DRINKS | M.M. Marrache |
Internet-Draft | Jerusalem College of Technology |
Intended status: Standards Track | D.S. Schwartz |
Expires: April 02, 2013 | XConnect |
S.A. Ali | |
NeuStar | |
October 2012 |
Session Peering Provisioning (SPP) Protocol over REST
draft-marrache-drinks-spp-protocol-rest-01
The Session Peering Provisioning Framework (SPPF) is a framework that exists to enable the provisioning of session establishment data into Session Data Registries or SIP Service Provider data stores. This SPP Protocol implementation follows the REST architectural principles over HTTP to allow efficient provisioning of session establishment data. The benefits include inter alia better performances under high loads through the use of HTTP caches and proxies and less coupling between clients and servers. This document describes the specification of a protocol for transporting SPPF structures over HTTP(s) following REST architectural principles.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http:/⁠/⁠datatracker.ietf.org/⁠drafts/⁠current/⁠.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 02, 2013.
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http:/⁠/⁠trustee.ietf.org/⁠license-⁠info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
TBD
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The following figure illustrates the technical architecture of the RESTful SPP Protocol:
+-------------+ (1) | Transport |Example: | Protocol | TCP, TLS, BEEP, etc. +-------------+ | V +-------------+ | HTTP | | | +-------------+ (2) | +-----------------------+ | | V V +----------------+ +----------------+ | HTTP Request | OR | HTTP Response | | | | | +----------------+ +----------------+ Carries | Carries | V V +-------------+ +-------------+ (3) | SPPF | | SPPF | | Types | | Types | +-------------+ +-------------+
Figure 1: Layering and Technical Architecture of the RESTful SPP Protocol
RESTful SPP Protocol is supported by different technologies accross multiple layers as follows:
SPPF is a request/reply framework that allows a client application to submit provisioning data and query requests to a server. The SPPF data structures are designed to be protocol agnostic. Concerns regarding encryption, non-repudiation, and authentication are beyond the scope of this document. For more details, please refer to the "Transport Protocol Requirements" section in the framework document.
HTTP(s) is the application protocol used by RESTful web services. HTTP 1.1 includes the "persistent connection" feature, which allows multiple HTTP request/response pairs to be transported across a single HTTP connection. This is an important performance optimization feature, particularly when the connection is an HTTPS connection where the relatively time consuming SSL handshake has occurred. Persistent connections SHOULD be used for the SPPF HTTP connections.
HTTP 1.1 [RFC2616] or higher SHOULD be used.
As mentioned in the previous section, the application protocol used by this protocol implementation is HTTP. Since HTTP has been conceived to operate on resources exposed on the web, the SPPF objects need to be exposed as resources. The SPPF objects then become available to clients for performing operations defined in the framework document.
Each resource exposed on the web is identified by a Uniform Resource Identifier (URI). Therefore, a URI is defined for each SPPF object. In order to be able to identify uniquely an SPPF object, the corresponding URI must include the attributes of a candidate key for this SPPF object. The attributes that form the key of each SPPF object are specified in the framework document. These attributes are included in the URI as path parameters.
In the next sections, the service URI may be used. It is the root URI where the RESTful service is located.
In order to provide a URI for each SPPF object, a URI template is defined for each one of them. The URI templates defined in the following sub-sections are relative to the service URI defined in the Service URI section.
As mentioned in the framework document, a destination group is uniquely identified by the following attributes: the registrant and the destination group's name. Therefore, the destination group resources are identified by the following URI template:
/{rant}/DG/{name}
where:
As mentioned in the framework document, a telephone number (TN) is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the telephone number. Therefore, the telephone number resources are identified by the following URI template:
/{rant}/TN/{dgName};{tn}
where:
As mentioned in the framework document, a telephone number prefix (TNP) is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the telephone number prefix. Therefore, the telephone number prefix resources are identified by the following URI template:
/{rant}/TNP/{dgName};{prefix}
where:
As mentioned in the framework document, a telephone number range (TNR) is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, the telephone that starts the range and the one that ends the range. Therefore, the telephone number range resources are identified by the following URI template:
/{rant}/TNR/{dgName};{startTn};{endTn}
where:
As mentioned in the framework document, a routing number is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the routing number. Therefore, the routing number resources are identified by the following URI template:
/{rant}/RN/{dgName};{rn}
where:
As mentioned in the framework document, a public identifier URI is uniquely identified by the following attributes: the registrant, the name of the associated destination group if there is, and the URI. Therefore, the public identifier URI resources are identified by the following URI template:
/{rant}/URI/{dgName};{uri}
where:
As mentioned in the framework document, a SED Group is uniquely identified by the following attributes: the registrant and the SED Group's name. Therefore, the SED Group resources are identified by the following URI template:
/{rant}/SG/{name}
where:
As mentioned in the framework document, a SED Record is uniquely identified by the following attributes: the registrant and the SED Record's name. Therefore, the SED Record resources are identified by the following URI template:
/{rant}/SR/{name}
where:
Note that there is no need to use one URI template per subtype of Sed Record since they are all identified by the same attributes.
As mentioned in the framework document, a SED Group Offer is uniquely identified by the following attributes: the offering registrant (i.e. the registrant of the offered SED Group), the name of the offered SED Group and the registrant to which the SED Group is offered. Therefore, the SED Group Offer resources are identified by the following URI template:
/{rant}/SGOffer/{sedGrpName};{offeredTo}
where:
A SED Group Offer may be accepted by the organization to which the SED Group has been offered. The acceptation of a SED Group Offer is represented by an Acceptation resource. An acceptation is identified by the same attributes that identify a SED Group Offer. Therefore, the Acceptation resources are identified by the following URI template:
/{rant}/Acceptation/{sedGrpName};{offeredTo}
where:
A SED Group Offer may be rejected by the organization to which the SED Group has been offered. The rejection of a SED Group Offer is represented by a Rejection resource. A Rejection is identified by the same attributes that identify a SED Group Offer. Therefore, the Rejection resources are identified by the following URI template:
/{rant}/Rejection/{sedGrpName};{offeredTo}
where:
The Server Status is exposed as a singleton resource. Therefore, there is no need to define a URI template. The resource is identified by the following URI:
/ServerStatus
This resource contains information about the server as described later.
For some operations defined by SPPF, resource representations may be present in the HTTP messages. When this is the case, the resource representation is carried in the HTTP message's body. A resource may have many available representations when each one may use a specific format (e.g. XML, JSON).
Therefore, HTTP messages that carry resource representations MUST have their Content-Type HTTP header set to the appropriate media type.
Most operations exposed by this protocol implementation are regular CRUD operations on resources. As mentioned earlier, an operation on a resource is initiated by a client when he sends an HTTP request that targets the resource's URI. In order to indicate the desired operation to perform on a given resource, a client selects one of the following HTTP methods:
Note that not all HTTP methods are allowed on a given resource. For example, a resource may be exposed for read only. In such case, the only HTTP method that is allowed for this resource is GET. The resources that may be targetted by each one of the operations defined above, are as follows:
To achieve integrity and privacy, conforming SPP Protocol Clients and Servers MUST support HTTP over TLS [RFC5246] as the secure transport mechanism. This combination of HTTP and TLS is referred to as HTTPS. And to accomplish authentication, conforming SPPF Clients and Servers MUST use HTTP Digest Authentication as defined in [RFC2617]. As a result, the communication session is established through the initial HTTP connection setup, the digest authentication, and the TLS handshake. When the HTTP connection is broken down, the communication session ends.
An SPPF client interacts with an SPPF server by using one of the supported transport mechanisms to send one or more requests to the server and receive corresponding replies from the server. The basic set of operations that an SPPF client can submit to an SPPF server and the semantics of those operations are defined in the "Framework Operations" section of the framework document. The following sub-sections describe how these operations should be performed in the context of this protocol implementation.
In order to add (update) an object to (present in) the registry, an authorized entity sends an add (update) request to the registry. This request consists of an HTTP PUT request on the URI that identifies the resource to add (update). The representation of the resource to add (update) is carried in the HTTP request's body. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses.
The format of an HTTP request used to add (update) an SPPF object to (present in) the registry is as follows:
PUT ${ResourceURI}[?clientTransId=${clientTransId}] HTTP/1.1 ..... [minorVer: ${minorVer}] Content-Type: ? Content-Length: ? ${ResourceRepresentation}
The data elements within the HTTP PUT request are described as follows:
The format of an HTTP response to an add (update) request is as follows:
HTTP/1.1 ${StatusCode} .... [clientTransId: ${clientTransId}] serverTransId: ${serverTransId}] Content-Length: 0
The data elements within the HTTP PUT response are described as follows:
In order to remove an object from the registry, an authorized entity sends a delete request to the registry. This request consists of an HTTP DELETE request on the URI that identifies the resource to delete. The body of the HTTP request is empty since the resource to delete is uniquely identified by the URI included in the request. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses.
The format of an HTTP request used to delete an SPPF object from the registry is as follows:
DELETE ${ResourceURI}[?clientTransId=${clientTransId}] HTTP/1.1 ..... [minorVer: ${minorVer}] Content-Length: 0
The data elements within the HTTP DELETE request are described as follows:
The format of an HTTP response to a delete request is as follows:
HTTP/1.1 ${StatusCode} .... [clientTransId: ${clientTransId}] serverTransId: ${serverTransId}] Content-Length: 0
The data elements within the HTTP DELETE response are described as follows:
In SPPF, a SED Group Offer can be accepted or rejected by, or on behalf of, the registrant to whom the SED Group has been offered (refer "Framework Data Model Objects" section of the framework document for a description of the SED Group Offer object). The Accept operation is used to accept such SED Group Offers by, or on behalf of, the Registrant. This request consists of an HTTP PUT request on the URI that identifies the Acceptation resource for the concerned SED Group Offer. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses.
The format of an HTTP request used to accept a SED Group Offer is as follows:
PUT ${AcceptationURI}[?clientTransId=${clientTransId}] HTTP/1.1 ..... [minorVer: ${minorVer}] Action: Accept Content-Length: 0
The data elements within the HTTP PUT request are described as follows:
The format of an HTTP response to an Accept request is as follows:
HTTP/1.1 ${StatusCode} .... [clientTransId: ${clientTransId}] serverTransId: ${serverTransId}] Content-Length: 0
The data elements within the HTTP PUT response are described as follows:
In SPPF, a SED Group Offer can be accepted or rejected by, or on behalf of, the registrant to whom the SED Group has been offered (refer "Framework Data Model Objects" section of the framework document for a description of the SED Group Offer object). The Reject operation is used to reject such SED Group Offers by, or on behalf of, the Registrant. This request consists of an HTTP PUT request on the URI that identifies the Rejection resource for the concerned SED Group Offer. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. The following sub-sections describe the expected format of the HTTP requests and responses.
The format of an HTTP request used to reject a SED Group Offer is as follows:
PUT ${RejectionURI}[?clientTransId=${clientTransId}] HTTP/1.1 ..... [minorVer: ${minorVer}] Action: Reject Content-Length: 0
The data elements within the HTTP PUT request are described as follows:
The format of an HTTP response to a reject request is as follows:
HTTP/1.1 ${StatusCode} .... [clientTransId: ${clientTransId}] serverTransId: ${serverTransId}] Content-Length: 0
The data elements within the HTTP PUT response are described as follows:
In order to query the details of an object from the Registry, an authorized entity sends a get request to the registry. This request consists of an HTTP GET request targetting the URI that identifies the queried resource. After the operation is performed, the registry sends back an HTTP response to the client indicating if the request has been performed successfully, and if not, the reason of the failure. Moreover, if the queried object is found in the registry, the HTTP response's body contains the representation of the result object. The following sub-sections describe the expected format of the HTTP requests and responses.
The format of an HTTP request used to get an SPPF object is as follows:
GET ${ResourceURI} HTTP/1.1 ..... [minorVer: ${minorVer}] Content-Length: 0
The data elements within the HTTP GET request are described as follows:
The format of an HTTP response to a get request is as follows:
HTTP/1.1 ${StatusCode} .... Content-Length: ? ${ResourceRepresentation}
The data elements within the HTTP GET response are described as follows:
In addition to the ability to query the details of one or more SED Group offers using a SED Group Offer key in a Get request, this operation also provides an additional, more flexible, structure to query for SED Group Offer objects.
Using the details passed into this structure, the server will attempt to find SED Group Offer objects that satisfy all the criteria passed into the request. If no criteria is passed in then the server will return the list of SED Group Offer objects that belong to the registrant. If there are no matching SED Group Offers found then an empty result set will be returned.
The format of an HTTP request used to get SED Group Offers is as follows:
GET /SEDGrpOffer[?offeredBy=${offeredBy}[&offeredTo=${offeredTo} \ [&status=${status}]]] HTTP/1.1 ..... [minorVer: ${minorVer}] Content-Length: 0
The data elements within the HTTP GET request are described as follows:
The format of an HTTP response to a get SED Group Offers request is as follows:
HTTP/1.1 ${StatusCode} .... Content-Length: ? ${SEDGrpOffersRepresentation}
The data elements within the HTTP GET response are described as follows:
In order to query certain details of the SPPF server, like the SPPF server's status and the major/minor version supported by the server, the Server Details operation structure SHOULD be used.
The format of an HTTP request used to get the server status is as follows:
GET /ServerStatus HTTP/1.1 ..... [minorVer: ${minorVer}] Content-Length: 0
The data elements within the HTTP GET request are described as follows:
The format of an HTTP response to a Get Server Status request is as follows:
HTTP/1.1 ${StatusCode} .... Content-Length: ? ${ServerStatusRepresentation}
The data elements within the HTTP GET response are described as follows:
HTTP provides a set of status codes that are used to indicate an overall result of the request to the client. This protocol implementation uses the status codes defined in [RFC2616].
The following status codes may be returned in the HTTP responses of all operations defined in this document.
Refer the "Framework Operations" section of the framework document for a description of all SPPF operations, and any necessary semantics that MUST be adhered to in order to conform with the SPPF specification.
RESTful SPP Protocol is used to query and update session peering data and addresses, so the ability to access this protocol should be limited to users and systems that are authorized to query and update this data. Because this data is sent in both directions, it may not be sufficient for just the client or user to be authenticated with the server. The identity of the server should also be authenticated by the client, which is often accomplished using the TLS certificate exchange and validation described in [RFC2818]. SPP Protocol messages may include sensitive information, routing data, lists of resolvable addresses, etc. So when used in a production setting and across non-secure networks, SPP Protocol should only be used over communications channels that provide strong encryption for data privacy.
The RESTful SPP Protocol relies on an underlying secure transport for integrity and privacy. Such transports are expected to include TLS/HTTPS. In addition to the application level authentication imposed by an SPPF server, there are a number of options for authentication within the transport layer and the messaging envelope. These include TLS client certificates and HTTP Digest Access Authentication headers.
At a minimum, all conforming RESTful SPP Protocol implementations MUST support HTTPS.
The above protocols may have various vulnerabilities, and these may be inherited by the RESTful SPP Protocol. RESTful SPP Protocol itself may have vulnerabilities because an authorization model is not explicitly specified in the current specification.
Sections 5 and 10.1 describe requirements for HTTPS support using TLS. Non-anonymous TLS servers can optionally request a certificate from a TLS client; that option is not a requirement for this protocol. This presents a denial of service risk in which unauthenticated clients can consume server CPU resources by creating TLS sessions. The risk is increased if the server supports client-initiated renegotiation. This risk can be mitigated by disabling client-initiated renegotiation on the server and by ensuring that other means (such as firewall access control lists) are used to restrict unauthenticated client access to servers.
In conjunction with the above, it is important that REST SPP Protocol implementations implement an authorization model that considers the source of each query or update request and determines whether it is reasonable to authorize that source to perform that specific query or update.
Some deployments of REST SPP Protocol could choose to use transports without encryption. This presents vulnerabilities but could be selected for deployments involving closed networks or debugging scenarios. However, the vulnerabilities of such a deployment could be a lack of integrity and privacy of the data transported in this type of deployment.
TBD
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC3688] | Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004. |
[RFC5246] | Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. |
[RFC2617] | Franks, J., Hallam-Baker, P.M., Hostetler, J.L., Lawrence, S.D., Leach, P.J., Luotonen, A. and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. |
[RFC2616] | Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. |
[I-D.draft-ietf-drinks-spp-framework] | Cartwright, K.C., Bhatia, V.B., Ali, S.A. and D.S. Schwartz, "Session Peering Provisioning Framework ", Internet-Draft draft-ietf-drinks-spp-framework-02, July 2012. |
[RFC2818] | Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. |
[W3C.REC-xml-20081126] | Sperberg-McQueen, C., Yergeau, F., Bray, T., Maler, E. and J. Paoli, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", World Wide Web Consortium Recommendation REC-xml-20081126, November 2008. |
[Roy Fielding] | Fielding, R.T., "Architectural Styles and the Design of Network-based Software Architectures", University of California , 2000. |