draft-ietf-cdni-control-triggers-15.txt   rfc8007.txt 
Network Working Group R. Murray Internet Engineering Task Force (IETF) R. Murray
Internet-Draft B. Niven-Jenkins Request for Comments: 8007 B. Niven-Jenkins
Intended status: Standards Track Nokia Category: Standards Track Nokia
Expires: November 20, 2016 May 19, 2016 ISSN: 2070-1721 December 2016
CDNI Control Interface / Triggers Content Delivery Network Interconnection (CDNI)
draft-ietf-cdni-control-triggers-15 Control Interface / Triggers
Abstract Abstract
This document describes the part of the CDN Interconnection Control This document describes the part of the Content Delivery Network
Interface that allows a CDN to trigger activity in an interconnected Interconnection (CDNI) Control interface that allows a CDN to trigger
CDN that is configured to deliver content on its behalf. The activity in an interconnected CDN that is configured to deliver
upstream CDN can use this mechanism to request that the downstream content on its behalf. The upstream CDN can use this mechanism to
CDN pre-positions metadata or content, or that it invalidates or request that the downstream CDN pre-position metadata or content or
purges metadata or content. The upstream CDN can monitor the status to request that it invalidate or purge metadata or content. The
of activity that it has triggered in the downstream CDN. upstream CDN can monitor the status of activity that it has triggered
in the downstream CDN.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on November 20, 2016. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8007.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology ................................................4
2. Model for CDNI Triggers . . . . . . . . . . . . . . . . . . . 4 2. Model for CDNI Triggers .........................................4
2.1. Timing of Triggered Activity . . . . . . . . . . . . . . 6 2.1. Timing of Triggered Activity ...............................6
2.2. Scope of Triggered Activity . . . . . . . . . . . . . . . 6 2.2. Scope of Triggered Activity ................................7
2.2.1. Multiple Interconnected CDNs . . . . . . . . . . . . 7 2.2.1. Multiple Interconnected CDNs ........................7
2.3. Trigger Results . . . . . . . . . . . . . . . . . . . . . 8 2.3. Trigger Results ............................................8
3. Collections of Trigger Status Resources . . . . . . . . . . . 8 3. Collections of Trigger Status Resources .........................9
4. CDNI Trigger Interface . . . . . . . . . . . . . . . . . . . 9 4. CDNI Trigger Interface .........................................10
4.1. Creating Triggers . . . . . . . . . . . . . . . . . . . . 10 4.1. Creating Triggers .........................................11
4.2. Checking Status . . . . . . . . . . . . . . . . . . . . . 11 4.2. Checking Status ...........................................12
4.2.1. Polling Trigger Status Resource collections . . . . . 12 4.2.1. Polling Trigger Status Resource Collections ........12
4.2.2. Polling Trigger Status Resources . . . . . . . . . . 12 4.2.2. Polling Trigger Status Resources ...................13
4.3. Cancelling Triggers . . . . . . . . . . . . . . . . . . . 12 4.3. Canceling Triggers ........................................13
4.4. Deleting Triggers . . . . . . . . . . . . . . . . . . . . 13 4.4. Deleting Triggers .........................................14
4.5. Expiry of Trigger Status Resources . . . . . . . . . . . 14 4.5. Expiry of Trigger Status Resources ........................14
4.6. Loop Detection and Prevention . . . . . . . . . . . . . . 14 4.6. Loop Detection and Prevention .............................15
4.7. Error Handling . . . . . . . . . . . . . . . . . . . . . 15 4.7. Error Handling ............................................15
4.8. Content URLs . . . . . . . . . . . . . . . . . . . . . . 16 4.8. Content URLs ..............................................16
5. CI/T Object Properties and Encoding . . . . . . . . . . . . . 16 5. CI/T Object Properties and Encoding ............................17
5.1. CI/T Objects . . . . . . . . . . . . . . . . . . . . . . 16 5.1. CI/T Objects ..............................................17
5.1.1. CI/T Commands . . . . . . . . . . . . . . . . . . . . 16 5.1.1. CI/T Commands ......................................17
5.1.2. Trigger Status Resource . . . . . . . . . . . . . . . 17 5.1.2. Trigger Status Resources ...........................18
5.1.3. Trigger Collection . . . . . . . . . . . . . . . . . 19 5.1.3. Trigger Collections ................................20
5.2. Properties of CI/T Objects . . . . . . . . . . . . . . . 20 5.2. Properties of CI/T Objects ................................21
5.2.1. Trigger Specification . . . . . . . . . . . . . . . . 20 5.2.1. Trigger Specification ..............................21
5.2.2. Trigger Type . . . . . . . . . . . . . . . . . . . . 21 5.2.2. Trigger Type .......................................23
5.2.3. Trigger Status . . . . . . . . . . . . . . . . . . . 22 5.2.3. Trigger Status .....................................24
5.2.4. PatternMatch . . . . . . . . . . . . . . . . . . . . 23 5.2.4. PatternMatch .......................................24
5.2.5. Absolute Time . . . . . . . . . . . . . . . . . . . . 24 5.2.5. Absolute Time ......................................25
5.2.6. Error Description . . . . . . . . . . . . . . . . . . 24 5.2.6. Error Description ..................................26
5.2.7. Error Code . . . . . . . . . . . . . . . . . . . . . 25 5.2.7. Error Code .........................................26
6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 26 6. Examples .......................................................27
6.1. Creating Triggers . . . . . . . . . . . . . . . . . . . . 26 6.1. Creating Triggers .........................................28
6.1.1. Preposition . . . . . . . . . . . . . . . . . . . . . 26 6.1.1. Preposition ........................................28
6.1.2. Invalidate . . . . . . . . . . . . . . . . . . . . . 28 6.1.2. Invalidate .........................................30
6.2. Examining Trigger Status ..................................32
6.2.1. Collection of All Triggers .........................32
6.2.2. Filtered Collections of Trigger Status Resources ...33
6.2.3. Individual Trigger Status Resources ................34
6.2.4. Polling for Changes in Status ......................36
6.2.5. Deleting Trigger Status Resources ..................38
6.2.6. Error Reporting ....................................39
6.2. Examining Trigger Status . . . . . . . . . . . . . . . . 29 7. IANA Considerations ............................................40
6.2.1. Collection of All Triggers . . . . . . . . . . . . . 29 7.1. CDNI Payload Type Parameter Registrations .................40
6.2.2. Filtered Collections of Trigger Status Resources . . 30 7.2. "CDNI CI/T Trigger Types" Registry ........................41
6.2.3. Individual Trigger Status Resources . . . . . . . . . 32 7.3. "CDNI CI/T Error Codes" Registry ..........................41
6.2.4. Polling for Change . . . . . . . . . . . . . . . . . 34 8. Security Considerations ........................................41
6.2.5. Deleting Trigger Status Resources . . . . . . . . . . 37 8.1. Authentication, Authorization, Confidentiality,
6.2.6. Error Reporting . . . . . . . . . . . . . . . . . . . 38 Integrity Protection ......................................42
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 8.2. Denial of Service .........................................43
7.1. CDNI Payload Type Parameter Registrations . . . . . . . . 40 8.3. Privacy ...................................................44
7.2. CDNI CI/T Trigger Types Registry . . . . . . . . . . . . 40 9. References .....................................................44
7.3. CDNI CI/T Error Codes Registry . . . . . . . . . . . . . 40 9.1. Normative References ......................................44
8. Security Considerations . . . . . . . . . . . . . . . . . . . 41 9.2. Informative References ....................................45
8.1. Authentication, Authorization, Confidentiality, Integrity Appendix A. Formalization of the JSON Data ........................47
Protection . . . . . . . . . . . . . . . . . . . . . . . 41 Acknowledgments ...................................................49
8.2. Denial of Service . . . . . . . . . . . . . . . . . . . . 42 Authors' Addresses ................................................49
8.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 43
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 43
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 43
10.1. Normative References . . . . . . . . . . . . . . . . . . 43
10.2. Informative References . . . . . . . . . . . . . . . . . 44
Appendix A. Formalization of the JSON Data . . . . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction 1. Introduction
[RFC6707] introduces the problem scope for CDN Interconnection (CDNI) [RFC6707] introduces the problem scope for Content Delivery Network
and lists the four categories of interfaces that may be used to Interconnection (CDNI) and lists the four categories of interfaces
compose a CDNI solution (Control, Metadata, Request Routing, that may be used to compose a CDNI solution (Control, Metadata,
Logging). Request Routing, and Logging).
[RFC7336] expands on the information provided in [RFC6707] and [RFC7336] expands on the information provided in [RFC6707] and
describes each of the interfaces and the relationships between them describes each of the interfaces and the relationships between them
in more detail. in more detail.
This document describes the "CI/T" interface, "CDNI Control interface This document describes the "CI/T" interface -- "CDNI Control
/ Triggers". It does not consider those parts of the control interface / Triggers". It does not consider those parts of the
interface that relate to configuration, bootstrapping or Control interface that relate to configuration, bootstrapping, or
authentication of CDN Interconnect interfaces. Section 4 of authentication of CDN Interconnect interfaces. Section 4 of
[RFC7337] identifies the requirements specific to the CI interface, [RFC7337] identifies the requirements specific to the CI/T interface;
requirements applicable to the CI/T interface are CI-1 to CI-6. requirements applicable to the CI/T interface are CI-1 to CI-6.
o Section 2 outlines the model for the CI/T Interface at a high o Section 2 outlines the model for the CI/T interface at a high
level. level.
o Section 3 describes collections of Trigger Status Resources. o Section 3 describes collections of Trigger Status Resources.
o Section 4 defines the web service provided by the dCDN. o Section 4 defines the web service provided by the downstream CDN.
o Section 5 lists properties of CI/T Commands and Status Resources. o Section 5 lists properties of CI/T Commands and Status Resources.
o Section 6 contains example messages. o Section 6 contains example messages.
1.1. Terminology 1.1. Terminology
This document reuses the terminology defined in [RFC6707] and uses This document reuses the terminology defined in [RFC6707] and uses
"uCDN" and "dCDN" as shorthand for "Upstream CDN" and "Downstream "uCDN" and "dCDN" as shorthand for "upstream CDN" and "downstream
CDN", respectively. CDN", respectively.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Model for CDNI Triggers 2. Model for CDNI Triggers
A CI/T Command, sent from the uCDN to the dCDN, is a request for the A CI/T Command, sent from the uCDN to the dCDN, is a request for the
dCDN to do some work relating to data associated with content dCDN to do some work relating to data associated with content
requests originating from the uCDN. requests originating from the uCDN.
There are two types of CI/T Command: CI/T Trigger Commands, and CI/T There are two types of CI/T Commands: CI/T Trigger Commands and CI/T
Cancel Commands. The CI/T Cancel Command can be used to request Cancel Commands. The CI/T Cancel Command can be used to request
cancellation of an earlier CI/T Trigger Command. A CI/T Trigger cancellation of an earlier CI/T Trigger Command. A CI/T Trigger
Command is of one of the following types: Command is of one of the following types:
o preposition - used to instruct the dCDN to fetch metadata from the o preposition - used to instruct the dCDN to fetch metadata from the
uCDN, or content from any origin including the uCDN. uCDN, or content from any origin including the uCDN.
o invalidate - used to instruct the dCDN to revalidate specific o invalidate - used to instruct the dCDN to revalidate specific
metadata or content before re-using it. metadata or content before reusing it.
o purge - used to instruct the dCDN to delete specific metadata or o purge - used to instruct the dCDN to delete specific metadata or
content. content.
The CI/T interface is a web service offered by the dCDN. It allows The CI/T interface is a web service offered by the dCDN. It allows
CI/T commands to be issued, and triggered activity to be tracked. CI/T Commands to be issued and allows triggered activity to be
The CI/T interface builds on top of HTTP/1.1 [RFC7230]. References tracked. The CI/T interface builds on top of HTTP/1.1 [RFC7230].
to URL in this document relate to http/https URIs, as defined in References to URL in this document relate to HTTP/HTTPS URIs, as
[RFC7230] section 2.7. defined in Section 2.7 of [RFC7230].
When the dCDN accepts a CI/T Command it creates a resource describing When the dCDN accepts a CI/T Command, it creates a resource
status of the triggered activity, a Trigger Status Resource. The describing the status of the triggered activity -- a Trigger Status
uCDN can poll Trigger Status Resources to monitor progress. Resource. The uCDN can poll Trigger Status Resources to monitor
progress.
The dCDN maintains at least one collection of Trigger Status The dCDN maintains at least one collection of Trigger Status
Resources for each uCDN. Each uCDN only has access to its own Resources for each uCDN. Each uCDN only has access to its own
collections, the locations of which are shared when CDN collections, the locations of which are shared when CDNI is
interconnection is established. established.
To trigger activity in the dCDN, the uCDN POSTs a CI/T Command to the To trigger activity in the dCDN, the uCDN POSTs a CI/T Command to the
collection of Trigger Status Resources. If the dCDN accepts the CI/T collection of Trigger Status Resources. If the dCDN accepts the CI/T
Command, it creates a new Trigger Status Resource and returns its Command, it creates a new Trigger Status Resource and returns its
location to the uCDN. To monitor progress, the uCDN can GET the location to the uCDN. To monitor progress, the uCDN can GET the
Trigger Status Resource. To request cancellation of a CI/T Trigger Trigger Status Resource. To request cancellation of a CI/T Trigger
Command the uCDN can POST to the collection of Trigger Status Command, the uCDN can POST to the collection of Trigger Status
Resources, or simply DELETE the Trigger Status Resource. Resources or simply delete the Trigger Status Resource.
In addition to the collection of all Trigger Status Resources for the In addition to the collection of all Trigger Status Resources for the
uCDN, the dCDN can maintain filtered views of that collection. These uCDN, the dCDN can maintain filtered views of that collection. These
filtered views are defined in Section 3 and include collections of filtered views are defined in Section 3 and include collections of
Trigger Status Resources corresponding to active and completed CI/T Trigger Status Resources corresponding to active and completed CI/T
Trigger Commands. These collections provide a mechanism for polling Trigger Commands. These collections provide a mechanism for polling
the status of multiple jobs. the status of multiple jobs.
Figure 1 is an example showing the basic message flow used by the Figure 1 is an example showing the basic message flow used by the
uCDN to trigger activity in the dCDN, and for the uCDN to discover uCDN to trigger activity in the dCDN and for the uCDN to discover the
the status of that activity. Only successful triggering is shown. status of that activity. Only successful triggering is shown.
Examples of the messages are given in Section 6. Examples of the messages are given in Section 6.
uCDN dCDN uCDN dCDN
| (1) POST https://dcdn.example.com/triggers/uCDN | | (1) POST https://dcdn.example.com/triggers/uCDN |
[ ] --------------------------------------------------> [ ]--+ [ ] --------------------------------------------------> [ ]--+
| [ ] | (2) | [ ] | (2)
| (3) HTTP 201 Response [ ]<-+ | (3) HTTP 201 Response [ ]<-+
[ ] <-------------------------------------------------- [ ] [ ] <-------------------------------------------------- [ ]
| Loc: https://dcdn.example.com/triggers/uCDN/123 | | Loc: https://dcdn.example.com/triggers/uCDN/123 |
| | | |
skipping to change at page 5, line 43 skipping to change at page 6, line 5
| (4) GET https://dcdn.example.com/triggers/uCDN/123 | | (4) GET https://dcdn.example.com/triggers/uCDN/123 |
[ ] --------------------------------------------------> [ ] [ ] --------------------------------------------------> [ ]
| [ ] | [ ]
| (5) HTTP 200 Trigger Status Resource [ ] | (5) HTTP 200 Trigger Status Resource [ ]
[ ] <-------------------------------------------------- [ ] [ ] <-------------------------------------------------- [ ]
| | | |
| | | |
Figure 1: Basic CDNI Message Flow for Triggers Figure 1: Basic CDNI Message Flow for Triggers
The steps in Figure 1 are: The steps in Figure 1 are as follows:
1. The uCDN triggers action in the dCDN by posting a CI/T Command to 1. The uCDN triggers action in the dCDN by POSTing a CI/T Command to
a collection of Trigger Status Resources, a collection of Trigger Status Resources --
"https://dcdn.example.com/triggers/uCDN". The URL of this was "https://dcdn.example.com/triggers/uCDN". This URL was given to
given to the uCDN when the CI/T interface was established. the uCDN when the CI/T interface was established.
2. The dCDN authenticates the request, validates the CI/T Command 2. The dCDN authenticates the request, validates the CI/T Command,
and, if it accepts the request, creates a new Trigger Status and, if it accepts the request, creates a new Trigger Status
Resource. Resource.
3. The dCDN responds to the uCDN with an HTTP 201 response status, 3. The dCDN responds to the uCDN with an HTTP 201 response status
and the location of the Trigger Status Resource. and the location of the Trigger Status Resource.
4. The uCDN can poll, possibly repeatedly, the Trigger Status 4. The uCDN can poll, possibly repeatedly, the Trigger Status
Resource in the dCDN. Resource in the dCDN.
5. The dCDN responds with the Trigger Status Resource, describing 5. The dCDN responds with the Trigger Status Resource, describing
progress or results of the CI/T Trigger Command. the progress or results of the CI/T Trigger Command.
The remainder of this document describes the messages, Trigger Status The remainder of this document describes the messages, Trigger Status
Resources, and collections of Trigger Status Resources in more Resources, and collections of Trigger Status Resources in more
detail. detail.
2.1. Timing of Triggered Activity 2.1. Timing of Triggered Activity
Timing of the execution of CI/T Commands is under the dCDN's control, Timing of the execution of CI/T Commands is under the dCDN's control,
including its start-time and pacing of the activity in the network. including its start time and pacing of the activity in the network.
CI/T invalidate and purge commands MUST be applied to all data CI/T "invalidate" and "purge" commands MUST be applied to all data
acquired before the command was accepted by the dCDN. The dCDN acquired before the command was accepted by the dCDN. The dCDN
SHOULD NOT apply CI/T invalidate and purge commands to data acquired SHOULD NOT apply CI/T "invalidate" and "purge" commands to data
after the CI/T Command was accepted, but this may not always be acquired after the CI/T Command was accepted, but this may not always
achievable so the uCDN cannot count on that. be achievable, so the uCDN cannot count on that.
If the uCDN wishes to invalidate or purge content then immediately If the uCDN wishes to invalidate or purge content and then
pre-position replacement content at the same URLs, it SHOULD ensure immediately pre-position replacement content at the same URLs, it
the dCDN has completed the invalidate/purge before initiating the SHOULD ensure that the dCDN has completed the invalidate/purge before
prepositioning. Otherwise, there is a risk that the dCDN pre- initiating the pre-positioning. Otherwise, there is a risk that the
positions the new content, then immediately invalidates or purges it dCDN pre-positions the new content, then immediately invalidates or
(as a result of the two uCDN requests running in parallel). purges it (as a result of the two uCDN requests running in parallel).
Because the CI/T Command timing is under the dCDN's control, the dCDN Because the CI/T Command timing is under the dCDN's control, the dCDN
implementation can choose whether to apply CI/T invalidate and purge implementation can choose whether to apply CI/T "invalidate" and
commands to content acquisition that has already started when the "purge" commands to content acquisition that has already started when
command is received. the command is received.
2.2. Scope of Triggered Activity 2.2. Scope of Triggered Activity
Each CI/T Command can operate on multiple metadata and content URLs. Each CI/T Command can operate on multiple metadata and content URLs.
Multiple representations of an HTTP resource may share the same URL. Multiple representations of an HTTP resource may share the same URL.
CI/T Trigger Commands that invalidate or purge metadata or content CI/T Trigger Commands that invalidate or purge metadata or content
apply to all resource representations with matching URLs. apply to all resource representations with matching URLs.
2.2.1. Multiple Interconnected CDNs 2.2.1. Multiple Interconnected CDNs
In a network of interconnected CDNs a single uCDN will originate a In a network of interconnected CDNs, a single uCDN will originate a
given item of metadata and associated content, it may distribute that given item of metadata and associated content. It may distribute
metadata and content to more than one dCDN, which may in-turn that metadata and content to more than one dCDN, which may in turn
distribute that metadata and content to further-downstream CDNs. distribute that metadata and content to CDNs located further
downstream.
An intermediate CDN is a dCDN that passes on CDNI metadata and An intermediate CDN is a dCDN that passes on CDNI Metadata and
content to further-downstream dCDNs. content to dCDNs located further downstream.
A diamond configuration is one where a dCDN can acquire metadata and A "diamond" configuration is one where a dCDN can acquire metadata
content originated in one uCDN from that uCDN itself and an and content originated in one uCDN from that uCDN itself and an
intermediate CDN, or via more than one intermediate CDN. intermediate CDN, or via more than one intermediate CDN.
CI/T commands originating in the single source uCDN affect metadata CI/T Commands originating in the single source uCDN affect metadata
and content in all dCDNs but, in a diamond configuration, it may not and content in all dCDNs; however, in a diamond configuration, it may
be possible for the dCDN to determine which uCDN it acquired content not be possible for the dCDN to determine which uCDN it acquired
from. In this case a dCDN MUST allow each uCDN from which it may content from. In this case, a dCDN MUST allow each uCDN from which
have acquired the content to act upon that content using CI/T it may have acquired the content to act upon that content using CI/T
Commands. Commands.
In all other cases, a dCDN MUST reject CI/T Commands from a uCDN that In all other cases, a dCDN MUST reject CI/T Commands from a uCDN that
act on another uCDN's data using, for example, HTTP "403 Forbidden". attempts to act on another uCDN's content by using, for example,
HTTP 403 ("Forbidden").
Security considerations are discussed further in Section 8. Security considerations are discussed further in Section 8.
The diamond configuration may lead to inefficient interactions, but The diamond configuration may lead to inefficient interactions, but
the interactions are otherwise harmless. For example: the interactions are otherwise harmless. For example:
o When the uCDN issues an invalidate CI/T command, a dCDN will o When the uCDN issues an "invalidate" CI/T Command, a dCDN will
receive that command from multiple directly connected uCDNs. The receive that command from multiple directly connected uCDNs. The
dCDN may schedule multiple those commands separately, and the last dCDN may schedule multiple such commands separately, and the last
may affect content already revalidated following execution of the scheduled command may affect content already revalidated following
invalidate command scheduled first. execution of the "invalidate" command that was scheduled first.
o If one of a dCDN's directly-connected uCDNs loses its rights to o If one of a dCDN's directly connected uCDNs loses its rights to
distribute content, it may issue a CI/T purge command. That purge distribute content, it may issue a CI/T "purge" command. That
may affect content the dCDN could retain because it's distributed purge may affect content the dCDN could retain because it's
by another directly-connected uCDN. But, that content can be re- distributed by another directly connected uCDN. But, that content
acquired by the dCDN from the remaining uCDN. can be reacquired by the dCDN from the remaining uCDN.
o When the uCDN originating an item of content issues a CI/T purge o When the uCDN originating an item of content issues a CI/T purge
followed by a preposition - two directly connected uCDNs will pass followed by a pre-position, two directly connected uCDNs will pass
those commands to a dCDN. That dCDN implementation need not merge those commands to a dCDN. That dCDN implementation need not merge
those operations, or notice the repetition. In which case the those operations or notice the repetition, in which case the purge
purge issued by one uCDN will complete before the other. The issued by one uCDN will complete before the other. The first uCDN
first uCDN to finish its purge may then forward the preposition to finish its purge may then forward the "preposition" trigger,
trigger, and content pre-positioned as a result might be affected and content pre-positioned as a result might be affected by the
by the still-running purge issued by the other uCDN. However, the still-running purge issued by the other uCDN. However, the dCDN
dCDN will re-acquire that content as needed, or when it's asked to will reacquire that content as needed, or when it's asked to
pre-position the content by the second uCDN. A dCDN pre-position the content by the second uCDN. A dCDN
implementation could avoid this interaction by knowing which uCDN implementation could avoid this interaction by knowing which uCDN
it acquired the content from, or it could minimize the it acquired the content from, or it could minimize the
consequences by recording the time at which the invalidate/purge consequences by recording the time at which the
command was received and not applying it to content acquired after "invalidate"/"purge" command was received and not applying it to
that time. content acquired after that time.
2.3. Trigger Results 2.3. Trigger Results
Possible states for a Trigger Status Resource are defined in section Possible states for a Trigger Status Resource are defined in
Section 5.2.3. Section 5.2.3.
The CI/T Trigger Command MUST NOT be reported as 'complete' until all The CI/T Trigger Command MUST NOT be reported as "complete" until all
actions have been completed successfully. The reasons for failure, actions have been completed successfully. The reasons for failure,
and URLs or Patterns affected, SHOULD be enumerated in the Trigger and URLs or patterns affected, SHOULD be enumerated in the Trigger
Status Resource. For more detail, see section Section 4.7. Status Resource. For more details, see Section 4.7.
If a dCDN is also acting as a uCDN in a cascade, it MUST forward CI/T If a dCDN is also acting as a uCDN in a cascade, it MUST forward CI/T
Commands to any downstream CDNs that may be affected. The CI/T Commands to any dCDNs that may be affected. The CI/T Trigger Command
Trigger Command MUST NOT be reported as 'complete' in a CDN until it MUST NOT be reported as "complete" in a CDN until it is "complete" in
is 'complete' in all of its downstream CDNs. If a CI/T Trigger all of its dCDNs. If a CI/T Trigger Command is reported as
Command is reported as 'processed' in any dCDN, intermediate CDNs "processed" in any dCDN, intermediate CDNs MUST NOT report
MUST NOT report 'complete', instead they MUST also report "complete"; instead, they MUST also report "processed". A CI/T
'processed'. A CI/T Command MAY be reported as 'failed' as soon as Command MAY be reported as "failed" as soon as it fails in a CDN or
it fails in a CDN or in any of its downstream CDNs. A cancelled CI/T in any of its dCDNs. A canceled CI/T Trigger Command MUST be
Trigger Command MUST be reported as 'cancelling' until it has been reported as "cancelling" until it has been reported as "cancelled",
reported as 'cancelled', 'complete', or 'failed' by all dCDNs in a "complete", or "failed" by all dCDNs in a cascade.
cascade.
3. Collections of Trigger Status Resources 3. Collections of Trigger Status Resources
As described in Section 2, Trigger Status Resources exist in the dCDN As described in Section 2, Trigger Status Resources exist in the dCDN
to report the status of activity triggered by each uCDN. to report the status of activity triggered by each uCDN.
A collection of Trigger Status Resources is a resource that contains A collection of Trigger Status Resources is a resource that contains
a reference to each Trigger Status Resource in that collection. a reference to each Trigger Status Resource in that collection.
The dCDN MUST make a collection of a uCDN's Trigger Status Resources The dCDN MUST make a collection of a uCDN's Trigger Status Resources
available to that uCDN. This collection includes all of the Trigger available to that uCDN. This collection includes all of the Trigger
Status Resources created for CI/T Commands from the uCDN that have Status Resources created for CI/T Commands from the uCDN that have
been accepted by the dCDN, and have not yet been deleted by the uCDN, been accepted by the dCDN, and have not yet been deleted by the uCDN,
or expired and removed by the dCDN (as described in section or expired and removed by the dCDN (as described in Section 4.4).
Section 4.4). Trigger Status Resources belonging to a uCDN MUST NOT Trigger Status Resources belonging to a uCDN MUST NOT be visible to
be visible to any other CDN. The dCDN could, for example, achieve any other CDN. The dCDN could, for example, achieve this by offering
this by offering different collection URLs to each uCDN, and by different collection URLs to each uCDN and by filtering the response
filtering the response based on the uCDN with which the HTTP client based on the uCDN with which the HTTP client is associated.
is associated.
To trigger activity in a dCDN, or to cancel triggered activity, the To trigger activity in a dCDN or to cancel triggered activity, the
uCDN POSTs a CI/T Command to the dCDN's collection of the uCDN's uCDN POSTs a CI/T Command to the dCDN's collection of the uCDN's
Trigger Status Resources. Trigger Status Resources.
In order to allow the uCDN to check the status of multiple jobs in a In order to allow the uCDN to check the status of multiple jobs in a
single request, the dCDN MAY also maintain collections representing single request, the dCDN MAY also maintain collections representing
filtered views of the collection of all Trigger Status Resources. filtered views of the collection of all Trigger Status Resources.
These filtered collections are optional-to-implement but, if These filtered collections are "optional-to-implement", but if they
implemented, the dCDN MUST include links to them in the collection of are implemented, the dCDN MUST include links to them in the
all Trigger Status Resources. The filtered collections are: collection of all Trigger Status Resources. The filtered
collections are:
o Pending - Trigger Status Resources for CI/T Trigger Commands that o Pending - Trigger Status Resources for CI/T Trigger Commands that
have been accepted, but not yet acted upon. have been accepted but not yet acted upon.
o Active - Trigger Status Resources for CI/T Trigger Commands that o Active - Trigger Status Resources for CI/T Trigger Commands that
are currently being processed in the dCDN. are currently being processed in the dCDN.
o Complete - Trigger Status Resources representing activity that o Complete - Trigger Status Resources representing activity that
completed successfully, and 'processed' CI/T Trigger Commands for completed successfully, and "processed" CI/T Trigger Commands for
which no further status updates will be made by the dCDN. which no further status updates will be made by the dCDN.
o Failed - Trigger Status Resources representing CI/T Commands that o Failed - Trigger Status Resources representing CI/T Commands that
failed or were cancelled by the uCDN. failed or were canceled by the uCDN.
4. CDNI Trigger Interface 4. CDNI Trigger Interface
This section describes an interface to enable an upstream CDN to This section describes an interface to enable a uCDN to trigger
trigger activity in a downstream CDN. activity in a dCDN.
The CI/T interface builds on top of HTTP, so dCDNs may make use of The CI/T interface builds on top of HTTP, so dCDNs may make use of
any HTTP feature when implementing the CI/T interface. For example, any HTTP feature when implementing the CI/T interface. For example,
a dCDN SHOULD make use of HTTP's caching mechanisms to indicate that a dCDN SHOULD make use of HTTP's caching mechanisms to indicate that
a requested response/representation has not been modified, reducing a requested response/representation has not been modified, reducing
the uCDN's processing needed to determine whether the status of the uCDN's processing needed to determine whether the status of
triggered activity has changed. triggered activity has changed.
All dCDNs implementing CI/T MUST support the HTTP GET, HEAD, POST and All dCDNs implementing CI/T MUST support the HTTP GET, HEAD, POST,
DELETE methods as defined in [RFC7231]. and DELETE methods as defined in [RFC7231].
The only representation specified in this document is JSON, The only representation specified in this document is JSON [RFC7159].
[RFC7159]. It MUST be supported by the uCDN and by the dCDN. It MUST be supported by the uCDN and by the dCDN.
The URL of the dCDN's collection of all Trigger Status Resources The URL of the dCDN's collection of all Trigger Status Resources
needs to be either discovered by, or configured in, the uCDN. The needs to be either discovered by or configured in the uCDN. The
mechanism for discovery of that URL is outside the scope of this mechanism for discovery of that URL is outside the scope of this
document. document.
CI/T Commands are POSTed to the dCDN's collection of all Trigger CI/T Commands are POSTed to the dCDN's collection of all Trigger
Status Resources. If a CI/T Trigger Command is accepted by the dCDN, Status Resources. If a CI/T Trigger Command is accepted by the dCDN,
the dCDN creates a new Trigger Status Resource and returns its URI to the dCDN creates a new Trigger Status Resource and returns its URI to
the uCDN in an HTTP 201 response. The triggered activity can then be the uCDN in an HTTP 201 response. The triggered activity can then be
monitored by the uCDN using that resource and the collections monitored by the uCDN using that resource and the collections
described in Section 3. described in Section 3.
The URI of each Trigger Status Resource is returned to the uCDN when The URI of each Trigger Status Resource is returned to the uCDN when
it is created, and URIs of all Trigger Status Resources are listed in it is created, and URIs of all Trigger Status Resources are listed in
the dCDN's collection of all Trigger Status Resources. This means the dCDN's collection of all Trigger Status Resources. This means
all Trigger Status Resources can be discovered by the uCDN, so dCDNs all Trigger Status Resources can be discovered by the uCDN, so dCDNs
are free to assign whatever structure they desire to the URIs for CI/ are free to assign whatever structure they desire to the URIs for
T resources. Therefore uCDNs MUST NOT make any assumptions regarding CI/T resources. Therefore, uCDNs MUST NOT make any assumptions
the structure of CI/T URIs or the mapping between CI/T objects and regarding the structure of CI/T URIs or the mapping between CI/T
their associated URIs. URIs present in the examples in this document objects and their associated URIs. URIs present in the examples in
are purely illustrative and are not intended to impose a definitive this document are purely illustrative and are not intended to impose
structure on CI/T interface implementations. a definitive structure on CI/T interface implementations.
4.1. Creating Triggers 4.1. Creating Triggers
To issue a CI/T Command, the uCDN makes an HTTP POST to the dCDN's To issue a CI/T Command, the uCDN makes an HTTP POST to the dCDN's
collection of all of the uCDN's Trigger Status Resources. The collection of all of the uCDN's Trigger Status Resources. The
request body of that POST is a CI/T Command, as described in request body of that POST is a CI/T Command, as described in
Section 5.1.1. Section 5.1.1.
The dCDN validates the CI/T Command. If the command is malformed or The dCDN validates the CI/T Command. If the command is malformed or
the uCDN does not have sufficient access rights, the dCDN MUST either the uCDN does not have sufficient access rights, the dCDN MUST either
respond with an appropriate 4xx HTTP error code and not create a respond with an appropriate 4xx HTTP error code and not create a
Trigger Status Resource, or create a 'failed' Trigger Status Resource Trigger Status Resource or create a "failed" Trigger Status Resource
containing an appropriate error description. containing an appropriate Error Description.
When a CI/T Trigger Command is accepted, the uCDN MUST create a new When a CI/T Trigger Command is accepted, the uCDN MUST create a new
Trigger Status Resource which will convey a specification of the CI/T Trigger Status Resource that will convey a specification of the CI/T
Command and its current status. The HTTP response to the dCDN MUST Command and its current status. The HTTP response to the dCDN MUST
have status code 201 and MUST convey the URI of the Trigger Status have status code 201 and MUST convey the URI of the Trigger Status
Resource in the Location header field. The HTTP response SHOULD Resource in the Location header field [RFC7231]. The HTTP response
include the content of the newly created Trigger Status Resource. SHOULD include the content of the newly created Trigger Status
This is particularly important in cases where the CI/T Trigger Resource. This is particularly important in cases where the CI/T
Command has completed immediately. Trigger Command has completed immediately.
Once a Trigger Status Resource has been created the dCDN MUST NOT re- Once a Trigger Status Resource has been created, the dCDN MUST NOT
use its URI, even after that Trigger Status Resource has been reuse its URI, even after that Trigger Status Resource has been
removed. removed.
The dCDN SHOULD track and report on progress of CI/T Trigger Commands The dCDN SHOULD track and report on the progress of CI/T Trigger
using a Trigger Status Resource, Section 5.1.2. If the dCDN is not Commands using a Trigger Status Resource (Section 5.1.2). If the
able to do that, it MUST indicate that it has accepted the request dCDN is not able to do that, it MUST indicate that it has accepted
but will not be providing further status updates. To do this, it the request but will not be providing further status updates. To do
sets the status of the Trigger Status Resource to "processed". In this, it sets the status of the Trigger Status Resource to
this case, CI/T processing should continue as for a "complete" "processed". In this case, CI/T processing should continue as for a
request, so the Trigger Status Resource MUST be added to the dCDN's "complete" request, so the Trigger Status Resource MUST be added to
collection of Complete Trigger Status Resources. The dCDN SHOULD the dCDN's collection of complete Trigger Status Resources. The dCDN
also provide an estimated completion time for the request, by using SHOULD also provide an estimated completion time for the request by
the "etime" property of the Trigger Status Resource. This will allow using the "etime" property of the Trigger Status Resource. This will
the uCDN to schedule prepositioning after an earlier delete of the allow the uCDN to schedule pre-positioning after an earlier delete of
same URLs is expected to have finished. the same URLs is expected to have finished.
If the dCDN is able to track the execution of CI/T Commands and a CI/ If the dCDN is able to track the execution of CI/T Commands and a
T Command is queued by the dCDN for later action, the status property CI/T Command is queued by the dCDN for later action, the "status"
of the Trigger Status Resource MUST be "pending". Once processing property of the Trigger Status Resource MUST be "pending". Once
has started the "status" MUST be "active". Finally, once the CI/T processing has started, the status MUST be "active". Finally, once
Command is complete, the status MUST be set to "complete" or the CI/T Command is complete, the status MUST be set to "complete" or
"failed". "failed".
A CI/T Trigger Command may result in no activity in the dCDN if, for A CI/T Trigger Command may result in no activity in the dCDN if, for
example, it is an invalidate or purge request for data the dCDN has example, it is an "invalidate" or "purge" request for data the dCDN
not yet acquired, or a pre-position request for data it has already has not yet acquired, or a "preposition" request for data that it has
acquired and which is still valid. In this case, the "status" of the already acquired and that is still valid. In this case, the status
Trigger Status Resource MUST be "processed" or "complete", and the of the Trigger Status Resource MUST be "processed" or "complete", and
Trigger Status Resource MUST be added to the dCDN's collection of the Trigger Status Resource MUST be added to the dCDN's collection of
Complete Trigger Status Resources. complete Trigger Status Resources.
Once created, Trigger Status Resources can be cancelled or deleted by Once created, Trigger Status Resources can be canceled or deleted by
the uCDN, but not modified. The dCDN MUST reject PUT and POST the uCDN, but not modified. The dCDN MUST reject PUT and POST
requests from the uCDN to Trigger Status Resources by responding with requests from the uCDN to Trigger Status Resources by responding with
an appropriate HTTP status code, for example 405 "Method Not an appropriate HTTP status code -- for example, 405 ("Method Not
Allowed". Allowed").
4.2. Checking Status 4.2. Checking Status
The uCDN has two ways to check progress of CI/T Commands it has The uCDN has two ways to check the progress of CI/T Commands it has
issued to the dCDN, described in sections Section 4.2.1 and issued to the dCDN, as described in Sections 4.2.1 and 4.2.2.
Section 4.2.2.
To allow the uCDN to check for change in status of a Trigger Status To allow the uCDN to check for changes in the status of a Trigger
Resource or collection of Trigger Status Resources without re- Status Resource or collection of Trigger Status Resources without
fetching the whole Resource or Collection, the dCDN SHOULD include refetching the whole resource or collection, the dCDN SHOULD include
Entity Tags for the uCDN to use as cache validators, as defined in entity-tags (ETags) for the uCDN to use as cache validators, as
[RFC7232]. defined in [RFC7232].
The dCDN SHOULD use the cache control headers for responses to GETs The dCDN SHOULD use the cache control headers for responses to GETs
for Trigger Status Resources and Collections to indicate the for Trigger Status Resources and Collections to indicate the
frequency at which it recommends the uCDN should poll for change. frequency at which it recommends that the uCDN should poll for
change.
4.2.1. Polling Trigger Status Resource collections 4.2.1. Polling Trigger Status Resource Collections
The uCDN can fetch the collection of its Trigger Status Resources, or The uCDN can fetch the collection of its Trigger Status Resources or
filtered views of that collection. filtered views of that collection.
This makes it possible to poll status of all CI/T Trigger Commands in This makes it possible to poll the status of all CI/T Trigger
a single request. If the dCDN moves a Trigger Status Resource from Commands in a single request. If the dCDN moves a Trigger Status
the Active to the Completed collection, the uCDN can fetch the result Resource from the active to the completed collection, the uCDN can
of that activity. fetch the result of that activity.
When polling in this way, the uCDN SHOULD use HTTP Entity Tags to When polling in this way, the uCDN SHOULD use HTTP ETags to monitor
monitor for change, rather than repeatedly fetching the whole for change, rather than repeatedly fetching the whole collection. An
collection. An example of this is given in section Section 6.2.4. example of this is given in Section 6.2.4.
4.2.2. Polling Trigger Status Resources 4.2.2. Polling Trigger Status Resources
The uCDN has a URI provided by the dCDN for each Trigger Status The uCDN has a URI provided by the dCDN for each Trigger Status
Resource it has created, it may fetch that Trigger Status Resource at Resource it has created. It may fetch that Trigger Status Resource
any time. at any time.
This can be used to retrieve progress information, and to fetch the This can be used to retrieve progress information and to fetch the
result of the CI/T Command. result of the CI/T Command.
When polling in this way, the uCDN SHOULD use HTTP Entity Tags to When polling in this way, the uCDN SHOULD use HTTP ETags to monitor
monitor for change, rather than repeatedly fetching the Trigger for change, rather than repeatedly fetching the Trigger Status
Status Resource. Resource.
4.3. Cancelling Triggers 4.3. Canceling Triggers
The uCDN can request cancellation of a CI/T Trigger Command by The uCDN can request cancellation of a CI/T Trigger Command by
POSTing a CI/T Cancel Command to the collection of all Trigger Status POSTing a CI/T Cancel Command to the collection of all Trigger Status
Resources. Resources.
The dCDN is required to accept and respond to the CI/T Cancel The dCDN is required to accept and respond to the CI/T Cancel
Command, but the actual cancellation of a CI/T Trigger Command is Command, but the actual cancellation of a CI/T Trigger Command is
optional-to-implement. optional-to-implement.
The dCDN MUST respond to the CI/T Cancel Command appropriately, for The dCDN MUST respond to the CI/T Cancel Command appropriately -- for
example with HTTP status code 200 "OK" if the cancellation has been example, with HTTP status code 200 ("OK") if the cancellation has
processed and the CI/T Command is inactive, 202 "Accepted" if the been processed and the CI/T Command is inactive, 202 ("Accepted") if
command has been accepted but the CI/T Command remains active, or 501 the command has been accepted but the CI/T Command remains active, or
"Not Implemented" if cancellation is not supported by the dCDN. 501 ("Not Implemented") if cancellation is not supported by the dCDN.
If cancellation of a "pending" Trigger Status Resource is accepted by If cancellation of a "pending" Trigger Status Resource is accepted by
the dCDN, the dCDN SHOULD NOT start processing of that activity. the dCDN, the dCDN SHOULD NOT start the processing of that activity.
Issuing a CT/T Cancel Command for a "pending" Trigger Status Resource Issuing a CI/T Cancel Command for a "pending" Trigger Status Resource
does not however guarantee that the corresponding activity will not does not, however, guarantee that the corresponding activity will not
be started, because the uCDN cannot control the timing of that be started, because the uCDN cannot control the timing of that
activity. Processing could, for example, start after the POST is activity. Processing could, for example, start after the POST is
sent by the uCDN but before that request is processed by the dCDN. sent by the uCDN but before that request is processed by the dCDN.
If cancellation of an "active" or "processed" Trigger Status Resource If cancellation of an "active" or "processed" Trigger Status Resource
is accepted by the dCDN, the dCDN SHOULD stop processing the CI/T is accepted by the dCDN, the dCDN SHOULD stop processing the CI/T
Command. However, as with cancellation of a "pending" CI/T Command, Command. However, as with cancellation of a "pending" CI/T Command,
the dCDN does not guarantee this. the dCDN does not guarantee this.
If the CI/T Command cannot be stopped immediately, the status in the If the CI/T Command cannot be stopped immediately, the status in the
corresponding Trigger Status Resource MUST be set to "cancelling", corresponding Trigger Status Resource MUST be set to "cancelling",
and the Trigger Status Resource MUST remain in the collection of and the Trigger Status Resource MUST remain in the collection of
Trigger Status Resources for active CI/T Commands. If processing is Trigger Status Resources for active CI/T Commands. If processing is
stopped before normal completion, the status value in the Trigger stopped before normal completion, the status value in the Trigger
Status Resource MUST be set to "cancelled", and the Trigger Status Status Resource MUST be set to "cancelled", and the Trigger Status
Resource MUST be included in the collection of failed CT/T Trigger Resource MUST be included in the collection of failed CI/T Trigger
Commands. Commands.
Cancellation of a "complete" or "failed" Trigger Status Resource Cancellation of a "complete" or "failed" Trigger Status Resource
requires no processing in the dCDN. Its status MUST NOT be changed requires no processing in the dCDN. Its status MUST NOT be changed
to "cancelled". to "cancelled".
4.4. Deleting Triggers 4.4. Deleting Triggers
The uCDN can delete Trigger Status Resources at any time, using the The uCDN can delete Trigger Status Resources at any time, using the
HTTP DELETE method. The effect is similar to cancellation, but no HTTP DELETE method. The effect is similar to cancellation, but no
Trigger Status Resource remains afterwards. Trigger Status Resource remains afterwards.
Once deleted, the references to a Trigger Status Resource MUST be Once deleted, the references to a Trigger Status Resource MUST be
removed from all Trigger Status Resource collections. Subsequent removed from all Trigger Status Resource collections. Subsequent
requests to GET the deleted Trigger Status Resource SHOULD be requests to GET the deleted Trigger Status Resource SHOULD be
rejected by the dCDN with an HTTP error. rejected by the dCDN with an HTTP error.
If a "pending" Trigger Status Resource is deleted, the dCDN SHOULD If a "pending" Trigger Status Resource is deleted, the dCDN
NOT start processing of that activity. Deleting a "pending" Trigger SHOULD NOT start the processing of that activity. Deleting a
Status Resource does not however guarantee that it has not started "pending" Trigger Status Resource does not, however, guarantee that
because the uCDN cannot control the timing of that activity. it has not started, because the uCDN cannot control the timing of
Processing may, for example, start after the DELETE is sent by the that activity. Processing may, for example, start after the DELETE
uCDN but before that request is processed by the dCDN. is sent by the uCDN but before that request is processed by the dCDN.
If an "active" or "processed" Trigger Status Resource is deleted, the If an "active" or "processed" Trigger Status Resource is deleted, the
dCDN SHOULD stop processing the CI/T Command. However, as with dCDN SHOULD stop processing the CI/T Command. However, as with
deletion of a "pending" Trigger Status Resource, the dCDN does not deletion of a "pending" Trigger Status Resource, the dCDN does not
guarantee this. guarantee this.
Deletion of a "complete" or "failed" Trigger Status Resource requires Deletion of a "complete" or "failed" Trigger Status Resource requires
no processing in the dCDN other than deletion of the Trigger Status no processing in the dCDN other than deletion of the Trigger Status
Resource. Resource.
4.5. Expiry of Trigger Status Resources 4.5. Expiry of Trigger Status Resources
The dCDN can choose to automatically delete Trigger Status Resources The dCDN can choose to automatically delete Trigger Status Resources
some time after they become "complete", "processed", "failed" or some time after they become "complete", "processed", "failed", or
"cancelled". In this case, the dCDN will remove the Trigger Status "cancelled". In this case, the dCDN will remove the Trigger Status
Resource and respond to subsequent requests for it with an HTTP Resource and respond to subsequent requests for it with an HTTP
error. error.
If the dCDN does remove Trigger Status Resources automatically, it If the dCDN does remove Trigger Status Resources automatically, it
MUST report the length of time after which it will do so, using a MUST report the length of time after which it will do so, using a
property of the collection of all Trigger Status Resources. It is property of the collection of all Trigger Status Resources. It is
RECOMMENDED that Trigger Status Resources are not automatically RECOMMENDED that Trigger Status Resources are not automatically
deleted by the dCDN for at least 24 hours after they become deleted by the dCDN for at least 24 hours after they become
"complete", "processed", "failed" or "cancelled". "complete", "processed", "failed", or "cancelled".
To ensure it is able to get the status of its Trigger Status To ensure that it is able to get the status of its Trigger Status
Resources for completed and failed CI/T Commands, it is RECOMMENDED Resources for completed and failed CI/T Commands, it is RECOMMENDED
that the uCDN polling interval is less than the time after which that the uCDN polling interval is less than the time after which
records for completed activity will be deleted. records for completed activity will be deleted.
4.6. Loop Detection and Prevention 4.6. Loop Detection and Prevention
Given three CDNs, A, B and C, if CDNs B and C delegate delivery of Given three CDNs, A, B, and C, if CDNs B and C delegate delivery of
CDN A's content to each other, CDN A's CI/T Commands could be passed CDN A's content to each other, CDN A's CI/T Commands could be passed
between CDNs B and C in a loop. More complex networks of CDNs could between CDNs B and C in a loop. More complex networks of CDNs could
contain similar loops involving more hops. contain similar loops involving more hops.
In order to prevent and detect such CI/T loops, each CDN uses a CDN In order to prevent and detect such CI/T loops, each CDN uses a CDN
Provider ID to uniquely identify itself. In every CI/T Command it Provider ID (PID) to uniquely identify itself. In every CI/T Command
originates or cascades, each CDN MUST append an array element it originates or cascades, each CDN MUST append an array element
containing its CDN Provider ID to a JSON array under an entry named containing its CDN PID to a JSON array under an entry named
"cdn-path". When receiving CI/T Commands a dCDN MUST check the cdn- "cdn-path". When receiving CI/T Commands, a dCDN MUST check the
path and reject any CI/T Command which already contains its own CDN cdn-path and reject any CI/T Command that already contains its own
Provider ID in the cdn-path. Transit CDNs MUST check the cdn-path CDN PID in the cdn-path. Transit CDNs MUST check the cdn-path and
and not cascade the CI/T Command to dCDNs that are already listed in not cascade the CI/T Command to dCDNs that are already listed in the
cdn-path. cdn-path.
The CDN Provider Id consists of the two characters "AS" followed by The CDN PID consists of the two characters "AS" followed by the CDN
the CDN Provider's Autonomous System number [RFC1930], then a colon provider's Autonomous System number [RFC1930], then a colon (":") and
(':') and an additional qualifier that is used to guarantee an additional qualifier that is used to guarantee uniqueness in case
uniqueness in case a particular AS has multiple independent CDNs a particular AS has multiple independent CDNs deployed -- for
deployed. For example "AS64496:0". example, "AS64496:0".
If the CDN provider has multiple Autonomous Systems, the same AS If the CDN provider has multiple ASes, the same AS number SHOULD be
number SHOULD be used in all messages from that CDN provider, unless used in all messages from that CDN provider, unless there are
there are multiple distinct CDNs. multiple distinct CDNs.
If the RI interface described in [I-D.ietf-cdni-redirection] is If the CDNI Request Routing Redirection interface (RI) described in
implemented by the dCDN, the CI/T and RI interfaces SHOULD use the [RFC7975] is implemented by the dCDN, the CI/T interface and the RI
same CDN Provider Id. SHOULD use the same CDN PID.
4.7. Error Handling 4.7. Error Handling
A dCDN can signal rejection of a CI/T Command using HTTP status A dCDN can signal rejection of a CI/T Command using HTTP status codes
codes. For example, 400 if the request is malformed, or 403 or 404 -- for example, 400 ("Bad Request") if the request is malformed, or
if the uCDN does not have permission to issue CI/T Commands or it is 403 ("Forbidden") or 404 ("Not Found") if the uCDN does not have
trying to act on another CDN's data. permission to issue CI/T Commands or it is trying to act on another
CDN's data.
If any part of the CI/T Trigger Command fails, the trigger SHOULD be If any part of the CI/T Trigger Command fails, the trigger SHOULD be
reported as "failed" once its activity is complete or if no further reported as "failed" once its activity is complete or if no further
errors will be reported. The "errors" property in the Trigger Status errors will be reported. The "errors" property in the Trigger Status
Resource will be used to enumerate which actions failed and the Resource will be used to enumerate which actions failed and the
reasons for failure, and can be present while the Trigger Status reasons for failure, and can be present while the Trigger Status
Resource is still "pending" or "active", if the CI/T Trigger Command Resource is still "pending" or "active", if the CI/T Trigger Command
is still running for some URLs or Patterns in the Trigger is still running for some URLs or patterns in the Trigger
Specification. Specification.
Once a request has been accepted, processing errors are reported in Once a request has been accepted, processing errors are reported in
the Trigger Status Resource using a list of Error Descriptions. Each the Trigger Status Resource using a list of Error Descriptions. Each
Error Description is used to report errors against one or more of the Error Description is used to report errors against one or more of the
URLs or Patterns in the Trigger Specification. URLs or patterns in the Trigger Specification.
If a surrogate affected by a CI/T Trigger Command is offline in the If a Surrogate affected by a CI/T Trigger Command is offline in the
dCDN, or the dCDN is unable to pass a CI/T Command on to any of its dCDN or the dCDN is unable to pass a CI/T Command on to any of its
cascaded dCDNs: cascaded dCDNs:
o If the CI/T Command is abandoned by the dCDN, the dCDN SHOULD o If the CI/T Command is abandoned by the dCDN, the dCDN SHOULD
report an error. report an error.
o A CI/T "invalidate" command may be reported as "complete" when o A CI/T "invalidate" command may be reported as "complete" when
surrogates that may have the data are offline. In this case, Surrogates that may have the data are offline. In this case,
surrogates MUST NOT use the affected data without first Surrogates MUST NOT use the affected data without first
revalidating it when they are back online. revalidating it when they are back online.
o CI/T "preposition" and "purge" commands can be reported as o CI/T "preposition" and "purge" commands can be reported as
"processed" if affected caches are offline and the activity will "processed" if affected caches are offline and the activity will
complete when they return to service. complete when they return to service.
o Otherwise, the dCDN SHOULD keep the Trigger Status Resource in o Otherwise, the dCDN SHOULD keep the Trigger Status Resource in
state "pending" or "active" until the CI/T Command is acted upon, state "pending" or "active" until either the CI/T Command is acted
or the uCDN chooses to cancel it. upon or the uCDN chooses to cancel it.
4.8. Content URLs 4.8. Content URLs
If content URLs are transformed by an intermediate CDN in a cascade, If content URLs are transformed by an intermediate CDN in a cascade,
that intermediate CDN MUST similarly transform URLs in CI/T Commands that intermediate CDN MUST similarly transform URLs in CI/T Commands
it passes to its dCDN. it passes to its dCDN.
When processing Trigger Specifications, CDNs MUST ignore the URL When processing Trigger Specifications, CDNs MUST ignore the URL
scheme (http or https) in comparing URLs. For example, for a CI/T scheme (HTTP or HTTPS) in comparing URLs. For example, for a CI/T
invalidate or purge command, content MUST be invalidated or purged "invalidate" or "purge" command, content MUST be invalidated or
regardless of the protocol clients use to request it. purged regardless of the protocol clients used to request it.
5. CI/T Object Properties and Encoding 5. CI/T Object Properties and Encoding
The CI/T Commands, Trigger Status Resources and Trigger Collections The CI/T Commands, Trigger Status Resources, and Trigger Collections,
and their properties are encoded using JSON, as defined in sections as well as their properties, are encoded using JSON, as defined in
Section 5.1.1, Section 5.2.1, and Section 5.1.2. They MUST use the Sections 5.1.1, 5.1.2, and 5.1.3. They MUST use the MIME media type
MIME Media Type 'application/cdni', with parameter 'ptype' values as "application/cdni", with parameter "ptype" values as defined below
defined below and in Section 7.1. and in Section 7.1.
Names in JSON are case sensitive. The names and literal values Names in JSON are case sensitive. The names and literal values
specified in the present document MUST always use lower-case. specified in the present document MUST always use lowercase.
JSON types, including 'object', 'array', 'number' and 'string' are JSON types, including "object", "array", "number", and "string", are
defined in [RFC7159]. defined in [RFC7159].
Unrecognised name/value pairs in JSON objects SHOULD NOT be treated Unrecognized name/value pairs in JSON objects SHOULD NOT be treated
as an error by either the uCDN or dCDN. They SHOULD be ignored in as an error by either the uCDN or dCDN. They SHOULD be ignored
the processing, and passed on by dCDN to any further dCDNs in a during processing and passed on by the dCDN to any further dCDNs in a
cascade. cascade.
5.1. CI/T Objects 5.1. CI/T Objects
The top-level objects defined by the CI/T interface are described in The top-level objects defined by the CI/T interface are described in
this section. this section.
The encoding of values used by these objects is described in The encoding of values used by these objects is described in
Section 5.2. Section 5.2.
5.1.1. CI/T Commands 5.1.1. CI/T Commands
CI/T Commands MUST use a MIME Media Type of 'application/cdni; CI/T Commands MUST use a MIME media type of "application/cdni;
ptype=ci-trigger-command'. ptype=ci-trigger-command".
A CI/T Command is encoded as a JSON object containing the following A CI/T Command is encoded as a JSON object containing the following
name/value pairs. name/value pairs.
Name: trigger Name: trigger
Description: A specification of the trigger type, and a set of
Description: A specification of the trigger type and a set of
data to act upon. data to act upon.
Value: A Trigger Specification, as defined in Section 5.2.1. Value: A Trigger Specification, as defined in Section 5.2.1.
Mandatory: No, but exactly one of "trigger" or "cancel" MUST be Mandatory: No, but exactly one of "trigger" or "cancel" MUST be
present in a CI/T Command. present in a CI/T Command.
Name: cancel Name: cancel
Description: The URLs of Trigger Status Resources for CI/T Description: The URLs of Trigger Status Resources for CI/T
Trigger Commands that the uCDN wants to cancel. Trigger Commands that the uCDN wants to cancel.
Value: A non-empty JSON array of URLs represented as JSON Value: A non-empty JSON array of URLs represented as JSON
strings. strings.
Mandatory: No, but exactly one of "trigger" or "cancel" MUST be Mandatory: No, but exactly one of "trigger" or "cancel" MUST be
present in a CI/T Command. present in a CI/T Command.
Name: cdn-path Name: cdn-path
Description: The CDN Provider Identifiers of CDNs that have Description: The CDN PIDs of CDNs that have already issued the
already issued the CI/T Command to their dCDNs. CI/T Command to their dCDNs.
Value: A non-empty JSON array of JSON strings, where each Value: A non-empty JSON array of JSON strings, where each
string is a CDN Provider Identifier as defined in Section 4.6. string is a CDN PID as defined in Section 4.6.
Mandatory: Yes. Mandatory: Yes.
5.1.2. Trigger Status Resource 5.1.2. Trigger Status Resources
Trigger Status Resources MUST use a MIME Media Type of 'application/ Trigger Status Resources MUST use a MIME media type of
cdni; ptype=ci-trigger-status'. "application/cdni; ptype=ci-trigger-status".
A Trigger Status Resource is encoded as a JSON object containing the A Trigger Status Resource is encoded as a JSON object containing the
following name/value pairs. following name/value pairs.
Name: trigger Name: trigger
Description: The Trigger Specification posted in the body of Description: The Trigger Specification POSTed in the body of
the CI/T Command. Note that this need not be a byte-for-byte the CI/T Command. Note that this need not be a byte-for-byte
copy. For example, in the JSON representation the dCDN may re- copy. For example, in the JSON representation the dCDN may
serialise the information differently. re-serialize the information differently.
Value: A Trigger Specification, as defined in Section 5.2.1. Value: A Trigger Specification, as defined in Section 5.2.1.
Mandatory: Yes Mandatory: Yes.
Name: ctime Name: ctime
Description: Time at which the CI/T Command was received by the Description: Time at which the CI/T Command was received by the
dCDN. Time is determined by the dCDN, there is no requirement dCDN. Time is determined by the dCDN; there is no requirement
to synchronise clocks between interconnected CDNs. to synchronize clocks between interconnected CDNs.
Value: Absolute Time, as defined in Section 5.2.5. Value: Absolute Time, as defined in Section 5.2.5.
Mandatory: Yes Mandatory: Yes.
Name: mtime Name: mtime
Description: Time at which the Trigger Status Resource was last Description: Time at which the Trigger Status Resource was last
modified. Time is determined by the dCDN, there is no modified. Time is determined by the dCDN; there is no
requirement to synchronise clocks between interconnected CDNs. requirement to synchronize clocks between interconnected CDNs.
Value: Absolute Time, as defined in Section 5.2.5. Value: Absolute Time, as defined in Section 5.2.5.
Mandatory: Yes Mandatory: Yes.
Name: etime Name: etime
Description: Estimate of the time at which the dCDN expects to Description: Estimate of the time at which the dCDN expects to
complete the activity. Time is determined by the dCDN, there complete the activity. Time is determined by the dCDN; there
is no requirement to synchronise clocks between interconnected is no requirement to synchronize clocks between interconnected
CDNs. CDNs.
Value: Absolute Time, as defined in Section 5.2.5. Value: Absolute Time, as defined in Section 5.2.5.
Mandatory: No Mandatory: No.
Name: status Name: status
Description: Current status of the triggered activity. Description: Current status of the triggered activity.
Value: Trigger Status, as defined in Section 5.2.3. Value: Trigger Status, as defined in Section 5.2.3.
Mandatory: Yes Mandatory: Yes.
Name: errors Name: errors
Description: Descriptions of errors that have occurred while Description: Descriptions of errors that have occurred while
processing a Trigger Command. processing a Trigger Command.
Value: An array of Error Description, as defined in Value: An array of Error Descriptions, as defined in
Section 5.2.6. An empty array is allowed, and equivalent to Section 5.2.6. An empty array is allowed and is equivalent to
omitting "errors" from the object. omitting "errors" from the object.
Mandatory: No. Mandatory: No.
5.1.3. Trigger Collection 5.1.3. Trigger Collections
Trigger Collections MUST use a MIME Media Type of 'application/cdni; Trigger Collections MUST use a MIME media type of "application/cdni;
ptype=ci-trigger-collection'. ptype=ci-trigger-collection".
A Trigger Collection is encoded as a JSON object containing the A Trigger Collection is encoded as a JSON object containing the
following name/value pairs. following name/value pairs.
Name: triggers Name: triggers
Description: Links to Trigger Status Resources in the Description: Links to Trigger Status Resources in the
collection. collection.
Value: A JSON array of zero or more URLs, represented as JSON Value: A JSON array of zero or more URLs, represented as JSON
strings. strings.
Mandatory: Yes Mandatory: Yes.
Name: staleresourcetime Name: staleresourcetime
Description: The length of time for which the dCDN guarantees Description: The length of time for which the dCDN guarantees
to keep a completed Trigger Status Resource. After this time, to keep a completed Trigger Status Resource. After this time,
the dCDN SHOULD delete the Trigger Status Resource and all the dCDN SHOULD delete the Trigger Status Resource and all
references to it from collections. references to it from collections.
Value: A JSON number, which must be a positive integer, Value: A JSON number, which must be a positive integer,
representing time in seconds. representing time in seconds.
Mandatory: Yes, in the collection of all Trigger Status Mandatory: Yes, in the collection of all Trigger Status
Resources if the dCDN deletes stale entries. If the property Resources if the dCDN deletes stale entries. If the property
is present in the filtered collections, it MUST have the same is present in the filtered collections, it MUST have the same
value as in the collection of all Trigger Status Resources. value as in the collection of all Trigger Status Resources.
Names: coll-all, coll-pending, coll-active, coll-complete, coll- Names: coll-all, coll-pending, coll-active, coll-complete,
failed coll-failed
Description: Link to a Trigger Collection. Description: Link to a Trigger Collection.
Value: A URL represented as a JSON string. Value: A URL represented as a JSON string.
Mandatory: Links to all of the filtered collections are Mandatory: Links to all of the filtered collections are
mandatory in the collection of all Trigger Status Resources, if mandatory in the collection of all Trigger Status Resources, if
the dCDN implements the filtered collections. Otherwise, the dCDN implements the filtered collections. Otherwise,
optional. optional.
Name: cdn-id Name: cdn-id
Description: The CDN Provider Identifier of the dCDN.
Value: A JSON string, the dCDN's CDN Provider Identifier, as Description: The CDN PID of the dCDN.
defined in Section 4.6.
Value: A JSON string, the dCDN's CDN PID, as defined in
Section 4.6.
Mandatory: Only in the collection of all Trigger Status Mandatory: Only in the collection of all Trigger Status
Resources, if the dCDN implements the filtered collections. Resources, if the dCDN implements the filtered collections.
Optional in the filtered collections (the uCDN can always find Optional in the filtered collections (the uCDN can always find
the dCDN's cdn-id in the collection of all Trigger Status the dCDN's cdn-id in the collection of all Trigger Status
Resources, but the dCDN can choose to repeat that information Resources, but the dCDN can choose to repeat that information
in its implementation of filtered collections). in its implementation of filtered collections).
5.2. Properties of CI/T Objects 5.2. Properties of CI/T Objects
This section defines the values that can appear in the top level This section defines the values that can appear in the top-level
objects described in Section 5.1, and their encodings. objects described in Section 5.1, and their encodings.
5.2.1. Trigger Specification 5.2.1. Trigger Specification
A Trigger Collection is encoded as a JSON object containing the A Trigger Collection is encoded as a JSON object containing the
following name/value pairs. following name/value pairs.
An unrecognised name/value pair in the Trigger Specification object An unrecognized name/value pair in the Trigger Specification object
contained in a CI/T Command SHOULD be preserved in the Trigger contained in a CI/T Command SHOULD be preserved in the Trigger
Specification of any Trigger Status Resource it creates. Specification of any Trigger Status Resource it creates.
Name: type Name: type
Description: This property defines the type of the CI/T Trigger Description: Defines the type of the CI/T Trigger Command.
Command.
Value: Trigger Type, as defined in Section 5.2.2. Value: Trigger Type, as defined in Section 5.2.2.
Mandatory: Yes Mandatory: Yes.
Name: metadata.urls Name: metadata.urls
Description: The uCDN URLs of the metadata the CI/T Trigger Description: The uCDN URLs of the metadata the CI/T Trigger
Command applies to. Command applies to.
Value: A JSON array of URLs represented as JSON strings. Value: A JSON array of URLs represented as JSON strings.
Mandatory: No, but at least one of 'metadata.*' or 'content.*' Mandatory: No, but at least one of "metadata.*" or "content.*"
MUST be present and non-empty. MUST be present and non-empty.
Name: content.urls Name: content.urls
Description: URLs of content the CI/T Trigger Command applies Description: URLs of content the CI/T Trigger Command applies
to, see Section 4.8. to. See Section 4.8.
Value: A JSON array of URLs represented as JSON strings. Value: A JSON array of URLs represented as JSON strings.
Mandatory: No, but at least one of 'metadata.*' or 'content.*' Mandatory: No, but at least one of "metadata.*" or "content.*"
MUST be present and non-empty. MUST be present and non-empty.
Name: content.ccid Name: content.ccid
Description: The Content Collection Identifier of content the Description: The Content Collection IDentifier of content the
trigger applies to. The 'ccid' is a grouping of content, as trigger applies to. The "ccid" is a grouping of content, as
defined by [I-D.ietf-cdni-metadata]. defined by [RFC8006].
Value: A JSON array of strings, where each string is a Content Value: A JSON array of strings, where each string is a Content
Collection Identifier. Collection IDentifier.
Mandatory: No, but at least one of 'metadata.*' or 'content.*' Mandatory: No, but at least one of "metadata.*" or "content.*"
MUST be present and non-empty. MUST be present and non-empty.
Name: metadata.patterns Name: metadata.patterns
Description: The metadata the trigger applies to. Description: The metadata the trigger applies to.
Value: A JSON array of Pattern Match, as defined in Value: A JSON array of PatternMatch objects, as defined in
Section 5.2.4. Section 5.2.4.
Mandatory: No, but at least one of 'metadata.*' or 'content.*' Mandatory: No, but at least one of "metadata.*" or "content.*"
MUST be present and non-empty, and metadata.patterns MUST NOT MUST be present and non-empty, and metadata.patterns MUST NOT
be present if the TriggerType is Preposition. be present if the Trigger Type is "preposition".
Name: content.patterns Name: content.patterns
Description: The content data the trigger applies to. Description: The content data the trigger applies to.
Value: A JSON array of Pattern Match, as defined in Value: A JSON array of PatternMatch objects, as defined in
Section 5.2.4. Section 5.2.4.
Mandatory: No, but at least one of 'metadata.*' or 'content.*' Mandatory: No, but at least one of "metadata.*" or "content.*"
MUST be present and non-empty, and content.patterns MUST NOT be MUST be present and non-empty, and content.patterns MUST NOT be
present if the TriggerType is Preposition. present if the Trigger Type is "preposition".
5.2.2. Trigger Type 5.2.2. Trigger Type
Trigger Type is used in a Trigger Specification to describe trigger Trigger Type is used in a Trigger Specification to describe trigger
action. action.
All trigger types MUST be registered in the IANA CI/T Trigger Types All trigger types MUST be registered in the IANA "CDNI CI/T Trigger
registry (see Section 7.2). Types" registry (see Section 7.2).
A dCDN receiving a request containing a trigger type it does not A dCDN receiving a request containing a trigger type it does not
recognise or does not support MUST reject the request by creating a recognize or does not support MUST reject the request by creating a
Trigger Status Resource with status to "failed" and the "errors" Trigger Status Resource with a status of "failed" and the "errors"
array containing an Error Description with error "eunsupported". array containing an Error Description with error "eunsupported".
The following trigger types are defined by this document: The following trigger types are defined by this document:
+-------------+-----------------------------------------------------+ +-------------+-----------------------------------------------------+
| JSON String | Description | | JSON String | Description |
+-------------+-----------------------------------------------------+ +-------------+-----------------------------------------------------+
| preposition | A request for the dCDN to acquire metadata or | | preposition | A request for the dCDN to acquire metadata or |
| | content. | | | content. |
| invalidate | A request for the dCDN to invalidate metadata or | | invalidate | A request for the dCDN to invalidate metadata or |
| | content. After servicing this request the dCDN will | | | content. After servicing this request, the dCDN |
| | not use the specified data without first re- | | | will not use the specified data without first |
| | validating it using, for example, an "If-None- | | | revalidating it using, for example, an |
| | Match" HTTP request. The dCDN need not erase the | | | "If-None-Match" HTTP request. The dCDN need not |
| | associated data. | | | erase the associated data. |
| purge | A request for the dCDN to erase metadata or | | purge | A request for the dCDN to erase metadata or |
| | content. After servicing the request, the specified | | | content. After servicing the request, the |
| | data MUST NOT be held on the dCDN (the dCDN should | | | specified data MUST NOT be held on the dCDN (the |
| | re-acquire the metadata or content from uCDN if it | | | dCDN should reacquire the metadata or content from |
| | needs it). | | | the uCDN if it needs it). |
+-------------+-----------------------------------------------------+ +-------------+-----------------------------------------------------+
5.2.3. Trigger Status 5.2.3. Trigger Status
This describes the current status of a Trigger. It MUST be one of Trigger Status describes the current status of the triggered
the JSON strings in the following table: activity. It MUST be one of the JSON strings in the following table:
+------------+------------------------------------------------------+ +-----------+-------------------------------------------------------+
| JSON | Description | | JSON | Description |
| String | | | String | |
+------------+------------------------------------------------------+ +-----------+-------------------------------------------------------+
| pending | The CI/T Trigger Command has not yet been acted | | pending | The CI/T Trigger Command has not yet been acted upon. |
| | upon. | | active | The CI/T Trigger Command is currently being acted |
| active | The CI/T Trigger Command is currently being acted | | | upon. |
| | upon. | | complete | The CI/T Trigger Command completed successfully. |
| complete | The CI/T Trigger Command completed successfully. | | processed | The CI/T Trigger Command has been accepted, and no |
| processed | The CI/T Trigger Command has been accepted and no | | | further status update will be made (can be used in |
| | further status update will be made (can be used in | | | cases where completion cannot be confirmed). |
| | cases where completion cannot be confirmed). | | failed | The CI/T Trigger Command could not be completed. |
| failed | The CI/T Trigger Command could not be completed. | | canceling | Processing of the CI/T Trigger Command is still in |
| cancelling | Processing of the CI/T Trigger Command is still in | | | progress, but the CI/T Trigger Command has been |
| | progress, but the CI/T Trigger Command has been | | | canceled by the uCDN. |
| | cancelled by the uCDN. | | canceled | The CI/T Trigger Command was canceled by the uCDN. |
| cancelled | The CI/T Trigger Command was cancelled by the uCDN. | +-----------+-------------------------------------------------------+
+------------+------------------------------------------------------+
5.2.4. PatternMatch 5.2.4. PatternMatch
A Pattern Match consists of a string pattern to match against a URI, A PatternMatch consists of a string pattern to match against a URI,
and flags describing the type of match. and flags describing the type of match.
It is encoded as a JSON object with the following name/value pairs: It is encoded as a JSON object with the following name/value pairs:
Name: pattern Name: pattern
Description: A pattern for URI matching. Description: A pattern for URI matching.
Value: A JSON string representing the pattern. The pattern may Value: A JSON string representing the pattern. The pattern can
contain the wildcards * and ?, where * matches any sequence of contain the wildcards * and ?, where * matches any sequence of
characters (including the empty string) and ? matches exactly [RFC3986] pchar or "/" characters (including the empty string)
one character. The three literals "\" , "*" and "?" MUST be and ? matches exactly one [RFC3986] pchar character. The three
escaped as "\\", "\*" and "\?". literals $, * and ? MUST be escaped as $$, $* and $? (where $
is the designated escape character). All other characters are
treated as literals.
Mandatory: Yes. Mandatory: Yes.
Name: case-sensitive Name: case-sensitive
Description: Flag indicating whether or not case-sensitive Description: Flag indicating whether or not case-sensitive
matching should be used. matching should be used.
Value: One of the JSON values 'true' (the matching is case- Value: One of the JSON values "true" (the matching is case
sensitive) or 'false' (the matching is case-insensitive). sensitive) or "false" (the matching is case insensitive).
Mandatory: No, default is case-insensitive match. Mandatory: No; default is case-insensitive match.
Name: match-query-string Name: match-query-string
Description: Flag indicating whether or not the query part of Description: Flag indicating whether to include the query part
the URI should be included in the pattern match. of the URI when comparing against the pattern.
Value: One of the JSON values 'true' (the full URI including Value: One of the JSON values "true" (the full URI, including
the query part should be compared against the given pattern), the query part, should be compared against the given pattern)
or 'false' (the query part of the URI should be dropped before or "false" (the query part of the URI should be dropped before
comparison with the given pattern). comparison with the given pattern).
Mandatory: No, default is 'false', the query part of the URI Mandatory: No; default is "false". The query part of the URI
should be dropped before comparison with the given pattern. should be dropped before comparison with the given pattern.
Example of case-sensitive prefix match against Example of case-sensitive prefix match against
"https://www.example.com/trailers/": "https://www.example.com/trailers/":
{ {
"pattern": "https://www.example.com/trailers/*", "pattern": "https://www.example.com/trailers/*",
"case-sensitive": true "case-sensitive": true
} }
5.2.5. Absolute Time 5.2.5. Absolute Time
A JSON number, seconds since the UNIX epoch, 00:00:00 UTC on 1 A JSON number, seconds since the UNIX epoch (00:00:00 UTC on
January 1970. 1 January 1970).
5.2.6. Error Description 5.2.6. Error Description
An Error Description is used to report failure of a CI/T Command, or An Error Description is used to report the failure of a CI/T Command
in the activity it triggered. It is encoded as a JSON object with or failure in the activity it triggered. It is encoded as a JSON
the following name/value pairs: object with the following name/value pairs:
Name: error Name: error
Value: Error Code, as defined in Section 5.2.7. Value: Error Code, as defined in Section 5.2.7.
Mandatory: Yes. Mandatory: Yes.
Names: metadata.urls, content.urls, metadata.patterns, Names: metadata.urls, content.urls, metadata.patterns,
content.patterns content.patterns
Description: Metadata and content references copied from the Description: Metadata and content references copied from the
Trigger Specification. Only those URLs and patterns to which Trigger Specification. Only those URLs and patterns to which
the error applies are included in each property, but those URLs the error applies are included in each property, but those URLs
and patterns MUST be exactly as they appear in the request, the and patterns MUST be exactly as they appear in the request; the
dCDN MUST NOT generalise the URLs. (For example, if the uCDN dCDN MUST NOT generalize the URLs. (For example, if the uCDN
requests prepositioning of URLs "https://content.example.com/a" requests pre-positioning of URLs
and "https://content.example.com/b", the dCDN must not "https://content.example.com/a" and
generalise its error report to Pattern "https://content.example.com/b", the dCDN must not generalize
its error report to the pattern
"https://content.example.com/*".) "https://content.example.com/*".)
Value: A JSON array of JSON strings, where each string is Value: A JSON array of JSON strings, where each string is
copied from a 'content.*' or 'metadata.*' value in the copied from a "content.*" or "metadata.*" value in the
corresponding Trigger Specification. corresponding Trigger Specification.
Mandatory: At least one of these name/value pairs is mandatory Mandatory: At least one of these name/value pairs is mandatory
in each Error Description object. in each Error Description object.
Name: description Name: description
Description: A human-readable description of the error. Description: A human-readable description of the error.
Value: A JSON string, the human-readable description. Value: A JSON string, the human-readable description.
Mandatory: No. Mandatory: No.
5.2.7. Error Code 5.2.7. Error Code
This type is used by the dCDN to report failures in trigger This type is used by the dCDN to report failures in trigger
processing. All error codes MUST be registered in the IANA CI/T processing. All Error Codes MUST be registered in the IANA "CDNI
Error Codes registry (see Section 7.3). Unknown error codes MUST be CI/T Error Codes" registry (see Section 7.3). Unknown Error Codes
treated as fatal errors, and the request MUST NOT be automatically MUST be treated as fatal errors, and the request MUST NOT be
retried without modification. automatically retried without modification.
The following error codes are defined by this document, and MUST be The following Error Codes are defined by this document and MUST be
supported by an implementation of the CI/T interface. supported by an implementation of the CI/T interface.
+--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+
| Error Code | Description | | Error Code | Description |
+--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+
| emeta | The dCDN was unable to acquire metadata required | | emeta | The dCDN was unable to acquire metadata required |
| | to fulfil the request. | | | to fulfill the request. |
| econtent | The dCDN was unable to acquire content (CT/T | | econtent | The dCDN was unable to acquire content (CI/T |
| | preposition commands only). | | | "preposition" commands only). |
| eperm | The uCDN does not have permission to issue the | | eperm | The uCDN does not have permission to issue the |
| | CI/T Command (for example, the data is owned by | | | CI/T Command (for example, the data is owned by |
| | another CDN). | | | another CDN). |
| ereject | The dCDN is not willing to fulfil the CI/T Command | | ereject | The dCDN is not willing to fulfill the CI/T |
| | (for example, a preposition request for content at | | | Command (for example, a "preposition" request for |
| | a time when the dCDN would not accept Request | | | content at a time when the dCDN would not accept |
| | Routing requests from the uCDN). | | | Request Routing requests from the uCDN). |
| ecdn | An internal error in the dCDN or one of its | | ecdn | An internal error in the dCDN or one of its dCDNs. |
| | downstream CDNs. | | ecanceled | The uCDN canceled the request. |
| ecancelled | The uCDN cancelled the request. |
| eunsupported | The Trigger Specification contained a "type" that | | eunsupported | The Trigger Specification contained a "type" that |
| | is not supported by the dCDN. No action was taken | | | is not supported by the dCDN. No action was taken |
| | bythe dCDN other than to create a Trigger Status | | | by the dCDN other than to create a Trigger Status |
| | Resource in state "failed". | | | Resource in state "failed". |
+--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+
6. Examples 6. Examples
The following sections provide examples of different CI/T objects The following subsections provide examples of different CI/T objects
encoded as JSON. encoded as JSON.
Discovery of the triggers interface is out of scope of this document. Discovery of the CI/T interface is out of scope for this document.
In an implementation, all CI/T URLs are under the control of the In an implementation, all CI/T URLs are under the control of the
dCDN. The uCDN MUST NOT attempt to ascribe any meaning to individual dCDN. The uCDN MUST NOT attempt to ascribe any meaning to individual
elements of the path. elements of the path.
In examples in this section, the URL 'https://dcdn.example.com/ In examples in this section, the URL "https://dcdn.example.com/
triggers' is used as the location of the collection of all Trigger triggers" is used as the location of the collection of all Trigger
Status Resources, and the CDN Provider Id of uCDN is "AS64496:1". Status Resources, and the CDN PID of the uCDN is "AS64496:1".
6.1. Creating Triggers 6.1. Creating Triggers
Examples of the uCDN triggering activity in the dCDN: Examples of the uCDN triggering activity in the dCDN:
6.1.1. Preposition 6.1.1. Preposition
An example of a CI/T preposition command, a POST to the collection of Below is an example of a CI/T "preposition" command -- a POST to the
all Trigger Status Resources. collection of all Trigger Status Resources.
Note that "metadata.patterns" and "content.patterns" are not allowed Note that "metadata.patterns" and "content.patterns" are not allowed
in a preposition Trigger Specification. in a pre-position Trigger Specification.
REQUEST: REQUEST:
POST /triggers HTTP/1.1 POST /triggers HTTP/1.1
User-Agent: example-user-agent/0.1 User-Agent: example-user-agent/0.1
Host: dcdn.example.com Host: dcdn.example.com
Accept: */* Accept: */*
Content-Type: application/cdni; ptype=ci-trigger-command Content-Type: application/cdni; ptype=ci-trigger-command
Content-Length: 352 Content-Length: 352
{ {
"trigger" : { "trigger": {
"type": "preposition", "type": "preposition",
"metadata.urls" : [ "https://metadata.example.com/a/b/c" ], "metadata.urls": [ "https://metadata.example.com/a/b/c" ],
"content.urls" : [ "content.urls": [
"https://www.example.com/a/b/c/1", "https://www.example.com/a/b/c/1",
"https://www.example.com/a/b/c/2", "https://www.example.com/a/b/c/2",
"https://www.example.com/a/b/c/3", "https://www.example.com/a/b/c/3",
"https://www.example.com/a/b/c/4" "https://www.example.com/a/b/c/4"
] ]
}, },
"cdn-path" : [ "AS64496:1" ] "cdn-path": [ "AS64496:1" ]
} }
RESPONSE: RESPONSE:
HTTP/1.1 201 Created HTTP/1.1 201 Created
Date: Wed, 04 May 2016 08:48:10 GMT Date: Wed, 04 May 2016 08:48:10 GMT
Content-Length: 467 Content-Length: 467
Content-Type: application/cdni; ptype=ci-trigger-status Content-Type: application/cdni; ptype=ci-trigger-status
Location: https://dcdn.example.com/triggers/0 Location: https://dcdn.example.com/triggers/0
Server: example-server/0.1 Server: example-server/0.1
skipping to change at page 28, line 10 skipping to change at page 30, line 7
], ],
"metadata.urls": [ "metadata.urls": [
"https://metadata.example.com/a/b/c" "https://metadata.example.com/a/b/c"
], ],
"type": "preposition" "type": "preposition"
} }
} }
6.1.2. Invalidate 6.1.2. Invalidate
An example of a CI/T invalidate command, another POST to the Below is an example of a CI/T "invalidate" command -- another POST to
collection of all Trigger Status Resources. This instructs the dCDN the collection of all Trigger Status Resources. This instructs the
to re-validate the content at "https://www.example.com/a/index.html", dCDN to revalidate the content at "https://www.example.com/a/
as well as any metadata and content whose URLs are prefixed by index.html", as well as any metadata and content whose URLs are
"https://metadata.example.com/a/b/" using case-insensitive matching, prefixed by "https://metadata.example.com/a/b/" using
and "https://www.example.com/a/b/" respectively, using case-sensitive case-insensitive matching, and "https://www.example.com/a/b/" using
matching. case-sensitive matching, respectively.
REQUEST: REQUEST:
POST /triggers HTTP/1.1 POST /triggers HTTP/1.1
User-Agent: example-user-agent/0.1 User-Agent: example-user-agent/0.1
Host: dcdn.example.com Host: dcdn.example.com
Accept: */* Accept: */*
Content-Type: application/cdni; ptype=ci-trigger-command Content-Type: application/cdni; ptype=ci-trigger-command
Content-Length: 387 Content-Length: 387
{ {
"trigger" : { "trigger": {
"type": "invalidate", "type": "invalidate",
"metadata.patterns" : [ "metadata.patterns": [
{ "pattern" : "https://metadata.example.com/a/b/*" } { "pattern": "https://metadata.example.com/a/b/*" }
], ],
"content.urls" : [ "https://www.example.com/a/index.html" ], "content.urls": [ "https://www.example.com/a/index.html" ],
"content.patterns" : [ "content.patterns": [
{ "pattern" : "https://www.example.com/a/b/*", { "pattern": "https://www.example.com/a/b/*",
"case-sensitive" : true "case-sensitive": true
} }
] ]
}, },
"cdn-path" : [ "AS64496:1" ] "cdn-path": [ "AS64496:1" ]
} }
RESPONSE: RESPONSE:
HTTP/1.1 201 Created HTTP/1.1 201 Created
Date: Wed, 04 May 2016 08:48:11 GMT Date: Wed, 04 May 2016 08:48:11 GMT
Content-Length: 545 Content-Length: 545
Content-Type: application/cdni; ptype=ci-trigger-status Content-Type: application/cdni; ptype=ci-trigger-status
Location: https://dcdn.example.com/triggers/1 Location: https://dcdn.example.com/triggers/1
Server: example-server/0.1 Server: example-server/0.1
skipping to change at page 29, line 33 skipping to change at page 32, line 8
"pattern": "https://metadata.example.com/a/b/*" "pattern": "https://metadata.example.com/a/b/*"
} }
], ],
"type": "invalidate" "type": "invalidate"
} }
} }
6.2. Examining Trigger Status 6.2. Examining Trigger Status
Once Trigger Status Resources have been created, the uCDN can check Once Trigger Status Resources have been created, the uCDN can check
their status as shown in these examples. their status as shown in the following examples.
6.2.1. Collection of All Triggers 6.2.1. Collection of All Triggers
The uCDN can fetch the collection of all Trigger Status Resources it The uCDN can fetch the collection of all Trigger Status Resources it
has created that have not yet been deleted or removed as expired. has created that have not yet been deleted or removed as expired.
After creation of the "preposition" and "invalidate" triggers shown After creation of the "preposition" and "invalidate" triggers shown
above, this collection might look as follows: above, this collection might look as follows:
REQUEST: REQUEST:
skipping to change at page 30, line 40 skipping to change at page 33, line 9
"triggers": [ "triggers": [
"https://dcdn.example.com/triggers/0", "https://dcdn.example.com/triggers/0",
"https://dcdn.example.com/triggers/1" "https://dcdn.example.com/triggers/1"
] ]
} }
6.2.2. Filtered Collections of Trigger Status Resources 6.2.2. Filtered Collections of Trigger Status Resources
The filtered collections are also available to the uCDN. Before the The filtered collections are also available to the uCDN. Before the
dCDN starts processing the two CI/T Trigger Commands shown above, dCDN starts processing the two CI/T Trigger Commands shown above,
both will appear in the collection of Pending Triggers, for example: both will appear in the collection of pending triggers. For example:
REQUEST: REQUEST:
GET /triggers/pending HTTP/1.1 GET /triggers/pending HTTP/1.1
User-Agent: example-user-agent/0.1 User-Agent: example-user-agent/0.1
Host: dcdn.example.com Host: dcdn.example.com
Accept: */* Accept: */*
RESPONSE: RESPONSE:
skipping to change at page 32, line 30 skipping to change at page 34, line 23
Date: Wed, 04 May 2016 08:48:11 GMT Date: Wed, 04 May 2016 08:48:11 GMT
Content-Type: application/cdni; ptype=ci-trigger-collection Content-Type: application/cdni; ptype=ci-trigger-collection
{ {
"staleresourcetime": 86400, "staleresourcetime": 86400,
"triggers": [] "triggers": []
} }
6.2.3. Individual Trigger Status Resources 6.2.3. Individual Trigger Status Resources
The Trigger Status Resources can also be examined for detail about The Trigger Status Resources can also be examined for details about
individual CI/T Trigger Commands. For example, for the CI/T individual CI/T Trigger Commands. For example, for the CI/T
"preposition" and "invalidate" commands from previous examples: "preposition" and "invalidate" commands from previous examples:
REQUEST: REQUEST:
GET /triggers/0 HTTP/1.1 GET /triggers/0 HTTP/1.1
User-Agent: example-user-agent/0.1 User-Agent: example-user-agent/0.1
Host: dcdn.example.com Host: dcdn.example.com
Accept: */* Accept: */*
skipping to change at page 34, line 47 skipping to change at page 36, line 28
], ],
"metadata.patterns": [ "metadata.patterns": [
{ {
"pattern": "https://metadata.example.com/a/b/*" "pattern": "https://metadata.example.com/a/b/*"
} }
], ],
"type": "invalidate" "type": "invalidate"
} }
} }
6.2.4. Polling for Change 6.2.4. Polling for Changes in Status
The uCDN SHOULD use the Entity Tags of collections or Trigger Status The uCDN SHOULD use the ETags of collections or Trigger Status
Resources when polling for change in status, as shown in the Resources when polling for changes in status, as shown in the
following examples: following examples:
REQUEST: REQUEST:
GET /triggers/pending HTTP/1.1 GET /triggers/pending HTTP/1.1
User-Agent: example-user-agent/0.1 User-Agent: example-user-agent/0.1
Host: dcdn.example.com Host: dcdn.example.com
Accept: */* Accept: */*
If-None-Match: "4331492443626270781" If-None-Match: "4331492443626270781"
skipping to change at page 35, line 44 skipping to change at page 37, line 25
HTTP/1.1 304 Not Modified HTTP/1.1 304 Not Modified
Content-Length: 0 Content-Length: 0
Expires: Wed, 04 May 2016 08:49:10 GMT Expires: Wed, 04 May 2016 08:49:10 GMT
Server: example-server/0.1 Server: example-server/0.1
ETag: "6990548174277557683" ETag: "6990548174277557683"
Cache-Control: max-age=60 Cache-Control: max-age=60
Date: Wed, 04 May 2016 08:48:10 GMT Date: Wed, 04 May 2016 08:48:10 GMT
Content-Type: application/cdni; ptype=ci-trigger-status Content-Type: application/cdni; ptype=ci-trigger-status
When the CI/T Trigger Command is complete, the contents of the When the CI/T Trigger Command is complete, the contents of the
filtered collections will be updated along with their Entity Tags. filtered collections will be updated along with their ETags. For
For example, when the two example CI/T Trigger Commands are complete, example, when the two example CI/T Trigger Commands are complete, the
the collections of pending and complete Trigger Status Resources collections of pending and complete Trigger Status Resources might
might look like: look like:
REQUEST: REQUEST:
GET /triggers/pending HTTP/1.1 GET /triggers/pending HTTP/1.1
User-Agent: example-user-agent/0.1 User-Agent: example-user-agent/0.1
Host: dcdn.example.com Host: dcdn.example.com
Accept: */* Accept: */*
RESPONSE: RESPONSE:
skipping to change at page 38, line 35 skipping to change at page 39, line 35
{ {
"staleresourcetime": 86400, "staleresourcetime": 86400,
"triggers": [ "triggers": [
"https://dcdn.example.com/triggers/1" "https://dcdn.example.com/triggers/1"
] ]
} }
6.2.6. Error Reporting 6.2.6. Error Reporting
In this example the uCDN has requested prepositioning of In this example, the uCDN has requested pre-positioning of
"https://newsite.example.com/index.html", but the dCDN was unable to "https://newsite.example.com/index.html", but the dCDN was unable to
locate metadata for that site: locate metadata for that site:
REQUEST: REQUEST:
GET /triggers/2 HTTP/1.1 GET /triggers/2 HTTP/1.1
User-Agent: example-user-agent/0.1 User-Agent: example-user-agent/0.1
Host: dcdn.example.com Host: dcdn.example.com
Accept: */* Accept: */*
skipping to change at page 39, line 47 skipping to change at page 40, line 40
"trigger": { "trigger": {
"content.urls": [ "content.urls": [
"https://newsite.example.com/index.html" "https://newsite.example.com/index.html"
], ],
"type": "preposition" "type": "preposition"
} }
} }
7. IANA Considerations 7. IANA Considerations
[RFC Editor Note: Please replace references to [RFCthis] in this
section with this document's RFC number before publication.]
7.1. CDNI Payload Type Parameter Registrations 7.1. CDNI Payload Type Parameter Registrations
The IANA is requested to register the following new Payload Types in The IANA is requested to register the following new Payload Types in
the CDNI Payload Type Parameter registry defined by [RFC7736], for the "CDNI Payload Types" registry defined by [RFC7736], for use with
use with the 'application/cdni' MIME media type. the "application/cdni" MIME media type.
+-----------------------+---------------+ +-----------------------+---------------+
| Payload Type | Specification | | Payload Type | Specification |
+-----------------------+---------------+ +-----------------------+---------------+
| ci-trigger-command | [RFCthis] | | ci-trigger-command | RFC 8007 |
| ci-trigger-status | [RFCthis] | | ci-trigger-status | RFC 8007 |
| ci-trigger-collection | [RFCthis] | | ci-trigger-collection | RFC 8007 |
+-----------------------+---------------+ +-----------------------+---------------+
7.2. CDNI CI/T Trigger Types Registry 7.2. "CDNI CI/T Trigger Types" Registry
The IANA is requested to create a new "CDNI CI/T Trigger Types" The IANA is requested to create a new "CDNI CI/T Trigger Types"
subregistry under the "Content Delivery Networks Interconnection subregistry under the "Content Delivery Network Interconnection
(CDNI) Parameters" registry. (CDNI) Parameters" registry.
Additions to the CDNI CI/T Error Code Registry will be made via "RFC Additions to the "CDNI CI/T Trigger Types" registry will be made via
Required" as defined in [RFC5226]. the RFC Required policy as defined in [RFC5226].
The initial contents of the CDNI CI/T Trigger Types Registry comprise The initial contents of the "CDNI CI/T Trigger Types" registry
the names and descriptions listed in section Section 5.2.2 of this comprise the names and descriptions listed in Section 5.2.2 of this
document, with this document acting as the specification. document, with this document acting as the specification.
7.3. CDNI CI/T Error Codes Registry 7.3. "CDNI CI/T Error Codes" Registry
The IANA is requested to create a new "CDNI CI/T Error Codes" The IANA is requested to create a new "CDNI CI/T Error Codes"
subregistry under the "Content Delivery Networks Interconnection subregistry under the "Content Delivery Network Interconnection
(CDNI) Parameters" registry. (CDNI) Parameters" registry.
Additions to the CDNI CI/T Error Codes Registry will be made via Additions to the "CDNI CI/T Error Codes" registry will be made via
"Specification Required" as defined in [RFC5226]. The Designated the Specification Required policy as defined in [RFC5226]. The
Expert will verify that new error code registrations do not duplicate Designated Expert will verify that new Error Code registrations do
existing error code definitions (in name or functionality), prevent not duplicate existing Error Code definitions (in name or
gratuitous additions to the namespace, and prevent any additions to functionality), prevent gratuitous additions to the namespace, and
the namespace that would impair the interoperability of CDNI prevent any additions to the namespace that would impair the
implementations. interoperability of CDNI implementations.
The initial contents of the CDNI CI/T Error Codes Registry comprise The initial contents of the "CDNI CI/T Error Codes" registry comprise
the names and descriptions of the Error Codes listed in Section 5.2.7 the names and descriptions of the Error Codes listed in Section 5.2.7
of this document, with this document acting as the specification. of this document, with this document acting as the specification.
8. Security Considerations 8. Security Considerations
The CI/T interface provides a mechanism to allow a uCDN to generate The CI/T interface provides a mechanism to allow a uCDN to generate
requests into the dCDN and to inspect its own CI/T requests and their requests into the dCDN and to inspect its own CI/T requests and their
current state. The CI/T interface does not allow access to or current states. The CI/T interface does not allow access to, or
modification of the uCDN or dCDN metadata relating to content modification of, the uCDN or dCDN metadata relating to content
delivery, or to the content itself. It can only control the presence delivery or to the content itself. It can only control the presence
of that metadata in the dCDN, and the processing work and network of that metadata in the dCDN, and the processing work and network
utilisation involved in ensuring that presence. utilization involved in ensuring that presence.
By examining pre-positioning requests to a dCDN, and correctly By examining "preposition" requests to a dCDN, and correctly
interpreting content and metadata URLs, an attacker could learn the interpreting content and metadata URLs, an attacker could learn the
uCDN or content owner's predictions for future content popularity. uCDN's or content owner's predictions for future content popularity.
By examining invalidate or purge requests, an attacker could learn By examining "invalidate" or "purge" requests, an attacker could
about changes in the content owner's catalogue. learn about changes in the content owner's catalog.
By injecting CI/T commands an attacker, or a misbehaving uCDN, would By injecting CI/T Commands, an attacker or a misbehaving uCDN would
generate work in the dCDN and uCDN as they process those requests. generate work in the dCDN and uCDN as they process those requests.
And so would a man in the middle attacker modifying valid CI/T So would a man-in-the-middle attacker modifying valid CI/T Commands
commands generated by the uCDN. In both cases, that would decrease generated by the uCDN. In both cases, that would decrease the dCDN's
the dCDN caching efficiency by causing it to unnecessarily acquire or caching efficiency by causing it to unnecessarily acquire or
re-acquire content metadata and/or content. reacquire content metadata and/or content.
A dCDN implementation of CI/T MUST restrict the actions of a uCDN to A dCDN implementation of CI/T MUST restrict the actions of a uCDN to
the data corresponding to that uCDN. Failure to do so would allow the data corresponding to that uCDN. Failure to do so would allow
uCDNs to detrimentally affect each other's efficiency by generating uCDNs to detrimentally affect each other's efficiency by generating
unnecessary acquisition or re-acquisition load. unnecessary acquisition or reacquisition load.
An origin that chooses to delegate its delivery to a CDN is trusting An origin that chooses to delegate its delivery to a CDN is trusting
that CDN to deliver content on its behalf, CDN-interconnection is an that CDN to deliver content on its behalf; the interconnection of
extension of that trust to downstream CDNs. That trust relationship CDNs is an extension of that trust to dCDNs. That trust relationship
is a commercial arrangement, outside the scope of the CDNi protocols. is a commercial arrangement, outside the scope of the CDNI protocols.
So, while a malicious CDN could deliberately generate load on a dCDN So, while a malicious CDN could deliberately generate load on a dCDN
using the CI/T, the protocol does not otherwise attempt to address using the CI/T interface, the protocol does not otherwise attempt to
malicious behaviour between interconnected CDNs. address malicious behavior between interconnected CDNs.
8.1. Authentication, Authorization, Confidentiality, Integrity 8.1. Authentication, Authorization, Confidentiality, Integrity
Protection Protection
A CI/T implementation MUST support TLS transport for HTTP (https) as A CI/T implementation MUST support Transport Layer Security (TLS)
per [RFC2818] and [RFC7230]. transport for HTTP (HTTPS) as per [RFC2818] and [RFC7230].
TLS MUST be used by the server-side (dCDN) and the client-side (uCDN) TLS MUST be used by the server side (dCDN) and the client side (uCDN)
of the CI/T interface, including authentication of the remote end, of the CI/T interface, including authentication of the remote end,
unless alternate methods are used for ensuring the security of the unless alternate methods are used for ensuring the security of the
information in the CI/T interface requests and responses (such as information in the CI/T interface requests and responses (such as
setting up an IPsec tunnel between the two CDNs or using a physically setting up an IPsec tunnel between the two CDNs or using a physically
secured internal network between two CDNs that are owned by the same secured internal network between two CDNs that are owned by the same
corporate entity). corporate entity).
The use of TLS for transport of the CI/T interface allows: The use of TLS for transport of the CI/T interface allows the dCDN
and the uCDN to authenticate each other using TLS client
o The dCDN and the uCDN to authenticate each other using TLS client authentication and TLS server authentication.
auth and TLS server auth.
And, once they have mutually authenticated each other, it allows: Once the dCDN and the uCDN have mutually authenticated each other,
TLS allows:
o The dCDN and the uCDN to authorize each other (to ensure they are o The dCDN and the uCDN to authorize each other (to ensure that they
receiving CI/T Commands from, or reporting status to, an are receiving CI/T Commands from, or reporting status to, an
authorized CDN). authorized CDN).
o CDNI commands and responses to be transmitted with o CDNI commands and responses to be transmitted with
confidentiality. confidentiality.
o Protection of the integrity of CDNI commands and responses. o Protection of the integrity of CDNI commands and responses.
When TLS is used, the general TLS usage guidance in [RFC7525] MUST be When TLS is used, the general TLS usage guidance in [RFC7525] MUST be
followed. followed.
The mechanisms for access control are dCDN-specific, not standardised The mechanisms for access control are dCDN-specific and are not
as part of this CI/T specification. standardized as part of this CI/T specification.
HTTP requests that attempt to access or operate on CI/T data HTTP requests that attempt to access or operate on CI/T data
belonging to another CDN MUST be rejected using, for example, HTTP belonging to another CDN MUST be rejected using, for example,
"403 Forbidden" or "404 Not Found". This is intended to prevent HTTP 403 ("Forbidden") or 404 ("Not Found"). This is intended to
unauthorised users from generating unnecessary load in dCDN or uCDN prevent unauthorized users from generating unnecessary load in dCDNs
due to revalidation, reacquisition, or unnecessary acquisition. or uCDNs due to revalidation, reacquisition, or unnecessary
acquisition.
When deploying a network of interconnected CDNs, the possible When deploying a network of interconnected CDNs, the possible
inefficiencies related to the "diamond" configuration discussed in inefficiencies related to the diamond configuration discussed in
Section 2.2.1 should be considered. Section 2.2.1 should be considered.
8.2. Denial of Service 8.2. Denial of Service
This document does not define a specific mechanism to protect against This document does not define a specific mechanism to protect against
Denial of Service (DoS) attacks on the CI/T. However, CI/T endpoints Denial-of-Service (DoS) attacks on the CI/T interface. However, CI/T
can be protected against DoS attacks through the use of TLS transport endpoints can be protected against DoS attacks through the use of TLS
and/or via mechanisms outside the scope of the CI/T interface, such transport and/or via mechanisms outside the scope of the CI/T
as firewalling or use of Virtual Private Networks (VPNs). interface, such as firewalling or the use of Virtual Private Networks
(VPNs).
Depending on the implementation, triggered activity may consume Depending on the implementation, triggered activity may consume
significant processing and bandwidth in the dCDN. A malicious or significant processing and bandwidth in the dCDN. A malicious or
faulty uCDN could use this to generate unnecessary load in the dCDN. faulty uCDN could use this to generate unnecessary load in the dCDN.
The dCDN should consider mechanisms to avoid overload, for example by The dCDN should consider mechanisms to avoid overload -- for example,
rate-limiting acceptance or processing of CI/T Commands, or batching by rate-limiting acceptance or processing of CI/T Commands, or by
up its processing. performing batch processing.
8.3. Privacy 8.3. Privacy
The CI/T protocol does not carry any information about individual End The CI/T protocol does not carry any information about individual end
Users of a CDN, there are no privacy concerns for End Users. users of a CDN; there are no privacy concerns for end users.
The CI/T protocol does carry information which could be considered The CI/T protocol does carry information that could be considered
commercially sensitive by CDN operators and content owners. The use commercially sensitive by CDN operators and content owners. The use
of mutually authenticated TLS to establish a secure session for the of mutually authenticated TLS to establish a secure session for the
transport of CI/T data, as discussed in Section 8.1, provides transport of CI/T data, as discussed in Section 8.1, provides
confidentiality while the CI/T data is in transit, and prevents confidentiality while the CI/T data is in transit and prevents
parties other than the authorised dCDN from gaining access to that parties other than the authorized dCDN from gaining access to that
data. The dCDN MUST ensure that it only exposes CI/T data related to data. The dCDN MUST ensure that it only exposes CI/T data related to
a uCDN to clients it has authenticated as belonging to that uCDN. a uCDN to clients it has authenticated as belonging to that uCDN.
9. Acknowledgements 9. References
The authors thank Kevin Ma for his input, and Carsten Bormann for his
review and formalization of the JSON data.
10. References
10.1. Normative References
[I-D.ietf-cdni-metadata] 9.1. Normative References
Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma,
"CDN Interconnection Metadata", draft-ietf-cdni-
metadata-16 (work in progress), April 2016.
[RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation, [RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation,
selection, and registration of an Autonomous System (AS)", selection, and registration of an Autonomous System (AS)",
BCP 6, RFC 1930, DOI 10.17487/RFC1930, March 1996, BCP 6, RFC 1930, DOI 10.17487/RFC1930, March 1996,
<http://www.rfc-editor.org/info/rfc1930>. <http://www.rfc-editor.org/info/rfc1930>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000,
<http://www.rfc-editor.org/info/rfc2818>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008, DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>. <http://www.rfc-editor.org/info/rfc5226>.
[RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content [RFC6707] Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
Distribution Network Interconnection (CDNI) Problem Distribution Network Interconnection (CDNI) Problem
Statement", RFC 6707, September 2012. Statement", RFC 6707, DOI 10.17487/RFC6707,
September 2012, <http://www.rfc-editor.org/info/rfc6707>.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014. Interchange Format", RFC 7159, DOI 10.17487/RFC7159,
March 2014, <http://www.rfc-editor.org/info/rfc7159>.
[RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol [RFC7230] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext
(HTTP/1.1): Message Syntax and Routing", RFC 7230, June Transfer Protocol (HTTP/1.1): Message Syntax and Routing",
2014. RFC 7230, DOI 10.17487/RFC7230, June 2014,
<http://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol [RFC7231] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext
(HTTP/1.1): Semantics and Content", RFC 7231, June 2014. Transfer Protocol (HTTP/1.1): Semantics and Content",
RFC 7231, DOI 10.17487/RFC7231, June 2014,
<http://www.rfc-editor.org/info/rfc7231>.
[RFC7232] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol [RFC7232] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext
(HTTP/1.1): Conditional Requests", RFC 7232, June 2014. Transfer Protocol (HTTP/1.1): Conditional Requests",
RFC 7232, DOI 10.17487/RFC7232, June 2014,
<http://www.rfc-editor.org/info/rfc7232>.
[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer "Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 7525, May 2015. (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525,
May 2015, <http://www.rfc-editor.org/info/rfc7525>.
10.2. Informative References [RFC8006] Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma,
"Content Delivery Network Interconnection (CDNI)
Metadata", RFC 8006, DOI 10.17487/RFC8006, December 2016,
<http://www.rfc-editor.org/info/rfc8006>.
[I-D.greevenbosch-appsawg-cbor-cddl] 9.2. Informative References
[CBOR-CDDL]
Vigano, C. and H. Birkholz, "CBOR data definition language Vigano, C. and H. Birkholz, "CBOR data definition language
(CDDL): a notational convention to express CBOR data (CDDL): a notational convention to express CBOR data
structures", draft-greevenbosch-appsawg-cbor-cddl-08 (work structures", Work in Progress,
in progress), March 2016. draft-greevenbosch-appsawg-cbor-cddl-09, September 2016.
[I-D.ietf-cdni-redirection]
Niven-Jenkins, B. and R. Brandenburg, "Request Routing
Redirection interface for CDN Interconnection", draft-
ietf-cdni-redirection-18 (work in progress), April 2016.
[RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, [RFC7336] Peterson, L., Davie, B., and R. van Brandenburg, Ed.,
"Framework for Content Distribution Network "Framework for Content Distribution Network
Interconnection (CDNI)", RFC 7336, August 2014. Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336,
August 2014, <http://www.rfc-editor.org/info/rfc7336>.
[RFC7337] Leung, K. and Y. Lee, "Content Distribution Network [RFC7337] Leung, K., Ed., and Y. Lee, Ed., "Content Distribution
Interconnection (CDNI) Requirements", RFC 7337, August Network Interconnection (CDNI) Requirements", RFC 7337,
2014. DOI 10.17487/RFC7337, August 2014,
<http://www.rfc-editor.org/info/rfc7337>.
[RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI) [RFC7736] Ma, K., "Content Delivery Network Interconnection (CDNI)
Media Type Registration", RFC 7736, DOI 10.17487/RFC7736, Media Type Registration", RFC 7736, DOI 10.17487/RFC7736,
December 2015, <http://www.rfc-editor.org/info/rfc7736>. December 2015, <http://www.rfc-editor.org/info/rfc7736>.
[RFC7975] Niven-Jenkins, B., Ed., and R. van Brandenburg, Ed.,
"Request Routing Redirection Interface for Content
Delivery Network (CDN) Interconnection", RFC 7975,
DOI 10.17487/RFC7975, October 2016,
<http://www.rfc-editor.org/info/rfc7975>.
Appendix A. Formalization of the JSON Data Appendix A. Formalization of the JSON Data
This appendix is non-normative. This appendix is non-normative.
The JSON data described in this document has been formalised using The JSON data described in this document has been formalized using
CDDL [I-D.greevenbosch-appsawg-cbor-cddl] as follows: the CBOR Data Definition Language (CDDL) [CBOR-CDDL] (where "CBOR"
means "Concise Binary Object Representation"), as follows:
CIT-object = CIT-command / Trigger-Status-Resource / Trigger-Collection CIT-object = CIT-command / Trigger-Status-Resource / Trigger-Collection
CIT-command ; use media type application/cdni; ptype=ci-trigger-command CIT-command ; use media type application/cdni; ptype=ci-trigger-command
= { = {
? trigger: Triggerspec ? trigger: Triggerspec
? cancel: [* URI] ? cancel: [* URI]
cdn-path: [* Cdn-PID] cdn-path: [* Cdn-PID]
} }
skipping to change at page 45, line 43 skipping to change at page 47, line 44
triggers: [* URI] triggers: [* URI]
? staleresourcetime: int ; time in seconds ? staleresourcetime: int ; time in seconds
? coll-all: URI ? coll-all: URI
? coll-pending: URI ? coll-pending: URI
? coll-active: URI ? coll-active: URI
? coll-complete: URI ? coll-complete: URI
? coll-failed: URI ? coll-failed: URI
? cdn-id: Cdn-PID ? cdn-id: Cdn-PID
} }
Triggerspec = { ; 5.2.1 Triggerspec = { ; see Section 5.2.1
type: Trigger-Type type: Trigger-Type
? metadata.urls: [* URI] ? metadata.urls: [* URI]
? content.urls: [* URI] ? content.urls: [* URI]
? content.ccid: [* Ccid] ? content.ccid: [* Ccid]
? metadata.patterns: [* Pattern-Match] ? metadata.patterns: [* Pattern-Match]
? content.patterns: [* Pattern-Match] ? content.patterns: [* Pattern-Match]
} }
Trigger-Type = "preposition" / "invalidate"
/ "purge" ; see Section 5.2.2
Trigger-Type = "preposition" / "invalidate" / "purge" ; 5.2.2
Trigger-Status = "pending" / "active" / "complete" / "processed" Trigger-Status = "pending" / "active" / "complete" / "processed"
/ "failed" / "cancelling" / "cancelled" ; 5.2.3 / "failed" / "cancelling" / "cancelled" ; see Section 5.2.3
Pattern-Match = { ; 5.2.4 Pattern-Match = { ; see Section 5.2.4
pattern: tstr pattern: tstr
? case-sensitive: bool ? case-sensitive: bool
? match-query-string: bool ? match-query-string: bool
} }
Absolute-Time = number ; seconds since UNIX epoch, 5.2.5 Absolute-Time = number ; seconds since UNIX epoch (Section 5.2.5)
Error-Description = { ; 5.2.6 Error-Description = { ; see Section 5.2.6
error: Error-Code error: Error-Code
? metadata.urls: [* URI] ? metadata.urls: [* URI]
? content.urls: [* URI] ? content.urls: [* URI]
? metadata.patterns: [* Pattern-Match] ? metadata.patterns: [* Pattern-Match]
? content.patterns: [* Pattern-Match] ? content.patterns: [* Pattern-Match]
? description: tstr ? description: tstr
} }
Error-Code = "emeta" / "econtent" / "eperm" / "ereject" Error-Code = "emeta" / "econtent" / "eperm" / "ereject"
/ "ecdn" / "ecancelled" ; 5.2.7 / "ecdn" / "ecanceled" ; see Section 5.2.7
Ccid = tstr ; see I-D.ietf-cdni-metadata Ccid = tstr ; see RFC 8006
Cdn-PID = tstr .regexp "AS[0-9]+:[0-9]+" Cdn-PID = tstr .regexp "AS[0-9]+:[0-9]+"
URI = tstr URI = tstr
Acknowledgments
The authors thank Kevin Ma for his input, and Carsten Bormann for his
review and formalization of the JSON data.
Authors' Addresses Authors' Addresses
Rob Murray Rob Murray
Nokia Nokia
3 Ely Road 3 Ely Road
Milton, Cambridge CB24 6DD Milton, Cambridge CB24 6DD
UK United Kingdom
Email: rob.murray@nokia.com Email: rob.murray@nokia.com
Ben Niven-Jenkins Ben Niven-Jenkins
Nokia Nokia
3 Ely Road 3 Ely Road
Milton, Cambridge CB24 6DD Milton, Cambridge CB24 6DD
UK United Kingdom
Email: ben.niven-jenkins@nokia.com Email: ben.niven-jenkins@nokia.com
 End of changes. 247 change blocks. 
621 lines changed or deleted 644 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/