Internet-Draft CDN Interconnect Triggers July 2024
Sopher, et al. Expires 9 January 2025 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-ietf-cdni-ci-triggers-rfc8007bis-14
Obsoletes:
8007 (if approved)
Published:
Intended Status:
Standards Track
Expires:
Authors:
N.B. Sopher
Qwilt
O. Finkelman
Qwilt
S. Mishra
Verizon
J.K. Robertson
Qwilt
A. Arolovitch
Viasat

Content Delivery Network Interconnection (CDNI) Control Interface / Triggers 2nd Edition

Abstract

This document obsoletes RFC8007. The document describes the part of Content Delivery Network Interconnection (CDNI) Control interface that allows a CDN to trigger activity in an interconnected CDN that is configured to deliver content on its behalf. The upstream CDN MAY use this mechanism to request that the downstream CDN pre-position metadata or content as well as request that it invalidate or purge metadata or content. The upstream CDN MAY monitor the status of activity that it has triggered in the downstream CDN.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 9 January 2025.

Table of Contents

1. Introduction

[RFC6707] introduces the problem scope for Content Delivery Network Interconnection (CDNI) and lists the four categories of interfaces that may be used to compose a CDNI solution (Control, Metadata, Request Routing, and Logging).

[RFC7336] expands on the information provided in [RFC6707] and describes each of the interfaces and the relationships between them in more detail.

The CDNI Control Interface / Triggers 1st edition [RFC8007], deprecated by this document, describes the "CI/T" interface -- "CDNI Control interface / Triggers". It does not consider those parts of the Control interface that relate to configuration, bootstrapping, or authentication of CDN Interconnect interfaces. Section 4 of [RFC7337] identifies the requirements specific to the CI/T interface; requirements applicable to the CI/T interface are CI-1 to CI-6.

This document is a second edition of the CDNI Control Interface / Triggers, which defines a new version, "v2", of the interface objects. The new objects replace the trigger interface's main objects, the "ci-trigger-command" object and its matching "ci-trigger-status" object to support RESTful [REST] semantics in a way that improves the interface's flexibility, extensibility and interoperability, and allows encoding the interface using OpenAPI. The document also provides a Trigger Extension mechanism that MAY be used to provide further instruction on the trigger execution. Additionally, this second edition includes cascaded CDN error propagation for improved trigger execution monitoring.

1.1. Terminology

This document reuses the terminology defined in [RFC6707] and uses "uCDN" and "dCDN" as shorthand for "upstream CDN" and "downstream CDN", respectively.

Additionally, the following terms are used throughout this document and are defined as follows:

  • HLS - HTTP Live Streaming

  • DASH - Dynamic Adaptive Streaming Over HTTP

  • MSS - Microsoft Smooth Streaming

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

2. Model for CDNI Triggers

A CI/T Command, sent from uCDN to dCDN, is a request for the dCDN to do some work (an "action") relating to data associated with content requests originating from uCDN.

There are two types of CI/T Command: CI/T Create Trigger Command and CI/T Modify Trigger Command. The CI/T Modify Command can be used to request cancellation and/or modification of an earlier CI/T Trigger Command.

A CI/T Trigger Action is of one of the following:

Note that additional CI/T Trigger Actions can be defined and registered in the future.

The CI/T interface is a web service offered by dCDN. It allows CI/T Commands to be issued and triggered activity to be tracked. The CI/T interface builds on top of HTTP/1.1 [RFC9112]. References to URLs in this document relate to HTTP/HTTPS URIs, as defined in Section 4.2 of [RFC9110].

When dCDN accepts a CI/T Command, it creates a resource describing the status of the triggered activity -- a Trigger Status Resource. uCDN can poll Trigger Status Resources to monitor progress.

dCDN maintains at least one collection of Trigger Status Resources for each uCDN. Each uCDN only has access to its own collections, the locations of which are shared when CDNI is established.

To trigger activity in dCDN, uCDN POSTs a CI/T Command to the collection of Trigger Status Resources. If dCDN accepts the CI/T Trigger Create Command, it creates a new Trigger Status Resource and returns its location to uCDN. To monitor progress, uCDN can GET the Trigger Status Resource. To request cancellation of a CI/T Trigger Command, uCDN can POST to the collection of Trigger Status Resources or simply DELETE the Trigger Status Resource.

Note that the version of the CI/T Command objects POSTed by uCDN MUST match the version of CI/T Status Resource objects generated and reported by dCDN. Thus, sending a [RFC8007] "ci-trigger-command" object as the command generates a "ci-trigger-status" structured resource to be reported, while sending a "ci-trigger-command.create.v2" object generates a "ci-trigger-status.v2" object.

In addition to the collection of all Trigger Status Resources for the uCDN, dCDN can maintain filtered views of that collection. These filtered views are defined in Section 4 and include collections of Trigger Status Resources filtered by Trigger Status or Trigger Label. These collections provide a mechanism for polling the status of multiple jobs.

Figure 1 is an example showing the basic message flow used by the uCDN to trigger activity in dCDN and for uCDN to discover the status of that activity. Only successful triggering is shown. Examples of the messages are shown in Section 10.

   uCDN                                                   dCDN
    |    (1) POST https://dcdn.example.com/triggers/uCDN    |
   [ ] --------------------------------------------------> [ ]--+
    |                                                      [ ]  | (2)
    |    (3) HTTP 201 Response                             [ ]<-+
   [ ] <-------------------------------------------------- [ ]
    |     Loc: https://dcdn.example.com/triggers/uCDN/123   |
    |                                                       |
    .                           .                           .
    .                           .                           .
    .                           .                           .
    |                                                       |
    |   (4) GET https://dcdn.example.com/triggers/uCDN/123  |
   [ ] --------------------------------------------------> [ ]
    |                                                      [ ]
    |   (5) HTTP 200 Trigger Status Resource               [ ]
   [ ] <-------------------------------------------------- [ ]
    |                                                       |
    |                                                       |
Figure 1: Basic CDNI Message Flow for Triggers

The steps in Figure 1 are as follows:

  1. uCDN triggers action in dCDN by POSTing a CI/T Command to a collection of Trigger Status Resources -- "https://dcdn.example.com/triggers/uCDN". This URL was given to uCDN when the CI/T interface was established.

  2. dCDN authenticates the request, validates the CI/T Command, and, if it accepts the request, creates a new Trigger Status Resource.

  3. dCDN responds to uCDN with an HTTP 201 response status and the location of the Trigger Status Resource.

  4. uCDN MAY query, possibly repeatedly, the Trigger Status Resource in dCDN.

  5. dCDN responds to each query with the Trigger Status Resource, describing the progress or results of the CI/T Trigger Command.

The remainder of this document describes the messages, Trigger Status Resources, and collections of Trigger Status Resources in more detail.

2.1. Timing of Triggered Activity

Timing of the execution of CI/T Commands is under dCDN's control, including its start time and pacing of the activity in the network. Instructions regarding this timing may be included in the trigger using one of the Trigger Extension Objects defined in Section 8, such as Section 8.3 and Section 8.2.

CI/T "invalidate" and "purge" commands MUST be applied to all data acquired before the command was accepted by dCDN. dCDN SHOULD NOT apply CI/T "invalidate" and "purge" commands to data acquired after the CI/T Command was accepted, but this may not always be achievable, so uCDN cannot count on that.

If uCDN wishes to invalidate or purge content and then immediately pre-position replacement content at the same URLs, it SHOULD ensure that dCDN has completed the invalidate/purge before initiating the pre-positioning. Otherwise, there is a risk that the dCDN pre-positions the new content, then immediately invalidates or purges it (as a result of the two uCDN requests running in parallel).

Because the CI/T Command timing is under dCDN's control, dCDN implementation can choose whether to apply CI/T "invalidate" and "purge" commands to content acquisition that has already started when the command is received.

2.2. Scope of Triggered Activity

Each CI/T Command can operate on multiple metadata and content elements, usually referred to by their URLs. These elements are targeted by specifying both their subject (i.e., "metadata" or "content") as well as specification method (e.g., URL Regexes) and value.

Multiple representations of an HTTP resource may share the same URL. CI/T Trigger Commands that invalidate or purge metadata or content apply to all resource representations with matching URLs.

2.2.1. Multiple Interconnected CDNs

In a network of interconnected CDNs, a single uCDN will originate a given item of metadata and associated content. It would possibly distribute that metadata and content to more than one dCDN, which in turn distributes that metadata and content to additional CDNs located further downstream.

An intermediate CDN is dCDN that passes on CDNI Metadata and content to dCDNs located further downstream.

A "diamond" configuration is one where dCDN can acquire metadata and content originated in one uCDN from that uCDN itself and an intermediate CDN, or via more than one intermediate CDN.

CI/T Commands originating in the single source uCDN affect metadata and content in all dCDNs; however, in a diamond configuration, it may not be possible for dCDN to determine from which uCDN it acquired content. In this case, dCDN MUST allow each uCDN from which it may have acquired the content to act upon that content using CI/T Commands.

In all other cases, dCDN MUST reject CI/T Commands from uCDN that attempts to act on another uCDN's content by using, for example, responding with an HTTP 403 ("Forbidden").

Security considerations are discussed further in Section 12.

The diamond configuration may lead to inefficient interactions, but the interactions are otherwise harmless. For example:

  • When uCDN issues an "invalidate" CI/T Command, dCDN will receive that command from multiple directly connected uCDNs. The dCDN may schedule multiple such commands separately, and the last scheduled command may affect content already revalidated following execution of the "invalidate" command that was scheduled first.

  • If one of dCDN's directly connected uCDNs loses its rights to distribute content, it may issue a CI/T "purge" command. That purge may affect content dCDN could retain because it's distributed by another directly connected uCDN. But, that content can be reacquired by dCDN from the remaining uCDN.

  • When uCDN originating an item of content issues a CI/T purge followed by a pre-position, two directly connected uCDNs will pass those commands to dCDN. That dCDN implementation need not merge those operations or notice the repetition, in which case the purge issued by one uCDN will be completed before the other. The first uCDN to finish its purge may then forward the "preposition" trigger, and content pre-positioned as a result might be affected by the still-running purge issued by the other uCDN. However, dCDN will reacquire that content as needed, or when it's asked to pre-position the content by the second uCDN. dCDN implementation could avoid this interaction by knowing which uCDN it acquired the content from, or it could minimize the consequences by recording the time at which the "invalidate"/"purge" command was received and not applying it to content acquired after that time.

2.3. Trigger Results

Possible states for a Trigger Status Resource are defined in Section 6.2.6.

The CI/T Trigger Command MUST NOT be reported as "complete" until all operations have been completed successfully. The reasons for failure, and URLs or patterns affected, SHOULD be enumerated in the Trigger Status Resource. For more details, see Section 5.8.

If dCDN is also acting as uCDN in a cascade, it MUST forward CI/T Commands to any dCDNs that may be affected. The CI/T Trigger Command MUST NOT be reported as "complete" in a CDN until it is "complete" in all of its dCDNs. If a CI/T Trigger Command is reported as "processed" in any dCDN, intermediate CDNs MUST NOT report "complete"; instead, they MUST also report "processed". A CI/T Command MAY be reported as "failed" as soon as it fails in a CDN or any of its dCDNs. A cancelled CI/T Trigger Command MUST be reported as "cancelling" until it has been reported as "cancelled", "complete", or "failed" by all dCDNs in a cascade.

3. Trigger Specification

The following attributes define the trigger execution.

3.1. Trigger Action

Trigger Action is used in a Trigger Specification to describe trigger actions. It was initially referred to in [RFC8007] as "Trigger Type".

All trigger actions MUST be registered in the IANA "CDNI CI/T Trigger Types" registry (see Section 11.2).

dCDN receiving a request containing a trigger action that it does not recognize or does not support MUST reject the request by creating a Trigger Status Resource with "failed" status and the "errors" array containing an Error.v2 Description with error "eunsupported" (see Section 6.2.7).

The following trigger actions are defined by this document:

Table 1
JSON String Description
preposition A request for dCDN to acquire metadata or content.
invalidate A request for dCDN to invalidate metadata or content. After servicing this request, dCDN will not use the specified data without first revalidating it using, for example, an "If-None-Match" HTTP request. dCDN need not erase the associated data.
purge A request for dCDN to erase metadata or content. After servicing the request, the specified data MUST NOT be held on dCDN (dCDN should reacquire the metadata or content from uCDN if it needs it).

3.2. Trigger Spec

The CDNI Control Interface / Triggers 1st edition [RFC8007] defines a set of properties and objects used by the trigger commands in order to specify the targets upon which the trigger is applied. This document modifies the trigger interface objects so it has a list of trigger specs. Such structure improves the interface's extensibility and flexibility. Furthermore, the document defines a generic trigger spec object that acts as a wrapper for managing individual CDNI trigger specs in an opaque manner, allowing future extension of the interface.

All trigger specs MUST be registered in the IANA "CDNI CI/T Trigger Specs" registry (see Section 11.3).

dCDN receiving a request containing a trigger spec that it does not recognize or does not support MUST reject the request by creating a Trigger Status Resource with "failed" status and the "errors" array containing an Error.v2 Description with error "espec" (see Section 6.2.7).

This document also defines an initial set of trigger spec objects and registers them in the IANA "CDNI CI/T Trigger Specs" registry:

Table 2
JSON String Description
urls Allowing the specification of trigger targets via URLs.
ccids Allowing the specification of trigger targets via CCIDs content grouping, as defined in section 4.2.8 [RFC8006].
uri-pattern-match Allowing the specification of trigger targets via [RFC3986] URI patterns.
uri-regex-match Allowing the specification of trigger targets via regexes matching their URI, as defined in Section 7.4.
content-objectlist Allowing the specification of trigger targets via an object list and an object list type.

3.2.1. Trigger Subject

Because the scope of the trigger may relate to either metadata as well as content, the "trigger spec object" also specifies the trigger's target subject (i.e., metadata or content) against which to match.

All trigger subjects MUST be registered in the IANA "CDNI CI/T Trigger Subjects" registry (see Section 11.4).

dCDN receiving a request containing a trigger subject that it does not recognize or does not support MUST reject the request by creating a Trigger Status Resource with "failed" status and the "errors" array containing an Error.v2 Description with error "esubject" (see Section 6.2.7).

This document also defines an initial set of trigger subject values and registers them in the IANA "CDNI CI/T Trigger Subjects" registry:

Table 3
JSON String Description
metadata Indicating the trigger target specification refers to Metadata object, as defined at [RFC8006].
content Indicating the trigger target specification refers to client facing content.

3.2.2. Content URLs

Each CI/T Command usually refers to the targets by the target URLs, using a "urls" trigger spec object or some aggregating spec such as the "url-regex-match". If content URLs are transformed by an intermediate CDN in a cascade, that intermediate CDN MUST similarly transform URLs in CI/T Commands it passes to its dCDN.

When processing Trigger Specifications, CDNs MUST ignore the URL scheme (HTTP or HTTPS) in comparing URLs. For example, for a CI/T "invalidate" or "purge" command, content MUST be invalidated or purged regardless of the protocol clients used to request it.

3.3. Trigger Extensibility

The CDNI Control Interface / Triggers 1st edition [RFC8007] defines a set of properties and objects used by the trigger commands. This 2nd edition defines an extension mechanism to the triggers interface that enables applications to add instructions for finer control over the trigger execution, for example indicating a time window in which to execute the trigger. This document specifies a generic trigger extension object wrapper for managing individual CDNI trigger extensions in an opaque manner.

All trigger extensions are optional, and it is thus the responsibility of the extension specification to define a consistent default behavior for the case the extension is not present.

All trigger extensions MUST be registered in the IANA "CDNI CI/T Trigger Extensions" registry (see Section 11.6).

This document also defines an initial set of trigger extension objects and registers them in the IANA "CDNI CI/T Trigger Extensions" registry:

Table 4
JSON String Description
location-policy Allowing the control over the locations in which the trigger is executed.
time-policy Allowing the scheduling of a trigger to run in a specific time window.
execution-policy Allowing the control over the order and timing in which triggers are executed.

Example use cases

  • Pre-position with cache location policy

  • Purge content with cache location policy

  • Pre-position at a specific time

  • Purge by content acquisition time (e.g., purge all content acquired in the past X hours)

4. Collections of Trigger Status Resources

As described in Section 2, Trigger Status Resources exist in dCDN to report the status of activity triggered by each uCDN.

A collection of Trigger Status Resources is a resource that contains a reference to each Trigger Status Resource in that collection. Note that the collection may refer to Trigger Status Resources of triggers from several versions of CI/T objects, i.e., a subsequent call for the retrieval of the relevant trigger status may provide objects of various MIME media types: ci-trigger-status as defined in [RFC8007], ci-trigger-status.v2 defined in this document, or objects of future CI/T objects versions, based on the CI/T command version used for the creation of the trigger.

dCDN MUST make a collection of uCDN's Trigger Status Resources available to that uCDN. This collection includes all of the Trigger Status Resources created for CI/T Commands from uCDN that have been accepted by dCDN and have not yet been deleted by uCDN or expired and removed by dCDN (as described in Section 5.5). Trigger Status Resources belonging to uCDN MUST NOT be visible to any other CDN. dCDN could, for example, achieve this by offering different collection URLs to each uCDN and by filtering the response based on uCDN with which the HTTP client is associated.

To trigger an activity in dCDN or to cancel a triggered activity, the uCDN POSTs a CI/T Command to dCDN's collection of uCDN's Trigger Status Resources.

To allow uCDN to check the status of multiple jobs in a single request, dCDN MAY also maintain collections representing filtered views of the collection of all Trigger Status Resources. These filtered collections are "optional-to-implement", but if they are implemented, dCDN MUST include links to them in the collection of all Trigger Status Resources.

4.1. Filtered Collections by Trigger Status

dCDN MAY provide filtered collections per Trigger Status (Section 6.2.6). If implemented, dCDN SHOULD provide a separate filtered collection for every Trigger Status, and advertise these collections in the collection of all Trigger Resources.

4.2. Filtered Collections by Trigger Label

dCDN MAY provide filtered collections per Trigger Label (Section 6.2.10), as specified by uCDN in Section 6.2.1. If implemented, dCDN SHOULD provide a separate filtered collection for every unique Trigger Label, and advertise these collections in the collection of all Trigger Resources.

5. CDNI Trigger Interface

This section describes an interface to enable uCDN to trigger activity in dCDN.

The CI/T interface builds on top of HTTP, so dCDNs may make use of any HTTP feature when implementing the CI/T interface. For example, dCDN SHOULD make use of HTTP's caching mechanisms to indicate that a requested response/representation has not been modified, reducing uCDN's processing needed to determine whether the status of triggered activity has changed.

dCDNs MAY implement separate CI/T interfaces per Section 3.2.1, i.e. one CI/T interface for trigger operations on metadata and another for operations on content. In this case, dCDN MUST advertise separate interface endpoints via Section 9.1.

All dCDNs implementing CI/T MUST support the HTTP GET, HEAD, POST, and DELETE methods as defined in [RFC9110].

The only representation specified in this document is JSON [RFC8259]. It MUST be supported by uCDN and by dCDN.

The URL of dCDN's collection of all Trigger Status Resources needs to be either discovered by or configured in uCDN. The mechanism for discovery of that URL is outside the scope of this document.

CI/T Commands are POSTed to dCDN's collection of all Trigger Status Resources. If a CI/T Trigger Command is accepted by dCDN, dCDN creates a new Trigger Status Resource and returns its URI to uCDN in an HTTP 201 response. The triggered activity can then be monitored by uCDN using that resource and the collections described in Section 4.

The URI of each Trigger Status Resource is returned to uCDN when it is created, and URIs of all Trigger Status Resources are listed in dCDN's collection of all Trigger Status Resources. This means all Trigger Status Resources can be discovered by uCDN, so dCDNs are free to assign whatever structure they desire to the URIs for CI/T resources. Therefore, uCDNs MUST NOT make any assumptions regarding the structure of CI/T URIs or the mapping between CI/T objects and their associated URIs. The URIs used in the examples in this document are purely illustrative and are not intended to impose a definitive structure on CI/T interface implementations.

5.1. Creating Triggers

To issue a CI/T Command, uCDN makes an HTTP POST to dCDN's collection of all of uCDN's Trigger Status Resources. The request body of that POST is a CI/T Command, as described in Section 6.1.1.

dCDN validates the CI/T Command. If the command is malformed or uCDN does not have sufficient access rights, dCDN MUST either respond with an appropriate 4xx HTTP error code and not create a Trigger Status Resource or create a "failed" Trigger Status Resource containing an appropriate Error.v2 Description.

When a CI/T Trigger Command is accepted, dCDN MUST create a new Trigger Status Resource that will convey a specification of the CI/T Command and its current status. The HTTP response to uCDN MUST have status code 201 and MUST convey the URI of the Trigger Status Resource in the Location header field [RFC9110]. The HTTP response SHOULD include the content of the newly created Trigger Status Resource. This is particularly important in cases where the CI/T Trigger Command has been completed immediately.

Once a Trigger Status Resource has been created, dCDN MUST NOT reuse its URI, even after that Trigger Status Resource has been removed.

dCDN SHOULD track and report on the progress of CI/T Trigger Commands using a Trigger Status Resource (Section 6.1.3). If the dCDN is not able to do that, it MUST indicate that it has accepted the request but will not be providing further status updates. To do this, it sets the status of the Trigger Status Resource to "processed". In this case, CI/T processing should continue as for a "complete" request, so the Trigger Status Resource MUST be added to dCDN's collection of complete Trigger Status Resources. dCDN SHOULD also provide an estimated completion time for the request by using the "etime" property of the Trigger Status Resource. This will allow uCDN to schedule pre-positioning after an earlier delete of the same URLs is expected to have finished.

If dCDN can track the execution of CI/T Commands and a CI/T Command is queued by dCDN for later action, the "status" property of the Trigger Status Resource MUST be "pending". Once processing has started, the status MUST be "active". Finally, once the CI/T Command is complete, the status MUST be set to "complete" or "failed".

A CI/T Trigger Command may result in no activity in dCDN if, for example, it is an "invalidate" or "purge" request for datdCDN has not yet acquired, or a "preposition" request for data that it has already acquired and that is still valid. In this case, the status of the Trigger Status Resource MUST be "processed" or "complete", and the Trigger Status Resource MUST be added to dCDN's collection of complete Trigger Status Resources.

Once created, Trigger Status Resources can be cancelled or deleted by uCDN, but not modified. dCDN MUST reject PUT and POST requests from uCDN to Trigger Status Resources by responding with an appropriate HTTP status code -- for example, 405 ("Method Not Allowed").

5.2. Modifying Triggers

uCDN can request modification of an existing Trigger Command by issuing CI/T Modify Trigger Command. Allowed modifications include an update of the Trigger Command specification and change of state.

dCDN MAY accept the request to update specification when the trigger has "pending" status, i.e. the trigger has not been acted upon yet.

dCDN MAY accept the trigger status change request as long as:

  • the requested state is "cancelled"

  • the trigger has either "pending" or "active" status before the request

Modification of existing triggers is useful for uCDN to correct an error in trigger specification or trigger extension(s) that may govern when the Trigger Command is to be executed.

dCDN MUST respond to the CI/T Modify Trigger Command appropriately. For example, HTTP status code 200 ("OK") should be returned if the modification has been processed, 202 ("Accepted") if the command has been accepted but the modification is not fully complete yet, 404 ("Not Found") when the Trigger Status Resource does not exist, 409 ("Conflict") when the Trigger Status Resource is in a state that doesn't allow the requested modification, 501 ("Not Implemented") if modification is not supported by dCDN or an appropriate 4xx HTTP error code in case of a malformed request.

5.3. Checking Status

uCDN has two ways to check the progress of CI/T Commands it has issued to dCDN, as described in Sections Section 5.3.1 and Section 5.3.2.

To allow uCDN to check for changes in the status of a Trigger Status Resource or collection of Trigger Status Resources without refetching the whole resource or collection, dCDN SHOULD include entity-tags (ETags) for uCDN to use as cache validators, as defined in [RFC9110].

dCDN SHOULD use the cache control headers for responses to GETs for Trigger Status Resources and Collections to indicate the frequency at which it recommends that uCDN should poll for change.

5.3.1. Polling Trigger Status Resource Collections

uCDN can fetch the collection of its Trigger Status Resources or filtered views of that collection.

This makes it possible to poll the status of all CI/T Trigger Commands in a single request. If dCDN moves a Trigger Status Resource from the active to the completed collection, uCDN can fetch the result of that activity.

When polling in this way, uCDN SHOULD use HTTP ETags to monitor for change, rather than repeatedly fetching the whole collection. An example of this is given in Section 10.2.4.

5.3.1.1. Extended View Trigger Status Resource Collections

If dCDN advertises support for extended status, uCDN MAY request the extended Trigger Collection, which embeds all Trigger Status resources in the collection itself, in addition to a list of Trigger Status resource URLs. This support includes all types of Trigger Status Resources Collections, including filtered collections.

uCDN SHOULD request the extended Trigger Collection view by passing the query string parameter "status=extended" when requesting a Trigger Status Resource Collection. dCDN SHOULD appropriately respond to the request for extended status with HTTP Status 200 ("OK") when such request can be satisfied, with error code 501 ("Not Implemented") if the capability has not been implemented or advertised, and 400 ("Bad Request") in case of an unrecognized query parameters.

5.3.2. Polling Trigger Status Resources

uCDN has a URI provided by dCDN for each Trigger Status Resource it has created. It may fetch that Trigger Status Resource at any time.

This can be used to retrieve progress information and to fetch the result of the CI/T Command.

When polling in this way, uCDN SHOULD use HTTP ETags to monitor for change, rather than repeatedly fetching the Trigger Status Resource.

5.4. Cancelling Triggers

uCDN can request cancellation of a trigger by issuing CI/T Modify Trigger Command to the specific trigger's Trigger Status Resource URL and setting the "desired-status" field to "cancelled".

dCDN is required to accept and respond to the CI/T Modify Command, but the actual cancellation of a CI/T Trigger Command is optional-to-implement.

dCDN MUST respond to the CI/T Modify Command appropriately -- for example, with HTTP status code 200 ("OK") if the cancellation has been processed and the CI/T Command is inactive, 202 ("Accepted") if the command has been accepted but the CI/T Command remains active, 404 ("Not Found") when the Trigger Status Resource does not exist, or 501 ("Not Implemented") if cancellation is not supported by dCDN.

If cancellation of a "pending" Trigger Status Resource is accepted by dCDN, dCDN SHOULD NOT start the processing of that activity. Requesting a cancellation of a trigger using a CI/T Modify Command for a "pending" Trigger Status Resource does not, however, guarantee that the corresponding activity will not be started, because uCDN cannot control the timing of that activity. Processing could, for example, start after the POST is sent by uCDN but before that request is processed by dCDN.

If cancellation of an "active" or "processed" Trigger Status Resource is accepted by dCDN, dCDN SHOULD stop processing the CI/T Command. However, as with the cancellation of a "pending" CI/T Command, dCDN does not guarantee this.

If the CI/T Command cannot be stopped immediately, the status in the corresponding Trigger Status Resource MUST be set to "cancelling", and the Trigger Status Resource MUST remain in the collection of Trigger Status Resources for active CI/T Commands. If processing is stopped before normal completion, the status value in the Trigger Status Resource MUST be set to "cancelled", and the Trigger Status Resource MUST be included in the collection of failed CI/T Trigger Commands.

Cancellation of a "complete" or "failed" Trigger Status Resource requires no processing in dCDN. Its status MUST NOT be changed to "cancelled".

5.5. Deleting Triggers

uCDN can delete Trigger Status Resources at any time using the HTTP DELETE method. As defined in the CDNI Control Interface / Triggers 1st edition [RFC8007], the effect is similar to cancellation, but no Trigger Status Resource remains afterwards. Note that in cases where the trigger's status before the deletion is not a terminal status (i.e., "completed", "failed" or "cancelled"), uCDN would not have the ability to further monitor the cancellation process and the final status of the trigger. For this reason, it is recommended that the trigger is cancelled (see Section 5.4) before trigger deletion and deletion is only used on triggers with a terminal status.

Once deleted, the references to a Trigger Status Resource MUST be removed from all Trigger Status Resource collections. Subsequent requests to GET the deleted Trigger Status Resource SHOULD be rejected by dCDN with an HTTP error.

If a "pending" Trigger Status Resource is deleted, dCDN SHOULD NOT start the processing of that activity. Deleting a "pending" Trigger Status Resource does not, however, guarantee that it has not started, because uCDN cannot control the timing of that activity. Processing may, for example, start after the DELETE is sent by uCDN but before that request is processed by dCDN.

If an "active" or "processed" Trigger Status Resource is deleted, the dCDN SHOULD stop processing the CI/T Command. However, as with deletion of a "pending" Trigger Status Resource, dCDN does not guarantee this.

Deletion of a "complete" or "failed" Trigger Status Resource requires no processing in dCDN other than deletion of the Trigger Status Resource.

5.6. Expiry of Trigger Status Resources

dCDN can choose to automatically delete Trigger Status Resources sometime after they become "complete", "processed", "failed", or "cancelled". In this case, dCDN will remove the Trigger Status Resource and respond to subsequent requests for it with an HTTP error.

If dCDN does remove Trigger Status Resources automatically, it MUST report the length of time after which it will do so, using a property of the collection of all Trigger Status Resources. It is RECOMMENDED that Trigger Status Resources are not automatically deleted by dCDN for at least 24 hours after they become "complete", "processed", "failed", or "cancelled".

To ensure that it can get the status of its Trigger Status Resources for completed and failed CI/T Commands, it is RECOMMENDED that uCDN polling interval is less than the time after which records for completed activity will be deleted.

5.7. Loop Detection and Prevention

Given three CDNs, A, B, and C, if CDNs B and C delegate delivery of CDN A's content to each other, CDN A's CI/T Commands could be passed between CDNs B and C in a loop. More complex networks of CDNs could contain similar loops involving more hops.

To prevent and detect such CI/T loops, each CDN uses a CDN Provider ID (PID) to uniquely identify itself. In every CI/T Command it originates or cascades, each CDN MUST append an array element containing its CDN PID to a JSON array under an entry named "cdn-path". When receiving CI/T Commands, dCDN MUST check the cdn-path and reject any CI/T Command that already contains its own CDN PID in the cdn-path. Transit CDNs MUST check the cdn-path and not cascade the CI/T Command to dCDNs that are already listed in the cdn-path.

The CDN PID consists of the two characters "AS" followed by the CDN provider's Autonomous System number [RFC1930], then a colon (":") and an additional qualifier that is used to guarantee uniqueness in case a particular AS has multiple independent CDNs deployed -- for example, "AS64496:0".

If the CDN provider has multiple ASes, the same AS number SHOULD be used in all messages from that CDN provider, unless there are multiple distinct CDNs.

If the CDNI Request Routing Redirection interface (RI) described in [RFC7975] is implemented by dCDN, the CI/T interface and the RI SHOULD use the same CDN PID.

5.8. Error Handling

dCDN can signal rejection of a CI/T Command using HTTP status codes -- for example, 400 ("Bad Request") if the request is malformed, or 403 ("Forbidden") or 404 ("Not Found") if uCDN does not have permission to issue CI/T Commands or it is trying to act on another CDN's data.

If any part of the CI/T Trigger Command fails, the trigger SHOULD be reported as "failed" once its activity is complete or if no further errors will be reported. The "errors" property in the Trigger Status Resource will be used to enumerate which actions failed and the reasons for failure, and can be present while the Trigger Status Resource is still "pending" or "active" if the CI/T Trigger Command is still running for some URLs or patterns in the Trigger Specification.

Once a request has been accepted, processing errors are reported in the Trigger Status Resource using a list of Error.v2 Descriptions. Each Error.v2 Description is used to report errors against one or more of the URLs or patterns in the Trigger Specification.

If a Surrogate affected by a CI/T Trigger Command is offline in the dCDN or dCDN is unable to pass a CI/T Command on to any of its cascaded dCDNs:

  • If the CI/T Command is abandoned by dCDN, dCDN SHOULD report an error.

  • A CI/T "invalidate" command may be reported as "complete" when Surrogates that may have the data are offline. In this case, Surrogates MUST NOT use the affected data without first revalidating it when they are back online.

  • CI/T "preposition" and "purge" commands can be reported as "processed" if affected caches are offline and the activity will complete when they return to service.

  • Otherwise, dCDN SHOULD keep the Trigger Status Resource in state "pending" or "active" until either the CI/T Command is acted upon or uCDN chooses to cancel it.

5.8.1. Error propagation

This subsection explains the mechanism for enabling uCDN to trace an error back to dCDN in which it occurred. CDNI triggers may be propagated over a chain of downstream CDNs. For example, an upstream CDN A (uCDN-A) that is delegating to a downstream CDN B (dCDN-B) and dCDN-B is delegating to a downstream CDN C (dCDN-C). Triggers sent from uCDN-A to dCDN-B may be redistributed from dCDN-B to dCDN-C, and errors can occur anywhere along the path. Therefore, it might be essential for uCDN-A that sets the trigger, to be able to trace back an error to the downstream CDN where it occurred. This document adds a mechanism to propagate the PID of dCDN where the fault occurred, back to the uCDN by adding the PID to the error.v2 description. When dCDN-B propagates a trigger further to the downstream dCDN-C, it MUST also propagate back the errors received in the trigger status resource from dCDN-C by adding them to the errors array in its own status resource to be sent back to the originating uCDN-A. While propagating back the errors dCDN-B MAY also specify dCDN-C PID, indicating to which CDN the error specifically relates. The trigger originating upstream CDN then receives an array built of the errors that occurred in all the CDNs along the execution path, where each error MAY carry its own CDN identifier.

Figure 2 below is an example showing the message flow used by uCDN-A to trigger activity in dCDN-B, followed by dCDN-C, as well as the discovery of the status of that activity, including the Error Propagation.

uCDN-A                         dCDN-B                         dCDN-C
 |                              |                              |
 | (1) POST                     |                              |
 | https://dcdn-b.example.com   |                              |
 | /triggers/uCDN-A             |                              |
[ ]--------------------------->[ ]--+                          |
 |                             [ ]  | (2)                      |
 |                             [ ]<-+                          |
 | (3) HTTP 201 Response.      [ ]                             |
 |<----------------------------[ ]                             |
 | Loc:                        [ ]                             |
 | https://dcdn-b.example.com  [ ] (4) POST                    |
 | /triggers/uCDN-A/123        [ ] https://dcdn-c.example.com  |
 |                             [ ] /triggers/dCDN-B            | (5)
 |                             [ ]--------------------------->[ ]--+
 |                              |                             [ ]  |
 |                              |                             [ ]<-+
 |                              | (6) HTTP 201 Response.      [ ]
 |                             [ ]<---------------------------[ ]
 |                              |  Loc:                        |
 |                              |  https://dcdn-c.example.com  |
 |                              |  /triggers/dCDN-B/456        |
 |                              |                              |
 |                             [ ]--+                          |
 |                             [ ]  | (7.1)                    |
 |                             [ ]<-+                         [ ]--+
 |                              |                       (7.2) [ ]  |
 |                              |                             [ ]<-+
 |                              |                              |
 .                              .                              .
 .                              .                              .
 .                              .                              .
 |                              | (8) GET                      |
 |                              | https://dcdn-c.example.com   |
 |                              | /triggers/dCDN-B/456         |
 |                             [ ]--------------------------->[ ]
 |                              |                             [ ]
 |                              | (9) HTTP 200                [ ]
 |                              | Trigger Status Resource     [ ]
 |                             [ ]<---------------------------[ ]
 |                              |                              |
 .                              .                              .
 .                              .                              .
 .                              .                              .
 | (10) GET                     |                              |
 | https://dcdn-b.example.com   |                              |
 | /triggers/uCDN-A/123         |                              |
[ ]--------------------------->[ ]                             |
 |                             [ ]                             |
 | (11) HTTP 200               [ ]                             |
 | Trigger Status Resource     [ ]                             |
[ ]<---------------------------[ ]                             |
Figure 2: CDNI Message Flow for Triggers, Including Error Propagation

The steps in Figure 2 are as follows:

  1. uCDN-A triggers an action in dCDN-B by POSTing a CI/T Command to a collection of Trigger Status Resources "https://dcdn-b.example.com/triggers/uCDN-A". This URL was given to uCDN-A when the CI/T interface was established.

  2. dCDN-B authenticates the request, validates the CI/T Command, and, if it accepts the request, creates a new Trigger Status Resource.

  3. dCDN-B responds to uCDN-A with an HTTP 201 response status and the location of the Trigger Status Resource.

  4. dCDN-B triggers the action in dCDN-C by POSTing a CI/T Command to a collection of Trigger Status Resources "https://dcdn-c.example.com/triggers/dCDN-B". This URL was given to dCDN-B when the CI/T interface was established.

  5. dCDN-C authenticates the request, validates the CI/T Command, and, if it accepts the request, creates a new Trigger Status Resource.

  6. dCDN-C responds to dCDN-B with an HTTP 201 response status and the location of the Trigger Status Resource.

  7. dCDN-C acts upon the CI/T Command. However, the command fails at dCDN-C as, for example, the Trigger Specification contains an "action type" that is not supported by dCDN-C. dCDN-C's action is depicted by 7.2 in the diagram, while 7.1 shows dCDN-B acting on its own command.

  8. dCDN-B queries, possibly repeatedly, the Trigger Status Resource in dCDN-C.

  9. dCDN-C responds with the Trigger Status Resource, describing the progress or results of the CI/T Trigger Command. In the described flow, the returned Status is "failed", with an Error.v2 Description Object holding "eunsupported" Error Code reflecting the status response.

  10. uCDN-A queries, possibly repeatedly, the Trigger Status Resource in dCDN-B.

  11. dCDN-B responds with the Trigger Status Resource, describing the progress or results of the CI/T Trigger Command. In the flow described above, the returned Status is "failed", and the "eunsupported" error received in the trigger status resource from dCDN-C is propagated along with dCDN-C PID by adding it to the errors array in dCDN-B's own status resource to be sent back to the originating uCDN-A.

6. CI/T Object Properties and Encoding

The CI/T Create Trigger Command, CI/T Modify Trigger Command, Trigger Status Resources, and Trigger Collections, as well as their properties, are encoded using JSON, as defined in Sections Section 6.1.1, Section 6.1.2, Section 6.1.3, and Section 6.1.4, respectively. They MUST use the MIME media type "application/cdni", with parameter "ptype" values as defined below and in Section 11.1.

Names in JSON are case-sensitive. The names and literal values specified in the present document MUST always use lowercase.

JSON types, including "object", "array", "number", and "string", are defined in [RFC8259].

Unrecognized name/value pairs in JSON objects SHOULD NOT be treated as an error by either uCDN or dCDN. They SHOULD be ignored during processing and passed on by dCDN to any further dCDNs in a cascade.

6.1. CI/T Objects

The top-level objects defined by the CI/T interface are described in this section.

The encoding of values used by these objects is described in Section 6.2.

6.1.1. CI/T Create Command

CI/T Create Trigger Command, which is used to create a new trigger, MUST use a MIME media type of "application/cdni; ptype=ci-trigger-command.create.v2".

A CI/T Create Trigger Command is encoded as a JSON object containing the following name/value pairs:

  • Name: trigger-spec

    Description: A specification of the trigger action and a set of targets upon which to act.

    Value: A Trigger.v2 Specification, as defined in Section 6.2.1.

    Mandatory: Yes.

    Name: cdn-path

    Description: The CDN PIDs of CDNs that have already issued the CI/T Command to their dCDNs.

    Value: A non-empty JSON array of JSON strings, where each string is a CDN PID as defined in Section 5.7.

    Mandatory: No.

6.1.2. CI/T Modify Command

CI/T Modify Command, which is used to modify an existing trigger, MUST use a MIME media type of "application/cdni; ptype=ci-trigger-command.modify.v2".

A CI/T Modify Trigger Command is encoded as a JSON object containing the following name/value pairs:

  • Name: specs

    Description: An updated specification of the trigger action and a set of targets upon which to act.

    Value: A Trigger.v2 Specification, as defined in Section 6.2.1.

    Mandatory: No, but at least one of "specs" and "desired-status" should be set.

    Name: desired-status

    Description: The target status for an existing trigger as defined in Section 6.2.6

    Value: JSON string.

    Mandatory: No, but at least one of "specs" and "desired-status" should be set.

6.1.3. Trigger Status Resources

Trigger Status Resources MUST use a MIME media type of "application/cdni; ptype=ci-trigger-status.v2".

A Trigger Status Resource is encoded as a JSON object containing the following name/value pairs:

  • Name: trigger

    Description: The Trigger Specification POSTed in the body of the CI/T Command. Note that this need not be a byte-for-byte copy. For example, in the JSON representation dCDN may re-serialize the information differently.

    Value: A Trigger.v2 Specification, as defined in Section 6.2.1.

    Mandatory: Yes.

    Name: ctime

    Description: The time at which the CI/T Command was received by the dCDN. The time is determined by dCDN; there is no requirement to synchronize clocks between interconnected CDNs.

    Value: Absolute Time, as defined in Section 6.2.4.

    Mandatory: Yes.

    Name: mtime

    Description: The time at which the Trigger Status Resource was last modified. The time is determined by dCDN; there is no requirement to synchronize clocks between interconnected CDNs.

    Value: Absolute Time, as defined in Section 6.2.4.

    Mandatory: Yes.

    Name: etime

    Description: The estimate of the time at which dCDN expects to complete the activity. Time is determined by dCDN; there is no requirement to synchronize clocks between interconnected CDNs.

    Value: Absolute Time, as defined in Section 6.2.4.

    Mandatory: No.

    Name: status

    Description: Current status of the triggered activity.

    Value: Trigger Status, as defined in Section 6.2.6.

    Mandatory: Yes.

    Name: status-reason

    Description: A human-readable explanation for the object status.

    Value: A JSON string, the human-readable status reason.

    Mandatory: No.

    Name: errors

    Description: Descriptions of errors that have occurred while processing a Trigger Command.

    Value: An array of Error.v2 Descriptions, as defined in Section 6.2.5. An empty array is allowed and is equivalent to omitting "errors" from the object.

    Mandatory: No.

    Name: objects

    Description: List of objects derived by dCDN when processing a Trigger Command.

    Value: An array of ObjectList (Section 6.2.9) objects. dCDN SHOULD provide the list of objects it used as input for processing of Trigger Command with Section 7.5, provided that dCDN advertised support for extended status (Section 9.5). An empty array is allowed and is equivalent to omitting "objects" from the Trigger Status. This field is intended to provide the list of all objects used in processing. The objects that failed to process SHOULD be specified using the Error.v2 Description resource.

    Mandatory: No.

6.1.4. Trigger Collections

Trigger Collections MUST use a MIME media type of "application/cdni; ptype=ci-trigger-collection".

A Trigger Collection is encoded as a JSON object containing the following name/value pairs:

  • Name: triggers

    Description: Links to Trigger Status Resources in the collection.

    Value: A JSON array of zero or more URLs, represented as JSON strings.

    Mandatory: Yes.

    Name: staleresourcetime

    Description: The length of time for which dCDN guarantees to keep a completed Trigger Status Resource. After this time, dCDN SHOULD delete the Trigger Status Resource and all references to it from collections.

    Value: A JSON number, which must be a positive integer, representing time in seconds.

    Mandatory: Yes, in the collection of all Trigger Status Resources if dCDN deletes stale entries. If the property is present in the filtered collections, it MUST have the same value as in the collection of all Trigger Status Resources.

    Name: coll-state

    Description: Array of all Section 6.1.4.2 objects.

    Value: An array of JSON-encoded FilteredCollectionStatusLink objects.

    Mandatory: Mandatory in the collection of all Trigger Status Resources, if dCDN implements the filtered collections. Otherwise, optional.

    Name: coll-label

    Description: Array of all Section 6.1.4.1 objects.

    Value: An array of JSON-encoded FilteredCollectionLabelLink objects.

    Mandatory: Mandatory in the collection of all Trigger Status Resources, if dCDN implements the filtered collections. Otherwise, optional.

    Name: all-triggers

    Description: Array of all Trigger Status objects in the collection. Should be returned only when an extended trigger collection view is requested as described in Section 5.3.1.1.

    Value: An array of JSON-encoded Trigger Status objects.

    Mandatory: No. The "all-triggers" SHOULD only be used by dCDN that supports and advertises the appropriate extended status for trigger collections (see Section 9.5 for details).

    Name: cdn-id

    Description: The CDN PID of dCDN.

    Value: A JSON string, dCDN's CDN PID, as defined in Section 5.7.

    Mandatory: Only in the collection of all Trigger Status Resources, if dCDN implements the filtered collections. Optional in the filtered collections (uCDN can always find dCDN's cdn-id in the collection of all Trigger Status Resources, but dCDN can choose to repeat that information in its implementation of filtered collections).

6.2. Properties of CI/T Objects

This section defines the values that can appear in the top-level objects described in Section 6.1 and their encodings.

6.2.1. Trigger.v2 Specification

A Trigger.v2 Specification is encoded as a JSON object containing the following name/value pairs:

An unrecognized name/value pair in the Trigger Specification object contained in a CI/T Command SHOULD be preserved in the Trigger Specification of any Trigger Status Resource it creates. Note that the preferred method for extending the CI/T capabilities is by defining new related trigger specs and/or trigger extensions, rather than adding new properties to the Trigger.v2 object.

  • Name: action

    Description: Defines the type of the CI/T Trigger Action.

    Value: Trigger Action Type, as defined in Section 3.1.

    Mandatory: Yes.

    Name: specs

    Description: Array of trigger specs representing the trigger's targets.

    Value: Array of GenericTriggerSpec objects (see Section 6.2.2.1).

    Mandatory: Yes. Furthermore, the list MUST NOT be empty.

    Name: extensions

    Description: Array of trigger extensions.

    Value: Array of GenericTriggerExtension objects (see Section 6.2.3.2).

    Mandatory: No. The default is no extensions.

    Name: labels

    Description: Array of trigger labels.

    Value: Array of Trigger Labels (see Section 6.2.10).

    Mandatory: No. The default is no labels.

6.2.2. Generic Trigger Specs

A "trigger.v2" object, as defined in Section 6.2.1, includes an array of trigger spec objects. Each trigger spec object contains properties that are used as trigger target selection directives for dCDN when executing the trigger command, e.g., content URLs or metadata URI patterns. Each such CDNI Trigger Spec is a specialization of a CDNI GenericTriggerSpec object. The GenericTriggerSpec object abstracts the basic information required for trigger distribution from the specifics of any given property (i.e., property semantics, enforcement options, etc.).

The semantics of the Trigger Specs list is additive, i.e., the trigger applies to any object matching one of the listed specs.

6.2.2.1. Generic Spec Object

A GenericSpecObject object is a wrapper for managing individual CDNI Trigger specs in an opaque manner.

It is encoded as a JSON object containing the following name/value pairs:

  • Name: trigger-subject

    Description: Case-insensitive CDNI Trigger subject.

    Value: String containing the type of the subject matching the generic-trigger-spec-value property, such as "content" or "metadata" as defined in Section 3.2.1.

    Mandatory: Yes.

    Name: generic-trigger-spec-type

    Description: Case-insensitive CDNI Trigger spec type.

    Value: String containing the spec type of the object contained in the generic-trigger-spec-value property (see table in Section 3.2).

    Mandatory: Yes.

    Name: generic-trigger-spec-value

    Description: A CDNI Trigger spec object.

    Value: Defined by the value of the generic-trigger-spec-type property.

    Mandatory: Yes.

The structure of a JSON serialized GenericTriggerSpec object, containing a specific trigger spec is illustrated below:


{
  "generic-trigger-spec-type":
     <Type of this trigger spec>,
  "generic-trigger-spec-value":
      {
        <properties of this trigger spec object>
      },
   "generic-trigger-spec-subject":
     <Category of this trigger spec subject>

}

6.2.3. CI/T Trigger Extensions

A "trigger.v2" object, as defined in Section 6.2.1 includes an optional array of trigger extension objects. A trigger extension contains properties that are used as directives for dCDN when executing the trigger command, e.g., location policies, time policies, and so on. Each such CDNI Trigger extension is a specialization of a CDNI GenericTriggerExtension object. The GenericTriggerExtension object abstracts the basic information required for trigger distribution from the specifics of any given property (i.e., property semantics, enforcement options, etc.). All trigger extensions are optional, and it is thus the responsibility of the extension specification to define a consistent default behavior for extensions supported by dCDN when not specified by uCDN.

6.2.3.1. Enforcement Options

The trigger enforcement options concept is in accordance with the metadata enforcement options as defined in Section 3.2 of [RFC8006].

The GenericTriggerExtension object defines the properties contained within it as well as whether or not the properties are "mandatory-to-enforce". If dCDN does not understand or support a mandatory-to-enforce property, dCDN MUST NOT execute the trigger command. If the extension is not mandatory-to-enforce, then that GenericTriggerExtension object can be safely ignored and the trigger command can be processed in accordance with the rest of the CDNI Trigger spec.

Although a CDN MUST NOT execute a trigger command if a mandatory-to-enforce extension cannot be enforced, it could still be safe to redistribute that trigger (the "safe-to-redistribute" property) to another CDN without modification. For example, in the cascaded CDN case, a transit CDN (tCDN) could convey mandatory-to-enforce trigger extension to dCDN. For a trigger extension that does not require customization or translation (i.e., trigger extension that is safe-to-redistribute), the data representation received off the wire MAY be stored and redistributed without being understood or supported by tCDN. However, for trigger extension that requires translation, transparent redistribution of uCDN trigger values might not be appropriate. Certain trigger extensions can be safely, though perhaps not optimally, redistributed unmodified. For example, pre-position command might be executed in suboptimal times for some geographies if transparently redistributed, but it might still work.

Redistribution safety MUST be specified for each GenericTriggerExtension listed. If a CDN does not understand or support a given GenericTriggerExtension object that is not safe-to-redistribute, the CDN MUST set the "incomprehensible" flag to true for that GenericTriggerExtension object before redistributing it. The "incomprehensible" flag signals to dCDN that trigger metadata was not properly transformed by the tCDN. A CDN MUST NOT attempt to execute a trigger with an extension that has been marked as "incomprehensible" by uCDN.

tCDNs MUST NOT change the value of mandatory-to-enforce or safe-to-redistribute when propagating a trigger to dCDN. Although a tCDN can set the value of "incomprehensible" to true, a tCDN MUST NOT change the value of "incomprehensible" from true to false.

Table 5 describes the action to be taken by a tCDN for the different combinations of mandatory-to-enforce ("MtE") and safe-to-redistribute ("StR") properties when the tCDN either does or does not understand the trigger extension object in question:

Table 5: Action to be taken by a tCDN for the different combinations of MtE and StR properties
MtE StR Extension object understood by tCDN Trigger action
False True True Can execute and redistribute.
False True False Can execute and redistribute.
False False False Can execute. MUST set "incomprehensible" to true when redistributing.
False False True Can execute. Can redistribute after transforming the trigger extension (if the CDN knows how to do so safely); otherwise, MUST set "incomprehensible" to true when redistributing.
True True True Can execute and redistribute.
True True False MUST NOT execute but can redistribute.
True False True Can execute. Can redistribute after transforming the trigger extension (if the CDN knows how to do so safely); otherwise, MUST set "incomprehensible" to true when redistributing.
True False False MUST NOT serve. MUST set "incomprehensible" to true when redistributing.

Table 6 describes the action to be taken by dCDN for the different combinations of mandatory-to-enforce and "incomprehensible" ("Incomp") properties, when dCDN either does or does not understand the trigger extension object in question:

Table 6: Action to be taken by dCDN for the different combinations of MtE and Incomp properties
MtE Incomp Extension object understood by dCDN Trigger action
False False True Can execute.
False True True Can execute but MUST NOT interpret/apply any trigger extension marked as "incomprehensible".
False False False Can execute.
False True False Can execute but MUST NOT interpret/apply any trigger extension marked as "incomprehensible".
True False True Can execute.
True True True MUST NOT execute.
True False False MUST NOT execute.
True True False MUST NOT execute.
6.2.3.2. GenericExtensionObject

A GenericTriggerExtension object is a wrapper for managing individual CDNI Trigger extensions in an opaque manner.

It is encoded as a JSON object containing the following name/value pairs:

  • Name: generic-trigger-extension-type

    Description: Case-insensitive CDNI Trigger extension object type.

    Value: String containing the CDNI Extension Type [RFC7736] of the object contained in the "generic-trigger-extension-value" property (see table in Section 3.3).

    Mandatory: Yes.

    Name: generic-trigger-extension-value

    Description: CDNI Trigger extension object.

    Value: Defined by the value of the "generic-trigger-extension-type" property above.

    Mandatory: Yes.

    Name: mandatory-to-enforce

    Description: Flag identifying whether or not the enforcement of this trigger extension is mandatory.

    Value: Boolean.

    Mandatory: No. The default is to treat the trigger extension as mandatory to enforce (i.e., a value of True)

    Name: safe-to-redistribute

    Description: Flag identifying whether or not this trigger extension can be safely redistributed without modification, even if the CDN fails to understand the extension.

    Value: Boolean.

    Mandatory: No. The default is to allow transparent redistribution (i.e., a value of True).

    Name: incomprehensible

    Description: Flag identifying whether or not any CDN in the chain of delegation has failed to understand and/or failed to properly transform this trigger extension object. Note: This flag only applies to trigger extension objects whose "safe-to-redistribute" property has a value of False.

    Value: Boolean.

    Mandatory: No. The default is comprehensible (i.e., a value of False).

The structure of a JSON serialized GenericTriggerExtension object containing a specific trigger extension object is illustrated below:


{
  "generic-trigger-extension-type":
     <Type of this trigger extension object>,
  "generic-trigger-extension-value":
      {
        <properties of this trigger extension object>
      },
  "mandatory-to-enforce": <bool>,
  "safe-to-redistribute": <bool>,
  "incomprehensible": <bool>
}

6.2.4. Absolute Time

A JSON number, seconds since the UNIX epoch (00:00:00 UTC on 1 January 1970).

6.2.5. Error.v2 Description

An Error.v2 Description is used to report the failure of a CI/T Command or failure in the activity it triggered. It is encoded as a JSON object with the following name/value pairs:

  • Name: description

    Description: A human-readable description of the error.

    Value: A JSON string, the human-readable description.

    Mandatory: No.

  • Name: specs

    Description: Array of trigger spec objects from the corresponding "specs" array at the Trigger Specification. Only those specs to which the error applies are listed.

    Value: Array Trigger Specifications, as defined in Section 6.2.1, where each spec object MUST be exactly as they appear in the request.

    Mandatory: Yes.

  • Name: extensions

    Description: Array of trigger extension objects copied from the corresponding "extensions" array from the Trigger Specification. Only those extensions to which the error applies are included, but those extensions MUST be exactly as they appear in the request.

    Value: Array of GenericTriggerExtension objects, where each extension object is copied from the "extensions" array values in the Trigger Specification.

    Mandatory: No. The "extensions" array SHOULD be used only if the error relates to extension objects. Property omission should be interpreted as "the error is not related to any extension".

  • Name: cdn-id

    Description: The CDN PID of the CDN where the error occurred. The "cdn-id" property is used by the originating uCDN or by the propagating dCDN in order to distinguish in which CDN the error occurred.

    Value: A non-empty JSON string, where the string is a CDN PID as defined in Section 5.7

    Mandatory: Yes. dCDN may use its own CDN PID if it does not want to expose the CDN PIDs of dCDNs.

  • Name: objects

    Description: List of objects that failed to be processed during execution of a Trigger Command.

    Value: An array of ObjectList (Section 6.2.9) objects. dCDN SHOULD provide the list of objects that it failed to process during execution of a Trigger Command with Section 7.5, provided that dCDN advertised support for extended status (Section 9.5).

    Mandatory: No. An empty array is allowed and is equivalent to omitting "objects" from the Error.v2 Description.

Example of a JSON serialized Error.v2 Description object reporting a malformed object list :


{
  "error": "econtent",
  "description": "Failed to parse HLS object list",
  "specs": [
    {
      "trigger-subject": "content",
      "generic-trigger-spec-type": "content-objectlist",
      "generic-trigger-spec-value": {
        "href": "https://www.example.com/hls/title/index.m3u8",
        "type": "hls"
      }
    }
   ],
  "objects": {
     "href": "https://dcdn.com/triggers/2a544cd9/objects",
     "type": "json"
  }
  "cdn": "AS64500:0"
}

Example of a JSON serialized Error.v2 Description object reporting an unsupported extension object:

{
  "errors": [
    {
      "error": "eextension",
      "description": "unrecognized extension <type>",
      "specs": [
        {
          "trigger-subject": "content",
          "generic-trigger-spec-type": "urls",
          "generic-trigger-spec-value": {
            "urls": [
              "https://www.example.com/a/b/c/1",
              "https://www.example.com/a/b/c/2"
            ]
          }
        }
      ],
      "extensions": [
        {
          "generic-trigger-extension-type":
            <type of this erroneous trigger extension object>,
          "generic-trigger-extension-value": {
            <properties of this erroneous trigger extension object>
          }
        }
      ],
      "cdn": "AS64500:0"
    }
  ]
}

6.2.6. Trigger Status

Trigger Status describes the current status of the triggered activity. It MUST be one of the JSON strings in the following table:

Table 7
JSON String Description
pending The CI/T Trigger Command has not yet been acted upon.
active The CI/T Trigger Command is currently being acted
upon.
complete The CI/T Trigger Command completed successfully.
processed The CI/T Trigger Command has been accepted, and no
further status update will be made (can be used in
cases where completion cannot be confirmed).
failed The CI/T Trigger Command could not be completed.
cancelling Processing of the CI/T Trigger Command is still in
progress, but the CI/T Trigger Command has been
cancelled by uCDN.
cancelled The CI/T Trigger Command was cancelled by uCDN.

Along with the Trigger Status, the Trigger Status Resource object includes a Status Reason property, allowing dCDN to provide additional information for the trigger status. For example, dCDN may indicate that the trigger status is "pending" due to one of the execution prerequisites not being fulfilled. Such a prerequisite may be specified via one of the extensions.

6.2.7. Error Code

This type is used by dCDN to report failures in trigger processing. All Error Codes MUST be registered in the IANA "CDNI CI/T Error Codes" registry (see Section 11.7). Unknown Error Codes MUST be treated as fatal errors, and the request MUST NOT be automatically retried without modification.

The following Error Codes are defined by this document and MUST be supported by an implementation of the CI/T v2 interface.

Table 8
Error Code Description Registration
emeta dCDN was unable to acquire and/or is not in possession of metadata required to fulfill the request. RFCthis
econtent dCDN was unable to acquire content (CI/T "preposition" commands only). RFCthis
eperm uCDN does not have permission to issue the CI/T Command (for example, the data is owned by another CDN). RFCthis
ereject dCDN is not willing to fulfill the CI/T Command (for example, a "preposition" request for content at a time when dCDN would not accept Request Routing requests from uCDN). RFCthis
ecdn An internal error in dCDN or one of its dCDNs. RFCthis
ecancelled uCDN cancelled the request. RFCthis
eunsupported The Trigger Specification contained an "action type" that is not supported by dCDN. No action was taken by dCDN other than to create a Trigger Status Resource in state "failed". RFCthis
espec An error occurred while parsing a generic trigger spec, or that the specific trigger spec is not supported by the CDN. RFCthis
esubject An error occurred while parsing a trigger subject, or that the specific trigger subject is not supported by the CDN. RFCthis
eextension An error occurred while parsing a generic trigger extension, or that the specific extension is not supported by the CDN. RFCthis

[RFC Editor: Please replace RFCthis with the published RFC number for this document.]

6.2.8. URL Type

This type is used by uCDN to indicate how to interpret URLs referenced by trigger specs that use URLs, such as Section 7.1, Section 7.3, Section 7.4 and Section 7.5.

One option for uCDN to use in Trigger Commands is published URLs, which are used by end users. When using this URL type, uCDN MUST provide configuration metadata objects related to these URLs before creating a trigger option referencing these URLs. When this is not the case, dCDN MUST return the error code "emeta".

When processing published URLs in "preposition" Trigger Action, dCDN MUST invoke processing of metadata objects it would have invoked in content acquisition to satisfy an end-user request, e.g. SourceMetadata (see Section 4.2.1 of [RFC8006]).

Another type of URL in common use is a private URL, which is based on cache keys that are dynamically constructed via lightweight processing of various properties of the HTTP request and/or response. As an example, an origin might specify a cache key as a value returned in a specific HTTP response header.

As an example, uCDN may prefer to use such private URLs in "purge" or "invalidate" Trigger Actions to simplify processing.

dCDNs implementing the CI/T Interface MUST support the "published" URL type. dCDN MAY support the additional "private" URL type. In this case, dCDN SHOULD advertise the private URL type support via FCI using Section 9.4. If the private URL is not supported by dCDN, it SHOULD reject the Trigger Command using "eunsupported" Error Code. If both URL types are supported by dCDN, uCDN MUST use only one URL type in each Trigger Command.

The following URL types are defined by this document and MUST be supported by the implementation of the CI/T interface:

Table 9
URL Type Description Registration
published Published URL used by end users to access content RFCthis
private Private URLs used by dCDN to look up content objects in cache RFCthis

[RFC Editor: Please replace RFCthis with the published RFC number for this document.]

6.2.9. ObjectList

ObjectList is a metadata object describing lists of objects that can be used in the context of CI/T v2 trigger spec, trigger status resources and other contexts as required. The ObjectList object can either embed the lists of objects or point to external URL(s) that hold such lists. ObjectList allows the specification of an object list type, providing instructions on the interpretation of the object list format.

ObjectLists MAY be recursive, i.e. including references to secondary manifests, including references to HLS, MPEG-DASH or MSS manifests as well as additional JSON-encoded ObjectLists, etc. The party consuming the object list MUST parse all recursions based on the object list type property. When doing so, the consuming party should also detect potential loops when the descendant ObjectList points back to the parent ObjectList.

In the case of uCDN accessing ObjectList objects referencing external URLs published by dCDN, both parties should comply with the CI/T interface security requirements (see Section 12.1 for details). When dCDN accesses external URLs referenced by ObjectLists supplied by uCDN, for example as part of Trigger Spec, dCDN MUST match these URLs with source metadata objects, published by uCDN, such as SourceMetadata objects specified in Section 4.2.1 of [RFC8006], and use these metadata objects for content acquisition if a match was found.

ObjectLists MAY combine regular objects and secondary ObjectLists in the same object. Please note that when embedding non-JSON object lists directly in ObjectList, absolute URLs MUST be provided at all times and the text SHOULD be encoded in accordance with the JSON grammar specification [ECMA404], including explicit newline encoding. When uCDN accesses ObjectList metadata resources published by uCDN, the same interface authentication and authorization requirements would apply, as when accessing the interface itself.

ObjectList is encoded as an array of per-object records in JSON format as follows:

External HLS manifest:

[
  {
    "href": "https://example.com/hls/a36f764e/index.m3u8",
    "type": "hls"
  }
]

External object list in text format:

[
  {
    "href": "https://example.com/hls/35cdc008/assets",
    "type": "text"
  }
]

List of external manifests and objects of mixed types:

[
  {
    "href": "https://example.com/hls/35cdc008/index.m3u8",
    "type": "hls"
  },
  {
    "href": "https://example.com/dash/35cdc008/main.mpd",
    "type": "dash"
  },
  {
    "href": "https://example.com/dash/35cdc008/files.json",
    "type": "json"
  }
]

Embedded JSON-encoded object list:

[
  {
    "data": [
    {
      "href": "https://example.com/hls/35cdc008/index.m3u8",
      "type": "hls"
    },
    {
      "href":"https://example.com/dash/35cdc008/main.mpd",
      "type": "dash"
    },
    {
      "href": "https://example.com/img/35cdc008/thumb-l.jpg",
      "size": 10260
    },
    {
      "href": "https://example.com/img/35cdc008/thumb-s.jpg",
      "size": 1453
    }],
    "type": "json"
  }
]

Embedded HLS manifest:

[
  {
    "data":
      "#EXTM3U\n
#EXT-X-STREAM-INF:BANDWIDTH=150000,RESOLUTION=416x234\n
http://example.com/hls/35cdc008/low/index.m3u8\n
#EXT-X-STREAM-INF:BANDWIDTH=240000,RESOLUTION=416x234\n
http://example.com/hls/35cdc008/lo_mid/index.m3u8\n
#EXT-X-STREAM-INF:BANDWIDTH=440000,RESOLUTION=416x234\n
http://example.com/hls/35cdc008/hi_mid/index.m3u8\n
#EXT-X-STREAM-INF:BANDWIDTH=640000,RESOLUTION=640x360\n
http://example.com/hls/35cdc008/high/index.m3u8\n
#EXT-X-STREAM-INF:BANDWIDTH=64000\n
http://example.com/hls/35cdc008/audio/index.m3u8\n",
    "type": "hls"
  }
}

The ObjectList properties are as follows:

  • Name: data

    Description: List of objects in one of the recognized formats.

    Value: JSON String.

    Mandatory: No. Either "data" or "href" MUST be set.

    Name: href

    Description: URL pointing to an external object list or object in one of the recognized formats.

    Value: A URL represented as a JSON String

    Mandatory: No. Either "data" or "href" MUST be set.

    Name: type

    Description: Object list type to be used when parsing and interpreting this object list. By default, each record in the list is assumed to represent an object that does not require additional processing.

    Value: ObjectListType (see Section 6.2.9).

    Mandatory: Yes.

6.2.9.1. ObjectList Type

ObjectListType objects are used to specify the registered type of ObjectList objects (see Section 11.5), used in Trigger Spec, Trigger Status and Error.v2 Description objects.

The following table defines the initial ObjectListType JSON string values

Table 10
JSON string Description Specification Protocol Specification
hls HTTP Live Streaming RFCthis RFC 8216 [RFC8216]
mss Microsoft Smooth Streaming RFCthis MSS [MSS]
dash Dynamic Adaptive Streaming over HTTP (MPEG-DASH) RFCthis MPEG-DASH [MPEG-DASH]
json JSON serialized object list RFCthis JSON (Section 6.2.9.2)
text Object list in text format RFCthis Text (Section 6.2.9.3)

[RFC Editor: Please replace RFCthis with the published RFC number for this document.]

6.2.9.2. JSON Serialized Object List

This ObjectList type specifies a collection of objects encoded in JSON format, where each entry is encoded as an ObjectEntry (Section 6.2.9.4) object. The entries in the JSON object list MAY have an object list type specified, allowing for a recursive object list structure.

6.2.9.3. Text Object List

Unlike the JSON Serialized Object List (Section 6.2.9.2), the text-based object list will not support a recursive object list structure and every object specified in it SHOULD be downloaded without additional processing.

6.2.9.4. ObjectEntry

ObjectEntry is a metadata object describing an object and its associated metadata, to be used in JSON-encoded ObjectList (Section 6.2.9) objects.

The following is an example of JSON serialized ObjectEntry objects:

[
  {
    "href": "https://example.com/hls/35cdc008/index.m3u8",
    "type": "hls"
  },
  {
    "href": "https://example.com/dash/35cdc008/main.mpd",
    "type": "dash"
  },
  {
    "href": "https://example.com/img/35cdc008/thumb-l.jpg",
    "size": 102600
  },
  {
    "href": "https://example.com/img/35cdc008/thumb-s.jpg",
    "size": 14535
  },
]

The ObjectEntry properties are as follows:

  • Name: href

    Description: Object URL

    Value: A URL represented as a JSON string.

    Mandatory: Yes.

    Name: type

    Description: ObjectList type to be used when processing this object. By default, ObjectEntry object is assumed to represent an object and does not require additional processing.

    Value: ObjectListType (see Section 6.2.9.1).

    Mandatory: No.

    Name: size

    Description: Object size, in bytes. Can be used to decide to download the object based on size. For example, dCDN may ignore objects that are too small or too large.

    Value: Integer.

    Mandatory: No.

6.2.10. Trigger Label

A JSON string. Labels SHOULD be unique per trigger.

7. Trigger Spec Objects

The objects defined below are intended to be used in the GenericTriggerSpec object's generic-trigger-spec-value field as defined in Section 6.2.2.1. As such all these trigger specs are registered in the IANA "CDNI CI/T Trigger Specs" registry (see Section 11.3).

7.1. URLs Spec

The "urls" spec type allows uCDN to manage uCDN content or metadata objects held by dCDN based on the objects' URLs.

The URLs spec is encoded as a JSON object containing the following name/value pairs:

  • Name: urls

    Description: An array of URLs over which the trigger MUST be executed.

    Value: A JSON array of URLs represented as JSON strings.

    Mandatory: Yes.

    Name: url-type

    Description: Type of URL used.

    Value: URL Type as defined in Section 6.2.8.

    Mandatory: No. When omitted or empty, "published" URL type is assumed.

Below is an example of a JSON serialized URLs spec object, matching the metadata at metadata.example.com/a/b/c.

{
   "trigger-subject": "metadata",
   "generic-trigger-spec-type": "urls",
   "generic-trigger-spec-value": {
      "urls": [
         "https://metadata.example.com/a/b/c"
      ],
      "url-type": "published"
   }
}

7.2. CCIDs Spec

The "ccids" spec type allows uCDN to specify the Content Collection IDentifier (CCID) of content to which the trigger applies. The CCID is a grouping of content as defined by [RFC8006]. The "ccids" spec type is valid only for the content spec subject (see Section 3.2.1).

CCIDs spec is encoded as a JSON object containing the following name/value pairs:

  • Name: ccids

    Description: An array of Content Collection IDentifiers over which the trigger MUST be executed.

    Value: A JSON array of strings, where each string is a Content Collection IDentifier.

    Mandatory: Yes.

7.3. URI Pattern Match Spec

The "uri-pattern-match" spec type allows uCDN to manage uCDN content or metadata objects held by dCDN based on the objects' URI pattern. The value is a UriPatternMatch object, as defined in Section 7.3.1.

7.3.1. UriPatternMatch

A UriPatternMatch consists of a string pattern to match against a URI, and flags describing the type of match.

It is encoded as a JSON object containing the following name/value pairs:

  • Name: pattern

    Description: A pattern for URI matching.

    Value: A JSON string representing the pattern. The pattern can contain the wildcards "*" and "?", where "*" matches any sequence of [RFC3986] pchar or "/" characters (including the empty string) and "?" matches exactly one [RFC3986] pchar character. The three literals "$", "*" and "?" MUST be escaped as "$$", "$*" and "$?" (where "$" is the designated escape character). All other characters are treated as literals.

    Mandatory: Yes.

    Name: case-sensitive

    Description: Flag indicating whether or not case-sensitive matching should be used.

    Value: One of the JSON values "true" (the matching is case sensitive) or "false" (the matching is case insensitive).

    Mandatory: No; default is "false", i.e., a case-insensitive match.

    Name: match-query-string

    Description: Flag indicating whether to include the query part of the URI when compared against the pattern.

    Value: One of the JSON values "true" (the full URI, including the query part, should be compared against the given pattern) or "false" (the query part of the URI should be dropped before comparison with the given pattern).

    Mandatory: No; default is "false". The query part of the URI should be dropped before comparison with the given pattern.

    Name: url-type

    Description: Type of URLs to match.

    Value: URL Type as defined in Section 6.2.8.

    Mandatory: No. When omitted or empty, "published" URL type is assumed.

Example of case-sensitive prefix match against "https://www.example.com/trailers/":


{
    "pattern": "https://www.example.com/trailers/*",
    "case-sensitive": true
}

7.4. URI Regex Match Spec

The "uri-regex-match" spec type allows uCDN to manage content or metadata objects held by dCDN based on the objects' URI regex.

7.4.1. RegexMatch

A RegexMatch consists of a regular expression string a URI is matched against, and flags describing the type of match. It is encoded as a JSON object with the following properties:

  • Name: regex

    Description: A regular expression for URI matching.

    Value: A regular expression to match against the URI, i.e., against the path-absolute and the query string parameters [RFC3986]. The regular expression string MUST be compatible with POSIX [POSIX.1] Section 9 Extended Regular Expressions. This regular expression MUST be evaluated in the POSIX locale (POSIX [POSIX.1] Section 7.2).

    Note: Because '\' has a special meaning in JSON [RFC8259] as the escape character within JSON strings, the regular expression character '\' MUST be escaped as '\\'.

    Mandatory: Yes.

    Name: case-sensitive

    Description: Flag indicating whether or not case-sensitive matching should be used.

    Value: JSON boolean. Either "true" (the matching is case-sensitive) or "false" (the matching is case insensitive).

    Mandatory: No; default is "false", i.e., a case-insensitive match.

    Name: match-query-string

    Description: Flag indicating whether to include the query part of the URI when compared against the regex.

    Value: JSON Boolean. Either "true" (the full URI, including the query part, should be compared against the regex) or "false" (the query part of the URI should be dropped before comparison with the given regex).

    Mandatory: No; default is "false". The query part of the URI MUST be dropped before comparison with the given regex. This makes the regular expression simpler and safer for cases in which the query parameters are not relevant for the match.

    Name: url-type

    Description: Type of URLs to match against.

    Value: URL Type as defined in Section 6.2.8.

    Mandatory: No. When omitted or empty, "published" URL type is assumed.

Example of a case-sensitive, no query parameters, regex match against:


"^(https:\/\/video\.example\.com)\/([a-z])\/
 movie1\/([1-7])\/*(index.m3u8|\d{3}.ts)$"
{
  "regex": "^(https:\\/\\/video\\.example\\.com)\\/([a-z])\\/
           movie1\\/([1-7])\\/*(index.m3u8|\\d{3}.ts)$",
  "case-sensitive": true,
  "match-query-string": false
}

This regex matches URLs of the domain "video.example.com" where the path structure is /(single lower case letter)/(name-of-title)/(single digit between 1 to 7)/(index.m3u8 or a 3 digit number with ts extension). For example:

https://video.example.com/d/movie1/5/index.m3u8
or
https://video.example.com/k/movie1/4/013.ts

7.5. Object List Spec

The "objectlist" spec type allows uCDN to manage content held by dCDN based on structured object lists. The Object List spec type is valid only for the content spec subject (see Section 3.2.1).

An object list is encoded as an ObjectList (Section 6.2.9) object.

8. Trigger Extension Objects

The objects defined below are intended to be used in the GenericTriggerExtension object's generic-trigger-extension-value field as defined in Section 6.2.3.2, and their generic-trigger-extension-type property MUST be set to the appropriate Extension Type as defined in Section 3.3.

8.1. LocationPolicy Extension

A content operation may be relevant for a specific geographical region or need to be excluded from a specific region. In this case, the trigger should be applied only to parts of the network that are either "included" or "not excluded" by the location policy. Note that the restrictions here are on the cache location rather than the client location.

The LocationPolicy object defines which CDN or cache locations for which the trigger command is relevant.

Example use cases:

  • Pre-position: Certain contracts allow for pre-positioning or availability of contracts in all regions except for certain excluded regions in the world, including caches. For example, some content cannot ever knowingly touch servers in a specific country, including cached content. Therefore, these regions MUST be excluded from a pre-positioning operation.

  • Purge: In certain cases, content may have been located on servers in regions where the content must not reside. In such cases, a purge operation to remove content specifically from that region is required.

Object specification:

  • Name: locations

    Description: An Access List that allows or denies (blocks) the trigger execution per cache location.

    Value: Array of LocationRule objects (see Section 4.2.2.1 of [RFC8006]).

    Mandatory: Yes.

    Name: url-type

    Description: Type of URL used in the ObjectList(s).

    Value: URL Type as defined in Section 6.2.8.

    Mandatory: No. When omitted or empty, the "published" URL type is assumed.

If a location policy object is not listed within the trigger command, the default behavior is to execute the trigger in all available caches and locations of dCDN.

The trigger command is allowed, or denied, for a specific cache location according to the action of the first location whose footprint matches that cache's location. If two or more footprints overlap, the first footprint that matches against the cache's location determines the action a CDN MUST take. If the "locations" property is an empty list or if none of the listed footprints match the location of a specific cache location, then the result is equivalent to a "deny" action.

The following is an example of a JSON serialized generic trigger extension object containing a location policy object that allows the trigger execution in the US but blocks its execution in Canada:

{
   "generic-trigger-extension-type": "location-policy",
   "generic-trigger-extension-value":
    {
       "locations": [
         {
           "action": "allow",
           "footprints": [
             {
               "footprint-type": "countrycode",
               "footprint-value": ["us"]
             }
           ]
         },
         {
           "action": "deny",
           "footprints": [
             {
               "footprint-type": "countrycode",
               "footprint-value": ["ca"]
             }
           ]
         }
       ]
    },
   "mandatory-to-enforce": true,
   "safe-to-redistribute": true,
   "incomprehensible": false
}

8.2. TimePolicy Extension

uCDN may wish to perform content management operations on dCDN on a specific schedule. The TimePolicy extension allows uCDN to instruct dCDN to execute the trigger command in a desired time window. For example, a content provider that wishes to pre-populate a new episode at off-peak time so that it would be ready on caches at prime time when the episode is released for viewing. A scheduled operation enables uCDN to direct dCDN in what time frame to execute the trigger.

uCDN may wish to schedule a trigger such that dCDN will execute it in local time, as it is measured in each region. For example, uCDN may wish dCDN to pull the content at off-peak hours, between 2AM-4AM, however, as a CDN is distributed across multiple time zones, the UTC definition of 2AM depends on the actual location.

We define two alternatives for localized scheduling:

  • Regional schedule: When used in conjunction with the Location Policy defined in Section 8.1, uCDN can trigger separate commands for different geographical regions, for each region using a different schedule. This allows uCDN to control the execution time per region.

  • Local Time schedule: We introduce a "local time" version for Internet timestamps that follows the notation for local time as defined in Section 4.2.2 of [ISO8601]. When local time is used, that dCDN SHOULD execute the triggers at different absolute times, according to the local time of each execution location.

Object specification:

  • Name: unix-time-window

    Description: A UNIX epoch time window in which the trigger SHOULD be executed.

    Value: TimeWindow object using UNIX epoch timestamps (see Section 4.2.3.2 of [RFC8006]).

    Mandatory: No, but exactly one of "unixEpochWindow" or "utcWindow" MUST be present.

  • Name: utc-window

    Description: A UTC time window in which the trigger SHOULD be executed.

    Value: UTCWindow object as defined in Section 8.2.1.

    Mandatory: No, but exactly one of "unixEpochWindow" or "utcWindow" MUST be present.

If a time policy object is not listed within the trigger command, the default behavior is to execute the trigger in a time frame most suitable to dCDN taking under consideration other constraints and / or obligations.

Example of a JSON serialized generic trigger extension object containing a time policy object that schedules the trigger execution to a window between 09:00 01/01/2000 UTC and 17:00 01/01/2000 UTC, using the "unix-time-window" property:

{
   "generic-trigger-extension-type": "time-policy",
   "generic-trigger-extension-value":
    {
      "unix-time-window": {
         "start": 946717200,
         "end": 946746000
      }
    },
   "mandatory-to-enforce": true,
   "safe-to-redistribute": true,
   "incomprehensible": false
}

8.2.1. UTCWindow

A UTCWindow object describes a time range in UTC or UTC and a zone offset that can be applied by a TimePolicy.

It is encoded as a JSON object containing the following name/value pairs:

  • Name: start

    Description: The start time of the window.

    Value: Internet date and time as defined in [RFC3339].

    Mandatory: No. but at least one of "start" or "end" MUST be present and non-empty.

    Name: end

    Description: The end time of the window.

    Value: Internet date and time as defined in [RFC3339].

    Mandatory: No. but at least one of "start" or "end" MUST be present and non-empty.

Example JSON serialized UTCWindow object that describes a time window from 02:30 01/01/2000 UTC to 04:30 01/01/2000 UTC:

{
  "start": "2000-01-01T02:30:00.00Z",
  "end": "2000-01-01T04:30:00.00Z"
}

Example JSON serialized UTCWindow object that describes a time window in New York time zone offset UTC-05:00 from 02:30 01/01/2000 to 04:30 01/01/2000:

{
  "start": "2000-01-01T02:30:00.00-05:00",
  "end": "2000-01-01T04:30:00.00-05:00"
}

8.3. ExecutionPolicy Extension

Unless specified otherwise, dCDN is at liberty to decide how to choose trigger commands for execution from all pending commands, whether to process trigger commands sequentially or in parallel, immediately upon acceptance, or with a delay in batches. uCDN may wish to control trigger processing in more detail, including the order of execution, dependencies, and concurrency.

Example use cases:

  • Priority: uCDN may have multiple trigger commands in "pending" and/or "active" mode. For example, trigger commands with policy constraints, a large number of content objects affected, or other dCDN business logic may take a long time to execute. uCDN may wish to prescribe the order in which dCDN picks up its trigger commands for execution from the "pending" queue, by indicating a relative priority of each trigger. The priority would affect the selection of trigger commands specific to the requesting uCDN. dCDN may separately prioritize triggers from multiple uCDNs subject to its business logic. Multiple priority-related use cases exist:

    • uCDN needs to introduce an urgent "purge" or "invalidate" trigger into an existing queue of trigger commands to correct wrong versions of content objects published by it

    • uCDN needs to indicate which content objects should be prepositioned, purged or invalidated first, for example prepositioning newer released content before prepositioning updates to an existing catalog

  • Pre-requisite: In some cases, uCDN may wish to indicate what trigger commands should be processed and completed before another trigger command is processed. For example, uCDN may want to rectify incorrectly published content by purging content objects and then prepositioning them again. In this case, uCDN may want the preposition trigger command to be processed only after the purge trigger command has been processed because concurrent processing of these triggers may cause the new version of these content objects to be purged. Alternatively, uCDN may wish to condition the execution of purge or invalidation triggers upon the completion or cancellation of long-running preposition triggers to avoid race conditions that would result from processing these in parallel. The prerequisite requirement implies that a previous trigger reaches one of the following states:

    • "complete" or "processed" for successful completion

    • "failed" for failed processing

    • "cancelled" for completion of cancellation

  • Urgency: uCDN may wish to indicate that dCDN should process a trigger command without delay. This requirement is separate and additional to priority, as priority indicates the order in which triggers should be processed, yet does not prescribe how soon each trigger should be executed. dCDN MAY reject such requests for urgent processing using "ereject" error code. This can happen due to dCDN internal business logic (e.g. batch-driven purge and invalidation), or due to dependencies on other triggers that could not be completed by dCDN immediately. In such a case uCDN should either modify the request by removing prerequisites or cancel such pending triggers before re-trying the request.

uCDN may combine multiple options in the same trigger command. dCDN should consider the following when processing such commands:

  • dCDN MUST reject triggers that are dependent on other pending triggers with lower priority to prevent deadlocks.

  • When introducing an urgent trigger uCDN SHOULD indicate a priority that is equal to or higher than the highest priority among the pending triggers that belong to the same uCDN. dCDN MUST reject urgent triggers that have lower priority than other pending triggers of the same uCDN.

  • dCDN MUST reject an urgent trigger that has pending triggers as its prerequisite. dCDN MAY reject an urgent trigger that has triggers in an "active" or "cancelling" state as its prerequisite, such as when such triggers are deemed to take a long time to complete or cancel.

When combining ExtensionPolicy with Section 8.2, TimePolicy governs the time window when the trigger can execute, while ExecutionPolicy controls the order of trigger execution within their respective windows. The following error conditions should be considered by dCDN:

  • When a trigger is marked urgent, but its TimePolicy extension doesn't allow immediate processing, it should be rejected by dCDN.

  • When a trigger has a TimePolicy extension and is also dependent on another trigger with a TimePolicy extension, that specifies an execution window (directly or via a chain of dependency) that doesn't start until after the depending trigger's execution window ends, such a trigger should be rejected.

The ExtensionPolicy extension is encoded as a JSON object containing the following name/value pairs:

  • Name: priority

    Description: Relative weight of the trigger. When picking a trigger for execution from all pending triggers posted by each uCDN, dCDN MUST choose the trigger with the highest priority first.

    Value: Integer from -100 to 100.

    Mandatory: No. The value defaults to zero if omitted.

    Name: depends

    Description: Links to Trigger Status Resources that the current Trigger Command depends on. Indicates which triggers should fully finish processing before starting execution of the current trigger. The triggers need to be in one of the following states to be considered finished: "complete", "processed", "failed" or "cancelled".

    Value: A JSON array of zero or more URLs, represented as JSON strings.

    Mandatory: No. In case of a missing or an empty list, no dependencies are assumed.

    Name: urgent

    Description: Indicates whether the trigger should be immediately moved to the "active" state upon acceptance. In the absence of this flag, dCDN is at liberty to choose the time for trigger execution, e.g., batch processing.

    Value: Boolean.

    Mandatory: No. The default is to handle the Trigger Command as not urgent.

The following is an example of a JSON serialized generic extension trigger object containing an execution policy object that specifies trigger priority of 100, marks Trigger Command as urgent and makes the Trigger Command execution dependent on the completion of the previous Trigger Commands:

{
  "generic-trigger-extension-type": "execution-policy",
  "generic-trigger-extension-value":
  {
    "priority": 100,
    "depends":  {
      "https://dcdn.com/triggers/100",
      "https://dcdn.com/triggers/101"
    },
    "urgent": true
  }
}

9. Footprint and Capabilities

This section covers the FCI objects required for the advertisement of the specs, extensions, and properties introduced in this document.

9.1. CI/T Endpoint Capability Object

The CI/T trigger endpoint capability object is used to advertise one or more CI/T interface endpoints along with CI/T interface versions supported by these endpoints. The capability type is "FCI.CITEndpoints". Version 1, as originally defined in [RFC8007], is the default if this capability is not explicitly declared.

A CI/T Endpoints capability object is encoded as an array of JSON objects containing the following name/value pairs:

  • Name: trigger-endpoint-uri

    Description: CI/T endpoint URI

    Value: A URL represented as a JSON string.

    Mandatory: Yes.

    Name: trigger-versions

    Description: A list of CI/T versions supported by the trigger endpoint.

    Value: An array of JSON strings.

    Mandatory: Yes.

    Name: trigger-subject

    Description: Array of trigger subjects supported by the trigger endpoint.

    Value: An array of Strings containing the type of the subject matching the generic-trigger-spec-value property, such as "content" or "metadata" as defined in Section 3.2.1.

    Mandatory: No. A missing or empty "trigger-subject" list means that all trigger subjects are supported by the endpoint. dCDN SHOULD advertise only one endpoint for every trigger subject and CI/T interface version pair. If more than one interface endpoint supports the same trigger subject and CI/T interface version (e.g. CI/T version 2 interface for content objects), uCDN SHOULD be able to use any of the advertised CI/T interface endpoints interchangeably.

9.1.1. CI/T Endpoints Capability Object Serialization

The following shows an example of CI/T Endpoints Capability object serialization for dCDN that supports versions 2 and 2.1 of the CI/T interface.

{
  "capabilities": [
    {
      "capability-type": "FCI.CITEndpoints",
      "capability-value": {
       "trigger-endpoint-uri":
         "https://dcdn.example.com/configuration/",
        "trigger-versions": [ "1" ],
       "trigger-subjects": "metadata"
        },
      "footprints": [ <Footprint objects> ]
    },
    {
      "capability-type": "FCI.CITEndpoints",
      "capability-value": {
     "trigger-endpoint-uri":
       "https://dcdn.example.com/cache-management/",
      "trigger-versions": [ "2", "2.1" ],
     "trigger-subjects": "content"
   },
      "footprints": [ <Footprint objects> ]
    }
  ]
}

9.2. CI/T Trigger Scope Capability Object

The CI/T supports several trigger actions for different trigger subjects as defined in Section 3.1 and Section 3.2.1. Additional actions, as well as subjects, may be defined in the future. The Trigger Scope capability object is used to indicate support for a Trigger Action for a subject. It further specifies the Trigger Generic Spec types that may be used for selecting the targets the triggers are applied on, along with the supported Trigger Generic Extension types.

The "trigger-scope-capability" object matches the "FCI.CITScope" capability type and is encoded as a JSON object containing the following name/value pairs:

  • Name: trigger-action

    Description: The supported CDNI CI/T Trigger Action.

    Value: A string corresponding to an entry from the "CDNI CI/T Trigger Types" registry Section 11.2, which corresponds to a CDNI CI/T Trigger Action.

    Mandatory: Yes.

    Name: trigger-subject

    Description: The supported CDNI CI/T Trigger Subject.

    Value: A string corresponding to an entry from the "CDNI CI/T Trigger Subjects" registry Section 11.4, which corresponds to a CDNI CI/T Trigger Subject.

    Mandatory: Yes.

    Name: trigger-specs

    Description: A list of supported CDNI CI/T GenericSpecObject types for Trigger Action and Subject.

    Value: List of strings corresponding to entries from the "CDNI CI/T Trigger Specs" registry Section 11.3, which corresponds to a CDNI CI/T GenericSpecObject objects.

    Mandatory: No. The default, in case of a missing or an empty list, MUST be interpreted as "no GenericExtensionObject types are supported". A non-empty list MUST be interpreted as containing "the only GenericExtensionObject types that are supported".

    Name: trigger-extensions

    Description: A list of supported CDNI CI/T GenericExtensionObject types for Trigger Action and Subject.

    Value: List of strings corresponding to entries from the "CDNI CI/T Trigger Extension" registry Section 11.6, which corresponds to a CDNI CI/T GenericExtensionObject object.

    Mandatory: No. The default, in case of a missing or an empty list, MUST be interpreted as "no GenericExtensionObject types are supported". A non-empty list MUST be interpreted as containing "the only GenericExtensionObject types that are supported".

9.2.1. CI/T Trigger Scope Capability Object Serialization

The following shows an example of a JSON serialized CI/T Trigger Scope Capability object serialization for dCDN that supports the preposition and invalidation of content, using "urls" and "ccids" Generic Spec types, with "time-policy" but only for the "preposition" action. Note that in this example, purge is not supported, and no actions involving metadata are supported either.

{
 "capabilities": [
   {
     "capability-type": "FCI.CITScope",
     "capability-value": {
       "trigger-scope-capabilities": [
         {
            "trigger-action": "preposition",
            "trigger-subject": "content",
            "trigger-specs": ["urls", "ccids"],
            "trigger-extensions": ["time-policy"]
         },
         {
            "trigger-action": "invalidate",
            "trigger-subject": "content",
            "trigger-specs": ["urls", "ccids"]
         }
      ]
     },
     "footprints": [
       <Footprint objects>
     ]
   }
 ]
}

9.3. CI/T Object List Type Capability Object

Given an object list being supported by dCDN, the CI/T Object List Type capability object is used to indicate support for one or more Object List types listed in Section 11.5 by the type property of the "ObjectList" object. The capability type is "FCI.CITObjectListType".

  • Name: object-list-types

    Description: A list of supported ObjectList types.

    Value: An array of Section 6.2.9.1.

    Mandatory: No. In case of a missing or an empty list, MUST be interpreted as no ObjectList types are supported.

9.3.1. CI/T Object List Type Capability Object Serialization

The following shows an example of a JSON serialized CI/T Object List Type Capability object serialization for dCDN that supports "hls" and "dash".

{
 "capabilities": [
   {
     "capability-type": "FCI.CITObjectListType",
     "capability-value": {
       "object-list-types": ["hls", "dash", "json"]
     },
     "footprints": [ <Footprint objects> ]
   }
 ]
}

9.4. CI/T Private URL Capability Object

The CI/T Private URL capability object is used to indicate support for operations on private URLs (see Section 6.2.8 for details). The capability type is "FCI.CITPrivateUrlType".

  • Name: private-url-type-support

    Description: Indicate whether private URL type is supported by dCDN.

    Value: Boolean.

    Mandatory: No. In case of missing or an empty attribtue, MUST be interpreted as no support for private URLs.

9.4.1. CI/T Private URL Type Capability Object Serialization

The following shows an example of a JSON serialized CI/T Private URL Type Capability object serialization for dCDN that supports the private URL type in URL-based trigger spec types.

{
 "capabilities": [
   {
     "capability-type": "FCI.CITPrivateUrlType",
     "capability-value": {
       "private-url-type-support": true
     },
     "footprints": [ <Footprint objects> ]
   }
 ]
}

9.5. CI/T Extended Status Capability Object

CI/T Extended Trigger Status Capability object is used to indicate support for extended trigger status. The extended trigger status is returned upon uCDN request and includes:

  • "objects" attribute in Trigger Status object

  • "objects" attribute in Error.v2 Description object

  • "all-triggers" attribute in Trigger Collections object

The capability type is "FCI.CITExtendedStatus".

  • Name: extended-status-objects

    Description: List of CI/T objects that support extended attributes.

    Value: An array of JSON strings listing CI/T objects.

    Mandatory: No. By default, in case of a missing or an empty list, no extended attribute objects are supported.

9.5.1. CI/T Private URL Type Capability Object Serialization

The following shows an example of a JSON serialized CI/T Extended Status Type Capability object serialization for dCDN that supports extended status in Trigger Status, Error.v2 Description and Trigger Collections objects.

{
 "capabilities": [
   {
     "capability-type": "FCI.CITExtendedStatus",
     "capability-value": {
       "extended-status-objects": [
         "trigger-status",
         "error-v2-description",
         "trigger-collection"
       ]
     },
     "footprints": [ <Footprint objects> ]
   }
 ]
}

10. Examples

The following subsections provide examples of different CI/T objects encoded as JSON.

The discovery of the CI/T interface is out of scope of this document. In an implementation, all CI/T URLs are under the control of the dCDN. uCDN MUST NOT attempt to ascribe any meaning to individual elements of the path.

In examples in this section, the URL "https://dcdn.example.com/triggers" is used as the location of the collection of all Trigger Status Resources, and the CDN PID of uCDN is "AS64496:1".

10.1. Creating Triggers

Examples of uCDN triggering activity in dCDN:

10.1.1. Preposition

Below is an example of a CI/T "preposition" command -- a POST to the collection of all Trigger Status Resources.

Note that pattern-based specs like "UriPatternMatch" and "UrisRegexMatch" are not allowed in a pre-position Trigger Specification, where dCDN has to have a clear list of objects to obtain.

REQUEST:

  POST /triggers HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*
  Content-Type: application/cdni; ptype=ci-trigger-command.create.v2
  Content-Length: 352

  {
      "trigger": {
         "action": "preposition",
         "specs": [
            {
               "trigger-subject": "metadata",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://metadata.example.com/a/b/c"
                  ]
               }
            },
            {
               "trigger-subject": "content",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://www.example.com/a/b/c/1",
                     "https://www.example.com/a/b/c/2",
                     "https://www.example.com/a/b/c/3",
                     "https://www.example.com/a/b/c/4"
                  ]
               }
            }
         ],
      },
      "cdn-path": [ "AS64496:1" ]
  }

RESPONSE:

  HTTP/1.1 201 Created
  Date: Wed, 04 May 2016 08:48:10 GMT
  Content-Length: 467
  Content-Type: application/cdni; ptype=ci-trigger-status.v2
  Location: https://dcdn.example.com/triggers/0
  Server: example-server/0.1

  {
      "ctime": 1462351690,
      "etime": 1462351698,
      "mtime": 1462351690,
      "status": "pending",
      "trigger": {
         "action": "preposition"
         "specs": [
            {
               "trigger-subject": "metadata",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://metadata.example.com/a/b/c"
                  ]
               }
            },
            {
               "trigger-subject": "content",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://www.example.com/a/b/c/1",
                     "https://www.example.com/a/b/c/2",
                     "https://www.example.com/a/b/c/3",
                     "https://www.example.com/a/b/c/4"
                  ]
               }
            }
         ]
      }
  }

10.1.2. Invalidate

Below is an example of a CI/T "invalidate" command -- another POST to the collection of all Trigger Status Resources. This instructs the dCDN to revalidate the content at "https://www.example.com/a/index.html", as well as any metadata and content whose URLs are prefixed by "https://metadata.example.com/a/b/" using case-insensitive matching, and "https://www.example.com/a/b/" using case-sensitive matching, respectively.

REQUEST:

  POST /triggers HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*
  Content-Type: application/cdni; ptype=ci-trigger-command.create.v2
  Content-Length: 387

  {
    "trigger": {
      "action": "invalidate",
      "specs": [
         {
            "trigger-subject": "metadata",
            "generic-trigger-spec-type": "uri-pattern-match",
            "generic-trigger-spec-value": {
               "pattern": "https://metadata.example.com/a/b/*"
            }
         },
         {
            "trigger-subject": "content",
            "generic-trigger-spec-type": "urls",
            "generic-trigger-spec-value": {
               "urls": [
                  "https://www.example.com/a/index.html"
               ]
            }
         },
         {
            "trigger-subject": "content",
            "generic-trigger-spec-type": "uri-pattern-match",
            "generic-trigger-spec-value": {
               "pattern": "https://www.example.com/a/b/*",
               "case-sensitive": true
            }
         }
      ]
    },
    "cdn-path": [ "AS64496:1" ]
  }

RESPONSE:

  HTTP/1.1 201 Created
  Date: Wed, 04 May 2016 08:48:11 GMT
  Content-Length: 545
  Content-Type: application/cdni; ptype=ci-trigger-status.v2
  Location: https://dcdn.example.com/triggers/1
  Server: example-server/0.1

  {
      "ctime": 1462351691,
      "etime": 1462351699,
      "mtime": 1462351691,
      "status": "pending",
      "trigger": {
         "action": "invalidate",
         "specs": [
            {
               "trigger-subject": "metadata",
               "generic-trigger-spec-type": "uri-pattern-match",
               "generic-trigger-spec-value": {
                  "pattern": "https://metadata.example.com/a/b/*"
               }
            },
            {
               "trigger-subject": "content",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://www.example.com/a/index.html"
                  ]
               }
            },
            {
               "trigger-subject": "content",
               "generic-trigger-spec-type": "uri-pattern-match",
               "generic-trigger-spec-value": {
                  "pattern": "https://www.example.com/a/b/*",
                  "case-sensitive": true
               }
            }
         ]
      }
  }

10.1.3. Invalidation with Regex

In the following example, a CI/T "invalidate" command uses the Regex property to specify the range of content objects for invalidation, the command is rejected by dCDN due to regex complexity, and an appropriate error is reflected in the status response.

REQUEST:

  POST /triggers HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: triggers.dcdn.example.com
  Accept: */*
  Content-Type: application/cdni; ptype=ci-trigger-command.create.v2
  {
    "trigger": {
      "action": "invalidate",
      "specs": [
        {
          "trigger-subject": "content",
          "generic-trigger-spec-type": "uri-regex-match",
          "generic-trigger-spec-value": {
            "regex": "^(https:\\/\\/video\\.example\\.com)\\/
              ([a-z])\\/movie1\\/([1-7])\\/*(index.m3u8|\\d{3}.ts)$",
            "case-sensitive": true,
            "match-query-string": false
          }
        }
      ]
    },
    "cdn-path": [ "AS64496:0" ]
  }

RESPONSE:

  HTTP/1.1 201 Created
  Date: Wed, 04 May 2016 08:48:10 GMT
  Content-Length: 467
  Content-Type: application/cdni; ptype=ci-trigger-status.v2
  Location: https://triggers.dcdn.example.com/triggers/2
  Server: example-server/0.1

  {
    "errors": [
      {
        "specs": [
          {
            "trigger-subject": "content",
            "generic-trigger-spec-type": "uri-regex-match",
            "generic-trigger-spec-value": {
              "regex": "^(https:\\/\\/video\\.example\\.com)\\/
                ([a-z])\\/movie1\\/
                ([1-7])\\/*(index.m3u8|\\d{3}.ts)$",
              "case-sensitive": true,
              "match-query-string": false
            }
          }
        ],
        "description": "dCDN rejected a regex due to complexity",
        "error": "ereject",
        "cdn": "AS64500:0"
      }
    ],
    "ctime": 1462351690,
    "etime": 1462351698,
    "mtime": 1462351690,
    "status": "failed",
    "trigger": { <content of trigger.v2 object from the command> }
  }

10.1.4. Preposition with ObjectLists

In the following example, a CI/T "preposition" command uses the ObjectList property to specify the full media library of a specific content. The command fails due to object list parse error and an appropriate error is reflected in the status response.

REQUEST:

  POST /triggers HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: triggers.dcdn.example.com
  Accept: */*
  Content-Type: application/cdni; ptype=ci-trigger-command.create.v2
  {
    "trigger": {
      "action": "preposition",
      "specs": [
        {
          "trigger-subject": "content",
          "generic-trigger-spec-type": "content-objectlist",
          "generic-trigger-spec-value": {
            "href":
              "https://www.example.com/hls/title/index.m3u8",
            "type": "hls"
          }
        }
      ]
    },
    "cdn-path": [ "AS64496:0" ]
  }

RESPONSE:

  HTTP/1.1 201 Created
  Date: Wed, 04 May 2016 08:48:10 GMT
  Content-Length: 467
  Content-Type: application/cdni; ptype=ci-trigger-status.v2
  Location: https://triggers.dcdn.example.com/triggers/3
  Server: example-server/0.1

  {
    "errors": [
      {
        "specs": [
          {
            "trigger-subject": "content",
            "generic-trigger-spec-type": "content-objectlist",
            "generic-trigger-spec-value": {
              "href":
                "https://www.example.com/hls/title/index.m3u8",
              "type": "hls"
            }
          }
        ],
   "description":
       "dCDN was not able to parse the object list",
        "error": "econtent",
        "cdn": "AS64500:0"
      }
    ],
    "ctime": 1462351690,
    "etime": 1462351698,
    "mtime": 1462351690,
    "status": "failed",
    "trigger": { <content of trigger.v2 object from the command> }
  }

10.2. Examining Trigger Status

Once Trigger Status Resources have been created, uCDN can check their status as shown in the following examples.

10.2.1. Collection of All Triggers

uCDN can fetch the collection of all Trigger Status Resources it has created that have not yet been deleted, removed or expired. After the creation of the "preposition" and "invalidate" triggers shown above, this collection might look as follows:

REQUEST:

  GET /triggers HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 341
  Expires: Wed, 04 May 2016 08:49:11 GMT
  Server: example-server/0.1
  ETag: "-936094426920308378"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:11 GMT
  Content-Type: application/cdni; ptype=ci-trigger-collection

  {
    "cdn-id": "AS64496:0",
    "coll-status": [
      { "status": "pending", "collection": "/triggers/pending" },
      { "status": "active", "collection": "/triggers/active" },
      { "status": "complete", "collection": "/triggers/complete" },
      { "status": "processed", "collection": "/triggers/processed" },
      { "status": "failed", "collection": "/triggers/failed" },
      { "status": "cancelling",
        "collection":"/triggers/cancelling" },
      { "status": "cancelled", "collection": "/triggers/cancelled" }
    ],
    "coll-label": [
      { "label": "1b1bad0c", "collection": "/triggers/1b1bad0c" },
      { "label": "fafa9a97", "collection": "/triggers/fafa9a97" }
    ],
    "staleresourcetime": 86400,
    triggers": [
          "https://dcdn.example.com/triggers/0",
          "https://dcdn.example.com/triggers/1"
      ]
  }

10.2.2. Filtered Collections of Trigger Status Resources

The filtered collections are also available to uCDN. Before the dCDN starts processing the two CI/T Trigger Commands shown above, both will appear in the collection of pending triggers. For example:

REQUEST:

  GET /triggers/pending HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 152
  Expires: Wed, 04 May 2016 08:49:11 GMT
  Server: example-server/0.1
  ETag: "4331492443626270781"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:11 GMT
  Content-Type: application/cdni; ptype=ci-trigger-collection

  {
      "staleresourcetime": 86400,
      "triggers": [
          "https://dcdn.example.com/triggers/0",
          "https://dcdn.example.com/triggers/1"
      ]
  }

At this point, if no other Trigger Status Resources had been created, the other filtered views would be empty. For example:

REQUEST:

  GET /triggers/complete HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 54
  Expires: Wed, 04 May 2016 08:49:11 GMT
  Server: example-server/0.1
  ETag: "7958041393922269003"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:11 GMT
  Content-Type: application/cdni; ptype=ci-trigger-collection

  {
      "staleresourcetime": 86400,
      "triggers": []
  }

10.2.3. Individual Trigger Status Resources

The Trigger Status Resources can also be examined for details about individual CI/T Trigger Commands. For example, for the CI/T "preposition" and "invalidate" commands from previous examples:

REQUEST:

  GET /triggers/0 HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 467
  Expires: Wed, 04 May 2016 08:49:10 GMT
  Server: example-server/0.1
  ETag: "6990548174277557683"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:10 GMT
  Content-Type: application/cdni; ptype=ci-trigger-status.v2

  {
      "ctime": 1462351690,
      "etime": 1462351698,
      "mtime": 1462351690,
      "status": "pending",
      "trigger": {
          "action": "preposition",
          "specs": [
            {
               "trigger-subject": "metadata",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://metadata.example.com/a/b/c"
                  ]
               }
            },
            {
               "trigger-subject": "content",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://www.example.com/a/b/c/1",
                     "https://www.example.com/a/b/c/2",
                     "https://www.example.com/a/b/c/3",
                     "https://www.example.com/a/b/c/4"
                  ]
               }
            }
         ]
      }
  }

REQUEST:

  GET /triggers/1 HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 545
  Expires: Wed, 04 May 2016 08:49:11 GMT
  Server: example-server/0.1
  ETag: "-554385204989405469"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:11 GMT
  Content-Type: application/cdni; ptype=ci-trigger-status.v2
  {
      "ctime": 1462351691,
      "etime": 1462351699,
      "mtime": 1462351691,
      "status": "pending",
      "trigger": {
          "action": "invalidate",
          "specs": [
            {
               "trigger-subject": "metadata",
               "generic-trigger-spec-type": "uri-pattern-match",
               "generic-trigger-spec-value": {
                  "pattern": "https://metadata.example.com/a/b/*"
               }
            },
            {
               "trigger-subject": "content",
               "generic-trigger-spec-type": "urls",
               "generic-trigger-spec-value": {
                  "urls": [
                     "https://www.example.com/a/index.html"
                  ]
               }
            },
            {
               "trigger-subject": "content",
               "generic-trigger-spec-type": "uri-pattern-match",
               "generic-trigger-spec-value": {
                   "pattern": "https://www.example.com/a/b/*",
                   "case-sensitive": true
               }
            }
         ]
      }
  }

10.2.4. Polling for Changes in Status

uCDN SHOULD use the ETags of collections or Trigger Status Resources when polling for changes in status, as shown in the following examples:

REQUEST:

  GET /triggers/pending HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*
  If-None-Match: "4331492443626270781"

RESPONSE:
  HTTP/1.1 304 Not Modified
  Content-Length: 0
  Expires: Wed, 04 May 2016 08:49:11 GMT
  Server: example-server/0.1
  ETag: "4331492443626270781"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:11 GMT
  Content-Type: application/cdni; ptype=ci-trigger-collection

REQUEST:

  GET /triggers/0 HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*
  If-None-Match: "6990548174277557683"

RESPONSE:

  HTTP/1.1 304 Not Modified
  Content-Length: 0
  Expires: Wed, 04 May 2016 08:49:10 GMT
  Server: example-server/0.1
  ETag: "6990548174277557683"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:10 GMT
  Content-Type: application/cdni; ptype=ci-trigger-status.v2

When the CI/T Trigger Command is complete, the contents of the filtered collections will be updated along with their ETags. For example, when the two example CI/T Trigger Commands are complete, the collections of pending and complete Trigger Status Resources might look like:

REQUEST:

  GET /triggers/pending HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 54
  Expires: Wed, 04 May 2016 08:49:15 GMT
  Server: example-server/0.1
  ETag: "1337503181677633762"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:15 GMT
  Content-Type: application/cdni; ptype=ci-trigger-collection

  {
      "staleresourcetime": 86400,
      "triggers": []
  }

REQUEST:

  GET /triggers/complete HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 152
  Expires: Wed, 04 May 2016 08:49:22 GMT
  Server: example-server/0.1
  ETag: "4481489539378529796"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:22 GMT
  Content-Type: application/cdni; ptype=ci-trigger-collection

  {
      "staleresourcetime": 86400,
      "triggers": [
          "https://dcdn.example.com/triggers/0",
          "https://dcdn.example.com/triggers/1"
      ]
  }

10.2.5. Deleting Trigger Status Resources

uCDN can delete completed and failed Trigger Status Resources to reduce the size of the collections, as described in Section 5.5. For example, to delete the "preposition" request from earlier examples:

REQUEST:

  DELETE /triggers/0 HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 204 No Content
  Date: Wed, 04 May 2016 08:48:22 GMT
  Content-Length: 0
  Content-Type: text/html; charset=UTF-8
  Server: example-server/0.1

This would, for example, cause the collection of completed Trigger Status Resources shown in the example above, to be updated to:

REQUEST:

  GET /triggers/complete HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: dcdn.example.com
  Accept: */*

RESPONSE:

  HTTP/1.1 200 OK
  Content-Length: 105
  Expires: Wed, 04 May 2016 08:49:22 GMT
  Server: example-server/0.1
  ETag: "-6938620031669085677"
  Cache-Control: max-age=60
  Date: Wed, 04 May 2016 08:48:22 GMT
  Content-Type: application/cdni; ptype=ci-trigger-collection

  {
      "staleresourcetime": 86400,
      "triggers": [
          "https://dcdn.example.com/triggers/1"
      ]
  }

10.2.6. Extensions with Error Propagation

In the following example, a CI/T "preposition" command is using two extensions to control the way the trigger is executed. In this example, the receiving dCDN, identified as "AS64500:0", does not support the first extension in the extensions array. dCDN "AS64500:0" further distributes this trigger to another downstream CDN that is identified as "AS64501:0", which does not support the second extension in the extensions array. The error is propagated from "AS64501:0" to "AS64500:0" and the errors.v2 array reflects both errors.

REQUEST:

  POST /triggers HTTP/1.1
  User-Agent: example-user-agent/0.1
  Host: triggers.dcdn.example.com
  Accept: */*
  Content-Type: application/cdni; ptype=ci-trigger-command.create.v2
  {
    "trigger": {
      "action": "preposition",
      "specs": [
        {
          "trigger-subject": "content",
          "generic-trigger-spec-type": "content-objectlist",
          "generic-trigger-spec-value": {
            "href":
              "https://www.example.com/hls/title/index.m3u8",
            "type": "hls"
          }
        }
      ],
      "extensions": [
        {
          "generic-trigger-extension-type": "location-policy",
          "generic-trigger-extension-value": {
            "locations": [
              {
                "action": "allow",
                "footprints": [
                  {
                    "footprint-type": "countrycode",
                    "footprint-value": [
                      "us"
                    ]
                  }
                ]
              },
              {
                "action": "deny",
                "footprints": [
                  {
                    "footprint-type": "countrycode",
                    "footprint-value": [
                      "ca"
                    ]
                  }
                ]
              }
            ]
          },
          "mandatory-to-enforce": true,
          "safe-to-redistribute": true
        },
        {
          "generic-trigger-extension-type": "time-policy",
          "generic-trigger-extension-value": {
            "unix-time-window": {
              "start": 946717200,
              "end": 946746000
            }
          },
          "mandatory-to-enforce": true,
          "safe-to-redistribute": true
        }
      ]
    },
    "cdn-path": [ "AS64496:0" ]
  }

RESPONSE:

  HTTP/1.1 201 Created
  Date: Wed, 04 May 2016 08:48:10 GMT
  Content-Length: 467
  Content-Type: application/cdni; ptype=ci-trigger-status.v2
  Location: https://triggers.dcdn.example.com/triggers/0
  Server: example-server/0.1

  {
    "errors": [
      {
        "extensions": [
          {
            "generic-trigger-extension-type": "location-policy",
            "generic-trigger-extension-value": {
              "locations": [
                {
                  "action": "allow",
                  "footprints": [
                    {
                      "footprint-type": "countrycode",
                      "footprint-value": [
                        "us"
                      ]
                    }
                  ]
                },
                {
                  "action": "deny",
                  "footprints": [
                    {
                      "footprint-type": "countrycode",
                      "footprint-value": [
                        "ca"
                      ]
                    }
                  ]
                }
              ]
            },
            "mandatory-to-enforce": true,
            "safe-to-redistribute": true
          }
        ],
        "description": "unrecognized extension <type>",
        "error": "eextension",
        "cdn": "AS64500:0"
      },
      {
        "extensions": [
          {
            "generic-trigger-extension-type": "time-policy",
            "generic-trigger-extension-value": {
              "unix-time-window": {
                "start": 946717200,
                "end": 946746000
              }
            },
            "mandatory-to-enforce": true,
            "safe-to-redistribute": true
          }
        ],
        "description": "unrecognized extension <type>",
        "error": "eextension",
        "cdn": "AS64501:0"
      }
    ],
    "ctime": 1462351690,
    "etime": 1462351698,
    "mtime": 1462351690,
    "status": "failed",
    "trigger": { <content of trigger.v2 object from the command> }
  }

11. IANA Considerations

11.1. CDNI Payload Type Parameter Registrations

All references to RFC 8007 in the IANA registries should be replaced with references to this document, apart from references associated with the following registrations:

Table 11
Payload Type Specification
ci-trigger-command RFC 8007
ci-trigger-status RFC 8007
ci-trigger-collection RFC 8007

The IANA is requested to register the following new Payload Types in the "CDNI Payload Types" registry defined by [RFC7736], for use with the "application/cdni" MIME media type.

Table 12
Payload Type Specification
ci-trigger-command.create.v2 RFCthis
ci-trigger-command.modify.v2 RFCthis
ci-trigger-status.v2 RFCthis
FCI.CITObjectsVersion RFCthis
FCI.CITScope RFCthis
FCI.CITObjectListType RFCthis

[RFC Editor: Please replace RFCthis with the published RFC number for this document.]

11.1.1. CDNI ci-trigger-command.create.v2 Payload Type

Purpose: The purpose of this payload type is to distinguish the CI/T v2 create trigger command object (and any associated capability advertisement)

Interface: CI/T

Encoding: see Section 6.1.1

11.1.2. CDNI ci-trigger-command.modify.v2 Payload Type

Purpose: The purpose of this payload type is to distinguish the CI/T v2 modify trigger command object (and any associated capability advertisement)

Interface: CI/T

Encoding: see Section 6.1.2

11.1.3. CDNI ci-trigger-status.v2 Payload Type

Purpose: The purpose of this payload type is to distinguish version 2 of the CI/T status resource response object (and any associated capability advertisement)

Interface: CI/T

Encoding: see Section 6.1.3

11.1.4. CDNI FCI CI/T Payload Types

11.1.4.1. CDNI FCI CI/T Endpoints Payload Type

Purpose: The purpose of this payload type is to distinguish FCI advertisement objects for CI/T Endpoints objects

Interface: FCI

Encoding: see Section 9.1

11.1.4.2. CDNI FCI CI/T Trigger Scope Payload Type

Purpose: The purpose of this payload type is to distinguish FCI advertisement objects for CI/T Trigger Scope

Interface: FCI

Encoding: see Section 9.2.1

11.1.4.3. CDNI FCI CI/T Object List Type Payload Type

Purpose: The purpose of this payload type is to distinguish FCI advertisement objects for CI/T Object List Type objects

Interface: FCI

Encoding: see Section 9.3

11.2. "CDNI CI/T Trigger Types" Registry For Trigger Actions

In [RFC8007] the IANA was requested to create a new "CDNI CI/T Trigger Types" registry under the "Content Delivery Network Interconnection (CDNI) Parameters" registry group.

Additions to the "CDNI CI/T Trigger Types" registry are made via the RFC Required policy as defined in [RFC8126].

In this second edition of the interface, trigger types are referred to as "trigger actions". The "Trigger Types" registry is used for action definitions. Furthermore, this document, and specifically Section 3.1, reuses the definition of "trigger types" as defined in [RFC8007] as trigger actions, and provide their specifications, with no modification compared to [RFC8007].

11.3. "CDNI CI/T Trigger Specs" Registry

The IANA is requested to create a new "CDNI CI/T Trigger Specs" registry in the "Content Delivery Networks Interconnection (CDNI) Parameters" registry group. The "CDNI CI/T Trigger Specs" namespace defines the valid trigger targets' spec values in Section 3.2, used by the Trigger Spec object.

Additions to the "CDNI CI/T Trigger Specs" registry are made via the RFC Required policy as defined in [RFC8126].

The initial contents of the "CDNI CI/T Trigger Specs" registry comprise the names and descriptions listed in Section 3.2, with this document acting as the specification.

11.4. "CDNI CI/T Trigger Subjects" Registry

The IANA is requested to create a new "CDNI CI/T Trigger Subjects" registry in the "Content Delivery Networks Interconnection (CDNI) Parameters" registry group. The "CDNI CI/T Trigger Subjects" namespace defines the valid trigger targets' subject values in Section 3.2.1, used by the Trigger Spec object.

Additions to the "CDNI CI/T Trigger Subjects" registry are made via the RFC Required policy as defined in [RFC8126].

The initial contents of the "CDNI CI/T Trigger Subjects" registry comprise the names and descriptions listed in Section 3.2.1, with this document acting as the specification.

11.5. "CDNI CI/T Object List Types" Registry

The IANA is requested to create a new "CDNI CI/T Object List Types" registry in the "Content Delivery Networks Interconnection (CDNI) Parameters" registry group. The "CDNI CI/T Object List Types" namespace defines the valid object list type values in Section 6.2.9.1, used by the Object List object.

Additions to the "CDNI CI/T Object List Types" registry are made via the RFC Required policy as defined in [RFC8126].

The initial contents of the "CDNI CI/T Object List Types" registry comprise the names and descriptions listed in Section 6.2.9.1, with this document acting as the specification.

11.6. "CDNI CI/T Trigger Extensions" Registry

The IANA is requested to create a new "CDNI CI/T Trigger Extensions" registry in the "Content Delivery Networks Interconnection (CDNI) Parameters" registry group. The "CDNI CI/T Trigger Extensions" namespace defines the valid trigger targets' extension values in Section 3.3, used by the Trigger Spec object.

Additions to the "CDNI CI/T Trigger Extensions" registry are made via the RFC Required policy as defined in [RFC8126].

The initial contents of the "CDNI CI/T Trigger Extensions" registry comprise the names and descriptions listed in Section 3.3, with this document acting as the specification.

11.7. "CDNI CI/T Error Codes" Registry

In [RFC8007] the IANA was requested to create a new "CDNI CI/T Error Codes" registry under the "Content Delivery Network Interconnection (CDNI) Parameters" registry group.

Additions to the "CDNI CI/T Error Codes" registry are made via the Specification Required policy as defined in [RFC8126]. The Designated Expert will verify that new Error Code registrations do not duplicate existing Error Code definitions (in name or functionality), prevent gratuitous additions to the namespace, and prevent any additions to the namespace that would impair the interoperability of CDNI implementations.

In this second edition of the interface, we list and repeat the definition of the Error Codes from [RFC8007] - acting as the entities specification with no modification compared to [RFC8007]. Additionally, the IANA is requested to register three additional error codes, "espec", "esubject" and "eextension", with specification as defined in Section 6.2.7.

11.8. "CDNI CI/T URL Types" Registry

The IANA is requested to create a new "CDNI CI/T URL types" registry in the "Content Delivery Networks Interconnection (CDNI) Parameters" registry group. The "CDNI CI/T URL Types" namespace defines the valid URL type values in Section 6.2.8, used by Section 7.1, Section 7.3, Section 7.4 and Section 7.5.

The initial contents of the "CDNI CI/T Trigger Extensions" registry comprise the names and descriptions listed in Section 6.2.8, with this document acting as the specification.

12. Security Considerations

The CI/T interface provides a mechanism to allow uCDN to generate requests into dCDN and to inspect its own CI/T requests and their current states. The CI/T interface does not allow access to, or modification of, uCDN or dCDN metadata relating to content delivery or to the content itself. It can only control the presence of that metadata in dCDN, and the processing work and network utilization involved in ensuring that presence.

By examining "preposition" requests to dCDN, and correctly interpreting content and metadata URLs, an attacker could learn the uCDN's or content owner's predictions for future content popularity. By examining "invalidate" or "purge" requests, an attacker could learn about changes in the content owner's catalog.

By injecting CI/T Commands, an attacker or a misbehaving uCDN would generate work in dCDN and uCDN as they process those requests. So would a man-in-the-middle attacker modify valid CI/T Commands generated by uCDN. In both cases, that would decrease dCDN's caching efficiency by causing it to unnecessarily acquire or reacquire content metadata and/or content.

dCDN implementation of CI/T MUST restrict the actions of uCDN to the data corresponding to that uCDN. Failure to do so would allow uCDNs to detrimentally affect each other's efficiency by generating unnecessary acquisition or reacquisition load.

An origin that chooses to delegate its delivery to a CDN is trusting that CDN to deliver content on its behalf; the interconnection of CDNs is an extension of that trust to dCDNs. That trust relationship is a commercial arrangement, outside the scope of the CDNI protocols. So, while a malicious CDN could deliberately generate load on dCDN using the CI/T interface, the protocol does not otherwise attempt to address malicious behavior between interconnected CDNs.

12.1. Authentication, Authorization, Confidentiality, Integrity Protection

A CI/T implementation MUST support Transport Layer Security (TLS) transport for HTTP (HTTPS) as per [RFC9110].

TLS MUST be used by the server side (dCDN) and the client side (uCDN) of the CI/T interface, including the authentication of the remote end, unless alternate methods are used to ensure the security of the information in the CI/T interface requests and responses (such as setting up an IPsec tunnel between the two CDNs or using a physically secured internal network between two CDNs that are owned by the same corporate entity).

The use of TLS for transport of the CI/T interface allows dCDN and uCDN to authenticate each other using the TLS client authentication and TLS server authentication.

Once dCDN and uCDN have mutually authenticated each other, TLS allows:

  • dCDN and uCDN to authorize each other (to ensure that they are receiving CI/T Commands from, or reporting status to, an authorized CDN).

  • CDNI commands and responses to be transmitted with confidentiality.

  • Protection of the integrity of CDNI commands and responses.

When TLS is used, the general TLS usage guidance in [RFC9325] MUST be followed.

The mechanisms for access control are dCDN-specific and are not standardized as part of this CI/T specification.

HTTP requests that attempt to access or operate on CI/T data belonging to another CDN MUST be rejected using, for example, HTTP 403 ("Forbidden") or 404 ("Not Found"). This is intended to prevent unauthorized users from generating unnecessary load in dCDNs or uCDNs due to revalidation, reacquisition, or unnecessary acquisition.

When deploying a network of interconnected CDNs, the possible inefficiencies related to the diamond configuration discussed in Section 2.2.1 should be considered.

12.2. Denial of Service

This document does not define a specific mechanism to protect against Denial-of-Service (DoS) attacks on the CI/T interface. However, CI/T endpoints can be protected against DoS attacks through the use of TLS transport and/or via mechanisms outside the scope of the CI/T interface, such as firewalling or the use of Virtual Private Networks (VPNs).

Depending on the implementation, triggered activity may consume significant processing and bandwidth in dCDN. A malicious or faulty uCDN could use this to generate unnecessary load in dCDN. dCDN should consider mechanisms to avoid overload -- for example, by rate-limiting acceptance or processing of CI/T Commands, or by performing batch processing.

12.3. Privacy

The CI/T protocol does not carry any information about individual end users of a CDN; there are no privacy concerns for end users.

The CI/T protocol does carry information that could be considered commercially sensitive by CDN operators and content owners. The use of mutually authenticated TLS to establish a secure session for the transport of CI/T data, as discussed in Section 12.1, provides confidentiality while the CI/T data is in transit and prevents parties other than the authorized dCDN from gaining access to that data. dCDN MUST ensure that it only exposes CI/T data related to uCDN to clients it has authenticated as belonging to that uCDN.

13. References

13.1. Normative References

[RFC1930]
Hawkinson, J. and T. Bates, "Guidelines for creation, selection, and registration of an Autonomous System (AS)", BCP 6, RFC 1930, DOI 10.17487/RFC1930, , <https://www.rfc-editor.org/info/rfc1930>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC3339]
Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, , <https://www.rfc-editor.org/info/rfc3339>.
[RFC3986]
Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, , <https://www.rfc-editor.org/info/rfc3986>.
[RFC8006]
Niven-Jenkins, B., Murray, R., Caulfield, M., and K. Ma, "Content Delivery Network Interconnection (CDNI) Metadata", RFC 8006, DOI 10.17487/RFC8006, , <https://www.rfc-editor.org/info/rfc8006>.
[RFC8007]
Murray, R. and B. Niven-Jenkins, "Content Delivery Network Interconnection (CDNI) Control Interface / Triggers", RFC 8007, DOI 10.17487/RFC8007, , <https://www.rfc-editor.org/info/rfc8007>.
[RFC8126]
Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, , <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8259]
Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, , <https://www.rfc-editor.org/info/rfc8259>.
[RFC9110]
Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, , <https://www.rfc-editor.org/info/rfc9110>.
[RFC9112]
Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1", STD 99, RFC 9112, DOI 10.17487/RFC9112, , <https://www.rfc-editor.org/info/rfc9112>.
[RFC9325]
Sheffer, Y., Saint-Andre, P., and T. Fossati, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", BCP 195, RFC 9325, DOI 10.17487/RFC9325, , <https://www.rfc-editor.org/info/rfc9325>.

13.2. Informative References

[ECMA404]
ECMA International, "ECMA-404 - The JSON data interchange syntax", Edition 2, , <https://ecma-international.org/publications-and-standards/standards/ecma-404/>.
[ISO8601]
ISO, "Data elements and interchange formats -- Information interchange -- Representation of dates and times", ISO 8601:2004, Edition 3, , <https://www.iso.org/standard/40874.html>.
[MPEG-DASH]
ISO, "Information technology -- Dynamic adaptive streaming over HTTP (DASH) -- Part 1: Media presentation description and segment format", ISO/IEC 23009-1:2014, Edition 2, , <https://www.iso.org/standard/65274.html>.
[MSS]
Microsoft, "[MS-SSTR]: Smooth Streaming Protocol", Protocol Revision 8.0, , <https://msdn.microsoft.com/en-us/library/ff469518.aspx>.
[POSIX.1]
"The Open Group Base Specifications Issue 7", IEEE Std 1003.1 2018 Edition, , <http://pubs.opengroup.org/onlinepubs/9699919799/>.
[REST]
Fielding, R.T., "Representational State Transfer (REST)", Edition 2, .
[RFC6707]
Niven-Jenkins, B., Le Faucheur, F., and N. Bitar, "Content Distribution Network Interconnection (CDNI) Problem Statement", RFC 6707, DOI 10.17487/RFC6707, , <https://www.rfc-editor.org/info/rfc6707>.
[RFC7336]
Peterson, L., Davie, B., and R. van Brandenburg, Ed., "Framework for Content Distribution Network Interconnection (CDNI)", RFC 7336, DOI 10.17487/RFC7336, , <https://www.rfc-editor.org/info/rfc7336>.
[RFC7337]
Leung, K., Ed. and Y. Lee, Ed., "Content Distribution Network Interconnection (CDNI) Requirements", RFC 7337, DOI 10.17487/RFC7337, , <https://www.rfc-editor.org/info/rfc7337>.
[RFC7736]
Ma, K., "Content Delivery Network Interconnection (CDNI) Media Type Registration", RFC 7736, DOI 10.17487/RFC7736, , <https://www.rfc-editor.org/info/rfc7736>.
[RFC7975]
Niven-Jenkins, B., Ed. and R. van Brandenburg, Ed., "Request Routing Redirection Interface for Content Delivery Network (CDN) Interconnection", RFC 7975, DOI 10.17487/RFC7975, , <https://www.rfc-editor.org/info/rfc7975>.
[RFC8216]
Pantos, R., Ed. and W. May, "HTTP Live Streaming", RFC 8216, DOI 10.17487/RFC8216, , <https://www.rfc-editor.org/info/rfc8216>.

Acknowledgments

The authors thank Kevin Ma for his input, and Carsten Bormann for his review and formalization of the JSON data.

Authors' Addresses

Nir B. Sopher
Qwilt
6, Ha'harash
Hod HaSharon 4524079
Israel
Ori Finkelman
Qwilt
6, Ha'harash
Hod HaSharon 4524079
Israel
Sanjay Mishra
Verizon
13100 Columbia Pike
Silver Spring, MD 20904
United States of America
Jay K. Robertson
Qwilt
275 Shoreline Dr Ste 510
Redwood City, CA 94065
United States of America
Alan Arolovitch
Viasat
1295 Beacon street Unit 249
Brookline, MA 02446
United States of America