VIPR | M. Petit-Huguenin |
Internet-Draft | Stonyfish |
Intended status: Standards Track | J.R. Rosenberg |
Expires: May 03, 2012 | jdrosen.net |
C. Jennings | |
Cisco | |
October 31, 2011 |
A Usage of Resource Location and Discovery (RELOAD) for Public Switched Telephone Network (PSTN) Verification
draft-petithuguenin-vipr-reload-usage-03
Verification Involving PSTN Reachability (VIPR) is a technique for inter-domain SIP federation. VIPR makes use of the RELOAD protocol to store unverified mappings from phone numbers to RELOAD nodes, with whom a validation process can be run. This document defines the usage of RELOAD for this purpose.
The IETF has been notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 03, 2012.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document relies heavily on the concepts and terminology defined in [VIPR-OVERVIEW] and will not make sense if you have not read that document first. As it defines a usage for RELOAD [P2PSIP-BASE], it assumes the reader is also familiar with that specification.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
To register an E.164 number a VIPR server stores a ViprRegistration structure using the fully qualified E.164 based number without any non-digit characters but the '+' character as Resource Name.
The contents of the ViprRegistration structure are as follow:
enum { reserved(0), node_id(8200), (65535) } ViprRegistrationType; struct { opaque name<0..2^8-1>; } Method; struct { select (ViprRegistrationType) { case node_id: NodeId pvp_provider; Method methods<0..2^16-1>; /* This type can be extended */ } ViprRegistrationData; struct { ViprRegistrationType type; uint16 length; ViprRegistrationData data; } ViprRegistration;
The ViprRegistration structure contains the following values:
The Node-ID used in the pvp_provider field and in the key MUST be ready to process AppAttach requests for Application-ID 8470 at the time the registration is done.
VIPR supports multiple registrations for a single E.164 number by using a Dictionary Data Model. The dictionary key is the concatenation of the Node-ID and the VServiceId, resulting in a 24 bytes long value. Using the Node-ID of the node performing the store segments the keyspace of the dictionary so that no two peers ever store using the same key. Using the VService allows for a single VIPR server to service multiple clusters, and to ensure that numbers published by one cluster (using one VServiceID) do not clobber or step on numbers published by another cluster (using a different VServiceID).
The Store operations are paced into the overlay at a fixed rate. The VIPR server maintains a queue that is filled with store requests. The VIPR server services that queue at a fixed, provisioned rate, which is stored in a kind configuration variable named <store-rate-limit>.
A VIPR server wishing to validate a E.164 number will start a Fetch transaction using the fully qualified E.164 based number without any non-digit characters but the '+' character as Resource Name. The VIPR server will also retrieves the two replicas of the resource record just retrieved.
The VIPR server will then inspects the elements in the 3 resource record returned and will keep only the registrations that have the same key in at least 2 of the 3 resource records returned. For each registration kept, the VIPR server will fetch the certificates associated with the Node-ID in the key using the CERTIFICATE_BY_NODE usage and will verify that the signature of the registration is valid.
The VIPR server can then send an AppAttach to the Node-ID found in the key and registration, using the Application-ID 8470. After the connection is established, the VIPR server can start PVP as specified in [VIPR-PVP].
[[Open Issue: need to adjust the multiplier - basically birthday problem!]]
The method for merging data after a partition follows the normal RELOAD rules around temporal ordering.
This document extends the overlay configuration document by defining a new element in the "urn:ietf:params:xml:ns:p2p:vipr" namespace.
The <store-rate-limit> defines the maximum rate in seconds that a VIPR server must use to execute Store requests.
The Compact Relax NG Grammar for this element is:
namespace vipr = "urn:ietf:params:xml:ns:p2p:vipr" parameter &= element vipr:store-rate-limit { xsd:unsignedInt }
TBD
This document adds a new access control policy to the "RELOAD Access Control Policy" Registry:
Access-Policy | RFC |
---|---|
VIPR-MATCH | This document |
This access control policy was described in Section 5.
This document adds a new application ID to the "RELOAD Application-ID" Registry:
Application | Application-ID | Specification |
---|---|---|
PVP | 8470 | This document |
This access control policy was described in Section 5.
This document adds a new Data Kind-ID to the "RELOAD Data Kind-ID Registry":
KIND | Kind-ID | RFC |
---|---|---|
VIPR-REGISTRATION | 17 | This document |
This Kind-ID was defined in Section 5.
This document adds the following URN to the "XML Namespaces" class of the "IETF XML Registry":
urn:ietf:params:xml:ns:p2p:vipr
This document was improved by the input from the VIPR Design Team:
This document was written with the xml2rfc tool described in [RFC2629].
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[P2PSIP-BASE] | Jennings, C, Lowekamp, B, Rescorla, E, Baset, S and H Schulzrinne, "REsource LOcation And Discovery (RELOAD) Base Protocol", Internet-Draft draft-ietf-p2psip-base-19, October 2011. |
[VIPR-OVERVIEW] | Barnes, M, Jennings, C, Rosenberg, J and M Petit-Huguenin, "Verification Involving PSTN Reachability: Requirements and Architecture Overview", Internet-Draft draft-jennings-vipr-overview-02, September 2011. |
[VIPR-PVP] | Rosenberg, J, Jennings, C and M Petit-Huguenin, "The Public Switched Telephone Network (PSTN) Validation Protocol (PVP)", Internet-Draft draft-petithuguenin-vipr-pvp-01, June 2011. |
[RELOAD-QUOTA] | Petit-Huguenin, M, Rosenberg, J and C Jennings, "Proportional Quota in REsource LOcation And Discovery (RELOAD)", Internet-Draft draft-petithuguenin-vipr-proportional-quota-00, October 2011. |
[RFC2629] | Rose, M.T., "Writing I-Ds and RFCs using XML", RFC 2629, June 1999. |
[ACCESS-CONTROL] | Petit-Huguenin, M, "Configuration of Access Control Policy in REsource LOcation And Discovery (RELOAD) Base Protocol", Internet-Draft draft-petithuguenin-p2psip-access-control-03, July 2011. |
The Resource Name and Resource-ID for the E.164 number +1 408 555 5432 are:
Resource Name | Resource-ID |
---|---|
+14085555432 | 6abaec4308294521e2f600ab5fd01e5 |
The VIPR-MATCH access control can be implemented with the following code (Using the notation in [ACCESS-CONTROL]):
var equals = function(a, b) { if (a.length !== b.length) return false; for (var i = 0; i < a.length; i++) { if (a[i] !== b[i]) return false; } return true; }; var length = configuration.node_id_length; return equals(entry.key.slice(0, length), entry.value.slice(4, length + 4)) && equals(entry.key.slice(0, length), signature.node_id);
This section must be removed before publication as an RFC.