绝对值还是相对值。绝对TTL值定义了自1970年1月1日UTC 00:00:00以来的生存时间(以秒为单位)。相对TTL根据自客户机从任何句柄服务器获取值以来经过的秒数指定生存时间。

<timestamp> An 8-byte (long) integer that records the last time the value was updated at the server. The field contains elapsed time since 00:00:00 UTC, January 1970 in milliseconds. The choice of milliseconds is to avoid potential collision when updating the value.

<timestamp>一个8字节(长)整数,记录上次在服务器上更新值的时间。该字段包含自1970年1月UTC 00:00:00以来经过的时间(以毫秒为单位)。毫秒的选择是为了在更新值时避免潜在的冲突。

<reference> A 4-byte integer followed by a list of references to other handle values. The integer specifies the number of references in the list. Each reference in the list refers to another handle value in terms of a UTF8-string and a 4-byte integer (where the UTF8- string is the handle name and the integer is the value index). References are generally used to add credentials to the current handle value. For example, a handle value may make itself more trust-worthy by referring to a digital signature issued by a commonly trusted entity.

<reference>一个4字节的整数,后跟对其他句柄值的引用列表。整数指定列表中的引用数。列表中的每个引用引用以UTF8字符串和4字节整数的形式引用另一个句柄值(其中UTF8字符串是句柄名称,整数是值索引)。引用通常用于向当前句柄值添加凭据。例如,句柄值可以通过引用由通常受信任的实体发布的数字签名使其自身更值得信任。

By default, the Handle System returns all the handle values with public-read permission in response of any resolution request. It is possible for a client to ask for a subset of those values with specific data type (e.g., all URLs assigned to the handle). The client may also ask for a specific handle value based on a specific value index.

默认情况下,句柄系统返回所有具有公共读取权限的句柄值,以响应任何解析请求。客户机可以请求具有特定数据类型的那些值的子集(例如,分配给句柄的所有URL)。客户机还可以基于特定值索引请求特定句柄值。

Each handle value can be uniquely referenced by the combination of the handle and its value index. Care must be taken when changing the value index as it may break an existing reference to the handle value. For example, suppose the handle X/Y has a value whose index is 1. That value may be referred to as X/Y:1. If the handle administrator changes the value index from 1 to 2, the reference to X/Y:1 will become obsolete. Any reference to the handle value will have to change to X/Y:2.

每个句柄值都可以由句柄及其值索引的组合唯一引用。更改值索引时必须小心,因为它可能会破坏对句柄值的现有引用。例如,假设句柄X/Y有一个索引为1的值。该值可称为X/Y:1。如果句柄管理员将值索引从1更改为2,则对X/Y:1的引用将过时。对句柄值的任何引用都必须更改为X/Y:2。

Value records assigned to any handle may or may not have continuous index numbers. Nor can it be assumed that the index will start with 0 or 1. A handle administrator may assign a handle value with any index as long as each index is unique within the value set.

分配给任何句柄的值记录可能有也可能没有连续的索引号。也不能假设索引将以0或1开头。只要每个索引在值集中是唯一的,句柄管理员可以为任何索引分配句柄值。

A handle value may be "privatized" or "disabled" by setting its <permission> field as "authorized-read". This limits read-access to the handle administrator only. The "privatized" value can then be used to keep any historical data (on behalf of the handle administrator) without exposing it to public. Such approach may also be used to keep any obsolete handle or naming authority from being reused accidentally.

句柄值可以通过将其<permission>字段设置为“authorized read”来“私有化”或“禁用”。这将仅限制句柄管理员的读取权限。然后,可以使用“私有化”值来保存任何历史数据(代表句柄管理员),而无需将其公开。这种方法也可用于防止任何过时的句柄或命名机构被意外重用。

3.2. Pre-defined Handle Data Types
3.2. 预定义句柄数据类型

Every handle value must have a data type specified in its <type> field. The Handle System provides a type registration service that allows organizations to register new data types for their applications. Data types can be registered as handles under the naming authority "0.TYPE". For example, the URL data type is registered under the Handle System as the handle "0.TYPE/URL". The handle may have a handle value that refers to RFC1738 [9], an IETF standard document that defines the syntax and semantics of URL.

每个句柄值必须在其<type>字段中指定一个数据类型。Handle系统提供类型注册服务,允许组织为其应用程序注册新的数据类型。数据类型可以注册为命名机构“0.TYPE”下的句柄。例如,URL数据类型在句柄系统下注册为句柄“0.type/URL”。句柄可能有一个句柄值,该值引用RFC1738[9],这是一个IETF标准文档,定义URL的语法和语义。

The Handle System pre-defines a set of data types to carry out the handle service. For example, HS_ADMIN is a pre-defined data type used to describe handle administrators or administrator groups. HS_SITE is a pre-defined data type to describe the service interface of any Handle System service component. The following sections provide detailed descriptions of these pre-defined data types under the Handle System.

Handle系统预先定义了一组数据类型来执行Handle服务。例如,HS_ADMIN是一种预定义的数据类型,用于描述句柄管理员或管理员组。HS_站点是一种预定义的数据类型,用于描述任何Handle系统服务组件的服务接口。以下各节提供了Handle系统下这些预定义数据类型的详细描述。

3.2.1. Handle Administrator: HS_ADMIN
3.2.1. 句柄管理员:HS_ADMIN

Each handle has one or more administrators. Any administrative operation (e.g., add, delete or modify handle values) can only be performed by the handle administrator with adequate privilege. Handle administrators are defined in terms of HS_ADMIN values. Every handle must have at least one HS_ ADMIN value that defines its administrator. Each HS_ADMIN value can be used to define a set of handle administrators sharing the same administration privilege. Handles with multiple administrators of different privileges may have multiple HS_ADMIN values. HS_ADMIN values are used by the Handle System to authenticate handle administrators before fulfilling any handle administration request.

每个句柄都有一个或多个管理员。任何管理操作(例如,添加、删除或修改句柄值)只能由具有足够权限的句柄管理员执行。句柄管理员是根据HS_ADMIN值定义的。每个句柄必须至少有一个定义其管理员的HS_uuAdmin值。每个HS_ADMIN值可用于定义一组共享相同管理权限的句柄管理员。具有不同权限的多个管理员的句柄可能具有多个HS_ADMIN值。句柄系统使用HS_ADMIN值在满足任何句柄管理请求之前对句柄管理员进行身份验证。

Naming authorities, as described above, are themselves registered as handles under the reserved naming authority "0.NA". These handles are referred to as naming authority handles. Administrators for any naming authority are defined as the administrators of the corresponding naming authority handle. For example, "0.NA/10" is the naming authority handle for the naming authority "10". Hence any administrator for the naming authority handle "0.NA/10" is also the administrator for the naming authority "10". Naming authority administrators are the only ones who can create handles or sub-naming authorities under the naming authority. A sub-naming authority may define its own set of administrators to create handles or further levels of sub-naming authorities. For example, the naming authority "10.1045" may have a totally different group of administrators from its parent naming authority "10".

如上所述,命名机构本身注册为保留命名机构“0.NA”下的句柄。这些句柄称为命名机构句柄。任何命名机构的管理员都定义为相应命名机构句柄的管理员。例如,“0.NA/10”是命名机构“10”的命名机构句柄。因此,命名机构句柄“0.NA/10”的任何管理员也是命名机构“10”的管理员。命名机构管理员是唯一可以在命名机构下创建句柄或子命名机构的管理员。子命名机构可以定义自己的一组管理员,以创建句柄或更高级别的子命名机构。例如,命名机构“10.1045”的管理员组可能与其父命名机构“10”完全不同。

An HS_ADMIN value is a handle value whose <type> field is HS_ADMIN and whose <data> field consists of the following entries:

HS_ADMIN值是一个句柄值,其<type>字段为HS_ADMIN,其<data>字段由以下条目组成:

<AdminRef> A reference to a handle value. The reference consists of the handle name (a UTF8-string) followed by a 4-byte unsigned integer for the handle value index. The handle value identifies the set of administrators for the handle.

<AdminRef>对句柄值的引用。该引用由句柄名称(UTF8字符串)和句柄值索引的4字节无符号整数组成。句柄值标识句柄的管理员集。

<AdminPermission> A 16-bit bit-mask that defines the administration privilege of the set of handle administrators identified by the HS_ADMIN value.

<AdminPermission>一个16位掩码,用于定义由HS_ADMIN值标识的句柄管理员集的管理权限。

The <AdminRef> entry refers to a handle value that can be used to authenticate the handle administrator. Such handle value is called the handle administrator reference. The handle administrator reference may contain the secret key, public key, or X.509 certificate [10] provided by the handle administrator. For example, the <AdminRef> entry may contain a handle administrator reference

<AdminRef>项引用了一个句柄值,可用于验证句柄管理员。这样的句柄值称为句柄管理员引用。句柄管理员引用可能包含句柄管理员提供的密钥、公钥或X.509证书[10]。例如,<AdminRef>条目可能包含句柄管理员引用

whose <type> field is DSS_WITH_DES_CBC_SHA and whose <data> field contains a DES secret key [11], for use in the Cipher Block Chaining (CBC) mode of operation [12, 13]. The secret key can be used by the handle server to authenticate the handle administrator. For stronger cryptographic algorithm, the handle administrator reference may contain a set of Triple-DES keys [23] and set its <type> to be DES-EDE3-WITH-CBC.

其<type>字段为DSS_,带有DES_CBC_SHA,其<data>字段包含DES密钥[11],用于密码块链接(CBC)操作模式[12,13]。句柄服务器可以使用密钥对句柄管理员进行身份验证。对于更强的加密算法,句柄管理员参考可能包含一组三重DES密钥[23],并将其<type>设置为DES-EDE3-WITH-CBC。

A single handle may be assigned with both the HS_ADMIN value and the handle administrator reference. In other words, the <AdminRef> entry may refer to a handle value assigned to the same handle that has the HS_ADMIN value. In this case, authentication of the handle administrator does not rely on any other handles. Alternatively, the handle administrator reference may be a handle value under a different handle. Thus HS_ADMIN values from different handles may share a common handle administrator reference. This feature allows sharing of handle administrators among different handles. The handle administrator reference contains the secret key, public key, or X.509 certificate provided by the administrator of these handles.

可以为单个句柄分配HS_ADMIN值和句柄管理员引用。换句话说,<AdminRef>条目可能引用分配给具有HS_ADMIN值的同一句柄的句柄值。在这种情况下,句柄管理员的身份验证不依赖于任何其他句柄。或者,句柄管理员引用可以是不同句柄下的句柄值。因此,来自不同句柄的HS_ADMIN值可能共享一个公共句柄管理员引用。此功能允许在不同句柄之间共享句柄管理员。句柄管理员引用包含这些句柄的管理员提供的密钥、公钥或X.509证书。

Handle administrator reference may be of type HS_VLIST and has its <data> field contain a list of references to other handle values. Each of these handle values defines a handle administrator reference. The HS_VLIST value defines an administrator group. Each handle administrator reference from the HS_VLIST is a member of the administrator group. Each handle value reference is defined in terms of a <handle>:<index> pair. An administrator group may also contain other administrator groups as its members. This allows administrator groups to be defined in a hierarchical fashion. Care must be taken, however, to avoid cyclic definition of administrators or administrator groups. Multiple levels of administrator groups should be avoided due to their lack of efficiency, but will not be signaled as an error. Client software should be prepared to detect any potential cyclic definition of administrators or <AdminRef> entries that point to non-existent handle values and treat them as an error.

句柄管理员引用可以是HS_VLIST类型,并且其<data>字段包含对其他句柄值的引用列表。每个句柄值都定义了一个句柄管理员引用。HS_VLIST值定义管理员组。HS_VLIST中的每个句柄管理员引用都是管理员组的成员。每个句柄值引用都是根据<handle>:<index>对定义的。管理员组也可以包含其他管理员组作为其成员。这允许以分层方式定义管理员组。但是,必须注意避免管理员或管理员组的循环定义。由于缺乏效率,应避免使用多个级别的管理员组,但不会显示为错误。客户端软件应准备好检测指向不存在句柄值的管理员或<AdminRef>条目的任何潜在循环定义,并将其视为错误。

A handle can have multiple HS_ADMIN values, each of which defines a different handle administrator. Different administrators can play different roles or be granted different permissions. For example, the naming authority handle "0.NA/10" may have two administrators, one of which may only have permission to create new handles under the naming authority, while the other may have permission to create new sub-naming authorities (e.g., "10.1045"). The set of possible permissions for a handle administrator is defined as follows:

一个句柄可以有多个HS_ADMIN值,每个值定义一个不同的句柄管理员。不同的管理员可以扮演不同的角色或被授予不同的权限。例如,命名机构句柄“0.NA/10”可能有两个管理员,其中一个管理员可能只有在命名机构下创建新句柄的权限,而另一个管理员可能有创建新子命名机构的权限(例如,“10.1045”)。句柄管理员的可能权限集定义如下:

Add_Handle (0x0001) This permission allows naming authority administrator to create new handles under a given naming authority.

添加句柄(0x0001)此权限允许命名机构管理员在给定命名机构下创建新句柄。

Delete_Handle (0x0002) This permission allows naming authority administrator to delete handles under a given naming authority.

Delete_Handle(0x0002)此权限允许命名机构管理员删除给定命名机构下的句柄。

Add_NA (0x0004) This permission allows the naming authority administrator to create new sub-naming authorities.

添加(0x0004)此权限允许命名机构管理员创建新的子命名机构。

Delete_NA (0x0008) This permission allows naming authority administrator to delete an existing sub-naming authority.

Delete_NA(0x0008)此权限允许命名机构管理员删除现有的子命名机构。

Modify_Value (0x0010) This permission allows handle administrator to modify any handle values other than HS_ADMIN values. HS_ADMIN values are used to define handle administrators and are managed by a different set of permissions.

修改\u值(0x0010)此权限允许句柄管理员修改除HS\u ADMIN值以外的任何句柄值。HS_ADMIN值用于定义句柄管理员,并由不同的权限集管理。

Delete_Value (0x0020) This permission allows handle administrator to delete any handle value other than the HS_ADMIN values.

Delete_Value(0x0020)此权限允许句柄管理员删除除HS_ADMIN值以外的任何句柄值。

Add_Value (0x0040) This permission allows handle administrator to add handle values other than the HS_ADMIN values.

Add_Value(0x0040)此权限允许句柄管理员添加除HS_ADMIN值以外的句柄值。

Modify_Admin (0x0080) This permission allows handle administrator to modify HS_ADMIN values.

Modify_Admin(0x0080)此权限允许句柄管理员修改HS_Admin值。

Remove_Admin (0x0100) This permission allows handle administrator to remove HS_ADMIN values.

删除\u Admin(0x0100)此权限允许句柄管理员删除HS\u Admin值。

Add_Admin (0x0200) This permission allows handle administrator to add new HS_ADMIN values.

Add_Admin(0x0200)此权限允许句柄管理员添加新的HS_Admin值。

Authorized_Read (0x0400) This permission grants handle administrator read-access to handle values with the ADMIN_READ permission. Administrators without this permission will not have access to handle values that require authentication for read access.

Authorized_Read(0x0400)此权限授予句柄管理员读取权限,以使用ADMIN_读取权限处理值。没有此权限的管理员将无权处理需要身份验证才能进行读取访问的值。

LIST_Handle (0x0800) This permission allows naming authority administrator to list handles under a given naming authority.

列出句柄(0x0800)此权限允许命名机构管理员列出给定命名机构下的句柄。

LIST_NA (0x1000) This permission allows naming authority administrator to list immediate sub-naming authorities under a given naming authority.

LIST_NA(0x1000)此权限允许命名机构管理员列出给定命名机构下的直接子命名机构。

Administrator permissions are encoded in the <AdminPermission> entry in the <data> field of any HS_ADMIN value. Each permission is encoded as a bit flag. The permission is granted if the flag is set to 1, otherwise it is set to 0.

管理员权限编码在任何HS_ADMIN值的<data>字段中的<AdminPermission>条目中。每个权限都编码为位标志。如果标志设置为1,则授予权限,否则设置为0。

Figure 3.2.1 shows an example of HS_ADMIN value that defines an administrator for the naming authority handle "0.NA/10". In figure 3.2.1, a naming authority administrator is identified by an HS_ADMIN value assigned to the naming authority handle "0.NA/10". The administrator can be authenticated based on the handle value "0.NA/10":3, which is the handle value assigned to the naming authority handle "0.NA/10" and has its index set to 3. The handle value "0.NA/10":3 may contain the secret or public key used by the administrator. The administrator is granted permission to add, delete, or modify sub-naming authorities under "10", and add or delete handles directly under the naming authority. The administrator may also add, delete, or modify any handle values assigned to the naming authority handle except those HS_ADMIN values. In other words, the administrator is not allowed to add, delete, or modify any administrators for the naming authority.

图3.2.1显示了定义命名机构句柄“0.NA/10”管理员的HS_ADMIN值示例。在图3.2.1中,命名机构管理员由分配给命名机构句柄“0.NA/10”的HS_ADMIN值标识。可以基于句柄值“0.NA/10”:3对管理员进行身份验证,该值是分配给命名机构句柄“0.NA/10”的句柄值,其索引设置为3。句柄值“0.NA/10”:3可能包含管理员使用的密钥或公钥。管理员被授予在“10”下添加、删除或修改子命名权限以及直接在命名权限下添加或删除句柄的权限。管理员还可以添加、删除或修改分配给命名机构句柄的任何句柄值,但HS_ADMIN值除外。换句话说,不允许管理员添加、删除或修改命名机构的任何管理员。

        -------------------------------------------------------------
      -------------------------------------------------------------  |
    -------------------------------------------------------------  | |
   |                                                             | | |
   |  <index>:       2                                           | | |
   |  <type>:        HS_ADMIN                                    | | |
   |  <data>:                                                    | | |
   |    <AdminRef>:    "0.NA/10": 3                              | | |
   |    <AdminPerm>:   Add_NA,     Delete_NA,                    | | |
   |                   Add Handle, Delete_Handle,                | | |
   |                   Add_Value,  Delete_Value,  Modify_Value,  | | |
   |                   Authorized_Read, List_Handle, List_NA     | | |
   |                                                             | | |
   |  <TTL>:         24 hours                                    | | |
   |  <permission>:  PUBLIC_READ, ADMIN_WRITE                    | | |
   |  <reference>:   {empty}                                     | |-
   |                                                             |-
    -------------------------------------------------------------
        
        -------------------------------------------------------------
      -------------------------------------------------------------  |
    -------------------------------------------------------------  | |
   |                                                             | | |
   |  <index>:       2                                           | | |
   |  <type>:        HS_ADMIN                                    | | |
   |  <data>:                                                    | | |
   |    <AdminRef>:    "0.NA/10": 3                              | | |
   |    <AdminPerm>:   Add_NA,     Delete_NA,                    | | |
   |                   Add Handle, Delete_Handle,                | | |
   |                   Add_Value,  Delete_Value,  Modify_Value,  | | |
   |                   Authorized_Read, List_Handle, List_NA     | | |
   |                                                             | | |
   |  <TTL>:         24 hours                                    | | |
   |  <permission>:  PUBLIC_READ, ADMIN_WRITE                    | | |
   |  <reference>:   {empty}                                     | |-
   |                                                             |-
    -------------------------------------------------------------
        

Figure 3.2.1: Administrator for the naming authority handle "0.NA/10"

图3.2.1:命名机构句柄“0.NA/10”的管理员

HS_ADMIN values are used by handle servers to authenticate the handle administrator before fulfilling any administrative requests. The server authenticates a client by checking whether the client has possession of the secret key (or the private key) that matches the one in any of the handle administrator references. The authentication is carried out via the Handle System authentication protocol as described later in this document.

句柄服务器使用HS_ADMIN值在满足任何管理请求之前对句柄管理员进行身份验证。服务器通过检查客户端是否拥有与任何句柄管理员引用中的密钥(或私钥)匹配的密钥来对客户端进行身份验证。身份验证通过本文件下文所述的Handle系统身份验证协议执行。

HS_ADMIN values may require authentication for read access in order to prevent public exposure of the data. Additionally, the handle administrator reference that contains the administrator's secret key should have neither PUBLIC_READ nor ADMIN_READ permission to prevent the key from leaving the server.

HS_ADMIN值可能需要对读取访问进行身份验证,以防止数据公开。此外,包含管理员密钥的句柄管理员引用不应具有PUBLIC_READ或ADMIN_READ权限,以防止密钥离开服务器。

3.2.2. Service Site Information: HS_SITE
3.2.2. 服务站点信息:HS_站点

The Handle System consists of a single distributed global handle service, also known as the Global Handle Registry (GHR), and unlimited number of Local Handle Services (LHSs). Each handle service, global or local, may be replicated into multiple service sites. Each service site may consist of multiple server computers. Service requests targeted at any handle service can be distributed into different service sites, and into different server computers within any service site. Such architecture assures that each handle service could have the capacity to manage any large number of handles and handle requests. It also provides ways for each handle service to avoid any single point of failure.

句柄系统由单个分布式全局句柄服务(也称为全局句柄注册表(GHR))和无限数量的本地句柄服务(LHSs)组成。每个句柄服务(全局或本地)都可以复制到多个服务站点中。每个服务站点可能由多台服务器计算机组成。针对任何handle服务的服务请求可以分发到不同的服务站点,以及任何服务站点内的不同服务器计算机。这样的体系结构确保每个句柄服务都有能力管理任意数量的句柄和处理请求。它还为每个句柄服务提供了避免任何单点故障的方法。

Each handle service, global or local, may provide the same set of functions for resolving and administering its collection of handles. Handle services differ primarily in that each service is responsible for a distinct set of handles. They are also likely to differ in the selection, number, and configuration of their components such as the servers used to provide handle resolution and administration. Different handle services may be created and managed by different organizations. Each of them may have their own goals and policies.

每个句柄服务(全局或本地)都可以提供相同的函数集,用于解析和管理其句柄集合。句柄服务的主要区别在于每个服务负责一组不同的句柄。它们的组件(如用于提供句柄解析和管理的服务器)的选择、数量和配置也可能有所不同。不同的handle服务可能由不同的组织创建和管理。他们每个人都可能有自己的目标和政策。

A service site typically consists of a cluster of server computers residing within a local Internet domain. These computers work together to distribute the data storage and processing load at the site. It is possible, although not recommended, to compose a site from servers at widely different locations. Further, it is even possible to compose two different sites from the same set of servers.

服务站点通常由驻留在本地Internet域中的服务器计算机群集组成。这些计算机协同工作以分配现场的数据存储和处理负载。虽然不推荐,但也可以从位于不同位置的服务器组成站点。此外,甚至可以从同一组服务器组成两个不同的站点。

Each service site is defined by an HS_SITE value. HS_SITE is a pre-defined Handle System data type. An HS_SITE value defines a service site by identifying the server computers (e.g., IP addresses) that comprise the site along with their service configurations (e.g.,

每个服务站点由HS_站点值定义。HS_站点是预定义的句柄系统数据类型。HS_站点值通过标识组成站点的服务器计算机(例如,IP地址)及其服务配置(例如。,

port numbers). HS_SITE values are typically assigned to naming authority handles. The set of HS_SITE values assigned to a naming authority handle is called the service information for the naming authority.

端口号)。HS_站点值通常分配给命名机构句柄。分配给命名机构句柄的一组HS_站点值称为命名机构的服务信息。

The service information is managed by the naming authority administrator. It must reflect the configuration of the handle service for the naming authority. Note that an additional layer of indirection, called a service handle, can be used to allow multiple naming authorities to reference a single set of HS_SITE values, as described later in this document (see section 3.2.3). Clients of the Handle System depend on the service information to locate the responsible handle server before they can send their service requests. The service information can also be used by clients to authenticate any service response from the handle server.

服务信息由命名机构管理员管理。它必须反映命名机构句柄服务的配置。请注意,可以使用一个称为服务句柄的附加间接层来允许多个命名机构引用一组HS_站点值,如本文件后面所述(见第3.2.3节)。Handle系统的客户端在发送其服务请求之前,依赖服务信息来定位负责的Handle服务器。客户机还可以使用服务信息对来自handle服务器的任何服务响应进行身份验证。

An HS_SITE value is a handle value whose <type> field is HS_SITE and whose <data> field consists of the following entries:

HS_站点值是一个句柄值,其<type>字段为HS_站点,其<data>字段由以下条目组成:

<Version> A 2-byte value that identifies the version number of the HS_SITE. The version number identifies the data format used by the HS_SITE value. It is defined to allow backward compatibility over time. This document defines the HS_SITE with version number 0.

<Version>标识HS_站点版本号的2字节值。版本号标识HS_站点值使用的数据格式。它被定义为允许随着时间的推移向后兼容。本文档定义了版本号为0的HS_站点。

<ProtocolVersion> A 2-byte integer value that identifies the handle protocol version. The higher byte of the value identifies the major version and the lower byte the minor version. Details of the Handle System protocol is specified in [8].

<ProtocolVersion>标识句柄协议版本的2字节整数值。该值的高字节表示主要版本,低字节表示次要版本。[8]中规定了Handle系统协议的详细信息。

<SerialNumber> A 2-byte integer value that increases by 1 (and may wrap around through 0) each time the HS_SITE value gets changed. It is used in the Handle System protocol to synchronize the HS_SITE values between client and server.

<SerialNumber>一个2字节整数值,每次更改HS_站点值时增加1(并可能环绕0)。它在Handle系统协议中用于同步客户端和服务器之间的HS_站点值。

<PrimaryMask> An 8-bit mask that identifies the primary site(s) of the handle service. The first bit of the octet is the <MultiPrimary> bit. It indicates whether the handle service has multiple primary sites. The second bit of the octet is the <PrimarySite> bit. It indicates whether the HS_SITE value is a primary site. A primary site is the one that supports administrative operations for its handles. A <MultiPrimary> entry with zero value indicates that the handle service has a single primary site and all handle administration has to be done at that site. A non-zero <MultiPrimary> entry indicates that the handle service has multiple primary sites. Each primary

<PrimaryMask>标识句柄服务主站点的8位掩码。八位字节的第一位是<MultiPrimary>位。它指示句柄服务是否有多个主站点。八位组的第二位是<PrimarySite>位。它指示HS_站点值是否为主站点。主站点是支持其句柄的管理操作的站点。零值的<MultiPrimary>条目表示句柄服务有一个主站点,所有句柄管理都必须在该站点上完成。非零<MultiPrimary>项表示句柄服务有多个主站点。每个小学

site may be used to administrate handles managed under the handle service. Handles managed by such service may identify its primary sites using an HS_PRIMARY value, as described in section 3.2.5.

站点可用于管理句柄服务下管理的句柄。如第3.2.5节所述,此类服务管理的句柄可使用HS_主值识别其主站点。

<HashOption> An 8-bit octet that identifies the hash option used by the service site to distribute handles among its servers. Valid options include HASH_BY_NA (0x00), HASH_BY_LOCAL (0x01), or HASH_BY_HANDLE (0x02). These options indicate whether the hash operation should only be applied to the naming authority portion of the handle, or only the local name portion of the handle, or the entire handle, respectively. The standard MD5 hashing algorithm [14] is used by each service site to distribute handles among its servers.

<HashOption>一个8位八位字节,用于标识服务站点用于在其服务器之间分发句柄的哈希选项。有效的选项包括按数组散列(0x00)、按本地散列(0x01)或按句柄散列(0x02)。这些选项分别指示哈希操作应仅应用于句柄的命名机构部分,还是仅应用于句柄的本地名称部分或整个句柄。每个服务站点都使用标准MD5哈希算法[14]在其服务器之间分配句柄。

<HashFilter> An UTF8-string entry reserved for future use.

<HashFilter>保留供将来使用的UTF8字符串条目。

<AttributeList> A 4-byte integer followed by a list of UTF8-string pairs. The integer indicates the number of UTF8-string pairs that follow. Each UTF8-string pair is an <attribute>:<value> pair. They are used to add literal explanations of the service site. For example, if the <attribute> is "Organization", the <value> should contain a description of the organization hosting the service site. Other <attribute>s may be defined to help distinguish the service sites from each other.

<AttributeList>后跟UTF8字符串对列表的4字节整数。整数表示后面的UTF8字符串对的数量。每个UTF8字符串对都是<attribute>:<value>对。它们用于添加服务站点的文字解释。例如,如果<attribute>是“Organization”,那么<value>应该包含托管服务站点的组织的描述。可以定义其他<attribute>s来帮助区分服务站点。

<NumOfServer> A 4-byte integer that defines the number of servers in the service site. The entry is followed by a list of <ServerRecord>s. Each <ServerRecord> defines a handle server that is part of the service site. Each <ServerRecord> consists of the following data fields:

<NumOfServer>定义服务站点中服务器数量的4字节整数。条目后面是<ServerRecord>s的列表。每个<ServerRecord>定义一个作为服务站点一部分的句柄服务器。每个<ServerRecord>由以下数据字段组成:

     <ServerRecord> ::= <ServerID>
                        <Address> <PublicKeyRecord> <ServiceInterface>
        
     <ServerRecord> ::= <ServerID>
                        <Address> <PublicKeyRecord> <ServiceInterface>
        

where each field is defined as follows:

其中每个字段的定义如下:

<ServerID> A 4-byte unsigned integer that uniquely identifies a server process under the service site. <ServerID>s do not have to begin with 1 and they don't have be consecutive numbers. They are used to distinguish servers under a service site from each other. Note that there can be multiple servers residing on any given computer, each with a different <ServerID>.

<ServerID>唯一标识服务站点下的服务器进程的4字节无符号整数<ServerID>s不必以1开头,也不必是连续的数字。它们用于区分服务站点下的服务器。请注意,任何给定的计算机上都可能有多台服务器,每台服务器都有不同的<ServerID>。

<Address> The 16-byte IPv6 [15, 16] address of the handle server. Any IPv4 address should be presented as :::::FFFF:xxxx:xxxx (where xxxx:xxxx can be any 4-byte IPv4 address).

<Address>句柄服务器的16字节IPv6[15,16]地址。任何IPv4地址都应表示为:FFFF:xxxx:xxxx(其中xxxx:xxxx可以是任何4字节IPv4地址)。

<PublicKeyRecord> A 4-byte integer followed by a byte-array that contains the server's public key. The integer specifies the size of the byte-array. The byte-array (for the publickey) consists of three parts: a UTF8-string that describes the key type, a two-byte option field reserved for future use, and a byte-array that contains the public key itself. For example, the UTF8- String "DSA_PUB_KEY" indicates that the <PublicKeyRecord> contains a DSA public key. The storage format of the DSA key in the byte-array could then be found from the handle "0.type/DSA_PUB_KEY". Public key in the <PublicKeyRecord> can be used to authenticate any service response from the handle server.

<PublicKeyRecord>一个4字节的整数,后跟一个包含服务器公钥的字节数组。整数指定字节数组的大小。字节数组(用于公钥)由三部分组成:描述密钥类型的UTF8字符串、保留供将来使用的两字节选项字段和包含公钥本身的字节数组。例如,UTF8字符串“DSA_PUB_KEY”表示<PublicKeyRecord>包含DSA公钥。然后可以从句柄“0.type/DSA_PUB_key”中找到字节数组中DSA密钥的存储格式。<PublicKeyRecord>中的公钥可用于验证来自handle服务器的任何服务响应。

The <PublicKeyRecord> may also contain an X.509 certificate. This happens if the key type field contains the UTF8-String "CERT.X509". In this case, "CERT.X509" will map to the handle "0.TYPE/CERT.X509". The handle may contain information that describes the syntax and semantics of the public key or its certificate. Additional key type may also be registered (as handles under "0.TYPE") to further distinguish different kinds of X.509 certificates. For example, "CERT.X509.DSA" may be used to denote X.509 certificates that contain DSA public keys. If the key type field of a <PublicKeyRecord> declares "CERT.X509.DSA", the <PublicKeyRecord> must contain a X.509 certificate with a DSA public key in it."

<PublicKeyRecord>还可能包含X.509证书。如果密钥类型字段包含UTF8字符串“CERT.X509”,则会发生这种情况。在这种情况下,“CERT.X509”将映射到句柄“0.TYPE/CERT.X509”。句柄可能包含描述公钥或其证书的语法和语义的信息。还可以注册其他密钥类型(作为“0.type”下的句柄),以进一步区分不同类型的X.509证书。例如,“CERT.X509.DSA”可用于表示包含DSA公钥的X.509证书。如果<PublicKeyRecord>的密钥类型字段声明为“CERT.X509.DSA”,<PublicKeyRecord>必须包含一个带有DSA公钥的X.509证书

         <ServiceInterface> ::=    <InterfaceCounter>
                                 * [  <ServiceType>
                                      <TransmissionProtocol>
                                      <PortNumber>  ]
        
         <ServiceInterface> ::=    <InterfaceCounter>
                                 * [  <ServiceType>
                                      <TransmissionProtocol>
                                      <PortNumber>  ]
        

A 4-byte integer followed by an array of triplets consisting of <ServiceType, TransmissionProtocol, PortNumber>. The 4-byte integer specifies the number of triplets. Each triplet lists a service interface provided by the handle server. For each triplet, the <ServiceType> is an octet (as a bit mask) that specifies whether the interface is for handle resolution (0x01), handle administration (0x02), or both. The <TransmissionProtocol> is also an octet (as a bit mask) that specifies the transmission protocol. Possible transmission protocols include TCP (0x01), UDP (0x02), and HTTP (0x04). The

一个4字节的整数,后跟由<ServiceType,TransmissionProtocol,PortNumber>组成的三元组数组。4字节整数指定三元组的数量。每个三元组列出句柄服务器提供的服务接口。对于每个三元组,<ServiceType>是一个八元组(作为位掩码),用于指定接口是用于句柄解析(0x01)、句柄管理(0x02)还是用于两者。<TransmissionProtocol>也是指定传输协议的八位字节(作为位掩码)。可能的传输协议包括TCP(0x01)、UDP(0x02)和HTTP(0x04)。这个

<PortNumber> is a 4-byte unsigned integer that specifies the port number used by the interface. The default port number is 2641.

<PortNumber>是一个4字节无符号整数,指定接口使用的端口号。默认端口号为2641。

Figure 3.2.2 shows an example of handle service site in terms of a HS_SITE value. The HS_SITE value is assigned to the naming authority handle "0.NA/10". The <PrimaryMask> indicates that it is the only primary site of the handle service. The site consists of three handle servers, as indicated in the <NumOfServer>. These servers provide handle resolution and administration service for every handle under the naming authority "10". The first server record (ServerID 0) shows two service interfaces, one for handle resolution and the other for handle administration. Each interface has its own port.

图3.2.2显示了根据HS_站点值处理服务站点的示例。HS_站点值被分配给命名机构句柄“0.NA/10”。<PrimaryMask>表示它是句柄服务的唯一主站点。站点由三个句柄服务器组成,如<NumOfServer>中所示。这些服务器为命名机构“10”下的每个句柄提供句柄解析和管理服务。第一个服务器记录(ServerID 0)显示了两个服务接口,一个用于句柄解析,另一个用于句柄管理。每个接口都有自己的端口。

Each server within a service site is responsible for a subset of handles managed by the handle service. Clients can find the responsible server by performing a common hash-operation. The hash-operation will first convert all ASCII characters in the handle into upper-case. It then applies the MD5 hashing upon the portion of the converted handle string (according to the <HashOption> entry). The result is a 16-byte integer. The absolute value of the integer will be divided by the number of servers (specified in the <NumOfServer> entry). The remainder is the sequence number (starting with zero) of the <ServerRecord> listed in the HS_SITE value. From the <ServerRecord>, clients can find the IP address of the handle server for their handle requests.

服务站点中的每台服务器负责句柄服务管理的句柄子集。客户端可以通过执行公共哈希操作找到负责的服务器。哈希操作将首先将句柄中的所有ASCII字符转换为大写。然后,它对转换后的句柄字符串部分应用MD5哈希(根据<HashOption>条目)。结果是一个16字节的整数。整数的绝对值将除以服务器数(在<NumOfServer>条目中指定)。余数是HS_站点值中列出的<ServerRecord>的序列号(以零开始)。从<ServerRecord>,客户机可以找到其句柄请求的句柄服务器的IP地址。

       ------------------------------------------------------------
     ------------------------------------------------------------  |
    -----------------------------------------------------------  | |
   |                                                           | | |
   | <index>:       2                                          | | |
   | <type>:        HS_SITE                                    | | |
   | <data>:                                                   | | |
   |    Version:           0                                   | | |
   |    ProtocolVersion:   2.1                                 | | |
   |    SerialNumber:      1                                   | | |
   |    PrimaryMask:                                           | | |
   |        MultiPrimary:    FALSE                             | | |
   |        PrimarySite:     TRUE                              | | |
   |    HashOption:        HASH_BY_HANDLE                      | | |
   |    HashFilter:        {empty UTF8-String}                 | | |
   |    AttributeList:     0    {followed by no attributes}    | | |
   |    NumOfServer:       3                                   | | |
   |         {followed by a list of <ServerRecord>}            | | |
   |                                                           | | |
   |         -----------------------------------------         | | |
   |       ------------------------------------------ |        | | |
   |      ------------------------------------------ ||        | | |
   |     | ServerID:        1                       |||        | | |
   |     | Address:         :FFFF:132.151.1.155     |||        | | |
   |     | PublicKeyRecord: HS_DSAKEY, iQCuR2R...   |||        | | |
   |     | ServiceInterface                         |||        | | |
   |     |    ServiceType:          Resolution_Only |||        | | |
   |     |    TransmissionProtocol: TCP & UDP       |||        | | |
   |     |    PortNumber:           2641            |||        | | |
   |     |                                          |||        | | |
   |     |    ServiceType:          Admin only      |||        | | |
   |     |    TransmissionProtocol: TCP             ||         | | |
   |     |    PortNumber:           2642            |          | | |
   |      ------------------------------------------           | | |
   |                                                           | | |
   |  <TTL>:        24 hours                                   | | |
   |  <permission>: PUBLIC_READ, ADMIN_WRITE                   | | |
   |  <reference>:  {empty}                                    | |-
   |                                                           |-
    -----------------------------------------------------------
        
       ------------------------------------------------------------
     ------------------------------------------------------------  |
    -----------------------------------------------------------  | |
   |                                                           | | |
   | <index>:       2                                          | | |
   | <type>:        HS_SITE                                    | | |
   | <data>:                                                   | | |
   |    Version:           0                                   | | |
   |    ProtocolVersion:   2.1                                 | | |
   |    SerialNumber:      1                                   | | |
   |    PrimaryMask:                                           | | |
   |        MultiPrimary:    FALSE                             | | |
   |        PrimarySite:     TRUE                              | | |
   |    HashOption:        HASH_BY_HANDLE                      | | |
   |    HashFilter:        {empty UTF8-String}                 | | |
   |    AttributeList:     0    {followed by no attributes}    | | |
   |    NumOfServer:       3                                   | | |
   |         {followed by a list of <ServerRecord>}            | | |
   |                                                           | | |
   |         -----------------------------------------         | | |
   |       ------------------------------------------ |        | | |
   |      ------------------------------------------ ||        | | |
   |     | ServerID:        1                       |||        | | |
   |     | Address:         :FFFF:132.151.1.155     |||        | | |
   |     | PublicKeyRecord: HS_DSAKEY, iQCuR2R...   |||        | | |
   |     | ServiceInterface                         |||        | | |
   |     |    ServiceType:          Resolution_Only |||        | | |
   |     |    TransmissionProtocol: TCP & UDP       |||        | | |
   |     |    PortNumber:           2641            |||        | | |
   |     |                                          |||        | | |
   |     |    ServiceType:          Admin only      |||        | | |
   |     |    TransmissionProtocol: TCP             ||         | | |
   |     |    PortNumber:           2642            |          | | |
   |      ------------------------------------------           | | |
   |                                                           | | |
   |  <TTL>:        24 hours                                   | | |
   |  <permission>: PUBLIC_READ, ADMIN_WRITE                   | | |
   |  <reference>:  {empty}                                    | |-
   |                                                           |-
    -----------------------------------------------------------
        

Fig. 3.2.2: The primary service site for the naming authority "10"

图3.2.2:命名机构“10”的主要服务站点

3.2.3. Naming Authority Delegation Service: HS_NA_DELEGATE
3.2.3. 命名机构委派服务:HS_NA_委派

The HS_NA_DELEGATE is a pre-defined Handle System data type. It has the exact same format as the HS_SITE value. Like HS_SITE values, HS_NA_DELEGATE values are used to describe service sites of a LHS.

HS_NA_委托是预定义的句柄系统数据类型。其格式与HS_站点值完全相同。与HS_站点值一样,HS_NA_委托值用于描述LHS的服务站点。

HS_NA_DELEGATE values may be assigned to naming authority handles to designate naming authority administration to a LHS. A naming authority handle with a set of HS_NA_DELEGATE values indicates that all child naming authorities of the naming authority are managed by the LHS described by the HS_NA_DELEGATE values.

HS_NA_委托值可分配给命名机构句柄,以指定LHS的命名机构管理。带有一组HS_NA_委托值的命名机构句柄表示命名机构的所有子命名机构都由HS_NA_委托值描述的LHS管理。

For example, suppose the naming authority "foo.bar" decides to have its child naming authorities delegated to a LHS. To achieve this, one may assign the naming authority handle "0.NA/foo.bar" with a set of HS_NA_DELEGATE values that describes the LHS. The set of HS_NA_DELEGATE values indicate that the service information of any child naming authority of the "foo.bar", such as "foo.bar.baz", can be found by querying the naming authority handle "0.NA/foo.bar.baz" from the LHS.

例如,假设命名机构“foo.bar”决定将其子命名机构委托给LHS。为了实现这一点,可以为命名机构句柄“0.NA/foo.bar”分配一组描述LHS的HS_NA_委托值。HS_NA_委托值集表明,可以通过从LHS查询命名机构句柄“0.NA/foo.bar.baz”来找到“foo.bar”的任何子命名机构(如“foo.bar.baz”)的服务信息。

3.2.4. Service Handle: HS_SERV
3.2.4. 服务手柄:HS_SERV

Any handle service, global or local, can be defined in terms of a set of HS_SITE values. These HS_SITE values may be assigned directly to the relevant naming authority handle, or an additional level of indirection may be introduced through the use of service handles. A service handle may be thought of as a name for a handle service. It may be used to maintain the HS_SITE values for the handle service and referenced from a naming authority handle via a HS_SERV value. A HS_SERV value is a handle value whose <type> field is HS_SERV and whose <data> field contains the reference to the service handle. HS_SERV values are typically assigned to naming authority handles to refer clients to the responsible handle service.

可以根据一组HS_站点值定义任何句柄服务(全局或本地)。这些HS_站点值可直接分配给相关命名机构句柄,或通过使用服务句柄引入额外的间接级别。服务句柄可以看作是句柄服务的名称。它可用于维护句柄服务的HS_站点值,并通过HS_服务值从命名机构句柄引用。HS_SERV值是句柄值,其<type>字段为HS_SERV,其<data>字段包含对服务句柄的引用。HS_SERV值通常分配给命名机构句柄,以将客户端引用到负责的句柄服务。

Use of service handle allows sharing of service information among multiple naming authorities. It also allows changes to service configuration (e.g., adding a new site) to be made in one place rather than in every naming authority handle involved. The mechanism may also be used to support service referral from one handle service to another for whatever reason.

使用服务句柄可以在多个命名机构之间共享服务信息。它还允许在一个地方而不是在涉及的每个命名机构句柄中更改服务配置(例如,添加新站点)。该机制还可用于支持出于任何原因从一个句柄服务到另一个句柄服务的服务引用。

A naming authority handle may have no more than one HS_SERV value assigned to it, otherwise it is an error. If a naming authority handle has both a list of HS_SITE values and an HS_SERV value, the HS_SITE values should be used as the service information for the naming authority.

命名机构句柄只能分配一个HS_SERV值,否则为错误。如果命名机构句柄同时具有HS_站点值列表和HS_服务值,则应将HS_站点值用作命名机构的服务信息。

Service handles can be registered under the reserved naming authority "0.SERV". Handles under "0.SERV" are managed by the GHR. For example, the service handle "0.SERV/123" may be created to maintain the service information for the handle service that manages handles under the naming authority "123" and any of its sub-naming authorities.

服务句柄可以在保留的命名机构“0.SERV”下注册。“0.SERV”下的句柄由GHR管理。例如,可以创建服务句柄“0.SERV/123”,以维护在命名机构“123”及其任何子命名机构下管理句柄的句柄服务的服务信息。

Similarly, a service handle "0.SERV/a.b.c" may be created to host the service information for the handle service that manages handles under the naming authority "a.b.c".

类似地,可以创建服务句柄“0.SERV/a.b.c”,以承载在命名机构“a.b.c”下管理句柄的句柄服务的服务信息。

The use of service handles raises several special considerations. Multiple levels of service handle redirection should be avoided due to their lack of efficiency, but are not signaled as an error. Looped reference of service handles or HS_SERV values that point to non-existent service handles should be caught and error conditions passed back to the user.

使用服务句柄会引起一些特殊的注意事项。由于缺乏效率,应避免使用多级服务句柄重定向,但不会将其作为错误发出信号。应该捕获指向不存在的服务句柄的服务句柄或HS_SERV值的循环引用,并将错误条件传回给用户。

3.2.5. Alias Handle: HS_ALIAS
3.2.5. 别名句柄:HS_别名

In practice, it is very possible that a digital object may have multiple names that will identify the object. The Handle System supports such feature via the pre-defined data type HS_ALIAS. An HS_ALIAS value is a handle value whose <type> field is HS_ALIAS and whose <data> field contains a reference to another handle. A handle with a HS_ALIAS value is an alias handle to the handle referenced in the HS_ALIAS value. An alias handle should not have any additional handle values other than HS_ALIAS or HS_ADMIN (for administration) values. This is necessary to prevent any inconsistency between a handle and its aliases.

实际上,一个数字对象很可能有多个名称来标识该对象。手柄系统通过预定义的数据类型HS_别名支持此功能。HS_别名值是一个句柄值,其<type>字段为HS_别名,其<data>字段包含对另一个句柄的引用。具有HS_别名值的句柄是HS_别名值中引用的句柄的别名句柄。别名句柄不应具有除HS_alias或HS_ADMIN(用于管理)值以外的任何其他句柄值。这对于防止句柄及其别名之间的任何不一致是必需的。

During a handle resolution, a client may get back an HS_ALIAS value. This indicates that the handle in question is an alias handle. The client may then retry the query against the handle specified in the HS_ALIAS value until final results are obtained.

在句柄解析期间,客户端可能会返回HS_别名值。这表示该句柄是别名句柄。然后,客户端可以针对HS_别名值中指定的句柄重试查询,直到获得最终结果。

The use of alias handle introduces a number of special considerations. For example, multiple levels of aliases should be avoided for the sake of efficiency, but are not signaled as an error. Alias loops and aliases that point to non-existent handles should be caught and error conditions passed back to the user.

别名句柄的使用引入了一些特殊注意事项。例如,为了提高效率,应该避免使用多级别名,但不要将其作为错误发出信号。应捕获指向不存在句柄的别名循环和别名,并将错误条件传回给用户。

One potential use of alias handle would be to support the transfer of ownership of any named resource. When a resource identified by a handle transfers from one organization to another, a new handle for the resource may be created. To avoid inconsistency and any broken reference, the handle used before the ownership transfer may be changed into an alias handle and point its HS_ALIAS value to the newly created handle.

别名句柄的一个潜在用途是支持任何命名资源的所有权转移。当句柄标识的资源从一个组织转移到另一个组织时,可能会为该资源创建一个新句柄。为了避免不一致和任何中断的引用,可以将所有权转移之前使用的句柄更改为别名句柄,并将其HS_别名值指向新创建的句柄。

3.2.6. Primary Site: HS_PRIMARY
3.2.6. 主站点:HS_Primary

HS_PRIMARY is a pre-defined data type used to designate the primary service sites for any given handle. A handle service with multiple primary service sites is called a multi-primary service. Otherwise

HS_PRIMARY是一种预定义的数据类型,用于为任何给定句柄指定主服务站点。具有多个主服务站点的句柄服务称为多主服务。否则

it is called a single-primary service. Each handle managed by a multi-primary handle service may specify its primary service sites in terms of an HS_PRIMARY value. A HS_PRIMARY value is a handle value whose <type> field is HS_PRIMARY and whose <data> field contains a list of references to HS_SITE values. Each of these HS_SITE defines a primary service site for the handle.

它被称为单一主服务。多主句柄服务管理的每个句柄可以根据HS_主值指定其主服务站点。HS_主值是一个句柄值,其<type>字段是HS_主值,其<data>字段包含对HS_站点值的引用列表。每个HS_站点都为句柄定义了一个主要服务站点。

There can be at most one HS_PRIMARY value assigned to each handle. Otherwise it is an error. A handle with no HS_PRIMARY value but managed by a multi-primary handle service is not an error. In this case, every primary service site of the handle service will also be the primary site for the handle. Handles managed by a single-primary handle service do not need any HS_PRIMARY values and any such values should be ignored.

最多可以为每个控制柄指定一个HS_主值。否则就是一个错误。没有HS_主值但由多主句柄服务管理的句柄不是错误。在这种情况下,句柄服务的每个主服务站点也将是句柄的主站点。由单个主句柄服务管理的句柄不需要任何HS_主值,应忽略任何此类值。

3.2.7. Handle Value List: HS_VLIST
3.2.7. 句柄值列表:HS_VLIST

HS_VLIST is a pre-defined data type that allows a handle value to be used as a reference to a list of other handle values. An HS_VLIST value is a handle value whose <type> is HS_VLIST and whose <data> consists of a 4-byte unsigned integer followed by a list of references to other handle values. The integer specifies the number of references in the list. The references may refer to handle values under the same handle or handle values from any other handles. Each reference is encoded as an UTF8-string followed by a 4-byte unsigned integer that identifies the referenced handle and its value index.

HS_VLIST是一种预定义的数据类型,允许将句柄值用作对其他句柄值列表的引用。HS_VLIST值是一个句柄值,其<type>为HS_VLIST,且其<data>由一个4字节无符号整数组成,后跟对其他句柄值的引用列表。整数指定列表中的引用数。引用可以引用同一句柄下的句柄值,也可以引用任何其他句柄的句柄值。每个引用都编码为UTF8字符串,后跟一个4字节无符号整数,用于标识引用的句柄及其值索引。

HS_VLIST values may be used to define administrator groups for handles. In this case, each reference in the HS_VLIST defines a member of the administrator group and the HS_VLIST value identifies the group as a whole. Client software must be careful, however, to avoid cyclic definition of value references.

HS_VLIST值可用于定义句柄的管理员组。在这种情况下,HS_VLIST中的每个引用定义管理员组的一个成员,HS_VLIST值将该组作为一个整体标识。然而,客户端软件必须小心,以避免值引用的循环定义。

4. Handle System Service Model
4. Handle系统服务模型

The Handle System is a distributed global name service. It consists of a single distributed Global Handle Registry (GHR) and unlimited number of Local Handle Services (LHS). These service components provide the name service (both resolution and administration) on behalf of Handle System client components. Handle System client components may also choose to use Handle System middle-ware components (e.g., the Handle System caching service) for efficiency. This section describes these components and their relationships to each other.

Handle系统是一个分布式全局名称服务。它由单个分布式全局句柄注册表(GHR)和无限数量的本地句柄服务(LHS)组成。这些服务组件代表Handle系统客户端组件提供名称服务(解析和管理)。为了提高效率,Handle系统客户端组件也可以选择使用Handle系统中间件组件(例如,Handle系统缓存服务)。本节介绍这些组件及其相互之间的关系。

4.1. Handle System Service Components
4.1. 处理系统服务组件

The Handle System defines a hierarchical service model. At the top level is the single distributed global handle service, also known as the Global Handle Registry (GHR). Underneath the GHR, there can be any number of Local Handle Services (LHSs). Each LHS must be registered with the GHR to manage handles under a distinct set of naming authorities. Naming authorities are managed by the GHR via naming authority handles (i.e., handles under the naming authority "0.NA"). A naming authority handle can also be used to locate the service information (in terms of HS_SITE values) that describes the handle service responsible for handles under the naming authority. From the service information, clients can choose a service site and locate the responsible server for their handle requests.

Handle系统定义了一个分层服务模型。顶层是单个分布式全局句柄服务,也称为全局句柄注册表(GHR)。在GHR下面,可以有任意数量的本地句柄服务(LHS)。每个LHS必须向GHR注册,以便在一组不同的命名权限下管理句柄。GHR通过命名机构句柄(即命名机构“0.NA”下的句柄)管理命名机构。命名机构句柄还可用于定位服务信息(根据HS_站点值),该信息描述了负责命名机构下句柄的句柄服务。从服务信息中,客户端可以选择服务站点并找到负责处理请求的服务器。

Handle System service components are scalable and extensible to accommodate any large amount of service load. A handle service, global or local, may consist of multiple service sites, replicating each other. Each service site may also consist of a cluster of computers working together to serve its respective namespace. Having multiple service sites avoids any single point of failure and allows load balancing among these service sites. Using multiple servers at any service site distributes the service load into multiple server processes and allows less powerful computers to be utilized for the name service.

Handle System服务组件具有可伸缩性和可扩展性,以适应任何大量的服务负载。句柄服务(全局或本地)可能由多个相互复制的服务站点组成。每个服务站点还可以由一组计算机组成,这些计算机协同工作以服务于其各自的名称空间。拥有多个服务站点可以避免任何单点故障,并允许在这些服务站点之间进行负载平衡。在任何服务站点使用多台服务器都会将服务负载分配到多个服务器进程中,并允许将功能较弱的计算机用于名称服务。

4.1.1. Global Handle Registry (GHR)
4.1.1. 全局句柄注册表(GHR)

The Global Handle Registry (GHR) is mainly used to manage naming authority handles and to provide service information for every naming authority under the Handle System. The GHR may also be used to manage and provide resolution and administration service to non-naming-authority handles. Unlike any LHS, which mostly manages handles under a few naming authorities, the GHR is primarily used to register naming authorities and provide service information for every LHS. In other words, the GHR is the single root service that registers every LHS and provides their service information via the use of naming authority handle(s). Every naming authority under the Handle System must be registered under the GHR as a naming authority handle. The naming authority handle provides the service information of the handle service that manages all the handles under the naming authority. The service information may be provided in terms of a set of HS_SITE values, or an HS_SERV value that refers to a service handle, as described earlier.

全局句柄注册表(GHR)主要用于管理命名机构句柄,并为句柄系统下的每个命名机构提供服务信息。GHR还可用于管理和向非命名机构句柄提供解析和管理服务。与大多数在少数命名机构下管理句柄的LHS不同,GHR主要用于注册命名机构并为每个LHS提供服务信息。换句话说,GHR是一个根服务,它注册每个LHS,并通过使用命名权限句柄提供其服务信息。Handle系统下的每个命名机构必须在GHR下注册为命名机构Handle。命名机构句柄提供管理命名机构下所有句柄的句柄服务的服务信息。服务信息可以按照一组HS_站点值或引用服务句柄的HS_SERV值提供,如前面所述。

The GHR may consist of multiple service sites, each described in a HS_SITE value. These HS_SITE values are assigned to the designated naming authority handle "0.NA/0.NA", also called the root handle. The

GHR可能由多个服务站点组成,每个站点在HS_站点值中描述。这些HS_站点值被分配给指定的命名机构句柄“0.NA/0.NA”,也称为根句柄。这个

root handle is the naming authority handle that maintains the service information for GHR. Top level naming authorities can only be created by administrators of the root handle.

根句柄是维护GHR服务信息的命名机构句柄。顶级命名权限只能由根句柄的管理员创建。

In order to communicate with the GHR, client software needs the GHR service information beforehand. The service information may be distributed initially with the client software, or obtained from some other secure sources (e.g., postal mail, secure web site, etc.). Client software may keep the service information to communicate with the GHR until the service information becomes expired (according to its TTL). The GHR must update its service information (assigned to the root handle) every time it changes its configuration. Client software with out-dated service information will be notified of the update every time it communicates with the GHR. The GHR must be maintained in such a way that any client software with out-dated GHR service information can still query the root handle for the latest update.

为了与GHR通信,客户端软件需要事先获得GHR服务信息。服务信息可以最初与客户端软件一起分发,或者从一些其他安全来源(例如,邮政邮件、安全网站等)获得。客户机软件可保留服务信息以与GHR通信,直到服务信息过期(根据其TTL)。GHR必须在每次更改其配置时更新其服务信息(分配给根句柄)。每次与GHR通信时,将通知具有过时服务信息的客户端软件更新。GHR的维护方式必须确保任何具有过时GHR服务信息的客户端软件仍然可以查询根句柄以获取最新更新。

Fig. 4.1.1 shows the GHR service information in terms of a set of HS_SITE values. The GHR may consist of a number of service sites, each described in a HS_SITE value. The figure shows a GHR service site located in US East Coast, as indicated in the <AttributeList>.

图4.1.1显示了一组HS_站点值的GHR服务信息。GHR可能由多个服务站点组成,每个站点在HS_站点值中描述。如<AttributeList>所示,该图显示了位于美国东海岸的GHR服务站点。

       ------------------------------------------------------------
     ------------------------------------------------------------  |
    -----------------------------------------------------------  | |
   |                                                           | | |
   |  <index>:      3                                          | | |
   |  <type>:       HS_SITE                                    | | |
   |  <data>:                                                  | | |
   |    Version:          1                                    | | |
   |    ProtocolVersion:  2.1                                  | | |
   |    SerialNumber:     1                                    | | |
   |    PrimaryMask:                                           | | |
   |            MultiPrimary:    TRUE                          | | |
   |            PrimarySite:     TRUE                          | | |
   |    HashOption:       HASH_BY_HANDLE                       | | |
   |    HashFilter:       {empty UTF8-String}                  | | |
   |    AttributeList:    1                                    | | |
   |        Description:  Service site at US East Coast        | | |
   |    NumOfServer:      3                                    | | |
   |                                                           | | |
   |        ------------------------------------------         | | |
   |       ------------------------------------------ |        | | |
   |      ------------------------------------------ ||        | | |
   |     | ServerID:        1                       |||        | | |
   |     | Address:         :FFFF:132.151.2.150     |||        | | |
   |     | PublicKeyRecord: HS_DSAKEY, iQCuR2Rnw... |||        | | |
   |     | ServiceInterface                         |||        | | |
   |     |    ServiceType:       Resolution & Admin |||        | | |
   |     |    TransmissionProtocol: TCP & UDP       ||         | | |
   |     |    PortNumber:           2641            |          | | |
   |      ------------------------------------------           | | |
   |                                                           | | |
   |  <TTL>:        24 hours                                   | | |
   |  <permission>: PUBLIC_READ, ADMIN_WRITE                   | | |
   |  <reference>:  {empty}                                    | |-
   |                                                           |-
    -----------------------------------------------------------
        
       ------------------------------------------------------------
     ------------------------------------------------------------  |
    -----------------------------------------------------------  | |
   |                                                           | | |
   |  <index>:      3                                          | | |
   |  <type>:       HS_SITE                                    | | |
   |  <data>:                                                  | | |
   |    Version:          1                                    | | |
   |    ProtocolVersion:  2.1                                  | | |
   |    SerialNumber:     1                                    | | |
   |    PrimaryMask:                                           | | |
   |            MultiPrimary:    TRUE                          | | |
   |            PrimarySite:     TRUE                          | | |
   |    HashOption:       HASH_BY_HANDLE                       | | |
   |    HashFilter:       {empty UTF8-String}                  | | |
   |    AttributeList:    1                                    | | |
   |        Description:  Service site at US East Coast        | | |
   |    NumOfServer:      3                                    | | |
   |                                                           | | |
   |        ------------------------------------------         | | |
   |       ------------------------------------------ |        | | |
   |      ------------------------------------------ ||        | | |
   |     | ServerID:        1                       |||        | | |
   |     | Address:         :FFFF:132.151.2.150     |||        | | |
   |     | PublicKeyRecord: HS_DSAKEY, iQCuR2Rnw... |||        | | |
   |     | ServiceInterface                         |||        | | |
   |     |    ServiceType:       Resolution & Admin |||        | | |
   |     |    TransmissionProtocol: TCP & UDP       ||         | | |
   |     |    PortNumber:           2641            |          | | |
   |      ------------------------------------------           | | |
   |                                                           | | |
   |  <TTL>:        24 hours                                   | | |
   |  <permission>: PUBLIC_READ, ADMIN_WRITE                   | | |
   |  <reference>:  {empty}                                    | |-
   |                                                           |-
    -----------------------------------------------------------
        

Figure 4.1.1: GHR service information

图4.1.1:GHR服务信息

The GHR and its service information provide an entry point for any client software to communicate with the Handle System. For any given handle, client software can query the GHR for its naming authority handle. This will return the service information of the LHS that manages every handle under the naming authority. The service information will direct the client software to the handle server within the LHS that manages the handle.

GHR及其服务信息为任何客户端软件提供了一个入口点,以便与手柄系统进行通信。对于任何给定的句柄,客户端软件都可以查询GHR的命名权限句柄。这将返回LHS的服务信息,LHS管理命名机构下的每个句柄。服务信息会将客户端软件定向到LHS中管理句柄的句柄服务器。

4.1.2. Local Handle Service (LHS)
4.1.2. 本地句柄服务(LHS)

A Local Handle Services (LHS) manages handles under given sets of naming authorities. Each naming authority defines a "local" namespace that consists of all of the handles under the naming authority. Note that a LHS is not a "local" service in terms of any network topology. It is called a "Local" Handle Service because it typically manages a restricted (local) namespace.

本地句柄服务(LHS)在给定的命名权限集下管理句柄。每个命名机构定义一个“本地”命名空间,该命名空间由命名机构下的所有句柄组成。请注意,就任何网络拓扑而言,LHS都不是“本地”服务。它被称为“本地”句柄服务,因为它通常管理受限(本地)命名空间。

A naming authority is "homed" at a LHS if all handles under the naming authority are managed by the LHS. A LHS may be home to multiple naming authorities. On the other hand, a naming authority may only be "homed" at one LHS. Note that a naming authority may also be homed at the GHR.

如果命名机构下的所有句柄都由LHS管理,则命名机构在LHS上“驻留”。LHS可能是多个命名机构的所在地。另一方面,命名机构只能“驻留”在一个LHS上。请注意,命名机构也可以位于GHR。

      ------------------------------------------------------------
     ------------------------------------------------------------  |
    -----------------------------------------------------------  | |
   |  <index>:      3                                          | | |
   |  <type>:       HS_SITE                                    | | |
   |  <data>:                                                  | | |
   |    Version:          1                                    | | |
   |    ProtocolVersion:  2.1                                  | | |
   |    SerialNumber:     1                                    | | |
   |    PrimaryMask:                                           | | |
   |            MultiPrimary:   FALSE                          | | |
   |            PrimarySite:    TRUE                           | | |
   |    HashOption:       HASH_BY_LOCALNAME                    | | |
   |    HashFilter:       {empty UTF8-String}                  | | |
   |    AttributeList:    1                                    | | |
   |        Description:  Local Service for "10"               | | |
   |    NumOfServer:      2                                    | | |
   |        -----------------------------------------          | | |
   |       ----------------------------------------- |         | | |
   |     | ServerID:        1                       ||         | | |
   |     | Address:         :FFFF:132.151.3.150     ||         | | |
   |     | PublicKeyRecord: HS_DSAKEY, iQCuR2R...   ||         | | |
   |     | ServiceInteface:                         ||         | | |
   |     |    ServiceType:     Resolution & Admin   ||         | | |
   |     |    TransmissionProtocol:     TCP & UDP   ||         | | |
   |     |    PortNumber:               2641        |'         | | |
   |      -----------------------------------------'           | | |
   |  <TTL>:        24 hours                                   | | |
   |  <permission>: PUBLIC_READ, ADMIN_WRITE                   | |-
   |  <reference>:  {empty}                                    |-
    -----------------------------------------------------------
        
      ------------------------------------------------------------
     ------------------------------------------------------------  |
    -----------------------------------------------------------  | |
   |  <index>:      3                                          | | |
   |  <type>:       HS_SITE                                    | | |
   |  <data>:                                                  | | |
   |    Version:          1                                    | | |
   |    ProtocolVersion:  2.1                                  | | |
   |    SerialNumber:     1                                    | | |
   |    PrimaryMask:                                           | | |
   |            MultiPrimary:   FALSE                          | | |
   |            PrimarySite:    TRUE                           | | |
   |    HashOption:       HASH_BY_LOCALNAME                    | | |
   |    HashFilter:       {empty UTF8-String}                  | | |
   |    AttributeList:    1                                    | | |
   |        Description:  Local Service for "10"               | | |
   |    NumOfServer:      2                                    | | |
   |        -----------------------------------------          | | |
   |       ----------------------------------------- |         | | |
   |     | ServerID:        1                       ||         | | |
   |     | Address:         :FFFF:132.151.3.150     ||         | | |
   |     | PublicKeyRecord: HS_DSAKEY, iQCuR2R...   ||         | | |
   |     | ServiceInteface:                         ||         | | |
   |     |    ServiceType:     Resolution & Admin   ||         | | |
   |     |    TransmissionProtocol:     TCP & UDP   ||         | | |
   |     |    PortNumber:               2641        |'         | | |
   |      -----------------------------------------'           | | |
   |  <TTL>:        24 hours                                   | | |
   |  <permission>: PUBLIC_READ, ADMIN_WRITE                   | |-
   |  <reference>:  {empty}                                    |-
    -----------------------------------------------------------
        

Figure 4.1.2: LHS service information

图4.1.2:LHS服务信息

Like the GHR, a LHS may also consist of many service sites with each site described by an HS_SITE value. The set of HS_SITE values for any LHS may be assigned to a service handle or to the relevant naming authority handle(s). Fig. 4.1.2 shows an example of HS_SITE values for a LHS. These HS_SITE values are assigned to the naming authority handle "0.NA/10". This suggests that the naming authority "10" is "homed" at the LHS specified in these HS_SITE values. Clients may query the GHR to obtain the service information in order to communicate with the LHS. Administrators of the naming authority handle are responsible for maintaining the service information and keeping it up to date.

与GHR一样,LHS也可能由许多服务站点组成,每个站点由HS_站点值描述。任何LHS的HS_站点值集可分配给服务句柄或相关命名机构句柄。图4.1.2显示了LHS的HS_现场值示例。这些HS_站点值被分配给命名机构句柄“0.NA/10”。这表明命名机构“10”位于这些HS_现场值中指定的LHS处。客户可以查询GHR以获取服务信息,以便与LHS通信。命名机构句柄的管理员负责维护服务信息并使其保持最新。

Note that a LHS may refer its clients to another LHS in response to a service request. This allows the LHS to further distribute its service in a hierarchical fashion.

请注意,LHS可能会将其客户机转介给另一个LHS以响应服务请求。这允许LHS以分层方式进一步分发其服务。

4.2. Handle System Middle-Ware Components
4.2. 处理系统中间件组件

Handle System middle-ware components currently include Handle System caching servers and Handle System proxy servers. These Handle System middle-ware components are clients to Handle System service components, but servers to Handle System client software. Handle System middle-ware components are used to provide additional interfaces to the basic handle service. For example, a Handle System caching server may be used to share resolution results within a local community. Additionally, a Handle System proxy server can be used to bypass any organizational firewall via HTTP tunneling.

Handle系统中间件组件目前包括Handle系统缓存服务器和Handle系统代理服务器。这些处理系统中间件组件是处理系统服务组件的客户机,而不是处理系统客户机软件的服务器。Handle系统中间件组件用于为基本Handle服务提供附加接口。例如,句柄系统缓存服务器可用于在本地社区内共享解析结果。此外,句柄系统代理服务器可用于通过HTTP隧道绕过任何组织防火墙。

4.2.1. Handle System Caching Service
4.2.1. 句柄系统缓存服务

Handle System caching service can be used to reduce the network traffic between Handle System clients and servers. Caching handle data, including the service information of any LHS, allows re-use of information obtained from earlier queries.

Handle系统缓存服务可用于减少Handle系统客户端和服务器之间的网络流量。缓存句柄数据,包括任何LHS的服务信息,允许重用从早期查询中获得的信息。

Each handle value contains a <TTL> (Time to Live) field that tells a caching service how long the cached value may be regarded as valid. A zero-value TTL indicates that the value can only be used for the transaction in progress and should not be cached. A caching service may obtain its data directly from a handle service, or from another caching service that eventually gets its data from the handle service.

每个句柄值都包含一个<TTL>(生存时间)字段,告诉缓存服务缓存值的有效时间。零值TTL表示该值只能用于正在进行的事务,不应缓存。缓存服务可以直接从句柄服务获取数据,也可以从另一个缓存服务获取数据,后者最终从句柄服务获取数据。

A caching service may be defined in terms of an HS_SITE value and may consist of multiple caching servers. For any given handle, clients can find the responsible caching server within the caching service by using the same hashing algorithm as used in locating the handle server within any handle service.

缓存服务可以根据HS_站点值定义,并且可以由多个缓存服务器组成。对于任何给定的句柄,客户端都可以使用与在任何句柄服务中查找句柄服务器相同的哈希算法在缓存服务中查找负责的缓存服务器。

Caching services are not part of any Handle System administration or authentication hierarchy. The Handle System protocol does not authenticate any response from a caching service. Clients are responsible to set up their trust relationship with the caching service that they select. They will also rely on the caching service to properly authenticate any response from any handle server.

缓存服务不是任何句柄系统管理或身份验证层次结构的一部分。Handle系统协议不验证来自缓存服务的任何响应。客户机负责与他们选择的缓存服务建立信任关系。他们还将依赖缓存服务来正确验证来自任何句柄服务器的任何响应。

4.2.2. Handle System Proxy Server
4.2.2. 处理系统代理服务器

Handle System proxy servers can be used to enable handle resolution via other Internet protocols. For example, CNRI has built and made available a Handle System HTTP Proxy Server that will process any handle resolution in terms of HTTP protocol. The current DNS address for the proxy server is at "hdl.handle.net". The proxy server allows any handle to be resolved via a HTTP URL. The URL can be constructed as "http://hdl.handle.net/<handle>", where <handle> can be any handle from the Handle System. For example, the handle "ncstrl.vatech_cs/tr-93-35" can be resolved via the HTTP URL "http://hdl.handle.net/ncstrl.vatech_cs/tr-93-35" from any web browser. In this case, the URL is sent to the proxy server in terms of a HTTP request. The proxy server will query the Handle System for the handle data and return the results in terms of HTTP response.

句柄系统代理服务器可用于通过其他Internet协议启用句柄解析。例如,CNRI构建并提供了一个句柄系统HTTP代理服务器,该服务器将根据HTTP协议处理任何句柄解析。代理服务器的当前DNS地址位于“hdl.handle.net”。代理服务器允许通过HTTP URL解析任何句柄。URL可以构造为“http://hdl.handle.net/<handle>”,其中<handle>可以是handle系统中的任何句柄。例如,句柄“ncstrl.vatech_cs/tr-93-35”可以通过HTTP URL解析http://hdl.handle.net/ncstrl.vatech_cs/tr-93-35“从任何web浏览器。在这种情况下,URL以HTTP请求的形式发送到代理服务器。代理服务器将查询句柄系统中的句柄数据,并以HTTP响应的形式返回结果。

Using HTTP URLs allows handles to be resolved from standard web browsers without any additional client software. However, such reference to the handle also ties itself to the proxy server. If the proxy server changes its DNS name or otherwise becomes invalid, the reference (i.e., the HTTP URL) to the handle will break. Thus the selection or use of proxy server should be carefully evaluated.

使用HTTP URL允许从标准web浏览器解析句柄,而无需任何其他客户端软件。但是,对句柄的这种引用也将自身绑定到代理服务器。如果代理服务器更改其DNS名称或以其他方式变得无效,则对句柄的引用(即HTTP URL)将中断。因此,应仔细评估代理服务器的选择或使用。

Proxy servers are not part of any Handle System administration or authentication hierarchy. The Handle System protocol does not authenticate any response from a proxy server. Clients are responsible to set up their trust relationship with the proxy server that they select. They will also rely on the proxy server to properly authenticate any response from any handle server.

代理服务器不是任何Handle系统管理或身份验证层次结构的一部分。Handle系统协议不验证来自代理服务器的任何响应。客户机负责与他们选择的代理服务器建立信任关系。他们还将依赖代理服务器来正确验证来自任何句柄服务器的任何响应。

4.3. Handle System Client Components
4.3. 处理系统客户端组件

Handle System client components are client software that communicates with the Handle System service components. Client software may speak the Handle System protocol and send its request directly to a service

Handle系统客户端组件是与Handle系统服务组件通信的客户端软件。客户端软件可以使用Handle系统协议,并将其请求直接发送到服务

component. The response from the service component may be the final answer to the request, or a referral to another service component. The client software will have to follow the referral in order to complete the transaction.

组成部分来自服务组件的响应可能是对请求的最终回答,也可能是对另一个服务组件的引用。为了完成交易,客户端软件必须遵循转介。

Client software may also be configured to tunnel its request via a middle-ware component. The middle-ware component will thus be responsible for obtaining the final result and returning it to the client. Unlike service components, middle-ware components will only return final results of client's request. No service referral will be returned from middle-ware components.

客户机软件还可以配置为通过中间件组件对其请求进行隧道传输。因此,中间件组件将负责获得最终结果并将其返回给客户端。与服务组件不同,中间件组件只返回客户端请求的最终结果。不会从中间件组件返回任何服务引用。

Various Handle System client components may be developed for various applications. The CNRI Handle System Resolver [17] is one such component. The resolver extends web browsers (e.g., Netscape or Microsoft Internet Explorer) in such a way that handles can be resolved directly in terms of "hdl:" Uniform Resource Identifiers (URIs). The Grail web browser [18], a freely downloadable software developed in Python [19], also supports the "hdl:" URI scheme and will resolve handles accordingly. For example, the handle "10.1045/july95-arms" may be resolved by entering its handle URI as "hdl:10.1045/july95-arms" into any of these resolver-enabled browsers. Details of the handle URI syntax will be specified in a separate document.

可针对各种应用开发各种手柄系统客户端组件。CNRI手柄系统分解器[17]就是这样一个组件。解析程序扩展web浏览器(如Netscape或Microsoft Internet Explorer),使句柄可以直接按照“hdl:”统一资源标识符(URI)解析。grailweb浏览器[18],一个用Python[19]开发的可免费下载的软件,也支持“hdl:”URI模式,并将相应地解析句柄。例如,句柄“10.1045/july95 arms”可以通过将其句柄URI作为“hdl:10.1045/july95 arms”输入这些启用解析器的浏览器中的任意一个来解析。句柄URI语法的详细信息将在单独的文档中指定。

5. Handle System Operation Model
5. 手柄系统运行模式

Handle System operations can be categorized into resolution and administration. Clients use the handle resolution service to query for any handle values. Handle administration allows clients to manage handles, including adding and deleting handles, and updating their values. It also deals with naming authority administration via naming authority handles. This section explains how various Handle System components work together to accomplish these service operations.

处理系统操作可分为解决和管理。客户端使用句柄解析服务查询任何句柄值。句柄管理允许客户端管理句柄,包括添加和删除句柄以及更新其值。它还通过命名权限句柄处理命名权限管理。本节介绍各种Handle系统组件如何协同工作以完成这些服务操作。

Both resolution and administration may require authentication of the client. The authentication can be done via the Handle System authentication protocol described later in this section. Whether authentication is required or not depends on the kind of operation involved and the permissions assigned to the relevant handle value, and policies deployed by the relevant service components.

解析和管理都可能需要对客户端进行身份验证。身份验证可以通过本节后面介绍的Handle System身份验证协议完成。是否需要身份验证取决于所涉及的操作类型、分配给相关句柄值的权限以及相关服务组件部署的策略。

The Handle System protocol specifies the syntax and semantics of each message exchanged between Handle System clients and its server components. This section provides a high level overview of the

Handle系统协议指定Handle系统客户端及其服务器组件之间交换的每条消息的语法和语义。本节从较高的层次概述了

protocol used to accomplish any service operation. The exact programmatic detail of each message (i.e., their byte layout or syntax) is specified in a separate document [8].

用于完成任何服务操作的协议。每个消息的确切编程细节(即它们的字节布局或语法)在单独的文档中指定[8]。

5.1. Handle System Service Request and Response
5.1. 处理系统服务请求和响应

The Handle System provides its service in response to client requests. A client may send a request to any handle server to provoke a response. The response either provides an answer to the request, or a status code with associated information that either refers the request to another service component, asks for client authentication, or signals some error status.

Handle系统响应客户端请求提供服务。客户端可以向任何句柄服务器发送请求以引发响应。响应要么提供请求的答案,要么提供带有相关信息的状态代码,这些信息要么将请求引用到另一个服务组件,请求客户端身份验证,要么发出一些错误状态的信号。

Each handle under the Handle System is managed by its home service. The naming authority handle provides the service information (in terms of HS_SERV or HS_SITE values) of the handle service that manages all handles under the naming authority. Any handle request must be directed to the home service of the handle in question. Clients may find the home service by querying the corresponding naming authority handle against the GHR. Alternatively, this information may be found in a local cache or even be part of a local client configuration. Given the service information, clients may select a service site and locate the responsible handle server within the site.

把手系统下的每个把手都由其家庭服务管理。命名机构句柄提供管理命名机构下所有句柄的句柄服务的服务信息(以HS_SERV或HS_站点值表示)。任何句柄请求必须直接发送到相关句柄的家庭服务。客户可以通过查询GHR对应的命名机构句柄来查找家庭服务。或者,该信息可以在本地缓存中找到,甚至可以是本地客户端配置的一部分。给定服务信息,客户端可以选择一个服务站点,并在该站点中找到负责的句柄服务器。

To resolve the handle "ncstrl.vatech_cs/te-93-35", for example, client software needs to know the home service for the naming authority "ncstrl.vatech_cs". The home service can be obtained by querying the naming authority handle "0.NA/ncstrl.vatech_cs" against the GHR. The GHR will return the service information in terms of the HS_SITE values assigned to the naming authority handle. From the service information, clients can pick a service site, find the responsible handle server within the site, and send the resolution request to the handle server.

例如,要解决句柄“ncstrl.vatech_cs/te-93-35”,客户端软件需要知道命名机构“ncstrl.vatech_cs”的家庭服务。家庭服务可以通过查询GHR的命名机构句柄“0.NA/ncstrl.vatech_cs”来获得。GHR将根据分配给命名机构句柄的HS_站点值返回服务信息。从服务信息中,客户端可以选择一个服务站点,在站点中找到负责的句柄服务器,并将解析请求发送到句柄服务器。

Clients may require digital signatures from a handle server in order to authenticate any response from the server. The signature can be generated using the server's private key. Clients may verify the signature using the public key available from the service information (refer to the <PublicKeyRecord> entry discussed in 3.2.2).

客户端可能需要来自句柄服务器的数字签名,以便验证来自服务器的任何响应。签名可以使用服务器的私钥生成。客户可以使用服务信息中提供的公钥验证签名(请参阅3.2.2中讨论的<PublicKeyRecord>条目)。

A communication session may also be established between any client and handle server. Each session is identified by a unique session ID managed by the server. A session may be used to manage requests that require multiple interactions. It may also be used to share any TCP connection or authentication information among multiple service transactions. Each session may establish a session key and use it to

还可以在任何客户端和句柄服务器之间建立通信会话。每个会话由服务器管理的唯一会话ID标识。会话可用于管理需要多次交互的请求。它还可用于在多个服务事务之间共享任何TCP连接或身份验证信息。每个会话可以建立会话密钥并使用它来

authenticate any message exchanged within the session. It may also be used to encrypt any message between the client and the server to achieve data confidentiality.

验证会话中交换的任何消息。它还可用于加密客户端和服务器之间的任何消息,以实现数据机密性。

The following diagram shows a handle resolution process in terms of messages exchanged between client software and Handle System service components. In this case, the client is trying to resolve the handle "ncstrl.vatech_cs/tr-93-35". It assumes that the client has yet obtained the service information of the LHS "homed" by the naming authority "ncstrl.vatech.cs". The client has to get the service information from the naming authority handle managed by the GHR. The service information allows the client to locate the responsible LHS and query for the handle value.

下图根据客户端软件和句柄系统服务组件之间交换的消息显示了句柄解析过程。在这种情况下,客户机试图解析句柄“ncstrl.vatech_cs/tr-93-35”。它假设客户尚未获得命名机构“ncstrl.vatech.cs”提供的LHS“homed”服务信息。客户端必须从GHR管理的命名机构句柄获取服务信息。服务信息允许客户机定位负责的LHS并查询句柄值。

   [HS Client]  ----------------------------> [Global Handle Registry]
                 1. ask for the service
                    information from the
                    naming authority handle
                    "0.NA/ncstrl.vatech_cs"
        
   [HS Client]  ----------------------------> [Global Handle Registry]
                 1. ask for the service
                    information from the
                    naming authority handle
                    "0.NA/ncstrl.vatech_cs"
        
   [HS Client]  <---------------------------- [Global Handle Registry]
                 2. service information for
                    the naming authority
                    "ncstrl.vatech_cs"
        
   [HS Client]  <---------------------------- [Global Handle Registry]
                 2. service information for
                    the naming authority
                    "ncstrl.vatech_cs"
        
   [HS Client]  ----------------------------> [Local Handle Service]
                 3. query the handle
                    "ncstrl.vatech_cs/tr-93-35"
                    against the responsible
                    handle server
        
   [HS Client]  ----------------------------> [Local Handle Service]
                 3. query the handle
                    "ncstrl.vatech_cs/tr-93-35"
                    against the responsible
                    handle server
        

\... ...

\... ...

(optional client authentication, depending on the service request)

(可选客户端身份验证,具体取决于服务请求)

\... ...

\... ...

   [HS Client]  <---------------------------- [Local Handle Service]
                  4. query result from the handle
                     server + (optional) server
                     signature
        
   [HS Client]  <---------------------------- [Local Handle Service]
                  4. query result from the handle
                     server + (optional) server
                     signature
        

Figure 5.1: Handle resolution example

图5.1:句柄解析示例

In Figure 5.1, the client is configured to communicate with the GHR for any handle service. In this case, the client first queries the GHR to find the home service for the handle's naming authority. The

在图5.1中,客户机配置为与GHR进行任何句柄服务通信。在这种情况下,客户端首先查询GHR以查找句柄命名权限的家庭服务。这个

GHR returns the service information of the LHS that manages every handle under the naming authority. From the service information, the client can find the responsible handle server and query the server for the handle. The server may set up a session to authenticate the client if any of the handle value requires authentication. Otherwise, the server will simply return the handle value to the client. The server may send a digital signature as part of its response if required by the client.

GHR返回LHS的服务信息,LHS管理命名机构下的每个句柄。从服务信息中,客户端可以找到负责的句柄服务器,并向服务器查询句柄。如果任何句柄值需要身份验证,服务器可以设置会话来对客户端进行身份验证。否则,服务器将只向客户端返回句柄值。如果客户端要求,服务器可以发送数字签名作为其响应的一部分。

The above procedure assumes that the client software already has the GHR service information. That information was likely obtained from the client software distribution. The GHR will notify the client software if it learns that the service information used by the client software is out of date. Client software may retrieve the latest service information from the root handle "0.NA/0.NA". The root handle also maintains the public key that may be used to authenticate the service information.

上述步骤假设客户机软件已经具有GHR服务信息。该信息可能是从客户端软件分发中获得的。如果GHR得知客户端软件使用的服务信息已过期,GHR将通知客户端软件。客户端软件可以从根句柄“0.NA/0.NA”检索最新的服务信息。根句柄还维护可用于验证服务信息的公钥。

Note that a client may cache the service information of any naming authority so that subsequent queries for handles under the same naming authority may reuse the service information and bypass the first two steps shown in Figure 5.1. Client software may also be configured to query a caching or proxy server directly for any handle. In this case, the caching or proxy server will act as the [HS Client] in Figure 5.1 before returning the query result to the client.

请注意,客户机可以缓存任何命名机构的服务信息,以便在同一命名机构下对句柄的后续查询可以重用服务信息并绕过图5.1所示的前两个步骤。客户机软件还可以配置为直接查询缓存或代理服务器的任何句柄。在这种情况下,缓存或代理服务器将在将查询结果返回给客户端之前充当图5.1中的[HS Client]。

Client software under certain organization may also elect to bypass the GHR and communicate directly with a LHS managed by the organization. Doing so may achieve quicker response for handles managed under the LHS. The client software will be referred to the GHR for handles not managed by the LHS.

某些组织下的客户端软件也可以选择绕过GHR,直接与该组织管理的LHS通信。这样做可以实现LHS下管理的手柄更快的响应。对于非由LHS管理的手柄,客户机软件将提交GHR。

5.2. Handle System Authentication Protocol
5.2. 句柄系统认证协议

The Handle System supports handle administration over the public Internet. Access controls can be defined on each handle value. The Handle System authentication protocol is the protocol used by any handle server to authenticate handle administrator upon any administration request. The authentication is also necessary when clients query for handle values that are read-only by the handle administrator. Handle administration include adding, deleting or modifying handle values, and adding or deleting handles. Naming authority administrations are carried out as handle administrations over the corresponding naming authority handles.

Handle系统支持通过公共互联网进行Handle管理。可以在每个句柄值上定义访问控制。Handle系统身份验证协议是任何Handle服务器用于在任何管理请求时对Handle管理员进行身份验证的协议。当客户端查询句柄管理员只读的句柄值时,身份验证也是必要的。句柄管理包括添加、删除或修改句柄值,以及添加或删除句柄。命名机构管理作为对相应命名机构句柄的句柄管理来执行。

The Handle System authentication protocol does not perform any server authentication. However, a client may authenticate any server response by asking the server to sign its response with digital signature.

Handle系统身份验证协议不执行任何服务器身份验证。但是,客户机可以通过要求服务器使用数字签名对其响应进行签名来验证任何服务器响应。

By default, the Handle System authenticates clients via a challenge-response protocol. That is, after receiving a client's request, the server issues a challenge to the client if authentication is necessary. To be authenticated as the administrator, the client has to return a challenge-response, a message that demonstrates procession of the administrator's secret. The secret may be the private key or the secret key of the administrator. This challenge-response allows the server to authenticate the client as the handle administrator. Upon successful authentication, the server will fulfill the client's request if the administrator is given sufficient permission.

默认情况下,句柄系统通过质询响应协议对客户端进行身份验证。也就是说,在接收到客户机的请求后,如果需要身份验证,服务器将向客户机发出质询。要作为管理员进行身份验证,客户端必须返回质询响应,这是一条显示管理员秘密处理的消息。秘密可以是私钥或管理员的密钥。此质询响应允许服务器将客户端验证为句柄管理员。成功身份验证后,如果管理员获得足够的权限,服务器将满足客户端的请求。

For example, suppose a client sends a request to the handle server to add a new handle value. The server will issue a challenge to the client in order to authenticate the client as one of the handle administrators. If the client possesses the private key of the administrator, she can use it to sign the server's challenge and return the signature as part of her challenge-response. The server will validate the signature in order to authenticate the client. The client will be notified if the validation fails. Otherwise, the server will further check if the administrator has the permission to add the handle value. If so, the server will add the handle value and report success to the client. Otherwise, a permission-denied message will be returned.

例如,假设客户机向句柄服务器发送请求以添加新的句柄值。服务器将向客户端发出质询,以便将客户端验证为句柄管理员之一。如果客户端拥有管理员的私钥,则可以使用它对服务器的质询进行签名,并将签名作为质询响应的一部分返回。服务器将验证签名,以便对客户端进行身份验证。如果验证失败,将通知客户。否则,服务器将进一步检查管理员是否具有添加句柄值的权限。如果是这样,服务器将添加句柄值并向客户端报告成功。否则,将返回“权限被拒绝”消息。

The following diagram shows a typical authentication process in terms of the messages exchanged between the client and the handle server.

下图根据客户端和handle服务器之间交换的消息显示了一个典型的身份验证过程。

     [Client]  -------------------------------->  [Handle Server]
                 1. client request
                  + (optional) client credential
        
     [Client]  -------------------------------->  [Handle Server]
                 1. client request
                  + (optional) client credential
        
     [Client]  <--------------------------------  [Handle Server]
                 2. server's challenge to client
                  + (i.e., nonce + MD5 of client request)
        
     [Client]  <--------------------------------  [Handle Server]
                 2. server's challenge to client
                  + (i.e., nonce + MD5 of client request)
        
     [Client]  ------------------------------->   [Handle Server]
                 3. reference to handle administrator
                  + challenge-response from client
        
     [Client]  ------------------------------->   [Handle Server]
                 3. reference to handle administrator
                  + challenge-response from client
        
     [Client]  <-------------------------------   [Handle Server]
                 4. server acknowledgement
        
     [Client]  <-------------------------------   [Handle Server]
                 4. server acknowledgement
        

Figure 5.2: Handle System authentication process

图5.2:处理系统身份验证过程

In Figure 5.2, the client sends an administration request to the handle server (along with optional credential discussed later). The server decides that client authentication is required and issues a challenge to the client. The client identifies itself as a handle administrator and returns the challenge-response to the server. The server authenticates the client as the administrator based on the challenge-response. It also checks to see if the administrator is authorized for the administration request. If so, the server will fulfill the request and acknowledge the client.

在图5.2中,客户端向handle服务器发送一个管理请求(以及稍后讨论的可选凭证)。服务器决定需要客户端身份验证,并向客户端发出质询。客户端将自己标识为句柄管理员,并将质询响应返回给服务器。服务器根据质询响应将客户端验证为管理员。它还检查管理员是否被授权进行管理请求。如果是这样,服务器将完成请求并确认客户端。

Handle servers must authenticate the client before fulfilling any request that requires administrator privilege. The exact authentication process varies depending on whether public key or secret key is used by the administrator. It also depends on whether the handle used to store the administrator's key is managed by the same handle server or not.

句柄服务器必须在满足任何需要管理员权限的请求之前对客户端进行身份验证。确切的身份验证过程取决于管理员使用的是公钥还是私钥。它还取决于用于存储管理员密钥的句柄是否由同一个句柄服务器管理。

When public key is used, the challenge-response from the client contains its digital signature over the server's challenge. The server can authenticate the client by verifying the digital signature based on the administrator's public key. If secret key is used, the challenge-response from the client carries the Message Authenticate Code (MAC) generated using the secret key. The server may authenticate the client by generating the same MAC using the administrator's secret key and comparing it against the challenge-response.

当使用公钥时,来自客户端的质询响应包含服务器质询的数字签名。服务器可以根据管理员的公钥验证数字签名,从而对客户端进行身份验证。如果使用了密钥,则来自客户端的质询响应将携带使用密钥生成的消息身份验证码(MAC)。服务器可以使用管理员的密钥生成相同的MAC,并将其与质询响应进行比较,从而对客户端进行身份验证。

The reference to handle administrator in Fig 5.2 is also called a key-reference. It refers to a handle value that contains the key used by the administrator. If the key-reference is managed by the same handle server (e.g., a handle value assigned to the same handle), the server may use the key directly to do the authentication. If the key-reference is managed by some other handle server (whether or not within the same handle service), the server will have to send a verification-request to this other handle server, call it the key-server, in order to authenticate the client. The verification-request to the key-server carries both the server's challenge and the client's challenge-response. The key-server will return a verification-response, signed using the key-server's private key. The content of the verification-response will depend on the handle value referenced by the key-reference. If the key-reference refers to a public key used by the administrator, the verification-response will contain the public key of the administrator. Otherwise, the key-server will verify the challenge-response on behalf of the requesting server and return the result in the verification-response. The following diagram shows the control flow of the authentication process where the key-reference refers to a handle value that contains the administrator's public (or secret) key and the key-server is some other handle server.

图5.2中对handle administrator的引用也称为密钥引用。它是指包含管理员使用的密钥的句柄值。如果密钥引用由同一句柄服务器管理(例如,分配给同一句柄的句柄值),则服务器可以直接使用密钥进行身份验证。如果密钥引用由其他某个句柄服务器管理(无论是否在同一个句柄服务中),则服务器必须向另一个句柄服务器发送验证请求,称之为密钥服务器,以便对客户端进行身份验证。对密钥服务器的验证请求包含服务器的质询和客户端的质询响应。密钥服务器将返回使用密钥服务器的私钥签名的验证响应。验证响应的内容将取决于键引用引用的句柄值。如果密钥引用引用管理员使用的公钥,则验证响应将包含管理员的公钥。否则,密钥服务器将代表请求服务器验证质询响应,并在验证响应中返回结果。下图显示了身份验证过程的控制流,其中密钥引用引用引用包含管理员的公共(或机密)密钥的句柄值,密钥服务器是其他句柄服务器。

      --------                                     -------------
     |        |   1. client request.              |             |
     |        | ------------------------------->  |             |
     |        |                                   |             |
     |        |   2.  session ID                  |             |
     |        |     + server's challenge          |             |
     | Handle | <-------------------------------  | Handle      |
     | System |                                   | server      |
     | client |   3.  session ID                  | receiving   |
     |        |     + response to the challenge   | client      |
     |        |     + administrator reference     | request     |
     |        | --------------------------------> |             |
     |        |                                   |             |
     |        |   6.  server acknowledgement      |             |
     |        | <-------------------------------  |             |
      --------                                     -------------
                                                       |  ^
                                       4. Verification |  | 5. verifi-
                                          request      |  |    cation
                                                       |  |    response
                                                       |  |    (signed)
                                                       V  |
                                            --------------------------
                                           | The handle server (the   |
                                           | key-server) that manages |
                                           | the key referenced by    |
                                           | the key-reference        |
                                            --------------------------
        
      --------                                     -------------
     |        |   1. client request.              |             |
     |        | ------------------------------->  |             |
     |        |                                   |             |
     |        |   2.  session ID                  |             |
     |        |     + server's challenge          |             |
     | Handle | <-------------------------------  | Handle      |
     | System |                                   | server      |
     | client |   3.  session ID                  | receiving   |
     |        |     + response to the challenge   | client      |
     |        |     + administrator reference     | request     |
     |        | --------------------------------> |             |
     |        |                                   |             |
     |        |   6.  server acknowledgement      |             |
     |        | <-------------------------------  |             |
      --------                                     -------------
                                                       |  ^
                                       4. Verification |  | 5. verifi-
                                          request      |  |    cation
                                                       |  |    response
                                                       |  |    (signed)
                                                       V  |
                                            --------------------------
                                           | The handle server (the   |
                                           | key-server) that manages |
                                           | the key referenced by    |
                                           | the key-reference        |
                                            --------------------------
        

Figure 5.3: Authentication process requiring verification from a second handle server

图5.3:需要从第二个句柄服务器进行验证的身份验证过程

Secret key based authentication via a second handle server, i.e., the key server, provides a convenient way to share a common secret key (e.g., pass phrase) among handles managed by different handle servers. However, it should not be used to manage highly sensitive handles or handle data. The authentication process itself is expensive and relies on a third party, i.e., the key-server, for proper operation. Additionally, the secret key itself is subject to dictionary attack since the key-server cannot determine whether the verification-request comes from a legitimate handle server. A handle service may set its local policy so that secret key based authentication can only be carried out if the handle server (receiving the client request) is also the key-server.

通过第二个句柄服务器(即,密钥服务器)的基于密钥的认证提供了一种方便的方式,在由不同句柄服务器管理的句柄之间共享公共密钥(例如,密码短语)。但是,它不应用于管理高度敏感的句柄或处理数据。认证过程本身成本高昂,并且依赖第三方(即密钥服务器)进行正确操作。此外,密钥本身也会受到字典攻击,因为密钥服务器无法确定验证请求是否来自合法的句柄服务器。句柄服务可以设置其本地策略,以便仅当句柄服务器(接收客户端请求)也是密钥服务器时,才能执行基于密钥的身份验证。

Local handle services may define additional local policies for authentication and/or authorization. Handle System service components may also choose to use other Internet authentication mechanisms such as Kerberos [20] or some Transport Layer Security protocol [21]. Details of these will be addressed in a separate document.

本地句柄服务可以定义用于身份验证和/或授权的其他本地策略。Handle系统服务组件还可以选择使用其他Internet身份验证机制,如Kerberos[20]或某些传输层安全协议[21]。这些细节将在单独的文件中说明。

6. Security Considerations
6. 安全考虑

Handle System security considerations are discussed in the "Handle System Overview" [1] and that discussion applies equally to this document.

“句柄系统概述”[1]中讨论了句柄系统安全注意事项,该讨论同样适用于本文档。

The Handle System delegates handle administration to each handle administrator who may or may not be the server administrator. Handle administrators are allowed to choose their own public/secret keys used for authentication. The security of Handle System authentication depends on the proper key selection and its maintenance by the handle administrator. Handle administrators must choose and protect their authentication keys carefully in order to protect the handle data. Handle server implementations may deploy policies that regulate the selection of public/secret keys used for authentication. For example, a handle server may require that any authentication key must be no less than certain number of bits. It may also prohibit the use of secret keys because of the potential dictionary attack.

Handle系统将Handle管理委托给每个Handle管理员,这些管理员可能是服务器管理员,也可能不是服务器管理员。允许句柄管理员选择自己用于身份验证的公钥/密钥。Handle系统身份验证的安全性取决于正确的密钥选择和Handle管理员的维护。为了保护句柄数据,句柄管理员必须仔细选择和保护其身份验证密钥。Handle服务器实现可能会部署一些策略,这些策略可以规范用于身份验证的公钥/私钥的选择。例如,句柄服务器可能要求任何身份验证密钥必须不少于特定位数。由于潜在的字典攻击,它还可能禁止使用密钥。

The Handle System data model supports execution permission (PUBLIC_EXECUTE, ADMIN_EXECUTE) for each handle value. While this allows better sharing of network resources, it also raises many security considerations. Execution privilege should be restricted within the permissions of certain user account (corresponding to the handle administrator) on the server to prevent system-wide disruption. Switching between computing platforms for the server should also be careful to avoid any unexpected behavior. Implementations may choose not to support the execution permission, or provide options so that it can be disabled.

Handle系统数据模型支持每个句柄值的执行权限(PUBLIC_EXECUTE、ADMIN_EXECUTE)。虽然这允许更好地共享网络资源,但也引起了许多安全问题。执行权限应限制在服务器上特定用户帐户(对应于句柄管理员)的权限内,以防止系统范围内的中断。在服务器的计算平台之间切换也应该小心,以避免任何意外行为。实现可以选择不支持执行权限,或者提供选项以禁用它。

To protect against any irresponsible use of system resource, handle servers may implement quota control. The quota control can be used to put limits on the number of handles under a naming authority, the number of handle values allowed for any given handle, the maximum size of any handle value, and the number of sub-naming authorities under a naming authority. Handle servers must report error if the result of a handle administration violates any of these limits.

为了防止不负责任地使用系统资源,handle服务器可以实施配额控制。配额控制可用于限制命名机构下的句柄数量、任何给定句柄允许的句柄值数量、任何句柄值的最大大小以及命名机构下的子命名机构数量。如果句柄管理的结果违反任何这些限制,则句柄服务器必须报告错误。

7. Acknowledgements
7. 致谢

This work is derived from the earlier versions of the Handle System implementation. The overall digital object architecture, including the Handle System, was described in a paper by Robert Kahn and Robert Wilensky [22] in 1995. Development continued at CNRI as part of the Computer Science Technical Reports (CSTR) project, funded by the Defense Advanced Projects Agency (DARPA) under Grant Number MDA-972- 92-J-1029 and MDA-972-99-1-0018. Design ideas are based on those discussed within the Handle System development team, including David Ely, Charles Orth, Allison Yu, Sean Reilly, Jane Euler, Catherine Rey, Stephanie Nguyen, Jason Petrone, and Helen She. Their contributions to this work are gratefully acknowledged.

这项工作源自Handle系统实现的早期版本。罗伯特·卡恩(Robert Kahn)和罗伯特·威伦斯基(Robert Wilensky)[22]在1995年的一篇论文中描述了整个数字对象体系结构,包括手柄系统。作为计算机科学技术报告(CSTR)项目的一部分,CNRI继续进行开发,该项目由国防高级项目局(DARPA)资助,资助号为MDA-972-92-J-1029和MDA-972-99-1-0018。设计理念基于Handle系统开发团队讨论的内容,包括David Ely、Charles Orth、Allison Yu、Sean Reilly、Jane Euler、Catherine Rey、Stephanie Nguyen、Jason Petrone和Helen She。感谢他们对这项工作的贡献。

The authors also thank Russ Housley (housley@vigilsec.com), Ted Hardie (hardie@qualcomm.com), and Mark Baugher (mbaugher@cisco.com) for their extensive review and comments, as well as recommendations received from other members of the IETF/IRTF community.

作者还感谢Russ Housley(housley@vigilsec.com),特德·哈迪(hardie@qualcomm.com),以及马克·鲍尔(mbaugher@cisco.com)感谢他们的广泛审查和评论,以及IETF/IRTF社区其他成员提出的建议。

8. References and Bibliography
8. 参考文献和参考书目

[1] Sun, S. and L. Lannom, "Handle System Overview", RFC 3650, November 2003.

[1] Sun,S.和L.Lannom,“手柄系统概述”,RFC 36502003年11月。

[2] Mockapetris, P., "Domain Names - Concepts and Facilities," STD 13, RFC 1034, November 1987.

[2] Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。

[3] Mockapetris, P., "Domain Names - Implementation and Specification", STD 13, RFC 1035, November 1987.

[3] Mockapetris,P.,“域名-实现和规范”,STD 13,RFC 10351987年11月。

[4] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997.

[4] Wahl,M.,Howes,T.和S.Kille,“轻量级目录访问协议(v3)”,RFC 2251,1997年12月。

[5] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997.

[5] Crocker,D.,Ed.和P.Overell,“语法规范的扩充BNF:ABNF”,RFC 2234,1997年11月。

[6] Yergeau, F., "UTF-8, A Transform Format for Unicode and ISO10646", RFC 2279, January 1998.

[6] “UTF-8,Unicode和ISO10646的转换格式”,RFC2279,1998年1月。

[7] The Unicode Consortium, "The Unicode Standard, Version 2.0", Addison-Wesley Developers Press, 1996. ISBN 0-201-48345-9

[7] Unicode联盟,“Unicode标准,版本2.0”,Addison-Wesley开发者出版社,1996年。ISBN 0-201-48345-9

[8] Sun, S., Reilly, S. and L. Lannom, "Handle System Protocol (ver 2.1) Specification", RFC 3652, November 2003.

[8] Sun,S.,Reilly,S.和L.Lannom,“手柄系统协议(2.1版)规范”,RFC 3652,2003年11月。

[9] Berners-Lee, T., Masinter, L. and M. McCahill, "Uniform Resource Locators (URL)", RFC 1738, December 1994.

[9] Berners Lee,T.,Masinter,L.和M.McCahill,“统一资源定位器(URL)”,RFC 17381994年12月。

[10] Housley, R., Polk, W. Ford, W. and D. Solo, "Internet X.509 Public Key Infrastructure - Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.

[10] Housley,R.,Polk,W.Ford,W.和D.Solo,“Internet X.509公钥基础设施-证书和证书撤销列表(CRL)配置文件”,RFC 32802002年4月。

[11] Federal Information Processing Standards Publication (FIPS PUB) 46-1, Data Encryption Standard, Reaffirmed 1988 January 22 (supersedes FIPS PUB 46, 1977 January 15).

[11] 联邦信息处理标准出版物(FIPS PUB)46-1,数据加密标准,1988年1月22日重申(取代FIPS PUB 46,1977年1月15日)。

[12] Federal Information Processing Standards Publication (FIPS PUB) 81, DES Modes of Operation, 1980 December 2.

[12] 联邦信息处理标准出版物(FIPS PUB)81,DES操作模式,1980年12月2日。

[13] Balenson, D., "Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers", RFC 1423, February 1993.

[13] Balenson,D.,“因特网电子邮件的隐私增强:第三部分:算法、模式和标识符”,RFC 1423,1993年2月。

[14] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[14] Rivest,R.,“MD5消息摘要算法”,RFC1321,1992年4月。

[15] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 1883, December 1995.

[15] Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 1883,1995年12月。

[16] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998.

[16] Hinden,R.和S.Deering,“IP版本6寻址体系结构”,RFC 23731998年7月。

   [17] CNRI Handle System Resolver, http://www.handle.net/resolver
        
   [17] CNRI Handle System Resolver, http://www.handle.net/resolver
        
   [18] Grail browser home page, http://grail.sourceforge.net/
        
   [18] Grail browser home page, http://grail.sourceforge.net/
        
   [19] Python language website, http://www.python.org/
        
   [19] Python language website, http://www.python.org/
        

[20] Kohl, J. and C. Neuman, "The Kerberos Network Authentication Service (V5)", RFC 1510, September 1993.

[20] Kohl,J.和C.Neuman,“Kerberos网络身份验证服务(V5)”,RFC15101993年9月。

[21] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999.

[21] Dierks,T.和C.Allen,“TLS协议1.0版”,RFC 2246,1999年1月。

   [22] R. Kahn, R. Wilensky, "A Framework for Distributed Digital
        Object Services, May 1995, http://www.cnri.reston.va.us/k-w.html
        
   [22] R. Kahn, R. Wilensky, "A Framework for Distributed Digital
        Object Services, May 1995, http://www.cnri.reston.va.us/k-w.html
        

[23] American National Standards Institute. ANSI X9.52-1998, Triple Data Encryption Algorithm Modes of Operation. 1998.

[23] 美国国家标准协会。ANSI X9.52-1998,三重数据加密算法操作模式。1998

9. Authors' Addresses
9. 作者地址

Sam X. Sun Corporation for National Research Initiatives (CNRI) 1895 Preston White Dr., Suite 100 Reston, VA 20191

Sam X.Sun国家研究计划公司(CNRI)1895 Preston White博士,弗吉尼亚州莱斯顿100号套房,邮编20191

Phone: 703-262-5316 EMail: ssun@cnri.reston.va.us

电话:703-262-5316电子邮件:ssun@cnri.reston.va.us

Sean Reilly Corporation for National Research Initiatives (CNRI) 1895 Preston White Dr., Suite 100 Reston, VA 20191

肖恩·赖利国家研究计划公司(CNRI)1895普雷斯顿·怀特博士,弗吉尼亚州莱斯顿100号套房,邮编20191

Phone: 703-620-8990 EMail: sreilly@cnri.reston.va.us

电话:703-620-8990电子邮件:sreilly@cnri.reston.va.us

Larry Lannom Corporation for National Research Initiatives (CNRI) 1895 Preston White Dr., Suite 100 Reston, VA 20191

拉里·兰诺姆国家研究计划公司(CNRI)1895普雷斯顿·怀特博士,弗吉尼亚州莱斯顿100号套房,邮编:20191

Phone: 703-620-8990 EMail: llannom@cnri.reston.va.us

电话:703-620-8990电子邮件:llannom@cnri.reston.va.us

10. Full Copyright Statement
10. 完整版权声明

Copyright (C) The Internet Society (2003). All Rights Reserved.

版权所有(C)互联网协会(2003年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。