Internet Engineering Task Force                         G. Bertrand, Ed.
Internet-Draft                                                E. Stephan                                           I. Oprescu, Ed.
Intended status: Informational                                E. Stephan
Expires: August 26, 2013                         France Telecom - Orange
Expires: June 10, 2013
                                                          R. Peterkofsky
                                                           Skytide, Inc.
                                                     F. Le Faucheur Faucheur, Ed.
                                                           Cisco Systems
                                                            P. Grochocki
                                                           Orange Polska
                                                        December 7, 2012
                                                       February 22, 2013

                         CDNI Logging Interface
                       draft-ietf-cdni-logging-00
                       draft-ietf-cdni-logging-01

Abstract

   This memo specifies the Logging interface between a downstream CDN
   (dCDN) and an upstream CDN (uCDN) that are interconnected as per the
   CDN Interconnection (CDNI) framework.  First, it describes a
   reference model for CDNI logging.  Then, it specifies the actual
   protocol for CDNI logging information exchange covering the
   information elements as well as the transport of those. those elements.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 25, August 26, 2013.

Copyright Notice

   Copyright (c) 2012 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5
     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  6  5
     1.2.  Abbreviations  . . . . . . . . . . . . . . . . . . . . . .  8
   2.  CDNI Logging Reference Model . . . . . . . . . . . . . . . . .  8
     2.1.  CDNI Logging interactions  . . . . . . . . . . . . . . . .  8
     2.2.  Overall Logging Chain  . . . . . . . . . . . . . . . . . . 13 12
       2.2.1.  Logging Generation and During-Generation
               Aggregation  . . . . . . . . . . . . . . . . . . . . . 15 13
       2.2.2.  Logging Collection . . . . . . . . . . . . . . . . . . 15 14
       2.2.3.  Logging Filtering  . . . . . . . . . . . . . . . . . . 16 14
       2.2.4.  Logging Rectification and Post-Generation
               Aggregation  . . . . . . . . . . . . . . . . . . . . . 16 15
       2.2.5.  Log-Consuming Applications . . . . . . . . . . . . . . 17 15
         2.2.5.1.  Maintenance/Debugging  . . . . . . . . . . . . . . 17 15
         2.2.5.2.  Accounting . . . . . . . . . . . . . . . . . . . . 17 16
         2.2.5.3.  Analytics and Reporting  . . . . . . . . . . . . . 18 16
         2.2.5.4.  Security . . . . . . . . . . . . . . . . . . . . . 18 16
         2.2.5.5.  Legal Logging Duties . . . . . . . . . . . . . . . 18 16
         2.2.5.6.  Notions common to multiple Log Consuming
                   Applications . . . . . . . . . . . . . . . . . . . 18 16
   3.  CDNI Logging Information Structure and Transport Requirements  . . . . . . . 20
   4.  CDNI Logging Fields . . . . . . 18
     3.1.  Timeliness . . . . . . . . . . . . . . . 22
     4.1.  Generic Fields . . . . . . . . . 19
     3.2.  Reliability  . . . . . . . . . . . . . . 22
       4.1.1.  Semantics of Generic CDNI Logging Fields . . . . . . . 22
       4.1.2.  Syntax of Generic CDNI Logging Fields . . 19
     3.3.  Security . . . . . . 24
     4.2.  Logging Fields for Content Delivery . . . . . . . . . . . 25
       4.2.1.  Semantics for Delivery CDNI Logging Fields . . . . . . 25
       4.2.2.  Syntax for Delivery CDNI Logging Fields . . 19
     3.4.  Scalability  . . . . . 26
     4.3.  Logging Fields for Content Acquisition . . . . . . . . . . 26
       4.3.1.  Semantics for Acquisition . . . . . . . . 19
     3.5.  Consistency between CDNI Logging Fields and CDN Logging . . . . 27
       4.3.2.  Syntax for Acquisition . 20
     3.6.  Dispatching/Filtering  . . . . . . . . . . . . . . . . . . 20
   4.  CDNI Logging Fields Information Structure and Transport . . . . . . 27
     4.4. . 20
   5.  CDNI Logging Fields for Control  . . . . . . . . . . . . . . . . 27
     4.5. . . . . . 22
     5.1.  Semantics of CDNI Logging Fields for Other Operations . . . . . . . . . . . 27
   5. . . 22
     5.2.  Syntax of CDNI Logging Records Fields  . . . . . . . . . . . . . . 26
   6.  CDNI Logging Records . . . . . . . 28
     5.1.  Content Delivery . . . . . . . . . . . . . . 27
     6.1.  Content Delivery . . . . . . . 28
     5.2.  Content Acquisition . . . . . . . . . . . . . . 27
     6.2.  Content Invalidation and Purging . . . . . . 29
       5.2.1.  Logging Records Provided by dCDN to uCDN . . . . . . . 29
       5.2.2.  Logging Records Provided by uCDN to dCDN
     6.3.  Request Routing  . . . . . . . 29
     5.3.  Content Invalidation and Purging . . . . . . . . . . . . . 30
     5.4. . 29
     6.4.  Logging Extensibility  . . . . . . . . . . . . . . . . . . 30
   6. 29
   7.  CDNI Logging File Format . . . . . . . . . . . . . . . . . . . 30
     6.1. 29
     7.1.  Logging Files  . . . . . . . . . . . . . . . . . . . . . . 31
     6.2. 29
     7.2.  File Format  . . . . . . . . . . . . . . . . . . . . . . . 31
       6.2.1. 29
       7.2.1.  Headers  . . . . . . . . . . . . . . . . . . . . . . . 31
       6.2.2. 30
       7.2.2.  Body (Logging Records) Format  . . . . . . . . . . . . 32
       6.2.3. 31
       7.2.3.  Footer Format  . . . . . . . . . . . . . . . . . . . . 33

   7. 31
   8.  CDNI Logging File Transport Protocol . . . . . . . . . . . . . 33
   8.  Logging Control 31
   9.  Open Issues  . . . . . . . . . . . . . . . . . . . . . . . 33
   9.  Open Issues . . 32
   10. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 32
   11. Security Considerations  . . 34
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35
   11. Security Considerations  . . . . . . . . . . 32
     11.1. Privacy  . . . . . . . . . 35
     11.1. Privacy  . . . . . . . . . . . . . . . . . . . . . . . . . 35 33
     11.2. Non Repudiation  . . . . . . . . . . . . . . . . . . . . . 35 33
   12. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 35 33
   13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 33
     13.1. Normative References . . . . . . . . . . . . . . . . . . . 35 33
     13.2. Informative References . . . . . . . . . . . . . . . . . . 36 33
   Appendix A.  Examples Log Format . . . . . . . . . . . . . . . . . 37 34
     A.1.  W3C Common Log File (CLF) Format . . . . . . . . . . . . . 37 35
     A.2.  W3C Extended Log File (ELF) Format . . . . . . . . . . . . 38 35
     A.3.  National Center for Supercomputing Applications (NCSA)
           Common Log Format  . . . . . . . . . . . . . . . . . . . . 39 37
     A.4.  NCSA Combined Log Format . . . . . . . . . . . . . . . . . 39 37
     A.5.  NCSA Separate Log Format . . . . . . . . . . . . . . . . . 39 37
     A.6.  Squid 2.0 Native Log Format for Access Logs  . . . . . . . 40 37
   Appendix B.  Requirements  . . . . . . . . . . . . . . . . . . . . 41 38
     B.1.  Additional Requirements  . . . . . . . . . . . . . . . . . 41 38
     B.2.  Compliancy with Requirements draft . . . . . . . . . . . . 42 39
   Appendix C.  CDNI WG's position on  Analysis of candidate protocols for Logging
                Transport . . . . . . . . . . . . . . . . . . 42 . . . . 39
     C.1.  CDNI WG's position on  Syslog . . . . . . . . . . . . . . . 42 . . . . . . . . . . . 40
     C.2.  CDNI WG's position on  XMPP . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
     C.3.  SNMP . . . . . . . . . . . . . . . . 42 . . . . . . . . . . . 40
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 42 40

1.  Introduction

   This memo specifies the Logging interface between a downstream CDN
   (dCDN) and an upstream CDN (uCDN).  First, it describes a reference
   model for CDNI logging.  Then, it specifies the actual protocol for
   CDNI logging information exchange covering the information elements
   as well as the transport of those. those elements.

   The reader should be familiar with the work of the CDNI WG:

   o  CDNI problem statement [RFC6707] and framework
      [I-D.ietf-cdni-framework] identify a Logging interface,

   o  Section 7 of [I-D.ietf-cdni-requirements] specifies a set of
      requirements for Logging,

   o  [I-D.ietf-cdni-use-cases]  [RFC6770] outlines real world use-cases for interconnecting CDNs.
      These use cases require the exchange of Logging information
      between the dCDN and the uCDN.

   As stated in [RFC6707], "the CDNI Logging interface enables details
   of logs or events to be exchanged between interconnected CDNs".

   The present document describes:

   o  The CDNI Logging reference model (Section 2),

   o  The CDNI Logging information structure and Transport (Section 3), 4),

   o  The CDNI Logging Fields (Section 4), 5),

   o  The CDNI Logging Records (Section 5), 6),

   o  The CDNI Logging File format (Section 6), 7),

   o  The CDNI Logging File Transport Protocol (Section 7),

   o  and, finally, the description of the CDNI Logging Control that is
      to be supported by the CDNI Control Interface Section 8. 8),

   In the Appendices, the document provides:

   o  A list of identified requirements (Appendix B.1), which should be
      considered for inclusion in [I-D.ietf-cdni-requirements],

1.1.  Terminology

   In this document, the first letter of each CDNI-specific term is
   capitalized.  We adopt the terminology described in [RFC6707] and
   [I-D.ietf-cdni-framework], and extend it with the additional terms
   defined below.

   For clarity, we use the word "Log" only for referring to internal CDN
   logs and we use the word "Logging" for any inter-CDN information
   exchange and processing operations related to the CDNI Logging interface.
   Log and Logging formats may be different.

   Log:

   CDN internal Logging information: logging information collection generated and processing operations.

   Logging: Inter-CDN collected
   within a CDN

   CDNI Logging information: logging information exchange exchanged across CDNs
   using the CDNI Logging Interface

   Logging information: logging information generated and processing operations. collected
   within a CDN or obtained from another CDN using the CDNI Logging
   Interface

   CDNI Logging Field: an atomic element of information that can be
   included in a CDNI Logging Record.  The time an event/task started,
   the IP address of an End user to whom content was delivered, and the
   URI of the content delivered are examples of CDNI logging fields. Logging Fields.

   CDNI Logging Record: an information record providing information
   about a specific event.  This comprises a collection of CDNI Logging
   Fields.

   Separator Character: a specific character used to enable the parsing
   of Logging Records.  This character separates the Logging Fields that
   compose a Logging Record.

   CDNI Logging File: a file containing CDNI Logging Records and Records, as well as
   additional information for easing facilitating the processing of the CDNI
   Logging Records.

   CDN Reporting: the process of providing the relevant information that
   will be used to create a formatted content delivery report provided
   to the CSP in deferred time.  Such information typically includes
   aggregated data that can cover a large period of time (e.g., from
   hours to several months).  Uses of Reporting include the collection
   of charging data related to CDN services and the computation of Key
   Performance Indicators (KPIs).

   CDN Monitoring: the process of providing content delivery information
   in real-time.  Monitoring typically includes data in real time to
   provide visibility of the deliveries in progress, for service
   operation purposes.  It presents a view of the global health of the
   services as well as information on usage and performance, for network
   services supervision and operation management.  In particular,
   monitoring data can be used to generate alarms.

   End-User experience management: study of Logging data using
   statistical analysis to discover, understand, and predict user
   behavior patterns.

   Class-of-requests: A Class-of-requests identifies a set of content
   Requests, related to a specific CSP, received from clients in a given
   footprint and sharing common properties.  These properties include:

   o  Any header, URL parameter, query parameter of an HTTP (or RTMP)
      content request

   o  Any header, or sub-domain of the FQDN of a DNS lookup request

   Examples:

   o  Class-of-Requests = all the requests that include the HTTP header
      "User-Agent: Mozilla/5.0" related to CSP
      "http://*.cdn.example.com" from AS3215

   o  Class-of-Requests = all the DNS requests from anywhere and related
      to CSP "cdn*.example.com"

   Delivery Service: A Delivery Service is defined by a set of Class-of-
   Requests and a list of parameters that apply to all these Class-of-
   Requests (logging format, delivery quality/capabilities
   requirements...)

   Service Agreement: A service agreement is defined by a uCDN
   identifier, a dCDN identifier, a set of Delivery Services and a list
   of parameters that apply to the Service Agreement.

   Once a Service Agreement is agreed between the administrative
   entities managing the CDNs to be interconnected, the upstream CDN and
   the downstream CDN of the CDNI interconnection must be configured
   according to this agreed Service Agreement.  For instance, a given
   uCDN (uCDN1) may request a given dCDN (dCDN1) to configure one
   Delivery Service for handling requests for HTTP Adaptive streaming
   videos delegated by uCDN1 and related to a specific CSP (CSP1) and
   another one for handling requests for static pictures delegated by
   uCDN1 and related to CSP1.  These Delivery services would belong to
   the Service Agreement between uCDN1 and dCDN1 for CSP1.  In this
   simple example, uCDN1 may request dCDN1 to include Delivery Service
   information in its CDNI Logging, to help uCDN1 to provide relevant
   reports to CSP1.

1.2.  Abbreviations

   o  API: Application Programming Interface

   o  CCID: Content Collection Identifier

   o  CDN: Content Delivery Network

   o  CDNP: Content Delivery Network Provider

   o  CoDR: Content Delivery Record

   o  CSP: Content Service Provider

   o  DASH: Dynamic Adaptive Streaming over HTTP

   o  dCDN: downstream CDN

   o  FTP: File Transfer Protocol

   o  HAS: HTTP Adaptive Streaming

   o  KPI: Key Performance Indicator

   o  PVR: Personal Video Recorder

   o  SID: Session Identifier

   o  SFTP: SSH File Transfer Protocol

   o  SNMP: Simple Network Management Protocol

   o  uCDN: upstream CDN

2.  CDNI Logging Reference Model

2.1.  CDNI Logging interactions

   The CDNI logging reference model between a given uCDN and a given
   dCDN involves the following interactions:

   o  control  customization by the uCDN of the CDNI logging information to be performed
      provided by the dCDN to the uCDN (e.g. control of which logging
      fields are to be communicated to the uCDN for a given task
      performed by the dCDN, control of which types of events are to be
      logged).  This is supported by the CDNI
      Control interface.

   o  generation and collection by the  The dCDN of takes into account this CDNI logging
      customization information
      related to determine what logging information to
      provide to the completion of any task performed by the dCDN on
      behalf of the uCDN uCDN, but it may, or may not, take into account
      this CDNI logging customization information to influence what CDN
      logging information is to be generated and collected within the
      dCDN (e.g. even if the uCDN requests a restricted subset of the
      logging information, the dCDN may elect to generate a broader set
      of logging information).  The mechanism to support the
      customisation by the uCDN of CDNI Logging information is outside
      the scope of this document and left for further study.  We note
      that the CDNI Control interface ore the CDNI Metadata interfaces
      appear as candidate interfaces on which to potentially build such
      a customisation mechanism.  Before such a mechanism is available,
      the uCDN and dCDN are expected to agree off-line on what CDNI
      logging information is to be provide by dCDN to UCDN and rely on
      management plane actions to configure the CDNI Logging functions
      to generate (respectively, expect) in dCDN (respectively, in
      uCDN).

   o  generation and collection by the dCDN of logging information
      related to the completion of any task performed by the dCDN on
      behalf of the uCDN (e.g., delivery of the content to an end user)
      or related to events happening in the dCDN that are relevant to
      the uCDN (e.g. (e.g., failures or unavailability in dCDN).  This takes
      place within the dCDN and does not directly involve CDNI
      interfaces.

   o  communication by the dCDN to the uCDN of the logging information
      collected by the dCDN relevant to the uCDN.  This is supported by
      the CDNI Logging interface. interface and in the scope of the present
      document.  For example, the uCDN may use this logging information
      to charge the CSP, to perform analytics and
      mornitoring monitoring for
      operational reasons, to provide analytics and monitoring views on
      its content delivery to the CSP, CSP or to perform
      troubleshooting. trouble-shooting.

   o  control  customization by the dCDN of the logging to be performed by the
      uCDN on behalf of the dCDN.  This is supported  The mechanism to support the
      customisation by the dCDN of CDNI Control
      interface. Logging information is outside
      the scope of this document and left for further study.

   o  generation and collection by the uCDN of logging information
      related to the completion of any task performed by the uCDN on
      behalf of the dCDN (e.g. (e.g., serving of content by uCDN to dCDN for
      acquisition purposes by dCDN) or related to events happening in
      the uCDN that are relevant to the dCDN.  This takes place within
      the uCDN and does not directly involve CDNI interfaces.

   o  communication by the uCDN to the dCDN of the logging information
      collected by the uCDN relevant to the dCDN.  This is supported by
      the CDNI Logging interface.  For example, the dCDN may use
      might potentially benefit form this
      logging information for security
      auditing or content acquisition troubleshooting.  This is outside
      the scope of this document and left for further study.

   Figure 1 provides an example of CDNI Logging interactions (focusing
   only on the interactions that are in the scope of this document) in a
   particular scenario where 4 CDNs are involved in the delivery of
   content from a given CSP: the uCDN has a CDNI interconnection with
   dCDN1
   dCDN-1 and dCDN2. dCDN-2.  In turn, dCDN2 has a CDNI interconnection with
   dCDN3.  In this example, uCDN, dCDN1, dCDN2 dCDN-1, dCDN-2 and dCDN3 deliver dCDN-3 all
   participate in the delivery of content for the CSP.  In this example,
   the CDNI Logging interface enables the uCDN to obtain logging
   information from all the dCDNs involved in the delivery.  In the
   example, uCDN uses the Logging data:

   o  to analyze the performance of the delivery operated by the dCDNs
      and to adjust its operations (e.g., request routing) as
      appropriate
      appropriate,

   o  to provide reporting (non-real time) (non real-time) and monitoring (real time) (real-time)
      information to CSP.

   For instance, uCDN merges Logging data, extracts relevant KPIs, and
   presents a formatted report to the CSP, in addition to a bill for the
   content delivered by uCDN itself or by its dCDNs on his behalf. uCDN
   may also provide Logging data as raw log files to the CSP, so that
   the CSP can use its own Logging logging analysis tools.

                   +-----+
                   | CSP |
                   +-----+
                      ^ Reporting and monitoring data
                      * Billing
                   ,--*--.
       Logging  ,-'       `-.
       Data  =>(     uCDN    )<=   Logging
          //   `-.       _,-'   \\  Data
          ||        `-'-'-'      ||
       ,--v--.       ^ ^       ,--v--.
       ,-----.                 ,-----.
    ,-'       `-.    + +           ,-'       `-.
   (   dCDN-1    )<+++ +++>(    )         (   dCDN-2    )<==  Logging
    `-.       ,-'  Logging          `-.      _,-'    \\ Data
      `--'--'       Control                  `--'-'        ||
                                  ^       ,--v--.
                          Logging +
                                          ,-----.
                                        ,'       `-.
                           Control++++>(
                                       (  dCDN-3    )
                                        `.       ,-'
                                          `--'--'

   <====>

   ===> CDNI Logging Interface
   <++++> CDNI Control Interface
   ***> outside the scope of CDNI

          Figure 1: Interactions in CDNI Logging Reference Model

   A dCDN (e.g. (e.g., dCDN-2) integrates the relevant logging data information
   obtained from its dCDNs (e.g. (e.g., dCDN-3) in the logging data information
   that it provides to the uCDN, so that the uCDN ultimately obtains all
   logging information relevant to a CSP for which it acts as the
   authoritative CDN.

   Note that the format of Logging data information that a CDN provides over
   the CDNI interface might be different from the one that the CDN uses
   internally.  In this case, the CDN needs to reformat the Logging data
   information before it provides this data information to the other CDN over
   the CDNI Logging interface.  Similarly, a CDN might reformat the
   Logging data that it receives over the CDNI Logging interafce interface before
   injecting it into its log-consuming applications or before providing
   some of this logging information to the CSP.  Such reformatting
   operations introduce latency in the logging distribution chain and
   introduce a processing burden.  Therefore, there are benefits in
   specifying CDNI Logging format that are as suitable for use inside CDNs
   and also are close as possible from to the CDN Log formats commonly used in CDNs
   today.

2.2.  Overall Logging Chain

   This section discusses the overall logging chain within and across
   CDNs to clarify how CDN Logging information is expected to fit in
   this overall chain.  Figure 2 maps illustrates the overall logging chain
   within the dCDN, across CDNs using the CDNI Logging interactions discussed above onto interface and
   within the
   CDNI Reference Model defined uCDN.  Note that the logging chain illustrated in [RFC6707].

     --------
    /        \
    |   CSP  |
    \        /
     --------
         *
         * Reporting, Monitoring,
         * Billing the
   Figure is obviously only indicative and varies depending on the
   specific environments.  For example, there may be more or less
   instantiations of each entity (i.e., there may be 4 Log consuming
   applications in a given CDN).  As another example, there may be one
   instance of Rectification process per Log Consuming Application
   instead of a shared one.

             Log Consuming    Log Consuming
                 App              App
                 /\              /\
         *                        /  \
     ----------------------      |CDNI|        ----------------------
    /     Upstream CDN     \     |    |       /    Downstream CDN    \
    |      +-------------+ | Control Interface| +-------------+      |
    |      +             + | (Logging Control)| |             |      |
    |*******   Control   |<++++++|++++|++++++>|   Control   *******|
    |*     +------*----*-+ |
                 |               |
           Rectification--------
           /\
           | +-*----*------+     *|
    |*            *    *
           Filtering
            /\
            |
        Collection                        uCDN
        /\       /\
        |        |
        |   *    *            *|
    |*     +------*------+     Generation
        |
   CDNI Logging Interface| +------*------+     *|
    |*     +             + | (Logging Data )  | |             |     *|
    |* *****   Logging   |<======|====|========>|   Logging   ***** *|
    |* *   +-*-----------+ |     |    |       | +-----------*-+   * *|
    |* *     *         *   |     |    |       |   *         *     * *|
  .....*...+-*---------*-+ |     |    | ---------------------------------------------
   exchange
        /\         Log Consuming    Log Consuming
        | +-*---------*-+...*.*...
  . |* * *** Req-Routing                 App              App
        |                  /\              /\
        |                  |               |
   Rectification     Rectification---------
           /\       /\
           |        | Req-Routing *** * *| .
  . |* * * +-------------+.|
           Filtering
            /\
            |
         Collection                         dCDN
         /\       /\
         |        | +-------------+ * * *| .
  . |* * *                 .     |    |       |                 * * *| .
  . |* * * +-------------+ |.    |    |       | +-------------+ * * *| .
  . |* * * | Distribution| | .   |    |       | | Distribution| * * *| .
  . |* * * |             | |  .   \  /        | |             | * * *| .
  . |* * * |+---------+  | |   .   \/         | |  +---------+| * * *| .
  . |* * ***| +---------+| |    ....Request......+---------+ |*** * *| .
  . |* *****+-|Surrogate|************************|Surrogate|-+***** *| .
  . |*******  +---------+| |   Acquisition    | |+----------+ *******| .
  . |      +-------------+ |                  | +-------*-----+      | .
  . \                      /                  \         *            / .
  .  ----------------------                    ---------*------------  .
  .                                                     *              .
  .                                                     * Delivery     .
  .                                                     *              .
  .                                                  +--*---+          .
  ...............Request.............................| User |..Request..
                                                     | Agent|
                                                     +------+

  <====> CDNI Logging Interface
  <++++> CDNI Control Interface
  ****  interfaces outside the scope of CDNI
  ....  interfaces outside the scope of CDNI
   Generation    Generation
            Figure 2: Mapping of CDNI Logging interactions on the CDNI Reference
                                   Model

   As illustrated in Figure 2, the overall Logging Control (including signaling
   of which logging fields are to be communicated across CDNs for a
   given task) occurs over the Control Interface level. Chain

   The rationale
   for using the Control interface for Logging Control (instead following subsections describe each of for
   instance using the Metadata interface) includes:

   o processes potentially
   involved in the logging chain of Figure 2.

2.2.1.  Logging Control interactions Generation and During-Generation Aggregation

   CDNs typically define fairly static generate logging information for initializing all significant task
   completions, events, and controlling failures.  Logs are typically generated by
   many devices in the Logging
      interface, which matches CDN including the role of surrogates, the Control Interface as
      described in [I-D.ietf-cdni-framework] request routing
   system, and [RFC6707].

   o the control system.

   The amount of Logging Control information (specifying the generated can be huge.  Therefore,
   during contract negotiations, interconnected CDNs often agree on a
   Logging
      information format retention duration, and scope is primarily intended to be consumed
      by optionally, on a maximum size of the (typically fairly centralized) logical entity responsible
      for collecting intra-CDN logs, processing, filtering those and
      then exporting
   Logging data that the relevant subset of logs/fields to dCDN must keep.  If this size is exceeded, the other
      CDNs.

   o
   dCDN must alert the surrogates within a given CDN are typically uCDN but may not expected to
      need to be aware of keep more Logs for the specific set
   considered time period.  In addition, CDNs may aggregate logs and
   transmit only summaries for some categories of fields or set operations instead of events
      that have been requested by various interconnected CDNs.  Rather
   the surrogates are likely full Logging data.  Note that such aggregation leads to perform some generic logging an
   information loss, which may be problematic for all
      services regardless of the peculiarities of every CDNI agreement.
      Processing (e.g. filtering, format adaptation) some usages of the generic Logging
   (e.g., debugging).

   [I-D.brandenburg-cdni-has] discusses logging information generated by for HTTP Adaptive
   Streaming (HAS).  In accordance with the Surrogates recommendations articulated
   there, it is expected to
      take place to ensure that a surrogate will generate separate logging
   information for delivery of each interconnected CDN receives the
      specific set chunk of fields and logs it has requested through Logging
      Control.  Therefore there is no need to ensure HAS content.  This ensures
   that the Logging
      control separate logging information can then be easily distributable through the CDNs right
      down to surrogates.

   o  the Control interface is expected provided to support
   interconnected CDNs over the capability to
      apply control at CDNI Logging interface.  Still in line
   with the granularity recommendations of content sets (e.g. for content
      Purge) which is required [I-D.brandenburg-cdni-has], the logging
   information for Logging Control since it is expected
      that a CDN per-chunck delivery may require different sets of logging fields include some information (a
   Content Collection IDentifier and events
      for different sets of content (e.g. because it only needs to
      perform coarse billing for a given CSP while it Session IDentifier as discussed
   in Section 5) intended to facilitate subsequent post-generation
   aggregation of per-chunk logs into per-session logs.  Note that a CDN
   may also elect to generate aggregate per-session logs when performing
   HAS delivery, but this needs to provide
      detailed analytics be in addition to, and not instead
   of, the per-chunk delivery logs.  We note that this may be revisited
   in future versions of this document.

   Note that in the case of non real-time logging, the trigger of the
   transmission or generation of the logging file appears to be a
   synchronous process from a protocol standpoint.  The implementation
   algorithm can choose to enforce a maximum size for another CSP).

2.2.  Overall the logging file
   beyound which the transmission is automatically triggered (and thus
   allow for an asynchrounous transmission process).

2.2.2.  Logging Chain Collection

   This section discusses is the overall logging chain process that continuously collects logs generated by the
   log-generating entities within and across
   CDNs a CDN.

   In a CDNI environment, in addition to clarify how CDN Logging collecting logging information
   from log-generating entities within the local CDN, the Collection
   process also collects logging information provided by another CDN, or
   other CDNs, through the CDNI Logging interface.  This is expected to fit illustrated
   in
   this overall chain. Figure 3 illustrates 2 where we see that the overall Collection process of the uCDN
   collects logging chain information from log-generating entities within the dCDN, across CDNs using the
   uCDN as well as logging information coming through CDNI Logging interface and
   within
   exchange with the uCDN.  For readability, dCDN through the Figure CDNI Logging interface.

2.2.3.  Logging Filtering

   A CDN may require to only considers present different subset of the whole
   logging information flowing from the dCDN collected to various log-consuming applications.
   This is achieved by the uCDN.  Note that Filtering process.

   In particular, the logging
   chain illustrated in Filtering process can also filter the Figure is obviously only indicative and
   varies in specific environments.  For example, there may be more or
   less instantiations right subset
   of each entity (ie there may information that needs to be 4 Log consuming
   applications in provided to a given interconnected
   CDN.  As another  For example, there may be one
   instance of Rectification the filtering process per Log Consuming Application
   instead of a shared one.

             Log Consuming    Log Consuming
                 App              App
                 /\              /\
                 |               |
           Rectification--------
           /\
           |
           Filtering
            /\
            |
        Collection                        uCDN
        /\       /\
        |        |
        |     Generation
        |
   CDNI Logging ---------------------------------------------
   exchange
        /\         Log Consuming    Log Consuming
        |                 App              App
        |                  /\              /\
        |                  |               |
   Rectification     Rectification---------
           /\       /\
           |        |
           Filtering
            /\
            |
         Collection                         dCDN
         /\       /\
         |        |
   Generation    Generation

            Figure 3: CDNI Logging in the overall Logging Chain

   The following subsections describe each of the processes potentially
   involved in dCDN can be used to
   ensure that only the logging chain information related to tasks performed
   on behalf of Figure 3.

2.2.1.  Logging Generation and During-Generation Aggregation

   CDNs typically generate a given uCDN are made available to that uCDN (thereby
   filtering all the logging information for all significant task
   completions, events, and failures.  Logs are typicallly generated related to deliveries by
   many devices in the CDN including the surrogates, the request routing
   system, and the control system.

   The amoung
   dCDN of content for its own CSPs).  Similarly, the Filtering process
   may filter or partially mask some fields, for example, to protect End
   Users' privacy when communicating CDNI Logging information generated can be huge.  Therefore,
   during contract negotiations, interconnected CDNs often agree on a
   Logging retention duration, and optionally, on a maximum size to another
   CDN.  Filtering of logging information prior to communication of this
   information to other CDNs via the CDNI Logging data interface requires
   that the dCDN must keep.  If this size is exceeded, downstream CDN can recognize the
   dCDN must alert set of log records that
   relate to each interconnected CDN.

   The CDN will also filter some internal scope information such as
   information related to its internal alarms (security, failures, load,
   etc).

   In some use cases described in [RFC6770], the uCDN but may interconnected CDNs do
   not keep more Logs for want to disclose details on their internal topology.  The
   filtering process can then also filter confidential data on the
   considered time period.
   dCDNs' topology (number of servers, location, etc.).  In addition, CDNs particular,
   information about the requests served by every Surrogate may aggregate logs and
   transmit only summaries for some categories of operations instead of be
   confidential.  Therefore, the full Logging data.  Note information must be protected
   so that data such aggregation leads as Surrogates' hostnames is not disclosed to an
   information loss, which may be problematic for some usages of Logging
   (e.g., debugging).

   [I-D.brandenburg-cdni-has] discusses logging for HTTP Adaptive
   Streaming (HAS). the
   uCDN.  In accordance with the recommendations articulated
   there, it is expected that a surrogate will generate separate logging
   information for delivery of each chunk of HAS content.  This ensures
   that separate logging "Inter-Affiliates Interconnection" use case, this
   information can then may be provided disclosed to
   interconnected CDNs over the CDNI Logging interface.  Still in line
   with uCDN because both the recommendations dCDN and
   the uCDN are operated by entities of [I-D.brandenburg-cdni-has], the logging
   information for per-chunck delivery may include some information (a
   Content Collection IDentifier same group.

2.2.4.  Logging Rectification and a Session IDentifier as discussed
   in Section 4.1.1) intended to facilitate subsequent post-generation
   aggregation of per-chunk logs into per-session logs.  Note Post-Generation Aggregation

   If Logging is generated periodically, it is important that a CDN
   may also elect to generate aggregate per-session logs when performing
   HAS delivery, but this needs to be in addition to, and not instead
   of, the per-chunk delivery logs.  We note
   sessions that this may be revisited start in future versions of this document.

2.2.2. one Logging Collection

   This is the process that continuously collects logs generated by the
   log-generating entities within a CDN.

   In a CDNI environment, period and end in addition to collecting logging information
   from log-generating entities within the local CDN, the Collection
   process also collects logging information provided by another CDN, or
   other CDNs, through are
   correctly reported.  If they are reported in the starting period,
   then the CDNI Logging interface.  This is illustrated
   in Figure 3 where we see that of this period will be available only after the Collecton process end
   of the uCDN
   collects logging information from log-generating entities within session, which delays the
   uCDN as well as logging information coming through CDNI Logging
   exchange with generation.

   A Logging rectification/update mechanism could be useful to reach a
   good trade-off between the dCDN through Logging generation delay and the CDNI Logging interface.

2.2.3.
   accuracy.  Depending on the selected Logging Filtering

   A CDN protocol(s), such
   mechanism may require to only present different subset be invaluable for real time Logging, which must be
   provided rapidly and cannot wait for the end of operations in
   progress.

   In the whole
   logging information collected to various presence of HAS, some log-consuming applications.
   This is achieved by the Filtering process.

   In particular, the Filtering process applications can also filter the right subset
   of information that needs to be provided to a given interconnected
   CDN. benefit
   from aggregate per-session logs.  For example, for analytics, per-
   session logs allow display of session-related trends which are much
   more meaningful for some types of analysis than chunk-related trends.
   In the filtering process in case where the dCDN log-generating entities have generated during-
   generation aggregate logs, those can be used to
   ensure that only by the logging information related to tasks performed
   on behalf of applications.  In
   the case where aggregate logs have not been generated, the
   Rectification process can be extended with a given uCDN are made available to Post-Generation
   Aggregation process that uCDN (thereby
   filtering all generates per-session logs from the per-
   chunk logs, possibly leveraging the logging information related to deliveries by included in the
   dCDN of content per-
   chunk logs for its own CSPs).  Similarly, that purpose (Content Collection IDentifier and a
   Session IDentifier).  However, in accordance with
   [I-D.brandenburg-cdni-has], this document does not define exchange of
   such aggregate logs on the Filtering process
   may filter or partially mask some fields, for example, to protect End
   Users' privacy when communicating CDNI Logging information to another
   CDN.  Filtering of logging information prior to communication interface.  We note that this
   may be revisited in future versions of this
   information to other CDNs via the CDNI document.

2.2.5.  Log-Consuming Applications

2.2.5.1.  Maintenance/Debugging

   Logging interface requires
   that is useful to permit the downstream CDN can recognize detection (and limit the set risk) of log records that
   relate to each interconnected CDN.

   The
   content delivery failures.  In particular, Logging facilitates the
   resolution of configuration issues.

   To detect faults, Logging must enable the reporting of any CDN will also filter some internal scope information
   operation success and failure, such as
   information related to its internal alarms (security, failures, load,
   etc).

   In some use cases described in [I-D.ietf-cdni-use-cases], the
   interconnected CDNs do not want to disclose details on their internal
   topology. request redirection, content
   acquisition, etc.  The filering process uCDN can then also filter confidential
   data on the dCDNs' topology (number of servers, location, etc.).  In
   particular, summarize such information about into KPIs.
   For instance, Logging format should allow the requests served by every Surrogate
   may be confidential.  Therefore, computation of the Logging information must be
   protected so
   number of times during a given epoch that data such as Surrogates' hostnames is not disclosed content delivery related to
   a specific service succeeds/fails.

   Logging enables the uCDN.  In the "Inter-Affiliates Interconnection" use case,
   this information may be disclosed CDN providers to identify and troubleshoot
   performance degradations.  In particular, Logging enables the uCDN because both
   communication of traffic data (e.g., the amount of traffic that has
   been forwarded by a dCDN
   and the on behalf of an uCDN are operated by entities over a given period of the same group.

2.2.4.  Logging Rectification
   time), which is particularly useful for CDN and Post-Generation Aggregation

   If network planning
   operations.

2.2.5.2.  Accounting

   Logging is generated periodically, it is important that the
   sessions that start in one Logging period essential for accounting, to permit inter-CDN billing and end in another are
   correctly reported.  If they are reported in
   CSP billing by uCDNs.  For instance, Logging enables the starting period,
   then the Logging of this period will be available only after uCDN to
   check the end total amount of traffic delivered by every dCDN and for
   every Delivery Service, as well as, the session, which delays associated bandwidth usage
   (e.g., peak, 95th percentile), and the Logging generation.

   A Logging rectification/update mechanism could be useful to reach maximum number of simultaneous
   sessions over a
   good trade-off between the Logging generation delay given period of time.

2.2.5.3.  Analytics and Reporting

   The goal of analytics is to gather any relevant information to track
   audience, analyze user behavior, and monitor the performance and
   quality of content delivery.  For instance, Logging
   accuracy.  Depending enables the CDN
   providers to report on content consumption (e.g., delivered sessions
   per content) in a specific geographic area.

   The goal of reporting is to gather any relevant information to
   monitor the selected Logging protocol(s), such
   mechanism may be invaluable for real time Logging, which must be
   provided rapidly performance and cannot wait for the end quality of operations in
   progress.

   In the presence content delivery and allow
   detection of HAS, some log-consuming applications can benefit
   from aggregate per-session logs. delivery issues.  For example, instance, reporting could track
   the average delivery throughput experienced by End-Users in a given
   region for analytics, per-
   session logs allow display a specific CSP or content set over a period of session-related trends which are much
   more meaningful for some types time.

2.2.5.4.  Security

   The goal of analysis than chunk-related trends. security is to prevent and monitor unauthorized access,
   misuse, modification, and denial of access of a service.  A set of
   information is logged for security purposes.  In the case where the log-generating entities have generated during-
   generation aggregate logs, those can be used by the applications.  In
   the case where aggregate logs have not been generated, the
   Rectification process can be extended with a Post-Generation
   Aggregation process that generates per-session logs from the per-
   chunk logs, possibly leveraging the information included in the per-
   chunk logs for that purpose (Content Collection IDentifier and particular, a
   Session IDentifier).  However, in accordance with
   [I-D.brandenburg-cdni-has], this document does not define exchange of
   such aggregate logs on the CDNI Logging interface.  We note that this
   may be revisited in future versions record
   of this document.

2.2.5.  Log-Consuming Applications

2.2.5.1.  Maintenance/Debugging

   Logging access to content is useful usually collected to permit the detection (and limit the risk) CSP to detect
   infringements of content delivery failures.  In particular, Logging facilitates the
   resolution of configuration issues.

   To detect faults, Logging must enable the reporting of any CDN
   operation success policies and failure, such as request redirection, content
   acquisition, etc.  The uCDN can summarize such information into KPIs.
   For instance, other abnormal End
   User behaviors.

2.2.5.5.  Legal Logging format should allow Duties

   Depending on the computation of country considered, the
   number of times during a given epoch that content delivery related CDNs may have to
   a retain
   specific service succeeds/fails. Logging enables the CDN providers information during a legal retention period, to identify and troubleshoot
   performance degradations.  In particular,
   comply with judicial requisitions.

2.2.5.6.  Notions common to multiple Log Consuming Applications
2.2.5.6.1.  Logging enables the
   communication of traffic data (e.g., the amount of traffic that has
   been forwarded by a dCDN on behalf of an uCDN over Information Views

   Within a given period of
   time), which is particularly useful for CDN and network planning
   operations.

2.2.5.2.  Accounting

   Logging is essential for accounting, log-consuming application, different views may be
   provided to permit inter-CDN billing different users depending on privacy, business, and
   CSP billing by uCDNs.
   scalability constraints.

   For instance, Logging enables example, an analytics tool run by the uCDN can provide one view
   to
   check an uCDN operator that exploits all the total amount of traffic delivered by every dCDN and for
   every Delivery Service, as well as, logging information
   available to the associated bandwidth usage
   (e.g., peak, 95th percentile), and uCDN, while the maximum number of simultaneous
   sessions over tool may provide a given period of time.

2.2.5.3.  Analytics and Reporting

   The goal of analytics is different view to gather any relevant
   each CSP exploiting only the logging information related to track
   audience, analyze user behavior, and monitor the performance and
   quality of
   content delivery.  For instance, Logging enables of the CDN
   providers given CSP.

   As another example, maintenance and debugging tools may provide
   different views to report different CDN operators, based on content consumption (e.g., delivered sessions
   per content) in their
   operational role.

2.2.5.6.2.  Key Performance Indicators (KPIs)

   This section presents, for explanatory purposes, a specific geographic area.

   The goal non-exhaustive
   list of reporting is to gather any relevant information to
   monitor the performance Key Performance Indicators (KPIs) that can be extracted/
   produced from logs.

   Multiple log-consuming applications, such as analytics, monitoring,
   and quality of content delivery maintenance applications, often compute and allow
   detection of delivery issues.  For instance, reporting could track such KPIs.

   In a CDNI environment, depending on the average delivery throughput experienced situation, these KPIs may be
   computed by End Users the uCDN or by the dCDN.  But it is usually the uCDN that
   computes KPIs, because uCDN and dCDN may have different definitions
   of the KPIs and the computation of some KPIs requires a vision of all
   the deliveries performed by the uCDN and all its dCDNs.

   Here is a list of important examples of KPIs:

   o  Number of delivery requests received from End-Users in a given
      region for each piece of content, during a specific CSP or content set over a given period of time.

2.2.5.4.  Security

   The goal time
      (e.g., hour/day/week/month)

   o  Percentage of security is to prevent and monitor unauthorized access,
   misuse, modification, and denial delivery successes/failures among the aforementioned
      requests

   o  Number of access failures listed by failure type (e.g., HTTP error code)
      for requests received from End Users in a given region and for
      each piece of content, during a service.  A set given period of
   information is logged time (e.g., hour/
      day/week/month)

   o  Number and cause of premature delivery termination for security purposes.  In particular, End Users
      in a record given region and for each piece of access to content is usually collected to permit the CSP to detect
   infringements content, during a given
      period of content delivery policies time (e.g., hour/day/week/month)

   o  Maximum and other abnormal mean number of simultaneous sessions established by
      End
   User behaviors.

2.2.5.5.  Legal Logging Duties

   Depending on the country considered, the CDNs may have to retain
   specific Logging information during Users in a legal retention period, to
   comply with judicial requirements.

2.2.5.6.  Notions common to multiple Log Consuming Applications

2.2.5.6.1.  Logging Information Views

   Within given region, for a given log-consuming application, different views may be
   provided to differnet users depending on privacy, business, Delivery Service, and
   scalability constraints.

   For example, an analytics tool run by the uCDN can provide one view
   to an uCDN operator that exploits all the logging information
   available to the uCDN, while the tool may provide
      during a different view to
   each CSP exploiting only the logging information related to the
   content given period of the time (e.g., hour/day/week/month)

   o  Volume of traffic delivered for sessions established by End Users
      in a given CSP.

   As another example, maintenance and debugging tools may provide
   different views to different CDN operators, based on their
   operational role.

2.2.5.6.2.  Key Performance Indicators (KPIs)

   This section presents, region, for explanatory purposes, a non-exhaustive
   list of Key Performance Indicators (KPIs) that can be extracted/
   produced from logs.

   Multiple log-consuming applications, such as analytics, monitoring,
   and maintenance applications, often compute given Delivery Service, and track such KPIs.

   In during a CDNI environment, depending on teh situation, these KPIs may be
   computed by the uCDN or by the dCDN.  But it is usually the uCDN that
   computes KPIs, because uCDN and dCDN may have different definitions
      given period of the KPIs time (e.g., hour/day/week/month)

   o  Maximum, mean, and the computation of some KPIs requires a vision of all
   the deliveries performed minimum delivery throughput for sessions
      established by the uCDN End Users in a given region, for a given Delivery
      Service, and all its dCDNs.

   Here is during a list of important examples given period of KPIs: time (e.g., hour/day/week/
      month)

   o  Number of delivery  Cache-hit and byte-hit ratios for requests received from End Users
      in a given region for each piece of content, during a given period
      of time (e.g., hour/day/week/month)

   o  Percentage of delivery successes/failures among the aforementioned
      requests

   o  Number of failures listed by failure type (e.g., HTTP error code)
      for requests received from End Users in a given region and for
      each piece of content, during a given period of time (e.g., hour/
      day/week/month)

   o  Number and cause of premature delivery termination for End Users
      in a given region and for each piece of content, during a given
      period of time (e.g., hour/day/week/month)

   o  Maximum and mean number of simultaneous sessions established by
      End Users in a given region, for a given Delivery Service, and
      during a given period of time (e.g., hour/day/week/month)

   o  Volume of traffic delivered for sessions established by End Users
      in a given region, for a given Delivery Service, and during a
      given period of time (e.g., hour/day/week/month)

   o  Maximum, mean, and minimum delivery throughput for sessions
      established by End Users in a given region, for a given Delivery
      Service, and during a given period of time (e.g., hour/day/week/
      month)

   o  Cache-hit and byte-hit ratios for requests received from End Users
      in a given region for each piece of content, during a given period
      of time (e.g., hour/day/week/month)

   o  Top 10  Top 10 of the most popularly requested content (during a given
      day/week/month),

   o  Terminal type (mobile, PC, STB, if this information can be
      acquired from the browser type header, for example).

   Additional KPIs can be computed from other sources of information
   than the Logging -- Logging, for instance, data collected by a content portal or
   by specific client-side APIs.  Such KPIs are out of scope for the
   present memo.

   The KPIs used depend strongly on the considered log-consuming
   application -- the CDN operator may be interested in different
   metrics than the CSP is.  In particular, CDN operators are often
   interested in delivery and acquisition performance KPIs, information
   related to Surrogates' performance, caching information to evaluate
   the cache-hit ratio, information about the delivered file size to
   compute the volume of content delivered during peak hour, etc.

   Some of the KPIs, for instance those providing an instantaneous
   vision of the active sessions for a given CSP's content, are useful
   especially
   essentially if they are provided in real time. real-time.  By contrast, some
   other KPIs, such as those the one averaged over on a long period of time, can be
   provided in non-real time.

3.  CDNI Logging Information Structure and Transport

   As defined in Section 1.1 a Requirements
3.1.  Timeliness

   Some applications consuming CDNI logging field is Logging information, such as an atomic
   accounting or trend analytics, only require logging information element and a CDNI Logging Record is to be
   available with a collection timeliness of the order of a day or the hour.  This
   document focuses on addressing this requirement.

   Some applications consuming CDNI Logging Fields containing all information, such as real-
   time analytics, require logging information
   corresponding to be available in real-
   time (i.e. of the order of a single logging event. second after the corresponding event).
   This document defines non-real time transport leaves this requirement out of scope.

3.2.  Reliability

   CDNI Logging logging information over must be transmitted reliably.  The transport
   protocol should contain an anti-replay mechanism.

3.3.  Security

   CDNI logging information exchange must allow authentication,
   integrity protection, and confidentiality protection.  Also, a non-
   repudiation mechanism is mandatory, the transport protocol should
   support it.

3.4.  Scalability

   CDNI interface. logging information exchange must support large scale
   information exchange, particularly so in the presence of HTTP
   Adaptive Streaming.

   For such non-real time
   transport, this document defines example, if we consider a third level client pulling HTTP Progressive
   Download content with an average duration of structure, the 10 minutes, this
   represents 1/600 CDNI delivery Logging File, that Records per second.  If we
   assume the dCDN is a collection simultaneously serving 100,000 such clients on
   behalf of CDNI the uCDN, the dCDN will be generating 167 Logging Records.  This
   structure is described in Figure 4.  This document then specifies how Records
   per second to transport such CDNI Files across interconnected CDNs.  We observe
   that this approach can be tuned in a real deployment communicated to achieve near-
   real time exchange of the uCDN over the CDNI Logging information, e.g. by increasing
   interface.  Or equivalently, if we assume an average delivery rate of
   2Mb/s, the frequency dCDN generates 0.83 CDNI Logging Records per second for
   every Gb/s of streaming on behalf of logging file creation and distribution throughout the uCDN.

   For example, if we consider a client pulling HAS content and
   receiving a video chunk every 2 seconds, a separate audio chunck
   every 2 seconds and a refreshed manifest every 10 seconds, this
   represents 1.1 delivery Logging chain, but it Record per second.  If we assume the
   dCDN is not expected that this approach can
   support real time transport (e.g. sub-second) simultaneously serving 100,000 such clients on behalf of the
   uCDN, the dCDN will be generating 110,000 Logging Records per second
   to be communicated to the uCDN over the CDNI logging
   information.

   +------------------------------------------------------+
   |CDNI Logging interface.  Or
   equivalently, if we assume an average delivery rate of 2Mb/s, the
   dCDN generates 550 CDNI Logging Records per second for every Gb/s of
   streaming on behalf of the uCDN.

3.5.  Consistency between CDNI Logging and CDN Logging

   There are benefits in using a CDNI logging format as close as
   possible to intra-CDN logging format commonly used in CDNs tody in
   order to minimize systematic translation at CDN/CDNI boundary.

3.6.  Dispatching/Filtering

   When a CDN is acting as a dCDN for multiple uCDNs, the dCDN needs to
   dispatch each CDNI Logging Record to the uCDN that redirected the
   corresponding request.  The CDNI Logging format need to allow, and
   possibly facilitate, such a dispatching.

4.  CDNI Logging Information Structure and Transport

   As defined in Section 1.1 a CDNI logging field is as an atomic
   logging information element and a CDNI Logging Record is a collection
   of CDNI Logging Fields containing all logging information
   corresponding to a single logging event.

   This document defines non-real-time transport of CDNI Logging
   information over the CDNI interface.  For such non-real-time
   transport, this documents defines a third level of structure, the
   CDNI Logging File, that is a collection of CDNI Logging Records.
   This structure is described in Figure 3.  This document then
   specifies how to transport such CDNI Logging Files across
   interconnected CDNs.  We observe that this approach can be tuned in a
   real deployment to achieve near-real time exchange of CDNI Logging
   information, e.g., by increasing the frequency of logging file
   creation and distribution throughout the Logging chain, but it is not
   expected that this approach can support real time transport (e.g.,
   sub-second) of CDNI logging information.

   +------------------------------------------------------+
   |CDNI Logging File                                     |
   |                                                      |
   | +--------------------------------------------------+ |
   | |CDNI Logging Record                               | |
   | |  +-------------+ +-------------+ +-------------+ | |
   | |  |CDNI Logging | |CDNI Logging | |CDNI Logging | | |
   | |  |   Field     | |   Field     | |   Field     | | |
   | |  +-------------+ +-------------+ +-------------+ | |
   | +--------------------------------------------------+ |
   |                                                      |
   | +--------------------------------------------------+ |
   | |CDNI Logging Record                               | |
   | |  +-------------+ +-------------+ +-------------+ | |
   | |  |CDNI Logging | |CDNI Logging | |CDNI Logging | | |
   | |  |   Field     | |   Field     | |   Field     | | |
   | |  +-------------+ +-------------+ +-------------+ | |
   | +--------------------------------------------------+ |
   |                                                      |
   | +--------------------------------------------------+ |
   | |CDNI Logging Record                               | |
   | |  +-------------+ +-------------+ +-------------+ | |
   | |  |CDNI Logging | |CDNI Logging | |CDNI Logging | | |
   | |  |   Field     | |   Field     | |   Field     | | |
   | |  +-------------+ +-------------+ +-------------+ | |
   | +--------------------------------------------------+ |
   +------------------------------------------------------+

                   Figure 4: 3: Structure of Logging Files

   It is expected that future version of this document will also specify
   real time transport of CDNI Logging information over the CDNI
   interface.  We note that this might involve direct transport of CDNI
   Logging Records without prior grouping into a file structure to avoid
   the latency associated with creating and transporting such a file
   structure throughout the logging chain.

   The semantics and encoding of the CDNI Logging fields are specified
   in Section 4. 5.  The semantics and encoding of CDNI Records are
   specified in Section 5. 6.  The CDNI Logging File format is specified in
   Section 6. 7.  The protocol for transport of CDNI Logging File is
   specified in Section 7.

4.  CDNI 8.

5.  CDNI Logging Fields

   Existing CDNs Logging functions collect and consolidate logs
   performed by their Surrogates.  Surrogates usually store the logs
   using a format derived from Web servers' and caching proxies' log
   standards such as W3C, NCSA [ELF] [CLF], or Squid format [squid].  In
   practice, these formats are adapted to cope with CDN specifics.
   Appendix A presents examples of commonly used log formats.

4.1.  Generic

5.1.  Semantics of CDNI Logging Fields

   This section specifies a set the semantics of generic the CDNI Logging Fields Fields.  The
   specific subset of CDNI Logging fields that are
   expected to can be found in multiple types of CDNI Logging records.

4.1.1.  Semantics each type
   of Generic CDNI Logging Fields Record is specified in Section 6.

   The semantics of the generic CDNI Logging Fields are specified in Table 1.

   +------------+------------------------------------------------------+

   +--------------+----------------------------------------------------+
   | Name         | Description                                        |
   +------------+------------------------------------------------------+
   +--------------+----------------------------------------------------+
   | Start-time   | A start date and time associated with a logged     |
   |              | event; for instance, the time at which a Surrogate |
   |              | received a content delivery request or the time at |
   |              | which an origin server received a content          |
   |              | acquisition request.                               |
   | End-time     | An end date and time associated with a logged event.      |
   |              | event.  For instance, the time at which a Surrogate          |
   |              | Surrogate completed the handling of a content delivery request      |
   |              | delivery request (e.g., end of delivery or error). |
   | Duration     | The duration of an operation in milliseconds.  For |
   |              | instance, this field could be used to provide the  |
   |              | time it took the Surrogate to send the requested   |
   |              | file to the End-User or the time it took the       |
   |              | Surrogate to acquire the file on a cache-miss event.      |
   |              | event.  In the case where Start-time, End-time, and Duration    |
   |              | and Duration appear in a Logging Record, the       |
   |              | Duration is to be    |
   |            | interpreted as a total activity  |
   |              | time related to the  |
   |            | logged operation.              |
   | Client-IP    | The IP address of the User Agent that issued the   |
   |              | logged request or of a proxy, for instance         |
   |              | "203.0.113.1".                                     |
   | Client-por Client-port  | The source port of the logged request (e.g., 9542) |
   | t Destination- | The IP address of the host that received the       |
   | IP           | logged request (e.g., 192.0.2.2).                  |
   | Destinatio Destination- | The IP address hostname of the host that received the logged  |
   | n-IP hostname     | request (e.g., 192.0.2.2). Surrogate1.cdna.com).               |
   | Destinatio Destination- | The destination port of the logged request (e.g.,  |
   | n-port port         | 80).                                               |
   | Operation    | The kind of operation that is logged; for instance, instance |
   |              | Acquisition, Delivery, Delivery or Purging.                               |
   | URI_full     | The full requested URL (e.g.,                      |
   |              | "http://node1.peer-a.op-b.net/cdn.csp.com/movies/pot "http://node1.peer-a.op-b.net/cdn.csp.com/movies/p |
   |              | ter.avi?param=11&user=toto"). otter.avi?param=11&user=toto").  When HTTP request |
   |              |  redirection is used, this URI includes the Surrogat        |
   |              | eFQDN.  Surrogate FQDN.  If the association of requests to Surrogates t |
   |              | oSurrogates is confidential, the dCDN can present only URI_part  |
   |              |  only URI_part to uCDN.                            |
   | URI_part     | The requested URL path (e.g.,                      |
   |              | /cdn.csp.com/movies/potter.avi?param=11&user=toto if  |
   |              | if the full request URL was                        |
   |              | "http://node1.peer-a.op-b.net/cdn.csp.com/movies/pot "http://node1.peer-a.op-b.net/cdn.csp.com/movies/p |
   |              | ter.avi?param=11&user=toto"). otter.avi?param=11&user=toto").  The URI without   |
   |              |  host-name typically includes the "CDN domain"     |
   |              |  (ex.cdn.csp.com) - cf. [I-D.ietf-cdni-framework]: i |
   |              | tenables  it enables the identification of the CSP service agree  |
   |              | dbetween  agreed between the CSP and the CDNP operating the |
   |              |  uCDN.                                             |
   | Protocol     | The protocol and protocol version of the message   |
   |              | that triggered the Logging entry (e.g., HTTP/1.1). |
   | Request-me Request-meth | The protocol method of the request message that    |
   | thod od           | triggered the Logging entry.                       |
   | Status       | The protocol method status of the reply message related to   |
   |              | to the Logging entry                               |
   | Bytes-Sent   | The number of bytes at application-layer           |
   |              | protocol-level (e.g., HTTP) of the reply message   |
   |              | related to the Logging entry.  It includes the size     |
   |              | size of the response headers.                      |
   | Headers-Se Headers-Sent | The number of bytes corresponding to response      |
   | nt              | headers at application-layer protocol-level (e.g., |
   |              | HTTP) of the reply message related to the Logging  |
   |              | entry.                                             |
   | Bytes-rece Bytes-receiv | The number of bytes (headers + body) of the message        |
   | ived ed           | message that triggered the Logging entry.          |
   | Referrer     | The value of the Referrer header in an HTTP        |
   |              | request.                                           |
   | User-Agent   | The value of the User Agent header in an HTTP      |
   |              | request.                                           |
   | Cookie       | The value of the Cookie header in an HTTP request. |
   | Byte-Range   | [Ed. note: to be defined]                          |
   | Cache-cont Cache-contro | The value of the cache-control header in an HTTP   |
   | rol l            | answer.  This header is particularly important for |
   |              | content acquisition logs.                          |
   | Record-dig Record-diges | A digest of the Logging Record; it enables detecting         |
   | est t            | detecting corrupted Logging Records.               |
   | CCID         | A Content Collection IDentifier (CCID) eases the   |
   |              | correlation of several Logging Records related to a  |
   |              | a Content Collection (e.g., a movie split in       |
   |              | chunks).                                           |
   | SID          | A Session Identifier (SID) eases the correlation   |
   |              | (and aggregation) of several Logging Records related       |
   |              | related to a session.  The SID is especially relevant for       |
   |              | relevant for summarizing HAS Logging information   |
   |              | [I-D.brandenburg-cdni-has].                        |
   +------------+------------------------------------------------------+

             Table 1: Semantics of Generic CDNI Logging Fields

   NB: we define three fields related to
   | uCDN-ID      | An element authenticating the timing operator of logged
   operations: Start-time, End-time, and Duration.  Start-time is
   typically useful for human readers (e.g., while debugging), however,
   some servers log the operation's End-time which corresponds uCDN |
   |              | as the authority having delegated the request to   |
   |              | the
   time of log record generation.  In absence dCDN.                                          |
   | Delivering-C | An identifier (e.g., an aggregation of Logging summarization,
   only two an IP       |
   | DN-ID        | address and a FQDN) of these three fields are required to obtain relevant timing
   information on the operation.  However, when some kind of Logging
   aggregation/summarization is used, it can be advantageous to keep the
   three fields: for instance, in the case of HAS, keeping the three
   fields permits computing an average delivery bitrate from a single
   Logging Record aggregating information on the delivery of multiple
   consecutive video chunks.

   Multiple header fields, in addition to the ones explicitly listed in
   the table could Delivering CDN.  The    |
   |              | Delivering-CDN-ID might be reproduced in the Logging records.

   Note that uCDN may want to filter Logging data by user (and not considered as           |
   |              | confidential by IP
   address) to provide more relevant information to the CSP. dCDN.  In such case, a user may be identified as a combination of several pieces of
   information such as the client IP and User Agent or through the SID.

   The URI_full provides information on the Surrogate that provided the
   content.  This information can be relevant, for instance, for the
   Inter-Affiliates use case described in [I-D.ietf-cdni-use-cases].
   However, in some cases it may be considered as confidential and the dCDN may provide URI_part instead.

4.1.2.  Syntax of Generic CDNI Logging Fields

   Table 2 illustrates the definition of the information elements.  It
   provides examples using Apache log format strings [apache] when they
   exist.

   [Ed Note, this should be replaced with actual selected format for
   CDNI]

   [Ed. note: specify for all Logging Fields the type (e.g., varchar,
   int, float, ...) and the maximum size (e.g., varchar(200))]

   +----------+-------------------+------------------------------------+  | Name
   | String              | Example could either not provide this field to the uCDN or |
   +----------+-------------------+------------------------------------+
   | Time              | %t overwrite the Delivering-CDN-ID with its on        | [10/Oct/2000:13:55:36-0700]
   |              | Duration identifier.                                        | %D
   | - Cache-bytes  | The number of body bytes served from caches.  This | Client-I
   | %a              | 203.0.113.45 quantity permits the computation of the byte hit   |
   | P              | ratio.                                             |
   | Action       | Operatio The Action describes how a given request was       | -
   | -              | treated locally: through which transport protocol, |
   | n              | with or without content revalidation, with a cache |
   |              | URI_full hit or cache miss, with fresh or stale content,    | %U
   | -              | and (if relevant) with which error.  Example with  | Protocol
   | %H              | HTTP/1.0 Squid format [squid]: "TCP_REFRESH_FAIL_HIT" means |
   | Request              | %m that an expired copy of an object requested        | GET
   |              | method through TCP was in the cache.  Squid attempted to  |
   |              | make an If-Modified-Since request, but it failed.  | Status
   | %>s              | 200 The old (stale) object was delivered to the        |
   | Bytes              | %O client.                                            | 2326
   | MIME-Type    | Sent The MIME-Type of the requested content             |
   | dCDN         | An element authenticating the operator of the dCDN | Bytes
   | %I identifier   | 432 as the authority requesting the content to the     |
   | received              | uCDN                                               |
   | Caching_date | Header Date at which the delivered content was stored in  | \"%{Referrer}i\"
   | "http://www.example.com/start.html              | cache                                              |
   | \"%{User-agent}i\ Validity_hea | ""Mozilla/4.08 [en] (Win98; I A copy of all headers related to content validity: |
   | ders         | " Pragma or Cache-Control (no-cache), ETag, Vary,    |  ;Nav)"
   |
   +----------+-------------------+------------------------------------+

                   Table 2: Examples using Apache format

4.2.  Logging Fields              | last-modified...                                   |
   | Lookup_durat | Duration of the DNS resolution for Content Delivery

   Beyond resolving the Logging Fields described in previous section, this section
   defines additional Logging Fields that are specifically related to
   Content Delivery operations.  Note that   |
   | ion          | FQDN of (uCDN's or CSP's) origin server.           |
   | Delay_to_fir | Duration of the uCDN may not transfer operations from the
   information provided in some sending of these fields the |
   | st_bit       | content acquisition request to the CSP, depending on reception of    |
   |              | the CSP's interest in the information and on the information's
   confidentiality level.

4.2.1.  Semantics for Delivery CDNI Logging Fields

   The semantics first bit of the generic CDNI Logging Fileds are specified in
   Table 3.

   +-------------------+-----------------------------------------------+
   | Name              | Definition requested content.            |
   +-------------------+-----------------------------------------------+
   | uCDN-ID Delay_to_las | An element authenticating the operator Duration of the |
   |                   | uCDN as operations from the authority having delegated sending of the |
   | t_bit        | content acquisition request to the dCDN.                          |
   | Delivering-CDN-ID | An identifier (e.g., an aggregation reception of an IP    |
   |              | address and a FQDN) the last bit of the Delivering CDN.    |
   |                   | The Delivering-CDN-ID might be considered as  |
   | requested content.             | confidential by
   +--------------+----------------------------------------------------+

                 Table 1: Semantics of CDNI Logging Fields

   NB: we define three fields related to the dCDN. timing of logged
   operations: Start-time, End-time, and Duration.  Start-time is
   typically useful for human readers (e.g., while debugging), however,
   some servers log the operation's End-time which corresponds to the
   time of log record generation.  In such case, absence of Logging summarization,
   only two of these three fields are required to obtain relevant timing
   information on the  |
   |                   | dCDN could either not provide this field operation.  However, when some kind of Logging
   aggregation/summarization is used, it can be advantageous to   |
   |                   | keep the uCDN or overwrite
   three fields: for instance, in the Delivering-CDN-ID   |
   |                   | with its on identifier.                       |
   | Cache-bytes       | The number case of body bytes served from caches.  |
   |                   | This quantity HAS, keeping the three
   fields permits computing an average delivery bitrate from a single
   Logging Record aggregating information on the computation delivery of multiple
   consecutive video chunks.

   Multiple header fields, in addition to the  |
   |                   | byte hit ratio.                               |
   | Action            | The Action describes how ones explicitly listed in
   the table could be reproduced in the Logging records.

   Note that uCDN may want to filter Logging data by user (and not by IP
   address) to provide more relevant information to the CSP.  In such
   case, a given request was  |
   |                   | treated locally: through which transport      |
   |                   | protocol, with or without content             |
   |                   | revalidation, with user may be identified as a cache hit or cache miss, |
   |                   | with fresh or stale content, and (if          |
   |                   | relevant) with which error.  Example with     |
   |                   | Squid format [squid]: "TCP_REFRESH_FAIL_HIT"  |
   |                   | means that an expired copy combination of an object       |
   |                   | requested several pieces of
   information such as the client IP and User Agent or through TCP was in the cache.       |
   |                   | Squid attempted to make an If-Modified-Since  |
   |                   | request, but it failed. SID.

   The old (stale)      |
   |                   | object was delivered to URI_full provides information on the client.           |
   +-------------------+-----------------------------------------------+

          Table 3: Semantics of Surrogate that provided the Delivery CDNI Logging Fields

   [Ed. note:
   content.  This information can be relevant, for instance, for the
   Inter-Affiliates use case described in [RFC6770].  However, in some
   cases it may be considered as confidential and the dCDN may provide
   URI_part instead.

   Other information that could be logged include operations that refer
   to the general state of the request, before it gets processed
   locally.  Such information is related to the authorization of the
   requests, URL rewriting rules enforced, the X-FORWARDED-FOR non
   standard HTTP header...]

4.2.2.  Syntax for Delivery header...

   [Editor's Note: CDNI Logging Fields

   [Ed Note: To information may be added]

4.3.  Logging Fields for Content Acquisition

   This section specifies Logging fields that are specific to Content
   Acquisition operations.

4.3.1.  Semantics used for Acquisition CDNI Logging Fields

   Table 4 specifies debugging.
   Therefore, various CDN operations might be logged, depending on the semantics
   agreement between the dCDN and the uCDN, such as operations related
   to Request Routing and Metadata.  These may call for a few additional
   Fields to be defined].

5.2.  Syntax of CDNI Logging Fields

   This section is intended to contain the specification for the syntax
   and encoding of the Acquisition specific CDNI Logging Fields.

   +--------------------+----------------------------------------------+ fields.  For now, Table 2
   illustrates the definition of some information elements.  It provides
   examples using Apache log format strings [apache] when they exist.

   [Ed. note: specify for all Logging Fields the type (e.g., varchar,
   int, float, ...) and the maximum size (e.g., varchar(200))]
   +----------+-------------------+------------------------------------+
   | Name     | Definition String            |
   +--------------------+----------------------------------------------+ Example                            | dCDN identifier
   +----------+-------------------+------------------------------------+
   | An element authenticating the operator of Time     | %t                | [10/Oct/2000:13:55:36-0700]        | the dCDN as the authority requesting the
   | Duration | %D                | content to the uCDN -                                  |
   | Caching_date Client-I | Date at which the delivered content was %a                | 203.0.113.45                       |
   | stored in cache P        |                   | Validity_headers                                    | A copy of all headers related to content
   | Operatio | -                 | validity: no-cache, ETag, Vary, -                                  |
   | n        | last-modified...                   |                                    | Lookup_duration
   | Duration of the DNS resolution for resolving URI_full | %U                | -                                  | the FQDN of (uCDN's or CSP's) origin server.
   | Protocol | Delay_to_first_bit %H                | Duration of the operations from the sending HTTP/1.0                           |
   | Request  | of the content acquisition request to the %m                | GET                                |
   | reception of the first bit of the requested method   |                   |                                    | content.
   | Status   | Delay_to_last_bit %>s               | Duration of the operations from the sending 200                                |
   | Bytes    | of the content acquisition request to the %O                | 2326                               |
   | reception of the last bit of the requested Sent     |                   |                                    | content.
   |
   +--------------------+----------------------------------------------+

         Table 4: Semantics of the Acquisition CDNI Logging Fields

   These information elements may be used in Content Acquisition Logging
   provided by dCDN to uCDN and, potentially, in Content Acquisition
   Logging provided by uCDN to dCDN.

4.3.2.  Syntax for Acquisition CDNI Logging Fields

   [Ed Note: To be added]

4.4.  Logging Fields for Control

   [Ed. note: LOGS RELATED TO KEY EXCHANGES FOR INSTANCE, SECTION TO BE
   WRITTEN AFTER THE CONTROL INTERFACE IS MORE CLEARLY DEFINED]

4.5.  Logging Fields for Other Operations

   Logging can be used for debugging.  Therefore, all kinds of CDN
   operations might be logged, depending on the agreement between the
   dCDN and the uCDN.  In particular, operations related to Request
   Routing and Metadata can be logged.

5. Bytes    | %I                | 432                                |
   | received |                   |                                    |
   | Header   | \"%{Referrer}i\"  | "http://www.example.com/start.html |
   |          | \"%{User-agent}i\ | ""Mozilla/4.08 [en] (Win98; I      |
   |          | "                 |  ;Nav)"                            |
   +----------+-------------------+------------------------------------+

                   Table 2: Examples using Apache format

6.  CDNI Logging Records

   [Ed. note: we need to specify the encoding of the file, the
   separation character, etc...]

   This section defines a set of central events that a dCDN should
   register and publish through the Logging interface.

   We classify the logged events depending on the CDN operation to which
   they relate: Content Delivery, Content Acquisition, Content
   Invalidation/Purging, etc.

5.1.  Content Delivery

   Some CSPs pay a lot of attention to the protection of their content
   (e.g., premium video CSPs).  To fulfill the needs of these CSPs, a
   CDN shall log all the details of the content delivery authorizations.
   This means that a dCDN must be able to provide Logging detailing the
   content delivery/content acquisition authorizations and denials as
   well as information on why the request is authorized/denied.

   CSPs and CDN service providers pay a lot of attention to errors
   related to content delivery.  It is therefore of upmost importance
   that the dCDN provides detailed error information in the Logging
   data.  This information should typically be available even when
   Logging is aggregated.

   The content delivery events triggering the generation of a Logging
   Record include:

   o  Reception of a content request,

   The generated Logging Record typically embeds information about:

   o  Denial of delivery (error or unauthorized request, e.g., HTTP 401)
      for a request,

   o  Beginning of delivery (authorization) of a requested content,

   o  End of an authorized delivery (success),

   o  End of an authorized delivery (failure during the delivery, e.g.,
      HTTP 403).

5.2.  Content Acquisition

5.2.1.  Logging Records Provided by dCDN to uCDN

   When the uCDN requires the dCDN to provide Logging for acquisition
   related events, the events triggering the generation of a Logging
   Record include:

   o  Emission of a content acquisition request (first try or retry) for which a cache hit or a cache miss with content revalidation

   The generated CDNI Logging Record typically embeds information about:

   o  Reception of a reply indicating denial of delivery (error or
      unauthorized request) for a content acquisition request,

   o  End of an authorized acquisition (success),

   o  End of an authorized acquisition (failure)

   Note that a dCDN may acquire content only from the uCDN.  It this
   case, the uCDN record can log the dCDN's content acquisition operations
   itself, and thus, the uCDN may not require the dCDN to log
   acquisition related events.  However, comparing the dCDN and uCDN
   logs is often useful for debugging and for security auditing.

5.2.2.  Logging Records Provided by uCDN to dCDN

   When the dCDN requires the uCDN to provide Logging for acquisition
   related events, the events triggering the generation of a Logging
   Record include:

   o  Reception of a content acquisition request for
   be exchanged over the considered
      Delivery Service for a cache hit or a cache miss with content
      revalidation

   The generated CDNI Logging Record typically embeds information about:

   o  Emission of a reply indicating denial of delivery (error or
      unauthorized request) for a content acquisition request,

   o  End of an authorized acquisition (success),

   o  End of an authorized acquisition (failure).

5.3.  Content Invalidation interafce and Purging

   When the uCDN requests a dCDN to log invalidation/purging events
   (e.g., for security), each type of
   Logging Record indicates the allowed set of CDNI Information
   Elements.

   We classify the logged events depending on the CDN operation to which
   they relate: Content Delivery, Content Acquisition, Content
   Invalidation/Purging, etc.

6.1.  Content Delivery

   The content delivery event triggering the generation of a Logging
   Record include:

   o  Reception by a dCDN Surrogate of a content invalidation/purging request

   The generated Logging Record typically embeds information about:

   o  Denial for Content Delivery contains the following set of
   CDNI Logging Elements:

   +----------------------+--------------------------------------------+
   | Name                 | Mandatory/Optional                         |
   +----------------------+--------------------------------------------+
   | Start-time           | Mandatory                                  |
   | Duration             | Mandatory                                  |
   | Client-IP            | Mandatory                                  |
   | Client-port          | Optional                                   |
   | Destination-IP       | Mandatory if Destination-Hostname is       |
   |                      | absent                                     |
   | Destination-Hostname | Mandatory if Destination-IP is absent      |
   | Destination-port     | Optional                                   |
   | Operation            | Optional                                   |
   | URI_full             | Mandatory if URI_part is absent            |
   | URI_part             | Mandatory if URI_full is absent            |
   | Protocol             | Mandatory if protocol is different to      |
   |                      | HTTP/1.1                                   |
   | Request-method       | Mandatory                                  |
   | Status               | Mandatory                                  |
   | Bytes-Sent           | Mandatory                                  |
   | Headers-Sent         | Optional                                   |
   | Bytes-received       | Optional                                   |
   | Referrer             | Optional                                   |
   | User-Agent           | Optional                                   |
   | Cookie               | Optional                                   |
   | Byte-Range           | ?                                          |
   | Cache-control        | Optional                                   |
   | Record-digest        | ?                                          |
   | CCID                 | Optional.  Only applicable to HTTP         |
   |                      | Adaptive Streaming delivery.               |
   | SID                  | Optional.  Only applicable to HTTP         |
   |                      | Adaptive Streaming delivery.               |
   | Cache-bytes          | Optional                                   |
   | Action               | Mandatory (in particulat re cache          |
   |                      | Hit/Miss)                                  |
   | MIME-Type            | Mandatory                                  |
   +----------------------+--------------------------------------------+

          Table 3: CDNI Logging Fields in Delivery Logging Record

   In Table 3, "Mandatory" means that this field MUST be included in
   each Delivery Record and "Optional" means that it can be included
   based on the invalidation/purging request (error or unauthorized
      request, with details about agreement between the dCDN and the uCDN as established
   via mechanism outside the causes scope of this document (e.g., by human
   agreement).

6.2.  Content Invalidation and Purging

   Given that the error),

   o  Beginning Purge interface is expected to contain a mechanism to
   report on completion of invalidation/purging (authorization) the Invalidation/purge request, there is no
   need to specify separate Log Records for these events.

6.3.  Request Routing

   [Editor's Note: Is there a given
      content purging request,

   o  End of an authorized invalidation/purging (success),

   o  End of an authorized invalidation/purging (failure).

5.4. requirement for the dCDN to provide logs
   for request routing events?]

6.4.  Logging Extensibility

   Future usages might introduce the need for additional Logging fields.
   In addition, some use-cases such as an Inter-Affiliate
   Interconnection [I-D.ietf-cdni-use-cases], [RFC6770], might take advantage of extended Logging
   exchanges.  Therefore, it is important to permit CDNs to use
   additional Logging fields besides the standard ones, if they want.
   For instance, an "Account-name" identifying the contract enforced by
   the dCDN for a given request could be provided in extended fields.

   The required Logging Records may depend on the considered services.
   For instance, static file delivery (e.g., pictures) typically does
   not include any delivery restrictions.  By contrast, video delivery
   typically implies strong content delivery restrictions, as explained
   in [I-D.ietf-cdni-use-cases], [RFC6770], and Logging could include information about the
   enforcement of these restrictions.  Therefore, to ease the support of
   varied services as well as of future services, the Logging interface
   should support optional Logging Records.

6.

7.  CDNI Logging File Format

   Interconnected CDNs may support various Logging formats.  However,
   they must support at least the default Logging File format described
   here.

6.1.

7.1.  Logging Files

   [Ed.  Note: How many files (one per type of Delivery Service (e.g.,
   HTTP, WMP) and per type of Event (e.g., Errors, Delivery,
   Acquisition,...?)and what would be inside...  These aspects needs to
   be detailed...]

6.2.

7.2.  File Format

   The Logging file format should be independent from the selected
   transport protocol, to guarantee a flexible choice of transport
   protocols.  [Ed. note: for the real time Logging exchanges, this
   might be hard]

   All Logging Records in a Logging File must share the same format
   (same set of Logging Fields, in the same order, with the same
   semantics, separated by the same Separator Character), to ease the
   parsing of the Logging data by the CDN that receives the Logging
   File.  The CDN that provides the Logging data is responsible for
   guaranteeing the consistency of the Logging records' formats,
   typically via its log filtering and aggregation processes (see
   Section 2.2.3).

6.2.1.

7.2.1.  Headers

   Logging files must include a header with the information described in
   Figure 5. 4.

   +----------------+-------------------+------------------------------+
   | Field          | Description       | Examples                     |
   +----------------+-------------------+------------------------------+
   | Format         | Identification of | standard_cdni_errors_http_v1 |
   |                | CDNI Log format.  |                              |
   | Fields         | A description of  |                              |
   |                | the record format |                              |
   |                | (list of fields). |                              |
   | Log-ID         | Identifier        | abcdef1234                   |
   |                | for the CDNI Log  |                              |
   |                | file (facilitates |                              |
   |                | detection of      |                              |
   |                | duplicate Logs    |                              |
   |                | and tracking in   |                              |
   |                | case of           |                              |
   |                | aggregation).     |                              |
   | Log-Timestamp  | Time, in          | [20/Feb/2012:00:29.510+0200] |
   |                | milliseconds, the |                              |
   |                | CDNI Log was      |                              |
   |                | generated.        |                              |
   | Log-Origin     | Identifier of the | cdn1.cdni.example.com        |
   |                | authority (e.g.,  |                              |
   |                | dCDN or uCDN)     |                              |
   |                | providing the Log-|                              |
   |                | -ging             |                              |
   +----------------+-------------------+------------------------------+

                         Figure 5: 4: Logging Headers

   All time-related Logging Fields and data in the Logging File headers/
   footers must provide a time zone and be at least at millisecond (ms)
   accuracy.  The accuracy must be consistent to permit the computation
   of KPIs involving operations realized on several CDNs.

   [Ed. note: would it make sense to add a kind of "example Logging
   Record" in the Logging file and associated semantic (e.g. (e.g., in a
   structure data format) ?]

6.2.2.

7.2.2.  Body (Logging Records) Format

   [Ed. note: the W3C extended log format is a good base candidate to
   look at.]

   [Ed. note: Records used at. ]

   Since records for real time information and non-real time information
   could use different formats.  In this version, formats, we do not yet tackle solve the problem of real
   time logging exchanges]

6.2.3. exchanges in this version.

7.2.3.  Footer Format

   Logging files must include a footer with the information described in
   Figure 6. 5.

   +---------+----------------------------------------------+----------+
   | Field   | Description                                  | Examples |
   +---------+----------------------------------------------+----------+
   | Log     | Digest of the complete Log (facilitates      |          |
   | Digest  | detection of Log corruption)                 |          |
   +---------+----------------------------------------------+----------+

                         Figure 6: 5: Logging footers

   This digest field permits the detection of corrupted Logging files.
   This can be useful, for instance, if a problem occurs on the
   filesystem of the dCDN Logging system and leads to a truncation of a
   logging file.  Additional mechanisms to avoid corrupted Logging files
   are expected to be provided by the Logging transport protocol, cf.
   Section 7.

7. 8.

8.  CDNI Logging File Transport Protocol

   As presented in [RFC6707], several protocols already exist that could
   potentially be used to exchange CDNI Logging between interconnected
   CDNs.

   The offline exchange of non real-time Logging could rely on several
   protocols.  In particular, the dCDN could publish the Logging on a
   server where the uCDN would retrieve them using a secure protocol.

   For managed file transfer, the recommended protocol
   (yet to be identified).

   [Ed. note: Propose protocol, e.g. is SSH File
   Transfer Protocol (SFTP) [I-D.ietf-secsh-filexfer]. and add call flow]

   [Ed note: include options for lossless compression]

8.  Logging Control

   The CDNI Control interface  SFTP is responsible for correctly configuring
   the Logging interface between interconnected CDNs, for every Delivery
   Service and according to the Logging configuration agreed during
   business negotiations.

   This section will identify the parameters that the CDNI Control
   interface should manage on uCDN and dCDN for activating, updating, or
   removing a CDNI Logging configuration for a given Delivery Service.

   [Ed.  Note: uCDN shall be able to select the type of events that a
   dCDN should include in the Logging that the latter provides to the
   uCDN.  This will be discussed during business negotiations widely
   deployed and it guarantees the
   Control must enforce the agreed configuration.  The use of multiple
   levels of Logging granularity such as Syslog's "severity levels"
   (Emergency, Alert, Critical, ..., Debug) [RFC5424] may help in
   providing the most relevant amount respect of information depending on the
   intended Logging usage, as specified during the Logging format
   negotiation.]

   [Ed. note: criteria expressed by
   the specification all CDNI Logging Fields' maximum size (e.g.,
   varchar(200)) might be constrained in some CDNs so need to exchange
   that information during the configuration] Transport Requirements: timeliness, reliability,
   security and scalability.

   [Ed note: include options for lossless compression]

9.  Open Issues

   The main remaining tasks on this ID are the following:

   o  Detail  Finalise the list of CDNI Logging Fields' syntax Fields

   o  Recommend a  Finalise the encoding of CDNI Logging File Transport Protocol Fields, Records and detail the call-
      flows File.

   o  Detail mechanisms  Identify what can be done (if anything) to maximise reuse of
      Logging Fields and Logging Records encoding for Real-Time future support of
      real-time CDNI Logging exchange

   [Ed.  Note: The format for Time is still to be agreed on.  RFC 5322
   (Section 3.3) format could be used or ISO 8601 formatted date and
   time in UTC (same format as proposed in
   [draft-caulfield-cdni-metadata-core-00]).  Also see RFC5424 Section
   6.2.3.]

   [Ed.  Note:When to log the end of a session when the End-User pauses
   a video display?]

   [Ed. note: (comment from Kevin) how are errors handled ?  If the
   client gets handed a bunch of 403s and 404s, but still gets the
   content eventually, without triggering an event, are those still
   logged?  For Bytes-Sent, if there were aborted requests, do those get
   counted as well?  Not all client behavior can be correlated with the
   simplified log]

10.  IANA Considerations

   This memo includes no request to IANA.

   TBD

11.  Security Considerations
11.1.  Privacy

   CDNs have the opportunity to collect detailed information about the
   downloads performed by End-Users.  The provision of this information
   to another CDN introduces End-Users privacy protection concerns.

11.2.  Non Repudiation

   Logging provides the raw material for charging.  It permits the dCDN
   to bill the uCDN for the content deliveries that the dCDN makes on
   behalf of the uCDN.  It also permits the uCDN to bill the CSP for the
   content Delivery Service.  Therefore, non-repudiation of Logging data
   is essential.

12.  Acknowledgments

   The authors would like to thank Sebastien Cubaud, Anne Marrec,
   Yannick Le Louedec, and Christian Jacquenet for detailed feedback on
   early versions of this document and for their input on existing Log
   formats.

   The authors would like also to thank Fabio Costa, Sara Oueslati, Yvan
   Massot, Renaud Edel, and Joel Favier for their input and comments.

   Finally, they thank the contributors of the EU FP7 OCEAN project for
   valuable inputs.

13.  References

13.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5424]  Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.

13.2.  Informative References

   [CLF]      A. Luotonen, "The Common Log-file Format, W3C (work in
              progress)", 1995, <http://www.w3.org/pub/WWW/Daemon/User/
              Config/Logging.html>.

   [ELF]      Phillip M. Hallam-Baker and Brian Behlendorf, "Extended
              Log File Format, W3C (work in progress), WD-logfile-
              960323", <http://www.w3.org/TR/WD-logfile.html>.

   [I-D.bertrand-cdni-experiments]
              Faucheur, F. and L. Peterson, "Content Distribution
              Network Interconnection (CDNI) Experiments",
              draft-bertrand-cdni-experiments-02 (work in progress),
              February 2012.

   [I-D.brandenburg-cdni-has]
              Brandenburg, R., Deventer, O., Faucheur, F., and K. Leung,
              "Models for adaptive-streaming-aware CDN Interconnection",
              draft-brandenburg-cdni-has-03
              draft-brandenburg-cdni-has-04 (work in progress),
              July 2012.
              January 2013.

   [I-D.ietf-cdni-framework]
              Peterson, L. and B. Davie, "Framework for CDN
              Interconnection", draft-ietf-cdni-framework-01 draft-ietf-cdni-framework-03 (work in
              progress), July 2012. February 2013.

   [I-D.ietf-cdni-requirements]
              Leung, K. and Y. Lee, "Content Distribution Network
              Interconnection (CDNI) Requirements",
              draft-ietf-cdni-requirements-03 (work in progress),
              June 2012.

   [I-D.ietf-cdni-use-cases]
              Bertrand, G., Emile, S., Burbridge, T., Eardley, P., Ma,
              K., and G. Watson, "Use Cases for Content Delivery Network
              Interconnection", draft-ietf-cdni-use-cases-10
              draft-ietf-cdni-requirements-04 (work in progress), August
              December 2012.

   [I-D.ietf-secsh-filexfer]
              Galbraith, J. and O. Saarenmaa, "SSH File Transfer
              Protocol", draft-ietf-secsh-filexfer-13 (work in
              progress), July 2006.

   [RFC6707]  Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content
              Distribution Network Interconnection (CDNI) Problem
              Statement", RFC 6707, September 2012.

   [RFC6770]  Bertrand, G., Stephan, E., Burbridge, T., Eardley, P., Ma,
              K., and G. Watson, "Use Cases for Content Delivery Network
              Interconnection", RFC 6770, November 2012.

   [apache]   "Apache 2.2 log files documentation", Feb. 2012,
              <http://httpd.apache.org/docs/current/logs.html>.

   [squid]    "Squid Log-Format documentation", Feb. 2012,
              <http://wiki.squid-cache.org/SquidFaq/SquidLogs>.

Appendix A.  Examples Log Format

   This section provides example of log formats implemented in existing
   CDNs, web servers, and caching proxies.

   Web servers (e.g., Apache) maintain at least one log file for logging
   accesses to content (the Access Log).  They can typically be
   configured to log errors in a separate log file (the Error Log).  The
   log formats can be specified in the server's configuration files.
   However, webmasters often use standard log formats to ease the log
   processing with available log analysis tools.

A.1.  W3C Common Log File (CLF) Format

   The Common Log File (CLF) format defined by the World Wide Web
   Consortium (W3C) working group is compatible with many log analysis
   tools and is supported by the main web servers (e.g., Apache) Access
   Logs.

   According to [CLF], the common log-file format is as follows:
   remotehost rfc931 authuser [date] "request" status bytes.

   Example (from [apache]): 127.0.0.1 - frank [10/Oct/2000:13:55:36
   -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

   The fields are defined as follows [CLF]:

   +------------+------------------------------------------------------+
   | Element    | Definition                                           |
   +------------+------------------------------------------------------+
   | remotehost | Remote hostname (or IP number if DNS hostname is not |
   |            | available, or if DNSLookup is Off.                   |
   | rfc931     | The remote logname of the user.                      |
   | authuser   | The username that the user employed to authenticate  |
   |            | himself.                                             |
   | [date]     | Date and time of the request.                        |
   | "request"  | An exact copy of the request line that came from the |
   |            | client.                                              |
   | status     | The status code of the HTTP reply returned to the    |
   |            | client.                                              |
   | bytes      | The content-length of the document transferred.      |
   +------------+------------------------------------------------------+

                Table 5: 4: Information elements in CLF format

A.2.  W3C Extended Log File (ELF) Format

   The Extended Log File (ELF) format defined by W3C extends the CLF
   with new fields.  This format is supported by Microsoft IIS 4.0 and
   5.0.

   The supported fields are listed below [ELF].

    +------------+---------------------------------------------------+
    | Element    | Definition                                        |
    +------------+---------------------------------------------------+
    | date       | Date at which transaction completed               |
    | time       | Time at which transaction completed               |
    | time-taken | Time taken for transaction to complete in seconds |
    | bytes      | bytes transferred                                 |
    | cached     | Records whether a cache hit occurred              |
    | ip         | IP address and port                               |
    | dns        | DNS name                                          |
    | status     | Status code                                       |
    | comment    | Comment returned with status code                 |
    | method     | Method                                            |
    | uri        | URI                                               |
    | uri-stem   | Stem portion alone of URI (omitting query)        |
    | uri-query  | Query portion alone of URI                        |
    +------------+---------------------------------------------------+

                Table 6: 5: Information elements in ELF format

   Some fields start with a prefix (e.g., "c-", "s-"), which explains
   which host (client/server/proxy) the field refers to.

   o  Prefix Description

   o  c- Client

   o  s- Server

   o  r- Remote

   o  cs- Client to Server.

   o  sc- Server to Client.

   o  sr- Server to Remote Server (used by proxies)

   o  rs- Remote Server to Server (used by proxies)

   Example: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-
   username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
   time-taken

   2011-11-23 15:22:01 x.x.x.x GET /file 80 y.y.y.y Mozilla/
   5.0+(Windows;+U;+Windows+NT+6.1;+en-US;+rv:1.9.1.6)+Gecko/
   20091201+Firefox/3.5.6+GTB6 200 0 0 2137

A.3.  National Center for Supercomputing Applications (NCSA) Common Log
      Format

   This format for Access Logs offers the following fields:

   o  host rfc931 date:time "request" statuscode bytes

   o  x.x.x.x userfoo [10/Jan/2010:21:15:05 +0500] "GET /index.html
      HTTP/1.0" 200 1043

A.4.  NCSA Combined Log Format

   The NCSA Combined log format is an extension of the NCSA Common log
   format with three (optional) additional fields: the referral field,
   the user_agent field, and the cookie field.

   o  host rfc931 username date:time request statuscode bytes referrer
      user_agent cookie

   o  Example: x.x.x.x - userfoo [21/Jan/2012:12:13:56 +0500] "GET
      /index.html HTTP/1.0" 200 1043 "http://www.example.com/" "Mozilla/
      4.05 [en] (WinNT; I)" "USERID=CustomerA;IMPID=01234"

A.5.  NCSA Separate Log Format

   The NCSA Separate log format refers to a log format in which the
   information gathered is separated into three separate files.  This
   way, every entry in the Access Log (in the NCSA Common log format) is
   complemented with an entry in a Referral log and another one in an
   Agent log.  These three records can be correlated easily thanks to
   the date:time value.  The format of the Referral log is as follows:

   o  date:time referrer

   o  Example: [21/Jan/2012:12:13:56 +0500]
      "http://www.example.com/index.html"

   The format of the Agent log is as follows:

   o  date:time agent

   o  [21/Jan/2012:12:13:56 +0500] "Microsoft Internet Explorer - 5.0"

A.6.  Squid 2.0 Native Log Format for Access Logs

   Squid [squid] is a popular piece of open-source software for
   transforming a Linux host into a caching proxy.  Variations of Squid
   log format are supported by some CDNs.

   Squid common access log format is as follow: time elapsed remotehost
   code/status bytes method URL rfc931 peerstatus/peerhost type.

   Squid also supports a more detailed native access log format:
   Timestamp Elapsed Client Action/Code Size Method URI Ident Hierarchy/
   From Content

   According to Squid 2.0 documentation [squid], these fields are
   defined as follows:

   +-----------+-------------------------------------------------------+
   | Element   | Definition                                            |
   +-----------+-------------------------------------------------------+
   | time      | Unix timestamp as UTC seconds with a millisecond      |
   |           | resolution.                                           |
   | duration  | The elapsed time in milliseconds the transaction      |
   |           | busied the cache.                                     |
   | client    | The client IP address.                                |
   | address   |                                                       |
   | bytes     | The size is the amount of data delivered to the       |
   |           | client, including headers.                            |
   | request   | The request method to obtain an object.               |
   | method    |                                                       |
   | URL       | The requested URL.                                    |
   | rfc931    | may contain the ident lookups for the requesting      |
   |           | client (turned off by default)                        |
   | hierarchy | The hierarchy information provides information on how |
   | code      | the request was handled (forwarding it to another     |
   |           | cache, or requesting the content to the Origin        |
   |           | Server).                                              |
   | type      | The content type of the object as seen in the HTTP    |
   |           | reply header.                                         |
   +-----------+-------------------------------------------------------+

               Table 7: 6: Information elements in Squid format

   Squid also uses a "store log", which covers the objects currently
   kept on disk or removed ones, for debugging purposes typically.

Appendix B.  Requirements

B.1.  Additional Requirements

   Section 7 of [I-D.ietf-cdni-requirements], already specifies a set of
   requirements for Logging (LOG-1 to LOG-16).  Some security
   requirements also affect Logging (e.g., SEC-4).

   This section is a placeholder for requirements identified in the work
   on logging, before they are proposed to the requirements draft
   authors.

   Logging data is sensitive as it provides the raw material for
   producing bills etc.  Therefore, the protocol delivering the Logging
   data must be reliable to avoid information loss.  In addition, the
   protocol must scale to support the transport of large amounts of
   Logging data.

   CDNs need to trust Logging information, thus, they want to know:

   o  who issued the Logging (authentication), and

   o  if the Logging has been modified by a third party (integrity).

   Logging also contains confidential data, and therefore, it should be
   protected from eavesdropping.

   All these needs translate into security requirements on both the
   Logging data format and on the Logging protocol.

   Finally, this protocol must comply with the requirements identified
   in [I-D.ietf-cdni-requirements].

   [Ed. note: cf. requirements draft: "SEC-4 [MED] The CDNI solution
   should be able to ensure that the Downstream CDN cannot spoof a
   transaction log attempting to appear as if it corresponds to a
   request redirected by a given Upstream CDN when that request has not
   been redirected by this Upstream CDN.  This ensures non-repudiation
   by the Upstream CDN of transaction logs generated by the Downstream
   CDN for deliveries performed by the Downstream CDN on behalf of the
   Upstream CDN."]

B.2.  Compliancy with Requirements draft

   This section checks that all the identified requirements in the
   Requirements draft are fulfilled by this document.

   [Ed. node: to be written later]

Appendix C.  CDNI WG's position on  Analysis of candidate protocols for Logging Transport

   This section will be expanded later with the position an analysis of the WG
   considering the alternative
   candidate protocols for transport of CDNI Logging in CDNI.

   [Ed.  Note: in a later version, this memo will include an analysis of
   candidate protocols, based upon a set of (basic) requirements, such non-real-time as reliable transport mode, preservation of the integrity of the
   information conveyed by the protocol, etc.]
   well as real-time.

C.1.  CDNI WG's position on  Syslog

   [Ed. node: to be written later]

C.2.  XMPP

   [Ed. note: add a few sentences node: to clarify why not directly use
   syslog...  Operational reasons... ]

C.2.  CDNI WG's position on SNMP

   As explained in [RFC6707], "SNMP traps pose scalability concerns and be written later]

C.3.  SNMP does not support guaranteed delivery of Traps and therefore
   could result in log records being lost and the consequent CoDRs and
   billing records for that content delivery not being produced as well
   as that content delivery being invisible to any analytics platforms."

Authors' Addresses

   Gilles Bertrand (editor)
   France Telecom - Orange
   38-40 rue du General Leclerc
   Issy les Moulineaux,   92130
   FR

   Phone: +33 1 45 29 89 46
   Email: gilles.bertrand@orange.com

   Iuniana Oprescu (editor)
   France Telecom - Orange
   38-40 rue du General Leclerc
   Issy les Moulineaux,   92130
   FR

   Phone: +33 6 89 06 92 72
   Email: iuniana.oprescu@orange.com

   Stephan Emile
   France Telecom - Orange
   2 avenue Pierre Marzin
   Lannion  F-22307
   France

   Email: emile.stephan@orange.com
   Roy Peterkofsky
   Skytide, Inc.
   One Kaiser Plaza, Suite 785
   Oakland  CA 94612
   USA

   Phone: +01 510 250 4284
   Email: roy@skytide.com

   Francois Le Faucheur (editor)
   Cisco Systems
   Greenside, 400 Avenue de Roumanille
   Sophia Antipolis  06410
   FR

   Phone: +33 4 97 23 26 19
   Email: flefauch@cisco.com

   Pawel Grochocki
   Orange Polska
   ul. Obrzezna 7
   Warsaw  02-691
   Poland

   Email: pawel.grochocki@orange.com