Independent Submission R. Alimi Request for Comments: 7069 Google Category: Informational A. Rahman ISSN: 2070-1721 InterDigital Communications, LLC D. Kutscher NEC Y. Yang Yale University H. Song Huawei Technologies K. Pentikousis EICT November 2013
Independent Submission R. Alimi Request for Comments: 7069 Google Category: Informational A. Rahman ISSN: 2070-1721 InterDigital Communications, LLC D. Kutscher NEC Y. Yang Yale University H. Song Huawei Technologies K. Pentikousis EICT November 2013
DECoupled Application Data Enroute (DECADE)
途中分离的应用程序数据(十年)
Abstract
摘要
Content distribution applications, such as those employing peer-to-peer (P2P) technologies, are widely used on the Internet and make up a large portion of the traffic in many networks. Often, however, content distribution applications use network resources inefficiently. One way to improve efficiency is to introduce storage capabilities within the network and enable cooperation between end-host and in-network content distribution mechanisms. This is the capability provided by a DECoupled Application Data Enroute (DECADE) system, which is introduced in this document. DECADE enables applications to take advantage of in-network storage when distributing data objects as opposed to using solely end-to-end resources. This document presents the underlying principles and key functionalities of such a system and illustrates operation through a set of examples.
内容分发应用程序,如采用对等(P2P)技术的内容分发应用程序,在Internet上得到广泛应用,并在许多网络中占流量的很大一部分。然而,内容分发应用程序通常会低效地使用网络资源。提高效率的一种方法是在网络中引入存储功能,并实现终端主机和网络内内容分发机制之间的协作。这是一个解耦的应用程序数据途中(DECED)系统提供的功能,本文介绍了该系统。十年使应用程序能够在分发数据对象时利用网络存储,而不是仅使用端到端资源。本文件介绍了此类系统的基本原理和关键功能,并通过一组示例说明了操作。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7069.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7069.
Copyright Notice
版权公告
Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2013 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Architectural Principles . . . . . . . . . . . . . . . . . . 8 4.1. Data- and Control-Plane Decoupling . . . . . . . . . . . 8 4.2. Immutable Data Objects . . . . . . . . . . . . . . . . . 9 4.3. Data Object Identifiers . . . . . . . . . . . . . . . . . 10 4.4. Explicit Control . . . . . . . . . . . . . . . . . . . . 11 4.5. Resource and Data Access Control through Delegation . . . 11 5. System Components . . . . . . . . . . . . . . . . . . . . . . 12 5.1. Application Endpoint . . . . . . . . . . . . . . . . . . 13 5.2. DECADE Client . . . . . . . . . . . . . . . . . . . . . . 14 5.3. DECADE Server . . . . . . . . . . . . . . . . . . . . . . 14 5.4. Data Sequencing and Naming . . . . . . . . . . . . . . . 15 5.5. Token-Based Authorization and Resource Control . . . . . 17 5.6. Discovery . . . . . . . . . . . . . . . . . . . . . . . . 18 6. DECADE Protocol Considerations . . . . . . . . . . . . . . . 19 6.1. Naming . . . . . . . . . . . . . . . . . . . . . . . . . 19 6.2. Resource Protocol . . . . . . . . . . . . . . . . . . . . 19 6.3. Data Transfer . . . . . . . . . . . . . . . . . . . . . . 22 6.4. Server-Server Protocols . . . . . . . . . . . . . . . . . 23 6.5. Potential DRP/SDT Candidates . . . . . . . . . . . . . . 23 7. How In-Network Storage Components Map to DECADE . . . . . . . 24 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 8.1. Threat: System Denial-of-Service Attacks . . . . . . . . 25 8.2. Threat: Authorization Mechanisms Compromised . . . . . . 25 8.3. Threat: Spoofing of Data Objects . . . . . . . . . . . . 26 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 10.1. Normative References . . . . . . . . . . . . . . . . . . 27 10.2. Informative References . . . . . . . . . . . . . . . . . 27 Appendix A. Evaluation of Candidate Protocols for DECADE DRP/SDT 29 A.1. HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . 29 A.2. CDMI . . . . . . . . . . . . . . . . . . . . . . . . . . 31 A.3. OAuth . . . . . . . . . . . . . . . . . . . . . . . . . . 34
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Architectural Principles . . . . . . . . . . . . . . . . . . 8 4.1. Data- and Control-Plane Decoupling . . . . . . . . . . . 8 4.2. Immutable Data Objects . . . . . . . . . . . . . . . . . 9 4.3. Data Object Identifiers . . . . . . . . . . . . . . . . . 10 4.4. Explicit Control . . . . . . . . . . . . . . . . . . . . 11 4.5. Resource and Data Access Control through Delegation . . . 11 5. System Components . . . . . . . . . . . . . . . . . . . . . . 12 5.1. Application Endpoint . . . . . . . . . . . . . . . . . . 13 5.2. DECADE Client . . . . . . . . . . . . . . . . . . . . . . 14 5.3. DECADE Server . . . . . . . . . . . . . . . . . . . . . . 14 5.4. Data Sequencing and Naming . . . . . . . . . . . . . . . 15 5.5. Token-Based Authorization and Resource Control . . . . . 17 5.6. Discovery . . . . . . . . . . . . . . . . . . . . . . . . 18 6. DECADE Protocol Considerations . . . . . . . . . . . . . . . 19 6.1. Naming . . . . . . . . . . . . . . . . . . . . . . . . . 19 6.2. Resource Protocol . . . . . . . . . . . . . . . . . . . . 19 6.3. Data Transfer . . . . . . . . . . . . . . . . . . . . . . 22 6.4. Server-Server Protocols . . . . . . . . . . . . . . . . . 23 6.5. Potential DRP/SDT Candidates . . . . . . . . . . . . . . 23 7. How In-Network Storage Components Map to DECADE . . . . . . . 24 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 8.1. Threat: System Denial-of-Service Attacks . . . . . . . . 25 8.2. Threat: Authorization Mechanisms Compromised . . . . . . 25 8.3. Threat: Spoofing of Data Objects . . . . . . . . . . . . 26 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 10.1. Normative References . . . . . . . . . . . . . . . . . . 27 10.2. Informative References . . . . . . . . . . . . . . . . . 27 Appendix A. Evaluation of Candidate Protocols for DECADE DRP/SDT 29 A.1. HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . 29 A.2. CDMI . . . . . . . . . . . . . . . . . . . . . . . . . . 31 A.3. OAuth . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Content distribution applications, such as peer-to-peer (P2P) applications, are widely used on the Internet to distribute data objects and make up a large portion of the traffic in many networks. Said applications can often introduce performance bottlenecks in otherwise well-provisioned networks. In some cases, operators are forced to invest substantially in infrastructure to accommodate the use of such applications. For instance, in many subscriber networks, it can be expensive to upgrade network equipment in the "last mile", because it can involve replacing equipment and upgrading wiring and devices at individual homes, businesses, DSLAMs (Digital Subscriber Line Access Multiplexers), and CMTSs (Cable Modem Termination Systems) in remote locations. It may be more practical and economical to upgrade the core infrastructure, instead of the "last mile" of the network, as this involves fewer components that are shared by many subscribers. See [RFC6646] and [RFC6392] for a more complete discussion of the problem domain and general discussions of the capabilities envisioned for a DECADE system. As a historical point, it should be noted that [RFC6646] and [RFC6392] came out of the now closed DECADE Working Group. This document aims to advance some of the valuable concepts from that now closed Working Group.
内容分发应用程序,如对等(P2P)应用程序,在Internet上被广泛用于分发数据对象,并在许多网络中占流量的很大一部分。上述应用程序通常会在其他配置良好的网络中引入性能瓶颈。在某些情况下,运营商被迫对基础设施进行大量投资,以适应此类应用程序的使用。例如,在许多用户网络中,在“最后一英里”升级网络设备可能很昂贵,因为这可能涉及更换设备和升级个人家庭、企业、DSLAM(数字用户线路接入多路复用器)和远程位置的CMTSs(电缆调制解调器终端系统)的布线和设备。升级核心基础设施,而不是网络的“最后一英里”,可能更为实际和经济,因为这涉及到由许多用户共享的组件更少。请参阅[RFC6646]和[RFC6392],了解问题域的更完整讨论以及十年系统所设想的功能的一般讨论。作为一个历史点,应该指出,[RFC6646]和[RFC6392]来自于现在已经结束的十年工作组。本文件旨在推进该现已关闭的工作组提出的一些有价值的概念。
This document presents mechanisms for providing in-network storage that can be integrated into content distribution applications. The primary focus is P2P-based content distribution, but DECADE may be useful to other applications with similar characteristics and requirements (e.g., Content Distribution Networks (CDNs) or hybrid P2P/CDNs). The approach we adopt in this document is to define the core functionalities and protocol functions that are needed to support a DECADE system. This document provides illustrative examples so that implementers can understand the main concepts in DECADE, but it is generally assumed that readers are also familiar with the terms and concepts used in [RFC6646] and [RFC6392].
本文档介绍了提供可集成到内容分发应用程序中的网络存储的机制。主要关注点是基于P2P的内容分发,但对于具有类似特征和需求的其他应用程序(例如,内容分发网络(cdn)或混合P2P/cdn),DECADE可能很有用。我们在本文件中采用的方法是定义支持十年系统所需的核心功能和协议功能。本文档提供了说明性示例,以便实施者能够在十年内理解主要概念,但通常假定读者也熟悉[RFC6646]和[RFC6392]中使用的术语和概念。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
This document uses the following terminology.
本文件使用以下术语。
Application Endpoint A host that includes a DECADE client along with other application functionalities (e.g., peer-to-peer (P2P) client, video streaming client).
应用程序端点包括一个十年客户端以及其他应用程序功能(例如,对等(P2P)客户端、视频流客户端)的主机。
Content Distribution Application A specific type of application that may exist in an Application Endpoint. A content distribution application is an application (e.g., P2P) designed for dissemination of large amounts of content (e.g., files or video streams) to multiple peers. Content distribution applications may divide content into smaller blocks for dissemination.
内容分发应用程序应用程序端点中可能存在的特定类型的应用程序。内容分发应用程序是设计用于向多个对等方分发大量内容(例如,文件或视频流)的应用程序(例如,P2P)。内容分发应用程序可以将内容分成更小的块进行分发。
Data Object A data object is the unit of data stored and retrieved from a DECADE server. The data object is a sequence of raw bytes. The server maintains metadata associated with each data object, but the metadata is physically and logically separate from the data object.
数据对象数据对象是从服务器存储和检索的数据单位。数据对象是一个原始字节序列。服务器维护与每个数据对象关联的元数据,但元数据在物理上和逻辑上与数据对象分离。
DECADE Client A DECADE client uploads and/or retrieves data from a DECADE server.
十年客户端十年客户端从十年服务器上载和/或检索数据。
DECADE Resource Protocol (DRP) A logical protocol for communication of access control and resource-scheduling policies from a DECADE client to a DECADE server, or between DECADE servers. In practice, the functionality of the DRP may be distributed over one or more actual protocols.
十年资源协议(DRP)一种逻辑协议,用于从十年客户端到十年服务器或十年服务器之间的访问控制和资源调度策略通信。在实践中,DRP的功能可以分布在一个或多个实际协议上。
DECADE Server A DECADE server stores data inside the network for a DECADE client or another DECADE server, and thereafter it manages both the stored data and access to that data by other DECADE clients.
十年服务器十年服务器在网络内为十年客户端或另一个十年服务器存储数据,然后管理存储的数据和其他十年客户端对该数据的访问。
DECADE Storage Provider A DECADE storage provider deploys and/or manages DECADE servers within a network.
十年存储提供程序十年存储提供程序在网络中部署和/或管理十年服务器。
DECADE System An in-network storage system that is composed of DECADE clients and DECADE servers. The DECADE servers may be deployed by one or more DECADE storage providers.
十年系统由十年客户端和十年服务器组成的网络存储系统。十年服务器可由一个或多个十年存储提供商部署。
In-Network Storage A service inside a network that provides storage to applications. In-network storage may reduce upload/transit/backbone traffic and improve application performance. In-network storage may, for example, be co-located with the border router (network-attached storage) or inside a data center. A DECADE system is an example of an in-network storage system.
在网络存储中,网络中为应用程序提供存储的一种服务。网络存储可以减少上载/传输/主干网流量,并提高应用程序性能。例如,网络内存储可以与边界路由器(网络连接存储)位于同一位置,或者位于数据中心内。十进位系统是网络存储系统的一个示例。
Standard Data Transfer (SDT) Protocol A logical protocol used to transfer data objects between a DECADE client and DECADE server, or between DECADE servers. The intent is that in practice the SDT should map to an existing, well-known protocol already in use over the Internet for transporting data.
标准数据传输(SDT)协议用于在十年客户端和十年服务器之间或十年服务器之间传输数据对象的逻辑协议。其目的是,在实践中,SDT应映射到一个现有的、众所周知的协议,该协议已在互联网上用于传输数据。
A DECADE system provides a distributed storage service for content distribution applications (e.g., P2P). The system consists of clients and servers. A client first uploads data objects to one or more selected servers and optionally requests distribution of these data objects to other servers. The client then selectively authorizes other clients to download these data objects. Such a system is employed in an overall application context (e.g., P2P file sharing), and it is expected that DECADE clients take part in application-specific communication sessions.
十年系统为内容分发应用程序(如P2P)提供分布式存储服务。该系统由客户端和服务器组成。客户机首先将数据对象上载到一个或多个选定的服务器,并可选地请求将这些数据对象分发到其他服务器。然后,客户端选择性地授权其他客户端下载这些数据对象。这样的系统用于整个应用环境(例如,P2P文件共享),并且预期客户机参与特定于应用的通信会话。
Figure 1 is a schematic of a simple DECADE system with two DECADE clients and two DECADE servers. As illustrated, a DECADE client, which is part of an Application Endpoint, uses the DECADE Resource Protocol (DRP) to convey to a server information related to access control and resource-scheduling policies. DRP can also be used between servers for exchanging this type of information. A DECADE system employs the Standard Data Transfer (SDT) protocol to transfer data objects to and from a server, as we will explain later.
图1是一个简单的十年系统的示意图,其中包含二十年客户端和二十年服务器。如图所示,作为应用程序端点一部分的十年客户端使用十年资源协议(DRP)向服务器传送与访问控制和资源调度策略相关的信息。DRP还可以在服务器之间用于交换此类信息。十年系统使用标准数据传输(SDT)协议在服务器之间传输数据对象,我们将在后面解释。
Native Application Protocol(s) .-------------. (e.g., P2P) .-------------. | Application | <------------------> | Application | | Endpoint | | Endpoint | | | | | | .--------. | | .--------. | | | DECADE | | | | DECADE | | | | Client | | | | Client | | | `--------' | | `--------' | `-------------' `-------------' | ^ | ^ DECADE | | Standard | | Resource | | Data DRP | | SDT Protocol | | Transfer | | (DRP) | | (SDT) | | | | | | | | | | | | | | | | | | | | | | | | | | v v v v .=============. DRP .=============. | DECADE | <------------------> | DECADE | | Server | <------------------> | Server | `=============' SDT `============='
Native Application Protocol(s) .-------------. (e.g., P2P) .-------------. | Application | <------------------> | Application | | Endpoint | | Endpoint | | | | | | .--------. | | .--------. | | | DECADE | | | | DECADE | | | | Client | | | | Client | | | `--------' | | `--------' | `-------------' `-------------' | ^ | ^ DECADE | | Standard | | Resource | | Data DRP | | SDT Protocol | | Transfer | | (DRP) | | (SDT) | | | | | | | | | | | | | | | | | | | | | | | | | | v v v v .=============. DRP .=============. | DECADE | <------------------> | DECADE | | Server | <------------------> | Server | `=============' SDT `============='
Figure 1: DECADE Overview
图1:十年概览
With Figure 1 at hand, assume that Application Endpoint B requests a data object from Application Endpoint A using their native application protocols (e.g., P2P protocol) as in Figure 2. In this case, Endpoint A will act as the sender, and Endpoint B as the receiver for said data object. S(A) is the DECADE storage server which is access controlled. This means, first, that Endpoint A has a right to store the data object in S(A). Secondly, Endpoint B needs to obtain authorization before being able to retrieve the data object from S(A).
在图1中,假设应用程序端点B使用其本机应用程序协议(例如,P2P协议)从应用程序端点a请求数据对象,如图2所示。在这种情况下,端点A将充当所述数据对象的发送方,端点B将充当所述数据对象的接收方。S(A)是访问控制的十年存储服务器。这意味着,首先,端点A有权将数据对象存储在S(A)中。其次,端点B需要在能够从S(A)检索数据对象之前获得授权。
The four steps involved in a DECADE session are illustrated in Figure 2. The sequence starts with the initial contact between Endpoint B and Endpoint A, where Endpoint B requests a data object using their native application protocol (e.g., P2P). Next, Endpoint A uses DRP to obtain a token corresponding to the data object that was requested by Endpoint B. There may be several ways for Endpoint A to obtain such a token, e.g., compute it locally or request one from its DECADE storage server, S(A). Once obtained, Endpoint A then
十年会议涉及的四个步骤如图2所示。该序列从端点B和端点A之间的初始接触开始,其中端点B使用其本机应用程序协议(例如,P2P)请求数据对象。接下来,端点A使用DRP获取与端点B请求的数据对象相对应的令牌。端点A可以有几种方式获取这样的令牌,例如,在本地计算令牌或从其存储服务器S(A)请求令牌。一旦获得端点A,则
provides the token to Endpoint B (again, using their native application protocol). Finally, Endpoint B provides the received token to S(A) via DRP, and subsequently requests and downloads the data object via SDT. Again, it is assumed that DECADE is employed in an overall application context (e.g., P2P file-sharing session).
向端点B提供令牌(同样,使用其本机应用程序协议)。最后,端点B通过DRP将接收到的令牌提供给S(A),然后通过SDT请求和下载数据对象。同样,假设在整个应用程序上下文(例如,P2P文件共享会话)中使用DECADE。
For completeness, note that there is an important prerequisite step (not shown) to Figure 2, where Endpoint A first discovers and then stores the data object(s) of interest in S(A).
为了完整性,请注意图2中有一个重要的先决步骤(未显示),其中端点A首先发现感兴趣的数据对象,然后将其存储在端点A中。
.----------. 2. Obtain --------> | S(A) | <------ Token / `----------' \ 4. Request and (DRP) / \ Download Locally / \ Data Object or From / \ (DRP + SDT) S(A) v 1. App Request v .-------------. <--------------------------- .-------------. | Application | | Application | | Endpoint A | | Endpoint B | `-------------' ---------------------------> `-------------' 3. App Response (token)
.----------. 2. Obtain --------> | S(A) | <------ Token / `----------' \ 4. Request and (DRP) / \ Download Locally / \ Data Object or From / \ (DRP + SDT) S(A) v 1. App Request v .-------------. <--------------------------- .-------------. | Application | | Application | | Endpoint A | | Endpoint B | `-------------' ---------------------------> `-------------' 3. App Response (token)
Figure 2: Download from Storage Server
图2:从存储服务器下载
This section presents the key principles followed by any DECADE system.
本节介绍了任何十年制所遵循的关键原则。
DECADE SDT and DRP can be classified as belonging to data-plane functionality. The algorithms and signaling for a P2P application, for example, would belong to control-plane functionality.
十年SDT和DRP可归类为属于数据平面功能。例如,P2P应用程序的算法和信令属于控制平面功能。
A DECADE system aims to be application independent and should support multiple content distribution applications. Typically, a complete content distribution application implements a set of control-plane functions including content search, indexing and collection, access control, replication, request routing, and QoS scheduling. Implementers of different content distribution applications may have unique considerations when designing the control-plane functions. For example, with respect to the metadata management scheme, traditional file systems provide a standard metadata abstraction: a recursive structure of directories to offer namespace management where each file is an opaque byte stream. Content distribution applications may use different metadata management schemes. For
十年系统的目标是独立于应用程序,并应支持多个内容分发应用程序。通常,完整的内容分发应用程序实现一组控制平面功能,包括内容搜索、索引和收集、访问控制、复制、请求路由和QoS调度。在设计控制平面功能时,不同内容分发应用程序的实现者可能有独特的考虑。例如,关于元数据管理方案,传统的文件系统提供了标准的元数据抽象:目录的递归结构,以提供名称空间管理,其中每个文件都是不透明的字节流。内容分发应用程序可能使用不同的元数据管理方案。对于
instance, one application might use a sequence of blocks (e.g., for file sharing), while another application might use a sequence of frames (with different sizes) indexed by time.
例如,一个应用程序可能使用块序列(例如,用于文件共享),而另一个应用程序可能使用按时间索引的帧序列(大小不同)。
With respect to resource-scheduling algorithms, a major advantage of many successful P2P systems is their substantial expertise in achieving efficient utilization of peer resources. For instance, many streaming P2P systems include optimization algorithms for constructing overlay topologies that can support low-latency, high-bandwidth streaming. The research community as well as implementers of such systems continuously fine-tune existing algorithms and invent new ones. A DECADE system should be able to accommodate and benefit from all new developments.
关于资源调度算法,许多成功的P2P系统的一个主要优势是它们在实现对等资源的高效利用方面具有丰富的专业知识。例如,许多流式P2P系统包括用于构建覆盖拓扑的优化算法,这些拓扑可以支持低延迟、高带宽的流。研究团体以及此类系统的实施者不断微调现有算法并发明新算法。十年制度应该能够适应所有新的发展并从中受益。
In short, given the diversity of control-plane functions, a DECADE system should allow for as much flexibility as possible to the control plane to implement specific policies (and be decoupled from data-plane DRP/SDT). Decoupling the control plane from the data plane is not new, of course. For example, OpenFlow [OpenFlow] is an implementation of this principle for Internet routing, where the computation of the forwarding table and the application of the forwarding table are separated. The Google File System [GoogleFileSystem] applies the same principle to file system design by utilizing a Master to handle metadata management and several Chunk servers to handle data-plane functions (i.e., read and write of chunks of data). Finally, NFSv4.1's parallel NFS (pNFS) extension [RFC5661] also adheres to this principle.
简言之,鉴于控制平面功能的多样性,十年系统应允许控制平面尽可能灵活地实施特定策略(并与数据平面DRP/SDT分离)。当然,将控制平面与数据平面解耦并不是什么新鲜事。例如,OpenFlow[OpenFlow]是这一互联网路由原则的实现,其中转发表的计算和转发表的应用是分开的。谷歌文件系统[谷歌文件系统]将同样的原则应用于文件系统设计,利用一个主服务器来处理元数据管理,利用几个区块服务器来处理数据平面功能(即读取和写入数据区块)。最后,NFSv4.1的并行NFS(pNFS)扩展[RFC5661]也遵循这一原则。
A common property of bulk content to be broadly distributed is that it is immutable -- once content is generated, it is typically not modified. For example, once a movie has been edited and released for distribution, it is very uncommon that the corresponding video frames and images need to be modified. The same applies to document distribution, such as RFCs; audio files, such as podcasts; and program patches. Focusing on immutable data can substantially simplify data-plane design, since consistency requirements can be relaxed. It also simplifies data reuse and the removal of duplicates.
要广泛分发的批量内容的一个共同特性是它是不可变的——一旦生成内容,它通常不会被修改。例如,一旦一部电影被编辑并发布以供分发,就很少需要修改相应的视频帧和图像。这同样适用于文件分发,如RFC;音频文件,如播客;和程序补丁。专注于不可变数据可以大大简化数据平面设计,因为一致性要求可以放宽。它还简化了数据重用和重复数据的删除。
Depending on its specific requirements, an application may store immutable data objects in DECADE servers such that each data object is completely self-contained (e.g., a complete, independently decodable video segment). An application may also divide data into data objects that require application-level assembly. Many content distribution applications divide bulk content into data objects for multiple reasons, including (a) fetching different data objects from
根据其特定要求,应用程序可以在十年服务器中存储不可变的数据对象,以使每个数据对象完全自包含(例如,完整的、独立可解码的视频片段)。应用程序还可以将数据划分为需要应用程序级组装的数据对象。许多内容分发应用程序出于多种原因将批量内容划分为数据对象,包括(a)从中获取不同的数据对象
different sources in parallel and (b) faster recovery and verification as individual data objects might be recovered and verified. Typically, applications use a data object size larger than a single packet in order to reduce control overhead.
并行的不同数据源和(b)更快的恢复和验证,因为可以恢复和验证单个数据对象。通常,应用程序使用大于单个数据包的数据对象大小,以减少控制开销。
A DECADE system should be agnostic to the nature of the data objects and should not specify a fixed size for them. A protocol specification based on this architecture may prescribe requirements on minimum and maximum sizes for compliant implementations.
十年系统应该不知道数据对象的性质,不应该为它们指定固定的大小。基于此体系结构的协议规范可能规定了兼容实现的最小和最大大小的要求。
Note that immutable data objects can still be deleted. Applications can support modification of existing data stored at a DECADE server through a combination of storing new data objects and deleting existing data objects. For example, a metadata management function of the control plane might associate a name with a sequence of immutable data objects. If one of the data objects is modified, the meta-data management function changes the mapping of the name to a new sequence of immutable data objects.
请注意,仍然可以删除不可变的数据对象。通过存储新数据对象和删除现有数据对象的组合,应用程序可以支持修改存储在Decead服务器上的现有数据。例如,控制平面的元数据管理功能可能将名称与一系列不可变数据对象相关联。如果其中一个数据对象被修改,元数据管理功能将更改名称到新的不可变数据对象序列的映射。
A data object stored in a DECADE server shall be accessed by DECADE clients via a data object identifier. Each DECADE client may be able to access more than one storage server. A data object that is replicated across different storage servers managed by a storage provider may be accessed through a single identifier. Since data objects are immutable, it shall be possible to support persistent identifiers for data objects.
存储在十年服务器中的数据对象应由十年客户端通过数据对象标识符访问。每个客户机可以访问多个存储服务器。可以通过单个标识符访问跨存储提供程序管理的不同存储服务器复制的数据对象。由于数据对象是不可变的,因此应能够支持数据对象的持久标识符。
Data object identifiers should be created by DECADE clients when uploading the corresponding objects to a DECADE server. The scheme for the assignment/derivation of the data object identifier to a data object depends as the data object naming scheme and is out of scope of this document. One possibility is to name data objects using hashes as described in [RFC6920]. Note that [RFC6920] describes naming schemes on a semantic level only, but specific SDTs and DRPs use specific representations.
在将相应对象上载到十年服务器时,十年客户端应创建数据对象标识符。向数据对象分配/派生数据对象标识符的方案取决于数据对象命名方案,不在本文档范围内。一种可能是使用[RFC6920]中所述的散列来命名数据对象。请注意,[RFC6920]仅在语义级别描述命名方案,但特定的SDT和DRP使用特定的表示。
In particular, for some applications, it is important that clients and servers be able to validate the name-object binding, i.e., by verifying that a received object really corresponds to the name (identifier) that was used for requesting it (or that was provided by a sender). If a specific application requires name-object binding validation, the data object identifiers can support it by providing message digests or so-called self-certifying naming information.
特别是,对于某些应用程序,客户端和服务器必须能够验证名称对象绑定,即通过验证接收到的对象是否确实与用于请求它(或由发送方提供)的名称(标识符)相对应。如果特定应用程序需要名称对象绑定验证,那么数据对象标识符可以通过提供消息摘要或所谓的自认证命名信息来支持它。
Different name-object binding validation mechanisms may be supported in a single DECADE system. Content distribution applications can decide what mechanism to use, or to not provide name-object validation (e.g., if authenticity and integrity can by ascertained by alternative means). We expect that applications may be able to construct unique names (with high probability) without requiring a registry or other forms of coordination. Names may be self-describing so that a receiving DECADE client understands, for example, which hash function to use for validating name-object binding.
在单个系统中可能支持不同的名称对象绑定验证机制。内容分发应用程序可以决定使用何种机制,或者不提供名称对象验证(例如,是否可以通过其他方式确定真实性和完整性)。我们期望应用程序能够构造唯一的名称(概率很高),而无需注册或其他形式的协调。名称可以是自描述的,以便接收客户端理解(例如)用于验证名称对象绑定的哈希函数。
Some content distribution applications will derive the name of a data object from the hash over the data object; this is made possible by the fact that DECADE objects are immutable. But there may be other applications such as live streaming where object names will not based on hashes but rather on an enumeration scheme. The naming scheme will also enable those applications to construct unique names.
一些内容分发应用程序将从数据对象上的散列派生数据对象的名称;这是因为十年对象是不可变的。但也可能有其他应用程序,如实时流媒体,其中对象名称将不基于散列,而是基于枚举方案。命名方案还将使这些应用程序能够构造唯一的名称。
In order to enable the uniqueness, flexibility and self-describing properties, the naming scheme used in a DECADE system should provide a "type" field that indicates the name-object validation function type (for example, "sha-256" [RFC5754]) and the cryptographic data (such as an object hash) that corresponds to the type information. Moreover, the naming scheme may additionally provide application or publisher information.
为了实现唯一性、灵活性和自描述属性,十年系统中使用的命名方案应提供一个“类型”字段,该字段指示名称对象验证函数类型(例如,“sha-256”[RFC5754])和对应于类型信息的加密数据(例如对象哈希)。此外,命名方案还可以提供应用程序或发布者信息。
To support the functions of an application's control plane, applications should be able to keep track and coordinate which data is stored at particular servers. Thus, in contrast with traditional caches, applications are given explicit control over the placement (selection of a DECADE server), deletion (or expiration policy), and access control for stored data objects. Consider deletion/expiration policy as a simple example. An application might require that a DECADE server stores data objects for a relatively short period of time (e.g., for live-streaming data). Another application might need to store data objects for a longer duration (e.g., for video on demand), and so on.
为了支持应用程序控制平面的功能,应用程序应该能够跟踪和协调存储在特定服务器上的数据。因此,与传统的缓存不同,应用程序可以明确控制存储数据对象的放置(选择十年服务器)、删除(或过期策略)和访问控制。考虑删除/过期策略作为一个简单的例子。应用程序可能需要一个十年服务器在相对较短的时间内存储数据对象(例如,对于实时流数据)。另一个应用程序可能需要存储更长时间的数据对象(例如,视频点播),等等。
A DECADE system provides a shared infrastructure to be used by multiple Application Endpoints. Thus, it needs to provide both resource and data access control, as discussed in the following subsections.
十年系统提供了一个供多个应用程序端点使用的共享基础结构。因此,它需要提供资源和数据访问控制,如下小节所述。
There are two primary interacting entities in a DECADE system. First, storage providers coordinate DECADE server provisioning, including their total available resources. Second, applications coordinate data transfers amongst available DECADE servers and between servers and clients. A form of isolation is required to enable each of the concurrently running applications to explicitly manage its own data objects and share of resources at the available servers. Therefore, a storage provider should delegate resource management on a DECADE server to uploading DECADE clients, enabling them to explicitly and independently manage their own share of resources on a server.
在十年系统中有两个主要的交互实体。首先,存储提供商协调服务器资源调配,包括其总可用资源。其次,应用程序协调可用服务器之间以及服务器和客户端之间的数据传输。需要一种形式的隔离,以使每个并发运行的应用程序能够显式地管理其自己的数据对象和可用服务器上的资源共享。因此,存储提供商应将十年服务器上的资源管理委托给上载十年客户端,使它们能够明确、独立地管理自己在服务器上的资源份额。
DECADE storage providers will have the ability to explicitly manage the entities allowed to utilize the resources available on a DECADE server. This is needed for reasons such as capacity-planning and legal considerations in certain deployment scenarios. The DECADE server should grant a share of the resources to a DECADE client. The client can in turn share the granted resources amongst its (possibly) multiple applications. The share of resources granted by a server is called a User Delegation. As a simple example, a DECADE server operated by an ISP might be configured to grant each ISP subscriber 1.5 Mbit/s of network capacity and 1 GB of memory. The ISP subscriber might in turn divide this share of resources amongst a video-streaming application and file-sharing application that are running concurrently.
十年存储提供商将能够显式管理允许利用十年服务器上可用资源的实体。这是出于某些部署场景中的容量规划和法律考虑等原因而需要的。十年服务器应将资源的一部分授予十年客户端。客户机可以在其(可能的)多个应用程序之间共享授予的资源。服务器授予的资源共享称为用户委派。作为一个简单的例子,由ISP操作的十年服务器可以配置为向每个ISP订户授予1.5 Mbit/s的网络容量和1 GB的内存。ISP订户可以依次将此资源共享分配给同时运行的视频流应用程序和文件共享应用程序。
As noted earlier, the primary focus of this document is the architectural principles and the system components that implement them. While specific system components might differ between implementations, this document details the major components and their overall roles in the architecture. To keep the scope narrow, we only discuss the primary components related to protocol development. Particular deployments will require additional components (e.g., monitoring and accounting at a server), but they are intentionally omitted from this document.
如前所述,本文档的主要重点是体系结构原则和实现这些原则的系统组件。虽然不同实现的特定系统组件可能有所不同,但本文档详细介绍了主要组件及其在体系结构中的总体角色。为了缩小范围,我们只讨论与协议开发相关的主要组件。特定部署将需要额外的组件(例如,服务器上的监视和记帐),但本文档中有意省略这些组件。
Content distribution applications have many functional components. For example, many P2P applications have components and algorithms to manage overlay topology, rate allocation, piece selection, and so on. In this document, we focus on the components directly engaged in a DECADE system. Figure 3 illustrates the components discussed in this section from the perspective of a single Application Endpoint.
内容分发应用程序有许多功能组件。例如,许多P2P应用程序都有组件和算法来管理覆盖拓扑、速率分配、片段选择等。在本文档中,我们将重点介绍直接参与十年系统的组件。图3从单个应用程序端点的角度说明了本节中讨论的组件。
Native Application Protocol(s) (with other Application Endpoints) .---------------------> | V .----------------------------------------------------------------. | Application Endpoint | | .-------------------. .-------------------. | | | Application-Layer | ... | App Data Assembly | | | | Algorithms | | Sequencing | | | `-------------------' `-------------------' | | | | .==========================================================. | | | DECADE Client | | | | .-------------------------. .--------------------------. | | | | | Resource Controller | | Data Controller | | | | | | .--------. .----------. | | .------------. .-------. | | | | | | | Data | | Resource-| | | | Data | | Data | | | | | | | | Access | | Sharing | | | | Scheduling | | Index | | | | | | | | Policy | | Policy | | | | | | | | | | | | | `--------' `----------' | | `------------' `-------' | | | | | `-------------------------' `--------------------------' | | | | | ^ | | | `== | ============================== | ====================' | `----- | ------------------------------ | -----------------------' | | | DECADE Resource Protocol | Standard Data Transfer | (DRP) | (SDT) v V
Native Application Protocol(s) (with other Application Endpoints) .---------------------> | V .----------------------------------------------------------------. | Application Endpoint | | .-------------------. .-------------------. | | | Application-Layer | ... | App Data Assembly | | | | Algorithms | | Sequencing | | | `-------------------' `-------------------' | | | | .==========================================================. | | | DECADE Client | | | | .-------------------------. .--------------------------. | | | | | Resource Controller | | Data Controller | | | | | | .--------. .----------. | | .------------. .-------. | | | | | | | Data | | Resource-| | | | Data | | Data | | | | | | | | Access | | Sharing | | | | Scheduling | | Index | | | | | | | | Policy | | Policy | | | | | | | | | | | | | `--------' `----------' | | `------------' `-------' | | | | | `-------------------------' `--------------------------' | | | | | ^ | | | `== | ============================== | ====================' | `----- | ------------------------------ | -----------------------' | | | DECADE Resource Protocol | Standard Data Transfer | (DRP) | (SDT) v V
Figure 3: Application and DECADE Client Components
图3:应用程序和客户端组件
A DECADE system is geared towards supporting applications that can distribute content using data objects (e.g., P2P). To accomplish this, applications can include a component responsible for creating the individual data objects before distribution and for reassembling them later. We call this component Application Data Assembly. In producing and assembling data objects, two important considerations are sequencing and naming. A DECADE system assumes that applications
十年系统旨在支持可以使用数据对象(如P2P)分发内容的应用程序。为了实现这一点,应用程序可以包括一个组件,该组件负责在分发之前创建各个数据对象,并在以后重新组装它们。我们称之为组件应用程序数据组装。在生成和组装数据对象时,两个重要的考虑事项是排序和命名。十年制假设应用程序
implement this functionality themselves. In addition to DECADE DRP/SDT, applications will most likely also support other, native application protocols (e.g., P2P control and data transfer protocols).
自己实现这个功能。除了十年DRP/SDT,应用程序很可能还支持其他本地应用程序协议(例如,P2P控制和数据传输协议)。
The DECADE client provides the local support to an application, and it can be implemented standalone, embedded into the application, or integrated in other software entities within network devices (i.e., hosts). In general, applications may have different resource-sharing policies and data access policies with regard to DECADE servers. These policies may be existing policies of applications or custom policies. The specific implementation is decided by the application.
十年客户端为应用程序提供本地支持,可以独立实现,嵌入到应用程序中,或集成到网络设备(即主机)内的其他软件实体中。一般来说,应用程序对于服务器可能具有不同的资源共享策略和数据访问策略。这些策略可能是应用程序的现有策略或自定义策略。具体实现由应用程序决定。
Recall that DECADE decouples the control and the data transfer of applications. A data-scheduling component schedules data transfers according to network conditions, available servers, and/or available server resources. The Data Index indicates data available at remote servers. The Data Index (or a subset of it) can be advertised to other clients. A common use case for this is to provide the ability to locate data amongst distributed Application Endpoints (i.e., a data search mechanism such as a Distributed Hash Table (DHT)).
回想一下,十年将应用程序的控制和数据传输解耦。数据调度组件根据网络条件、可用服务器和/或可用服务器资源调度数据传输。数据索引指示远程服务器上可用的数据。数据索引(或其子集)可以通告给其他客户端。这方面的一个常见用例是提供在分布式应用程序端点之间定位数据的能力(即,数据搜索机制,如分布式哈希表(DHT))。
Figure 4 illustrates the primary components of a DECADE server. Note that the description below does not assume a single-host or centralized implementation -- a DECADE server is not necessarily a single physical machine; it can also be implemented in a distributed manner on a cluster of machines.
图4显示了十年服务器的主要组件。请注意,下面的描述并不假设一台主机或集中式实现——十年服务器不一定是一台物理机器;它还可以在机器集群上以分布式方式实现。
| DECADE Resource | Standard Data | Protocol (DRP) | Transfer (SDT) | | .= | ================= | ===========================. | | v DECADE Server | | | .----------------. | | |----> | Access Control | <--------. | | | `----------------' | | | | ^ | | | | | | | | | v | | | | .---------------------. | | | `-> | Resource Scheduling | <------| | | `---------------------' | | | ^ | | | | | | | v .-----------------. | | .-----------------. | User Delegation | | | | Data Store | | Management | | | `-----------------' `-----------------' | `==================================================='
| DECADE Resource | Standard Data | Protocol (DRP) | Transfer (SDT) | | .= | ================= | ===========================. | | v DECADE Server | | | .----------------. | | |----> | Access Control | <--------. | | | `----------------' | | | | ^ | | | | | | | | | v | | | | .---------------------. | | | `-> | Resource Scheduling | <------| | | `---------------------' | | | ^ | | | | | | | v .-----------------. | | .-----------------. | User Delegation | | | | Data Store | | Management | | | `-----------------' `-----------------' | `==================================================='
Figure 4: DECADE Server Components
图4:Texa服务器组件
Provided sufficient authorization, a client shall be able to access its own data or other client's data in a DECADE server. Clients may also authorize other clients to store data. If access is authorized by a client, the server should provide access. Applications may apply resource-sharing policies or use a custom policy. DECADE servers will then perform resource scheduling according to the resource-sharing policies indicated by the client as well as any other previously configured User Delegations. Data from applications will be stored at a DECADE server. Data may be deleted from storage either explicitly or automatically (e.g., after a Time To Live (TTL) expiration).
如果有足够的授权,客户机应能够访问其自己的数据或十年服务器中的其他客户机数据。客户机还可以授权其他客户机存储数据。如果访问由客户端授权,则服务器应提供访问权限。应用程序可以应用资源共享策略或使用自定义策略。然后,十年服务器将根据客户端指示的资源共享策略以及之前配置的任何其他用户委派执行资源调度。来自应用程序的数据将存储在十年服务器上。数据可以明确地或自动地从存储器中删除(例如,在生存时间(TTL)到期后)。
The DECADE naming scheme implies no sequencing or grouping of objects, even if this is done at the application layer. To illustrate these properties, this section presents several examples of use.
十年命名方案意味着没有对象的排序或分组,即使这是在应用层完成的。为了说明这些特性,本节给出了几个使用示例。
Consider an application in which each individual application-layer segment of data is called a "chunk" and has a name of the form: "CONTENT_ID:SEQUENCE_NUMBER". Furthermore, assume that the application's native protocol uses chunks of size 16 KB. Now, assume that this application wishes to store data in a DECADE server in data objects of size 64 KB. To accomplish this, it can map a sequence of 4 chunks into a single data object, as shown in Figure 5.
考虑一个应用程序,其中每个数据的应用层段被称为“块”,并有一个窗体的名称:“CaltTyId:StordNo.No”。此外,假设应用程序的本机协议使用大小为16 KB的块。现在,假设此应用程序希望将数据存储在大小为64 KB的数据对象中的十年服务器中。为了实现这一点,它可以将4个块的序列映射到单个数据对象中,如图5所示。
Application Chunks .---------.---------.---------.---------.---------.---------.-------- | | | | | | | | Chunk_0 | Chunk_1 | Chunk_2 | Chunk_3 | Chunk_4 | Chunk_5 | Chunk_6 | | | | | | | `---------`---------`---------`---------`---------`---------`--------
Application Chunks .---------.---------.---------.---------.---------.---------.-------- | | | | | | | | Chunk_0 | Chunk_1 | Chunk_2 | Chunk_3 | Chunk_4 | Chunk_5 | Chunk_6 | | | | | | | `---------`---------`---------`---------`---------`---------`--------
DECADE Data Objects .---------------------------------------.---------------------------- | | | Object_0 | Object_1 | | `---------------------------------------`----------------------------
DECADE Data Objects .---------------------------------------.---------------------------- | | | Object_0 | Object_1 | | `---------------------------------------`----------------------------
Figure 5: Mapping Application Chunks to DECADE Data Objects
图5:将应用程序块映射到数据对象
In this example, the application maintains a logical mapping that is able to determine the name of a DECADE data object given the chunks contained within that data object. The name may be conveyed from either the original uploading DECADE client, another Endpoint with which the application is communicating, etc. As long as the data contained within each sequence of chunks is globally unique, the corresponding data objects have globally unique names.
在本例中,应用程序维护一个逻辑映射,该映射能够根据数据对象中包含的块来确定数据对象的名称。该名称可以从原始客户端、应用程序与之通信的另一个端点等传递。只要每个数据块序列中包含的数据是全局唯一的,相应的数据对象就具有全局唯一的名称。
Consider an application whose native protocol retrieves a continuous data stream (e.g., an MPEG2 stream) instead of downloading and redistributing chunks of data. Such an application could segment the continuous data stream to produce either fixed-sized or variable-sized data objects. Figure 6 depicts how a video streaming application might produce variable-sized data objects such that each data object contains 10 seconds of video data. In a manner similar to the previous example, the application may maintain a mapping that is able to determine the name of a data object given the time offset of the video chunk.
考虑本地协议检索连续数据流(例如,MPEG2流)的应用程序,而不是下载和重新分配数据块。这样的应用程序可以对连续数据流进行分段,以生成固定大小或可变大小的数据对象。图6描述了视频流应用程序如何生成可变大小的数据对象,以便每个数据对象包含10秒的视频数据。以类似于前一示例的方式,应用程序可以维护能够在给定视频块的时间偏移的情况下确定数据对象的名称的映射。
Application's Video Stream .-------------------------------------------------------------------- | | | `-------------------------------------------------------------------- ^ ^ ^ ^ ^ | | | | | 0 seconds 10 seconds 20 seconds 30 seconds 40 seconds 0 B 400 KB 900 KB 1200 KB 1500 KB
Application's Video Stream .-------------------------------------------------------------------- | | | `-------------------------------------------------------------------- ^ ^ ^ ^ ^ | | | | | 0 seconds 10 seconds 20 seconds 30 seconds 40 seconds 0 B 400 KB 900 KB 1200 KB 1500 KB
DECADE Data Objects .--------------.--------------.--------------.--------------.-------- | | | | | | Object_0 | Object_1 | Object_2 | Object_3 | | (400 KB) | (500 KB) | (300 KB) | (300 KB) | `--------------`--------------`--------------`--------------`--------
DECADE Data Objects .--------------.--------------.--------------.--------------.-------- | | | | | | Object_0 | Object_1 | Object_2 | Object_3 | | (400 KB) | (500 KB) | (300 KB) | (300 KB) | `--------------`--------------`--------------`--------------`--------
Figure 6: Mapping a Continuous Data Stream to DECADE Data Objects
图6:将连续数据流映射到十年数据对象
A key feature of a DECADE system is that an Application Endpoint can authorize other Application Endpoints to store or retrieve data objects from its in-network storage via tokens. The peer client then uses the token when sending requests to the DECADE server. Upon receiving a token, the server validates the signature and the operation being performed.
十年系统的一个关键特性是,应用程序端点可以授权其他应用程序端点通过令牌从其网络存储中存储或检索数据对象。然后,对等客户端在向服务器发送请求时使用令牌。收到令牌后,服务器验证签名和正在执行的操作。
This is a simple scheme, but has some important advantages over an alternative approach, for example, in which a client explicitly manipulates an Access Control List (ACL) associated with each data object. In particular, it has the following advantages when applied to DECADE systems. First, authorization policies are implemented within the application, thus the Application Endpoint explicitly controls when tokens are generated, to whom they are distributed, and for how long they will be valid. Second, fine-grained access and resource control can be applied to data objects. Third, there is no messaging between a client and server to manipulate data object permissions. This can simplify, in particular, applications that share data objects with many dynamic peers and need to frequently adjust access control policies attached to data objects. Finally, tokens can provide anonymous access, in which a server does not need to know the identity of each client that accesses it. This enables a client to send tokens to clients belonging to other storage providers, and to allow them to read or write data objects from the storage of its own storage provider. In addition to clients' ability to apply access control policies to data objects, the server may be
这是一个简单的方案,但与另一种方法相比有一些重要的优势,例如,在这种方法中,客户机显式地操作与每个数据对象关联的访问控制列表(ACL)。特别是,当应用于十年系统时,它具有以下优点。首先,授权策略在应用程序中实现,因此应用程序端点显式控制令牌的生成时间、分发对象以及有效期。其次,可以对数据对象应用细粒度访问和资源控制。第三,客户端和服务器之间没有消息传递来操作数据对象权限。这尤其可以简化与许多动态对等方共享数据对象并需要频繁调整附加到数据对象的访问控制策略的应用程序。最后,令牌可以提供匿名访问,服务器不需要知道访问它的每个客户端的身份。这使客户机能够向属于其他存储提供程序的客户机发送令牌,并允许他们从自己的存储提供程序的存储中读取或写入数据对象。除了客户端能够将访问控制策略应用于数据对象之外,服务器还可以
configured to apply additional policies based on user, object properties, geographic location, etc. A client might thus be denied access even though it possesses a valid token.
配置为基于用户、对象属性、地理位置等应用其他策略。因此,即使客户端拥有有效令牌,也可能会拒绝访问。
A DECADE system should include a discovery mechanism through which DECADE clients locate an appropriate DECADE server. A discovery mechanism should allow a client to determine an IP address or some other identifier that can be resolved to locate the server for which the client will be authorized to generate tokens (via DRP). (The discovery mechanism might also result in an error if no such servers can be located.) After discovering one or more servers, a DECADE client can distribute load and requests across them (subject to resource limitations and policies of the servers themselves) according to the policies of the Application Endpoint in which it is embedded. The discovery mechanism outlined here does not provide the ability to locate arbitrary DECADE servers to which a client might obtain tokens from others. To do so will require application-level knowledge, and it is assumed that this functionality is implemented in the content distribution application.
一个十年系统应该包括一个发现机制,通过这个机制,十年客户端可以找到一个合适的十年服务器。发现机制应允许客户机确定IP地址或某些其他标识符,这些标识符可以解析为定位服务器,客户机将被授权(通过DRP)为其生成令牌。(如果找不到这样的服务器,发现机制也可能会导致错误。)发现一个或多个服务器后,十年客户端可以根据其所嵌入的应用程序端点的策略在它们之间分配负载和请求(受服务器本身的资源限制和策略的约束)。此处概述的发现机制不提供定位任意十年服务器的能力,客户端可能会从其他服务器获取令牌。要做到这一点,需要应用程序级别的知识,并且假定此功能是在内容分发应用程序中实现的。
As noted above, the discovered DECADE server should be authorized to allow the client to store data objects and then generate tokens to allow other clients to retrieve these data objects. This authorization may be:
如上所述,应该授权发现的十年服务器允许客户端存储数据对象,然后生成令牌以允许其他客户端检索这些数据对象。该授权可以是:
- a result of off-line administrative procedures;
- 离线管理程序的结果;
- access network dependent (e.g., all the subscribers to a particular ISP may be allowed by the ISP);
- 接入网络相关(例如,ISP可能允许特定ISP的所有用户);
- due to a prior subscription;
- 由于之前的认购;
- etc.
- 等
The particular protocol used for discovery is out of scope of this document, but any specification should reuse well-known protocols wherever possible.
用于发现的特定协议超出了本文档的范围,但任何规范都应尽可能重用已知的协议。
This section presents the DRP and the SDT protocol in terms of abstract protocol interactions that are intended to be mapped to specific protocols in an implementation. In general, the DRP/SDT functionality for DECADE client-server interaction is very similar to that for server-server interaction. Any differences are highlighted below. DRP is used by a DECADE client to configure the resources and authorization used to satisfy requests (reading, writing, and management operations concerning data objects) at a server. SDT will be used to transport data between a client and a server, as illustrated in Figure 1.
本节从抽象协议交互的角度介绍DRP和SDT协议,抽象协议交互旨在映射到实现中的特定协议。一般来说,客户机-服务器交互的DRP/SDT功能与服务器-服务器交互的DRP/SDT功能非常相似。任何差异都在下面突出显示。DRP被一个十年客户端用来配置资源和授权,以满足服务器上的请求(关于数据对象的读、写和管理操作)。SDT将用于在客户机和服务器之间传输数据,如图1所示。
A DECADE system SHOULD use [RFC6920] as the recommended and default naming scheme. Other naming schemes that meet the guidelines in Section 4.3 MAY alternatively be used. In order to provide a simple and generic interface, the DECADE server will be responsible only for storing and retrieving individual data objects.
十年系统应使用[RFC6920]作为推荐和默认命名方案。也可以使用符合第4.3节指南的其他命名方案。为了提供一个简单而通用的接口,DECADE服务器将只负责存储和检索单个数据对象。
The DECADE naming format SHOULD NOT attempt to replace any naming or sequencing of data objects already performed by an application. Instead, naming is intended to apply only to data objects referenced by DECADE-specific purposes. An application using a DECADE client may use a naming and sequencing scheme independent of DECADE names. The DECADE client SHOULD maintain a mapping from its own data objects and their names to the DECADE-specific data objects and names. Furthermore, the DECADE naming scheme implies no sequencing or grouping of objects, even if this is done at the application layer.
十年命名格式不应试图替换应用程序已执行的数据对象的任何命名或排序。取而代之的是,命名仅适用于特定目的引用的数据对象。使用十年客户端的应用程序可以使用独立于十年名称的命名和排序方案。十年客户端应维护从其自己的数据对象及其名称到十年特定数据对象和名称的映射。此外,十年命名方案并不意味着对对象进行排序或分组,即使这是在应用层完成的。
DRP will provide configuration of access control and resource-sharing policies on DECADE servers. A content distribution application (e.g., a live P2P streaming session) can have permission to manage data at several servers, for instance, servers belonging to different storage providers. DRP allows one instance of such an application, i.e., an Application Endpoint, to apply access control and resource-sharing policies on each of them.
DRP将在十年服务器上提供访问控制和资源共享策略的配置。内容分发应用程序(例如,实时P2P流会话)可以拥有在多个服务器(例如,属于不同存储提供商的服务器)上管理数据的权限。DRP允许这样一个应用程序的一个实例,即应用程序端点,在每个应用程序上应用访问控制和资源共享策略。
On a single DECADE server, the following resources SHOULD be managed: a) communication resources in terms of bandwidth (upload/download) and also in terms of number of active clients (simultaneous connections); and b) storage resources.
在单个十年服务器上,应管理以下资源:a)带宽(上传/下载)和活动客户端数量(同时连接)方面的通信资源;和b)存储资源。
The tokens SHOULD be generated by an entity trusted by both the DECADE client and the server at the request of a DECADE client. For example, this entity could be the client, a server trusted by the client, or another server managed by a storage provider and trusted by the client. It is important for a server to trust the entity generating the tokens since each token may incur a resource cost on the server when used. Likewise, it is important for a client to trust the entity generating the tokens since the tokens grant access to the data stored at the server.
令牌应该由十年客户端和服务器都信任的实体在十年客户端的请求下生成。例如,此实体可以是客户机、客户机信任的服务器,或由存储提供商管理并受客户机信任的另一台服务器。服务器必须信任生成令牌的实体,因为每个令牌在使用时可能会在服务器上产生资源成本。同样,客户机信任生成令牌的实体也很重要,因为令牌授予对存储在服务器上的数据的访问权。
The token does not normally include information about the identity of the authorized client (i.e., it is typically an anonymous token). However, it is not prohibited to have a binding of the token to an identity if desired (e.g., binding of the token to the IP address of the authorized party).
令牌通常不包括关于授权客户端的身份的信息(即,它通常是匿名令牌)。但是,如果需要,不禁止将令牌绑定到身份(例如,将令牌绑定到授权方的IP地址)。
Upon generating a token, a DECADE client can distribute it to another client. Token confidentiality SHOULD be provided by whatever protocol it is carried in (i.e., Application Protocol, DRP, or SDT). The receiving client can then connect to the server specified in the token and perform any operation permitted by the token. The token SHOULD be sent along with the operation. The server SHOULD validate the token to identify the client that issued it and whether the requested operation is permitted by the contents of the token. If the token is successfully validated, the server SHOULD apply the resource control policies indicated in the token while performing the operation.
生成令牌后,十年客户端可以将其分发给另一个客户端。令牌机密性应通过其携带的任何协议(即应用协议、DRP或SDT)提供。然后,接收客户端可以连接到令牌中指定的服务器,并执行令牌允许的任何操作。令牌应随操作一起发送。服务器应验证令牌,以识别发出令牌的客户端,以及令牌的内容是否允许请求的操作。如果令牌已成功验证,则服务器应在执行操作时应用令牌中指示的资源控制策略。
Tokens SHOULD include a unique identifier to allow a server to detect when a token is used multiple times and reject the additional usage attempts. Since usage of a token incurs resource costs to a server (e.g., bandwidth and storage) and an uploading DECADE client may have a limited budget, the uploading DECADE client should be able to indicate if a token may be used multiple times.
令牌应包括唯一标识符,以允许服务器检测令牌何时被多次使用并拒绝额外的使用尝试。由于令牌的使用会给服务器带来资源成本(例如,带宽和存储),并且上传十年客户端的预算可能有限,因此上传十年客户端应该能够指示令牌是否可以被多次使用。
It SHOULD be possible to revoke tokens after they are generated. This could be accomplished by supplying the server the unique identifiers of the tokens that are to be revoked.
应该可以在生成令牌后撤销它们。这可以通过向服务器提供要撤销的令牌的唯一标识符来实现。
DRP SHOULD provide a status request service that clients can use to request status information of a server. Access to such status information SHOULD require client authorization; that is, clients need to be authorized to access the requested status information. This authorization is based on the user delegation concept as
DRP应该提供一个状态请求服务,客户端可以使用该服务请求服务器的状态信息。访问此类状态信息需要客户授权;也就是说,需要授权客户端访问请求的状态信息。此授权基于以下用户委派概念:
described in Section 4.5. The following status information elements SHOULD be obtained: a) list of associated data objects (with properties); and b) resources used/available. In addition, the following information elements MAY be available: c) list of servers to which data objects have been distributed (in a certain time frame); and d) list of clients to which data objects have been distributed (in a certain time frame).
如第4.5节所述。应获取以下状态信息元素:a)相关数据对象列表(带属性);和b)已使用/可用的资源。此外,以下信息元素可能可用:c)数据对象已分发到的服务器列表(在特定时间范围内);和d)数据对象已分发到的客户机列表(在特定时间范围内)。
For the list of servers/clients to which data objects have been distributed to, the server SHOULD be able to decide on time bounds for which this information is stored and specify the corresponding time frame in the response to such requests. Some of this information may be used for accounting purposes, e.g., the list of clients to which data objects have been distributed.
对于已向其分发数据对象的服务器/客户端列表,服务器应能够确定存储此信息的时间范围,并在响应此类请求时指定相应的时间范围。其中一些信息可能用于记帐目的,例如,数据对象已分发到的客户端列表。
Access information MAY be provided for accounting purposes, for example, when uploading DECADE clients are interested in access statistics for resources and/or to perform accounting per user. Again, access to such information requires client authorization and SHOULD be based on the delegation concept as described in Section 4.5. The following type of access information elements MAY be requested: a) what data objects have been accessed by whom and how many times; and b) access tokens that a server has seen for a given data object.
访问信息可用于记帐目的,例如,当客户端对资源的访问统计数据感兴趣和/或对每个用户执行记帐时。同样,访问此类信息需要客户授权,并应基于第4.5节所述的委托概念。可以请求以下类型的访问信息元素:a)哪些数据对象被谁访问过以及访问了多少次;和b)访问服务器看到的给定数据对象的令牌。
The server SHOULD decide on time bounds for which this information is stored and specify the corresponding time frame in the response to such requests.
服务器应确定存储此信息的时间范围,并在响应此类请求时指定相应的时间范围。
Data objects that are stored on a DECADE server SHOULD have associated attributes (in addition to the object identifier) that relate to the data storage and its management. These attributes may be used by the server (and possibly the underlying storage system) to perform specialized processing or handling for the data object, or to attach related server or storage-layer properties to the data object. These attributes have a scope local to a server. In particular, these attributes SHOULD NOT be applied to a server or client to which a data object is copied.
存储在十年服务器上的数据对象应该具有与数据存储及其管理相关的属性(除了对象标识符之外)。服务器(可能还有底层存储系统)可以使用这些属性对数据对象执行专门的处理或处理,或者将相关的服务器或存储层属性附加到数据对象。这些属性具有服务器本地的作用域。特别是,这些属性不应应用于将数据对象复制到的服务器或客户端。
Depending on authorization, clients SHOULD be permitted to get or set such attributes. This authorization is based on the delegation as per Section 4.5. DECADE does not limit the set of permissible attributes, but rather specifies a set of baseline attributes that SHOULD be supported:
根据授权,应允许客户端获取或设置此类属性。该授权基于第4.5节规定的授权。十年不限制允许的属性集,而是指定一组应支持的基线属性:
Expiration Time: time at which the data object can be deleted
过期时间:可以删除数据对象的时间
Data Object size: in bytes
数据对象大小:以字节为单位
Media type: labeling of type as per [RFC6838]
介质类型:根据[RFC6838]标记类型
Access statistics: how often the data object has been accessed (and what tokens have been used)
访问统计信息:访问数据对象的频率(以及使用了哪些令牌)
The data object attributes defined here are distinct from application metadata. Application metadata is custom information that an application might wish to associate with a data object to understand its semantic meaning (e.g., whether it is video and/or audio, its playback length in time, or its index in a stream). If an application wishes to store such metadata persistently, it can be stored within data objects themselves.
此处定义的数据对象属性不同于应用程序元数据。应用程序元数据是应用程序可能希望与数据对象关联以理解其语义含义的自定义信息(例如,它是视频和/或音频、时间上的播放长度还是流中的索引)。如果应用程序希望持久存储此类元数据,则可以将其存储在数据对象本身中。
A DECADE server will provide a data access interface, and SDT will be used to write data objects to a server and to read (download) data objects from a server. Semantically, SDT is a client-server protocol; that is, the server always responds to client requests.
十年服务器将提供数据访问接口,SDT将用于向服务器写入数据对象和从服务器读取(下载)数据对象。语义上,SDT是一种客户机-服务器协议;也就是说,服务器总是响应客户端请求。
To write a data object, a client first generates the object's name (see Section 6.1), and then uploads the object to a server and supplies the generated name. The name can be used to access (download) the object later; for example, the client can pass the name as a reference to other clients that can then refer to the object. Data objects can be self-contained objects such as multimedia resources, files, etc., but also chunks, such as chunks of a P2P distribution protocol that can be part of a containing object or a stream. If supported, a server can verify the integrity and other security properties of uploaded objects.
要编写数据对象,客户端首先生成对象的名称(参见第6.1节),然后将对象上载到服务器并提供生成的名称。该名称可用于以后访问(下载)对象;例如,客户机可以将该名称作为引用传递给其他客户机,然后这些客户机可以引用该对象。数据对象可以是自包含的对象,例如多媒体资源、文件等,也可以是块,例如可以是包含对象或流的一部分的P2P分发协议的块。如果支持,服务器可以验证上载对象的完整性和其他安全属性。
A client can request named data objects from a server. In a corresponding request message, a client specifies the object name and a suitable access and resource control token. The server checks the validity of the received token and its associated properties related to resource usage. If the named data object exists on the server and the token can be validated, the server delivers the requested object in a response message. If the data object cannot be delivered, the server provides a corresponding status/reason information in a response message. Specifics regarding error handling, including additional error conditions (e.g., overload), precedence for returned errors and its relation with server policy, are deferred to eventual protocol specification.
客户端可以从服务器请求命名数据对象。在相应的请求消息中,客户机指定对象名称和合适的访问和资源控制令牌。服务器检查接收到的令牌及其与资源使用相关联的属性的有效性。如果服务器上存在命名数据对象,并且可以验证令牌,则服务器将在响应消息中传递请求的对象。如果无法传递数据对象,服务器将在响应消息中提供相应的状态/原因信息。有关错误处理的详细信息,包括附加错误条件(例如过载)、返回错误的优先级及其与服务器策略的关系,将推迟到最终的协议规范。
An important feature of a DECADE system is the capability for one server to directly download data objects from another server. This capability allows applications to directly replicate data objects between servers without requiring end-hosts to use uplink capacity to upload data objects to a different server.
十年系统的一个重要特性是一台服务器能够直接从另一台服务器下载数据对象。此功能允许应用程序在服务器之间直接复制数据对象,而无需终端主机使用上行容量将数据对象上载到其他服务器。
DRP and SDT SHOULD support operations directly between servers. Servers are not assumed to trust each other nor are they configured to do so. All data operations are performed on behalf of clients via explicit instruction. However, the objects being processed do not necessarily have to originate or terminate at the client (i.e., the data object might be limited to being exchanged between servers even if the instruction is triggered by the client). Clients thus will be able to indicate to a server which remote server(s) to access, what operation is to be performed, or in which server the object is to be stored, and the credentials indicating access and resource control to perform the operation at the remote server.
DRP和SDT应该直接支持服务器之间的操作。服务器不会被假定为相互信任,也不会被配置为相互信任。所有数据操作都是通过显式指令代表客户机执行的。然而,正在处理的对象不一定必须在客户端发起或终止(即,即使指令由客户端触发,数据对象也可能被限制在服务器之间交换)。因此,客户端将能够向服务器指示要访问的远程服务器、要执行的操作或要存储对象的服务器,以及指示要在远程服务器上执行操作的访问和资源控制的凭据。
Server-server support is focused on reading and writing data objects between servers. The data object referred to at the remote server is the same as the original data object requested by the client. Object attributes might also be specified in the request to the remote server. In this way, a server acts as a proxy for a client, and a client can instantiate requests via that proxy. The operations will be performed as if the original requester had its own client co-located with the server. When a client sends a request to a server with these additional parameters, it is giving the server permission to act (proxy) on its behalf. Thus, it would be prudent for the supplied token to have narrow privileges (e.g., limited to only the necessary data objects) or validity time (e.g., a small expiration time).
服务器支持的重点是在服务器之间读取和写入数据对象。远程服务器上引用的数据对象与客户端请求的原始数据对象相同。对象属性也可以在对远程服务器的请求中指定。通过这种方式,服务器充当客户端的代理,客户端可以通过该代理实例化请求。这些操作将被执行,就好像原始请求者有自己的客户端与服务器位于同一位置一样。当客户机向服务器发送带有这些附加参数的请求时,它授予服务器代表其行事(代理)的权限。因此,谨慎的做法是,所提供的令牌具有较窄的权限(例如,仅限于必要的数据对象)或有效期(例如,较短的过期时间)。
In the case of a retrieval operation, the server is to retrieve the data object from the remote server using the specified credentials, and then optionally return the object to a client. In the case of a storage operation, the server is to store the object to the remote server using the specified credentials. The object might optionally be uploaded from the client or might already exist at the server.
在检索操作的情况下,服务器将使用指定的凭据从远程服务器检索数据对象,然后有选择地将对象返回到客户端。对于存储操作,服务器将使用指定的凭据将对象存储到远程服务器。对象可以选择从客户端上载,也可以已经存在于服务器上。
Having covered the key DRP/SDT functionalities above, it is useful to consider some potential DRP/SDT candidates as guidance for future DECADE protocol implementations. To recap, the DRP is a protocol for communication of access control and resource-scheduling policies from a DECADE client to a DECADE server, or between DECADE servers. The
已经覆盖了关键的DRP/SDT功能,考虑一些潜在的DRP/SDT候选作为未来十年协议实现的指导是有用的。综上所述,DRP是一种用于从十年客户端到十年服务器或十年服务器之间的访问控制和资源调度策略通信的协议。这个
SDT is a protocol used to transfer data objects between a DECADE client and DECADE server, or between DECADE servers. An evaluation of existing protocols for their suitability for DRP and SDT is given in Appendix A. Also, [INTEGRATION-EX] provides some experimental examples of how to integrate DECADE-like in-network storage infrastructure into P2P applications.
SDT是一种用于在十年客户端和十年服务器之间或十年服务器之间传输数据对象的协议。附录A中给出了对现有协议适用于DRP和SDT的评估。此外,[INTEGRATION-EX]还提供了一些实验示例,说明如何将类似于十年的网络存储基础设施集成到P2P应用程序中。
This section evaluates how the basic components of an in-network storage system (see Section 3 of [RFC6392]) map into a DECADE system.
本节评估网络内存储系统(请参阅[RFC6392]第3节)的基本组件如何映射到十年系统。
With respect to the data access interface, DECADE clients can read and write objects of arbitrary size through the client's Data Controller, making use of standard data transfer (SDT). With respect to data management operations, clients can move or delete previously stored objects via the client's Data Controller, making use of SDT. Clients can enumerate or search contents of servers to find objects matching desired criteria through services provided by the content distribution application (e.g., buffer-map exchanges, a DHT, or peer exchange). In doing so, Application Endpoints might consult their local Data Index in the client's Data Controller (Data Search Capability).
关于数据访问接口,十年客户端可以通过客户端的数据控制器,利用标准数据传输(SDT)读取和写入任意大小的对象。关于数据管理操作,客户机可以通过客户机的数据控制器,利用SDT移动或删除以前存储的对象。客户端可以枚举或搜索服务器的内容,通过内容分发应用程序提供的服务(例如,缓冲区映射交换、DHT或对等交换)查找与所需条件匹配的对象。在这样做时,应用程序端点可能会在客户端的数据控制器(数据搜索功能)中查阅其本地数据索引。
With respect to access control authorization, all methods of access control are supported: public-unrestricted, public-restricted, and private. Access control policies are generated by a content distribution application and provided to the client's Resource Controller. The server is responsible for implementing the access control checks. Clients can manage the resources (e.g., bandwidth) on the DECADE server that can be used by other Application Endpoints (Resource Control Interface). Resource-sharing policies are generated by a content distribution application and provided to the client's Resource Controller. The server is responsible for implementing the resource-sharing policies.
关于访问控制授权,支持所有访问控制方法:public unrestricted、public restricted和private。访问控制策略由内容分发应用程序生成,并提供给客户端的资源控制器。服务器负责执行访问控制检查。客户机可以管理其他应用程序端点(资源控制接口)可以使用的十年服务器上的资源(例如带宽)。资源共享策略由内容分发应用程序生成,并提供给客户端的资源控制器。服务器负责实现资源共享策略。
Although the particular protocol used for discovery is outside the scope of this document, different options and considerations have been discussed in Section 5.6. Finally, with respect to the storage mode, DECADE servers provide an object-based storage mode. Immutable data objects might be stored at a server. Applications might consider existing blocks as data objects, or they might adjust block sizes before storing in a server.
尽管用于发现的特定协议不在本文件范围内,但第5.6节讨论了不同的选项和注意事项。最后,关于存储模式,十年服务器提供了一种基于对象的存储模式。不可变数据对象可能存储在服务器上。应用程序可能会将现有的块视为数据对象,或者在存储到服务器之前可能会调整块大小。
In general, the security considerations mentioned in [RFC6646] apply to this document as well. A DECADE system provides a distributed storage service for content distribution and similar applications. The system consists of servers and clients that use these servers to upload data objects, to request distribution of data objects, and to download data objects. Such a system is employed in an overall application context (for example, in a P2P application), and it is expected that DECADE clients take part in application-specific communication sessions. The security considerations here focus on threats related to the DECADE system and its communication services, i.e., the DRP/SDT protocols that have been described in an abstract fashion in this document.
通常,[RFC6646]中提到的安全注意事项也适用于本文档。十年系统为内容分发和类似应用程序提供分布式存储服务。该系统由服务器和客户端组成,它们使用这些服务器上载数据对象、请求分发数据对象以及下载数据对象。这样的系统用于整个应用程序上下文(例如,在P2P应用程序中),并且期望客户机参与特定于应用程序的通信会话。此处的安全注意事项集中于与DECED系统及其通信服务相关的威胁,即本文档中以抽象方式描述的DRP/SDT协议。
A DECADE network might be used to distribute data objects from one client to a set of servers using the server-server communication feature that a client can request when uploading an object. Multiple clients uploading many objects at different servers at the same time and requesting server-server distribution for them could thus mount massive distributed denial-of-service (DDOS) attacks, overloading a network of servers. This threat is addressed by the server's access control and resource control framework. Servers can require Application Endpoints to be authorized to store and to download objects, and Application Endpoints can delegate authorization to other Application Endpoints using the token mechanism. Of course the effective security of this approach depends on the strength of the token mechanism. See below for a discussion of this and related communication security threats.
十年网络可以用于使用服务器-服务器通信功能将数据对象从一个客户端分发到一组服务器,客户端在上载对象时可以请求该功能。多个客户端同时在不同的服务器上上载多个对象,并为其请求服务器分发可能因此引发大规模分布式拒绝服务(DDOS)攻击,使服务器网络过载。此威胁由服务器的访问控制和资源控制框架解决。服务器可以要求授权应用程序端点存储和下载对象,应用程序端点可以使用令牌机制将授权委托给其他应用程序端点。当然,这种方法的有效安全性取决于令牌机制的强度。请参阅下文,了解有关此和相关通信安全威胁的讨论。
Denial-of-service attacks against a single server (directing many requests to that server) might still lead to considerable load for processing requests and invalidating tokens. SDT therefore MUST provide a redirection mechanism to allow requests to other servers. Analogous to how an HTTP reverse proxy can redirect and load balance across multiple HTTP origin servers [RFC2616].
针对单个服务器的拒绝服务攻击(将许多请求定向到该服务器)仍可能导致处理请求和使令牌无效的大量负载。因此,SDT必须提供重定向机制,以允许向其他服务器发送请求。类似于HTTP反向代理如何跨多个HTTP源服务器重定向和负载平衡[RFC2616]。
A DECADE system does not require Application Endpoints to authenticate in order to access a server for downloading objects, since authorization is not based on Endpoint or user identities but on a delegation-based authorization mechanism. Hence, most protocol security threats are related to the authorization scheme. The security of the token mechanism depends on the strength of the token mechanism and on the secrecy of the tokens. A token can represent
由于授权不是基于端点或用户身份,而是基于基于委托的授权机制,因此十年系统不需要应用程序端点进行身份验证才能访问服务器以下载对象。因此,大多数协议安全威胁都与授权方案有关。令牌机制的安全性取决于令牌机制的强度和令牌的保密性。令牌可以表示
authorization to store a certain amount of data, to download certain objects, to download a certain amount of data per time, etc. If it is possible for an attacker to guess, construct, or simply obtain tokens, the integrity of the data maintained by the servers is compromised.
授权存储一定数量的数据、下载特定对象、每次下载一定数量的数据等。如果攻击者可能猜测、构造或仅仅获取令牌,则服务器维护的数据的完整性将受到损害。
This is a general security threat that applies to authorization delegation schemes. Specifications of existing delegation schemes such as [RFC6749] discuss these general threats in detail. We can say that the DRP has to specify appropriate algorithms for token generation. Moreover, authorization tokens should have a limited validity period that should be specified by the application. Token confidentiality should be provided by application protocols that carry tokens, and the SDT and DRP should provide secure (confidential) communication modes.
这是适用于授权委派方案的一般安全威胁。[RFC6749]等现有授权方案的规范详细讨论了这些一般威胁。我们可以说,DRP必须为令牌生成指定适当的算法。此外,授权令牌应具有应用程序指定的有限有效期。令牌保密性应由携带令牌的应用程序协议提供,SDT和DRP应提供安全(保密)通信模式。
In a DECADE system, an Application Endpoint is referring other Application Endpoints to servers to download a specified data object. An attacker could "inject" a faked version of the object into this process, so that the downloading Endpoint effectively receives a different object (compared to what the uploading Endpoint provided). As a result, the downloading Endpoint believes that is has received an object that corresponds to the name it was provided earlier, whereas in fact it is a faked object. Corresponding attacks could be mounted against the application protocol (that is used for referring other Endpoints to servers), servers themselves (and their storage subsystems), and the SDT by which the object is uploaded, distributed, and downloaded.
在十年系统中,应用程序端点将其他应用程序端点引用到服务器以下载指定的数据对象。攻击者可以将伪造版本的对象“注入”到此进程中,以便下载端点有效地接收不同的对象(与上载端点提供的对象相比)。因此,下载端点认为is收到了一个与先前提供的名称对应的对象,而实际上它是一个伪造的对象。相应的攻击可能针对应用程序协议(用于将其他端点引用到服务器)、服务器本身(及其存储子系统)以及上载、分发和下载对象的SDT。
A DECADE systems fundamental mechanism against object spoofing is name-object binding validation, i.e., the ability of a receiver to check whether the name it was provided and that it used to request an object actually corresponds to the bits it received. As described above, this allows for different forms of name-object binding, for example, using hashes of data objects, with different hash functions (different algorithms, different digest lengths). For those application scenarios where hashes of data objects are not applicable (for example, live streaming), other forms of name-object binding can be used. This flexibility also addresses cryptographic algorithm evolution: hash functions might get deprecated, better alternatives might be invented, etc., so that applications can choose appropriate mechanisms that meet their security requirements.
防止对象欺骗的一个基本机制是名称-对象绑定验证,即接收器检查其提供的名称以及用于请求对象的名称是否实际对应于其接收的位的能力。如上所述,这允许使用不同的哈希函数(不同的算法、不同的摘要长度)使用不同形式的名称对象绑定,例如使用数据对象的哈希。对于数据对象哈希不适用的应用程序场景(例如,实时流),可以使用其他形式的名称对象绑定。这种灵活性还解决了加密算法的演变问题:散列函数可能会被弃用,可能会发明更好的替代方案,等等,以便应用程序可以选择满足其安全要求的适当机制。
DECADE servers MAY perform name-object binding validation on stored objects, but Application Endpoints MUST NOT rely on that. In other words, Application Endpoints SHOULD perform name-object binding validation on received objects.
十年服务器可以对存储的对象执行名称对象绑定验证,但应用程序端点不能依赖于此。换句话说,应用程序端点应该对接收到的对象执行名称对象绑定验证。
We thank the following people for their contributions to and/or detailed reviews of this document or earlier drafts of this document: Carlos Bernardos, Carsten Bormann, David Bryan, Dave Crocker, Yingjie Gu, David Harrington, Hongqiang (Harry) Liu, David McDysan, Borje Ohlman, Martin Stiemerling, Richard Woundy, and Ning Zong.
我们感谢以下人士对本文件或本文件早期草案的贡献和/或详细审查:卡洛斯·贝尔纳多斯、卡斯滕·鲍曼、大卫·布莱恩、戴夫·克罗克、顾英杰、大卫·哈灵顿、刘洪强(哈里)、大卫·麦克迪桑、博杰·奥尔曼、马丁·斯蒂默林、理查德·沃迪和宁宗。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC2616]菲尔丁,R.,盖蒂斯,J.,莫卧儿,J.,弗莱斯蒂克,H.,马斯特,L.,利奇,P.,和T.伯纳斯李,“超文本传输协议——HTTP/1.1”,RFC 2616,1999年6月。
[RFC5661] Shepler, S., Eisler, M., and D. Noveck, "Network File System (NFS) Version 4 Minor Version 1 Protocol", RFC 5661, January 2010.
[RFC5661]Shepler,S.,Eisler,M.,和D.Noveck,“网络文件系统(NFS)版本4次要版本1协议”,RFC 56612010年1月。
[RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic Message Syntax", RFC 5754, January 2010.
[RFC5754]Turner,S.,“将SHA2算法与加密消息语法结合使用”,RFC 5754,2010年1月。
[RFC6392] Alimi, R., Rahman, A., and Y. Yang, "A Survey of In-Network Storage Systems", RFC 6392, October 2011.
[RFC6392]Alimi,R.,Rahman,A.,和Y.Yang,“网络存储系统的调查”,RFC 63922011年10月。
[RFC6646] Song, H., Zong, N., Yang, Y., and R. Alimi, "DECoupled Application Data Enroute (DECADE) Problem Statement", RFC 6646, July 2012.
[RFC6646]Song,H.,Zong,N.,Yang,Y.,和R.Alimi,“过程中的解耦应用程序数据(十年)问题陈述”,RFC 66462012年7月。
[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC 6749, October 2012.
[RFC6749]Hardt,D.,“OAuth 2.0授权框架”,RFC 6749,2012年10月。
[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, January 2013.
[RFC6838]Freed,N.,Klensin,J.和T.Hansen,“媒体类型规范和注册程序”,BCP 13,RFC 6838,2013年1月。
[RFC6920] Farrell, S., Kutscher, D., Dannewitz, C., Ohlman, B., Keranen, A., and P. Hallam-Baker, "Naming Things with Hashes", RFC 6920, April 2013.
[RFC6920]Farrell,S.,Kutscher,D.,Dannewitz,C.,Ohlman,B.,Keranen,A.,和P.Hallam Baker,“用哈希命名事物”,RFC 6920,2013年4月。
[INTEGRATION-EX] Zong, N., Ed., Chen, X., Huang, Z., Chen, L., and H. Liu, "Integration Examples of DECADE System", Work in Progress, August 2013.
[INTEGRATION-EX]Zong,N.,Ed.,Chen,X.,Huang,Z.,Chen,L.,和H.Liu,“十年系统的集成示例”,正在进行的工作,2013年8月。
[GoogleFileSystem] Ghemawat, S., Gobioff, H., and S. Leung, "The Google File System", SOSP '03, Proceedings of the 19th ACM Symposium on Operating Systems Principles, October 2003.
[谷歌文件系统]Ghemawat,S.,Gobioff,H.,和S.Leung,“谷歌文件系统”,SOSP'03,第19届ACM操作系统原理研讨会论文集,2003年10月。
[GoogleStorageDevGuide] Google, "Google Cloud Storage - Developer's Guide", <https://developers.google.com/storage/docs/ concepts-techniques>.
[GoogleStorageDevGuide]谷歌,“谷歌云存储-开发者指南”<https://developers.google.com/storage/docs/ 概念与技术>。
[OpenFlow] Open Networking Foundation, "Software-Defined Networking: The New Norm for Networks", April 2013, <https://www.opennetworking.org/images/stories/downloads/ sdn-resources/white-papers/wp-sdn-newnorm.pdf>.
开放网络基础,“软件定义网络:网络新规范”,2013年4月,<https://www.opennetworking.org/images/stories/downloads/ sdn资源/白皮书/wp sdn newnorm.pdf>。
[CDMI] Storage Networking Industry Association (SNIA), "Cloud Data Management Interface (CDMI (TM)), Version 1.0.2", June 2012, <http://snia.org/sites/default/files/CDMI%20v1.0.2.pdf>.
[CDMI]存储网络行业协会(SNIA),“云数据管理接口(CDMI(TM)),版本1.0.2”,2012年6月<http://snia.org/sites/default/files/CDMI%20v1.0.2.pdf>.
Appendix A. Evaluation of Candidate Protocols for DECADE DRP/SDT
附录A.十年DRP/SDT候选协议的评估
In this section we evaluate how well the abstract protocol interactions specified in this document for DECADE DRP and SDT can be fulfilled by the existing protocols of HTTP, CDMI, and OAuth.
在本节中,我们将评估现有的HTTP、CDMI和OAuth协议如何很好地实现本文档中指定的十年DRP和SDT抽象协议交互。
HTTP [RFC2616] is a key protocol for the Internet in general and especially for the World Wide Web. HTTP is a request-response protocol. A typical transaction involves a client (e.g., web browser) requesting content (resources) from a web server. Another example is when a client stores or deletes content from a server.
HTTP[RFC2616]是互联网的关键协议,尤其是万维网。HTTP是一种请求-响应协议。典型的事务涉及从web服务器请求内容(资源)的客户端(例如web浏览器)。另一个例子是客户端存储或删除服务器上的内容。
DRP provides configuration of access control and resource-sharing policies on DECADE servers.
DRP提供了十年服务器上访问控制和资源共享策略的配置。
Access control requires mechanisms for defining the access policies for the server and then checking the authorization of a user before it stores or retrieves content. HTTP supports a rudimentary access control via "HTTP Secure" (HTTPS). HTTPS is a combination of HTTP with SSL/TLS. The main use of HTTPS is to authenticate the server and encrypt all traffic between the client and the server. There is also a mode to support client authentication, though this is less frequently used.
访问控制需要定义服务器访问策略的机制,然后在存储或检索内容之前检查用户的授权。HTTP支持通过“HTTP安全”(HTTPS)进行基本的访问控制。HTTPS是HTTP与SSL/TLS的组合。HTTPS的主要用途是验证服务器并加密客户端和服务器之间的所有通信。还有一种支持客户机身份验证的模式,尽管使用频率较低。
Communication resources include bandwidth (upload/download) and the number of simultaneously connected clients (connections). HTTP supports bandwidth control indirectly through "persistent" HTTP connections. Persistent HTTP connections allows a client to keep open the underlying TCP connection to the server to allow streaming and pipelining (multiple simultaneous requests for a given client).
通信资源包括带宽(上传/下载)和同时连接的客户端(连接)数量。HTTP通过“持久”HTTP连接间接支持带宽控制。持久HTTP连接允许客户端保持与服务器的底层TCP连接打开,以允许流式传输和管道传输(对给定客户端的多个同时请求)。
HTTP does not have direct support for controlling the communication resources for a given client. However, servers typically perform this function via implementation algorithms.
HTTP不直接支持控制给定客户端的通信资源。但是,服务器通常通过实现算法执行此功能。
Storage resources include the amount of memory and lifetime of storage. HTTP does not allow direct control of storage at the server endpoint. However, HTTP supports caching at intermediate points such as a web proxy. For this purpose, HTTP defines cache control mechanisms that define how long and in what situations the intermediate point may store and use the content.
存储资源包括内存量和存储寿命。HTTP不允许在服务器端点直接控制存储。但是,HTTP支持在中间点(如web代理)进行缓存。为此,HTTP定义了缓存控制机制,这些机制定义了中间点可以存储和使用内容的时间和情况。
SDT is used to write objects and read (download) objects from a DECADE server. The object can be either a self-contained object such as a multimedia file or a chunk from a P2P system.
SDT用于从服务器写入对象和读取(下载)对象。该对象可以是自包含对象(如多媒体文件)或来自P2P系统的块。
Writing involves uploading objects to the server. HTTP supports two methods of writing called PUT and POST. In HTTP, the object is called a resource and is identified by a URI. PUT uploads a resource to a specific location on the server. POST, on the other hand, submits the object to the server, and the server decides whether to update an existing resource or to create a new resource.
写入涉及将对象上载到服务器。HTTP支持两种称为PUT和POST的写入方法。在HTTP中,对象称为资源,由URI标识。PUT将资源上载到服务器上的特定位置。另一方面,POST将对象提交给服务器,服务器决定是更新现有资源还是创建新资源。
For DECADE, the choice of whether to use PUT or POST will be influenced by which entity is responsible for the naming. If the client performs the naming, then PUT is appropriate. If the server performs the naming, then POST should be used (to allow the server to define the URI).
十年来,使用PUT还是POST的选择将受到负责命名的实体的影响。如果客户机执行命名,则PUT是合适的。如果服务器执行命名,则应使用POST(以允许服务器定义URI)。
Downloading involves fetching of an object from the server. HTTP supports downloading through the GET and HEAD methods. GET fetches a specific resource as identified by the URL. HEAD is similar but only fetches the metadata ("header") associated with the resource, not the resource itself.
下载涉及从服务器获取对象。HTTP支持通过GET和HEAD方法下载。GET获取由URL标识的特定资源。HEAD类似,但只获取与资源关联的元数据(“header”),而不是资源本身。
To challenge a remote entity for an object, the DECADE server should provide a seed number, which is generated by the server randomly, and ask the remote entity to return a hash calculated from the seed number and the content of the object. The server may also specify the hash function that the remote entity should use. HTTP supports the challenge message through the GET methods. The message type
为了向远程实体质询对象,十年服务器应提供由服务器随机生成的种子编号,并要求远程实体返回根据种子编号和对象内容计算的哈希值。服务器还可以指定远程实体应该使用的哈希函数。HTTP通过GET方法支持质询消息。消息类型
("challenge"), the seed number, and the hash function name are put in a URL. In the reply, the hash is sent in an Entity Tag (ETag) header.
(“质询”),种子编号和哈希函数名被放入URL中。在应答中,散列在实体标记(ETag)头中发送。
HTTP supports deleting of content on the server through the DELETE method.
HTTP支持通过DELETE方法删除服务器上的内容。
HTTP can provide a rudimentary DRP and SDT for some aspects of DECADE, but it will not be able to satisfy all the DECADE requirements. For example, HTTP does not provide a complete access control mechanism nor does it support storage resource controls at the endpoint server.
HTTP可以为十年的某些方面提供基本的DRP和SDT,但它不能满足所有十年的需求。例如,HTTP既不提供完整的访问控制机制,也不支持端点服务器上的存储资源控制。
It is possible, however, to envision combining HTTP with a custom suite of other protocols to fulfill most of the DECADE requirements for DRP and SDT. For example, Google Storage for Developers is built using HTTP (with extensive proprietary extensions such as custom HTTP headers). Google Storage also uses OAuth [RFC6749] (for access control) in combination with HTTP [GoogleStorageDevGuide]. An example of using OAuth for DRP is given in Appendix A.3.
然而,可以设想将HTTP与其他协议的定制套件结合起来,以满足DRP和SDT十年中的大部分需求。例如,Google Storage For Developers是使用HTTP构建的(具有广泛的专有扩展,如自定义HTTP头)。Google Storage还将OAuth[RFC6749](用于访问控制)与HTTP[GoogleStorageDevGuide]结合使用。附录A.3中给出了将OAuth用于DRP的示例。
The Cloud Data Management Interface (CDMI) specification defines a functional interface through which applications can store and manage data objects in a cloud storage environment. The CDMI interface for reading/writing data is based on standard HTTP requests, with CDMI-specific encodings using JavaScript Object Notation (JSON). CDMI is specified by the Storage Networking Industry Association (SNIA) [CDMI].
云数据管理接口(CDMI)规范定义了一个功能接口,通过该接口,应用程序可以在云存储环境中存储和管理数据对象。用于读取/写入数据的CDMI接口基于标准HTTP请求,使用JavaScript对象表示法(JSON)进行CDMI特定编码。CDMI由存储网络行业协会(SNIA)[CDMI]指定。
DRP provides configuration of access control and resource-sharing policies on DECADE servers.
DRP提供了十年服务器上访问控制和资源共享策略的配置。
Access control includes mechanisms for defining the access policies for the server and then checking the authorization of a user before allowing content storage or retrieval. CDMI defines an Access Control List (ACL) per data object and thus supports access control (read and/or write) at the granularity of data objects. An ACL
访问控制包括定义服务器访问策略的机制,然后在允许内容存储或检索之前检查用户的授权。CDMI为每个数据对象定义一个访问控制列表(ACL),从而支持数据对象粒度的访问控制(读和/或写)。前交叉韧带
contains a set of Access Control Entries (ACEs), where each ACE specifies a principal (i.e., user or group of users) and a set of privileges that are granted to that principal.
包含一组访问控制项(ACE),其中每个ACE指定一个主体(即用户或用户组)以及授予该主体的一组权限。
CDMI requires that an HTTP authentication mechanism be available for the server to validate the identity of a principal (client). Specifically, CDMI requires that either HTTP Basic Authentication or HTTP Digest Authentication be supported. CDMI recommends that HTTP over TLS (HTTPS) is supported to encrypt the data sent over the network.
CDMI要求服务器可以使用HTTP身份验证机制来验证主体(客户端)的身份。具体而言,CDMI要求支持HTTP基本身份验证或HTTP摘要身份验证。CDMI建议支持HTTP over TLS(HTTPS)来加密通过网络发送的数据。
Communication resources include bandwidth (upload/download) and the number of simultaneously connected clients (connections). CDMI supports two key data attributes that provide control over the communication resources to a client: "cdmi_max_throughput" and "cdmi_max_latency". These attributes are defined in the metadata for data objects and indicate the desired bandwidth or delay for transmission of the data object from the cloud server to the client.
通信资源包括带宽(上传/下载)和同时连接的客户端(连接)数量。CDMI支持两个关键数据属性,它们提供对客户端通信资源的控制:“CDMI_max_吞吐量”和“CDMI_max_延迟”。这些属性在数据对象的元数据中定义,并指示数据对象从云服务器传输到客户端所需的带宽或延迟。
Storage resources include amount of quantity and lifetime of storage. CDMI defines metadata for individual data objects and general storage system configuration that can be used for storage resource control. In particular, CDMI defines the following metadata fields:
存储资源包括存储的数量和寿命。CDMI为可用于存储资源控制的单个数据对象和常规存储系统配置定义元数据。具体而言,CDMI定义了以下元数据字段:
-cdmi_data_redundancy: desired number of copies to be maintained
-cdmi_数据_冗余:需要维护的拷贝数
-cdmi_geographic_placement: region where object is permitted to be stored
-cdmi_地理位置:允许存储对象的区域
-cdmi_retention_period: time interval object is to be retained
-cdmi_保留期:要保留的时间间隔对象
-cdmi_retention_autodelete: whether object should be automatically deleted after retention period
-cdmi_retention_autodelete:是否在保留期后自动删除对象
SDT is used to write objects and read (download) objects from a DECADE server. The object can be either a self-contained object such as a multimedia file or a chunk from a P2P system.
SDT用于从服务器写入对象和读取(下载)对象。该对象可以是自包含对象(如多媒体文件)或来自P2P系统的块。
Writing involves uploading objects to the server. CDMI supports standard HTTP methods for PUT and POST as described in Appendix A.1.2.1.
写入涉及将对象上载到服务器。CDMI支持用于PUT和POST的标准HTTP方法,如附录A.1.2.1所述。
Downloading involves fetching of an object from the server. CDMI supports the standard HTTP GET method as described in Appendix A.1.2.2.
下载涉及从服务器获取对象。CDMI支持附录A.1.2.2中所述的标准HTTP GET方法。
CDMI supports DELETE as described in Appendix A.1.4. CDMI also supports COPY and MOVE operations.
CDMI支持附录A.1.4中所述的删除。CDMI还支持复制和移动操作。
CDMI supports the concept of containers of data objects to support joint operations on related objects. For example, GET may be done on a single data object or an entire container.
CDMI支持数据对象容器的概念,以支持对相关对象的联合操作。例如,GET可以在单个数据对象或整个容器上完成。
CDMI supports a global naming scheme. Every object stored within a CDMI system will have a globally unique object string identifier (ObjectID) assigned at creation time.
CDMI支持全局命名方案。存储在CDMI系统中的每个对象都将在创建时分配一个全局唯一的对象字符串标识符(ObjectID)。
CDMI has a rich array of features that can provide a good base for DRP and SDT for DECADE. An initial analysis finds that the following CDMI features may be useful for DECADE:
CDMI具有丰富的功能,可以为DRP和SDT提供十年的良好基础。初步分析发现,以下CDMI功能可能对十年有用:
- access control
- 访问控制
- storage resource control
- 存储资源控制
- communication resource control
- 通信资源控制
- COPY/MOVE operations
- 复制/移动操作
- data containers
- 数据容器
- naming scheme
- 命名规则
As mentioned in Appendix A.1, OAuth [RFC6749] may be used as part of the access and resource control of a DECADE system. In this section, we provide an example of how to configure OAuth requests and responses for DRP.
如附录A.1所述,OAuth[RFC6749]可作为十年系统访问和资源控制的一部分。在本节中,我们提供了一个如何为DRP配置OAuth请求和响应的示例。
An OAuth request to access DECADE data objects should include the following fields:
访问数据对象的OAuth请求应包括以下字段:
response_type: Value should be set to "token".
响应类型:值应设置为“令牌”。
client_id: The client_id indicates either the application that is using the DECADE service or the end user who is using the DECADE service from a DECADE storage service provider. DECADE storage service providers should provide the ID distribution and management function.
client_id:client_id表示正在使用十年服务的应用程序或正在使用十年存储服务提供商提供的十年服务的最终用户。存储服务提供商应提供ID分发和管理功能。
scope: Data object names that are requested.
作用域:请求的数据对象名称。
An OAuth response should include the following information:
OAuth响应应包括以下信息:
token_type: "Bearer"
令牌类型:“承载者”
expires_in: The lifetime in seconds of the access token.
expires_in:访问令牌的生存期(以秒为单位)。
access_token: A token denotes the following information.
访问令牌:令牌表示以下信息。
service_uri: The server address or URI which is providing the service;
服务uri:提供服务的服务器地址或uri;
permitted_operations (e.g., read, write) and objects (e.g., names of data objects that might be read or written);
允许的_操作(例如,读、写)和对象(例如,可能被读或写的数据对象的名称);
priority: Value should be set to be either "Urgent", "High", "Normal" or "Low".
优先级:值应设置为“紧急”、“高”、“正常”或“低”。
bandwidth: Given to requested operation, a weight value used in a weighted bandwidth sharing scheme, or an integer in number of bits per second;
带宽:给定给请求的操作,在加权带宽共享方案中使用的权重值,或每秒位数的整数;
amount: Data size in number of bytes that might be read or written.
金额:数据大小,以可能读取或写入的字节数表示。
token_signature: The signature of the access token.
令牌\签名:访问令牌的签名。
Authors' Addresses
作者地址
Richard Alimi Google
Richard Alimi谷歌
EMail: ralimi@google.com
EMail: ralimi@google.com
Akbar Rahman InterDigital Communications, LLC
阿克巴·拉赫曼叉指通信有限责任公司
EMail: akbar.rahman@interdigital.com
EMail: akbar.rahman@interdigital.com
Dirk Kutscher NEC
德克库彻NEC
EMail: dirk.kutscher@neclab.eu
EMail: dirk.kutscher@neclab.eu
Y. Richard Yang Yale University
耶鲁大学
EMail: yry@cs.yale.edu
EMail: yry@cs.yale.edu
Haibin Song Huawei Technologies
宋海斌华为技术有限公司
EMail: haibin.song@huawei.com
EMail: haibin.song@huawei.com
Kostas Pentikousis EICT
Kostas Pentikousis EICT
EMail: k.pentikousis@eict.de
EMail: k.pentikousis@eict.de