An Architecture for Open Pluggable Pluggable An Architecture for - - PowerPoint PPT Presentation

an architecture for open pluggable pluggable an
SMART_READER_LITE
LIVE PREVIEW

An Architecture for Open Pluggable Pluggable An Architecture for - - PowerPoint PPT Presentation

Jul 19, 2023 267 likes •406 views

An Architecture for Open Pluggable Pluggable An Architecture for Open Edge Services (OPES) Edge Services (OPES) draft- -ietf ietf- -opes opes- -architecture architecture- -02 02 draft Abbie Barbir Abbie Barbir

slide-1
SLIDE 1
  • An Architecture for Open

An Architecture for Open Pluggable Pluggable Edge Services (OPES) Edge Services (OPES) draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

Abbie Barbir Abbie Barbir abbieb@nortelnetworks.com abbieb@nortelnetworks.com Robin Chen Robin Chen chen chen@research. @research.att att.com .com Markus Markus Hofmann Hofmann hofmann hofmann@bell @bell-

  • labs.com

labs.com Hilarie Orman Hilarie Orman ho@alum.mit.edu ho@alum.mit.edu Reinaldo Penno Reinaldo Penno r rpenno penno@nortelnetworks.com @nortelnetworks.com

slide-2
SLIDE 2

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • Presents architectural components
  • Discuss IAB considerations
  • Trust, Security, tracing, etc..
  • Issues
  • Q&A

An Architecture for Open An Architecture for Open Pluggable Pluggable Edge Services (OPES) Edge Services (OPES) Summary Summary

slide-3
SLIDE 3

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • OPES Architecture

OPES Architecture

  • 1. OPES Entities
  • Applications that operates on a data flow between a data provider

application and a data consumer application

  • A data dispatcher, which invokes an OPES service application

based on OPES ruleset and application-specific knowledge

  • 2. OPES Flows
  • 2. OPES Flows
  • Cooperative undertaking between a data provider application, a

data consumer application, zero or more OPES service applications, and zero or more data dispatchers

  • 3. OPES Rules
  • 3. OPES Rules
  • Determines which service applications will operate on a data str

Determines which service applications will operate on a data stream eam

  • All data filters are invoked for all data

All data filters are invoked for all data

  • May invoke the services of Callout Servers

May invoke the services of Callout Servers

slide-4
SLIDE 4

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • Interaction of OPES Entities

Interaction of OPES Entities

OPES Service OPES Service Application Application OPES Processor OPES Processor Data Dispatcher Data Dispatcher HTTP HTTP OCP OCP OPES Service OPES Service Application Application-

  • 2

2 Callout Server Callout Server OCP OCP OPES Flow TCP/IP TCP/IP

OPES service OPES service Application Application Data Data Dispatcher Dispatcher HTTP HTTP TCP/IP TCP/IP … …

OPES Logical Implementation OPES Logical Implementation

  • Architecture is independent of the

Architecture is independent of the protocol that is used by the OPES entities protocol that is used by the OPES entities to exchange data to exchange data

  • HTTP is the current example protocol

HTTP is the current example protocol to be used for realizing a data flow to be used for realizing a data flow

slide-5
SLIDE 5

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • IAB Considerations

IAB Considerations

Addressed through various aspects of the architecture Tracing Facility

  • in-band annotation
  • Relation to IAB considerations
  • (3.1) Notification
  • May need Separate Document
  • (3.3) Non-blocking, (4.1) URI resolution, (4.2) Reference validity

Security and Privacy Considerations Trust Domains

  • Appropriate delegation of authority
  • Callout protocol
  • Various delegated Trust models
  • Privacy
  • Must advise primary parties of privacy policy and respect the policies
  • f the primary parties
  • End-to-end Integrity
  • May use Digital signature techniques to allow third-party to verify
  • Relation to IAB considerations
  • (3.1) Notification, (3.3) Non-blocking
  • (4.2) Reference validity, (5.1) Privacy
slide-6
SLIDE 6

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • From the list

From the list

  • Agreed that architecture should allow for

Agreed that architecture should allow for

  • Notification

Notification

  • tracing and

tracing and

  • access to diagnostics

access to diagnostics

  • In

In-

  • band versus out of band discussion

band versus out of band discussion

  • Details of how to achieve that in another draft

Details of how to achieve that in another draft

  • No major issues with the architecture at this time

No major issues with the architecture at this time

  • Need to issue last call soon

Need to issue last call soon

  • Provide feedback ASAP

Provide feedback ASAP

Issues Issues

slide-7
SLIDE 7

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

slide-8
SLIDE 8

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

slide-9
SLIDE 9

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • IAB Considerations

IAB Considerations

Main IAB Issues (2.1) One-party consent

  • An OPES framework standardized in the IETF must require that the use of

any OPES service be explicitly authorized by one of the application-layer end-hosts (that is, either the content provider or the client) (2.2) IP-layer communications

  • For an OPES framework standardized in the IETF, the OPES intermediary

must be explicitly addressed at the IP layer by the end user (3.1) Notification

  • The overall OPES framework needs to assist content providers in detecting

and responding to client-centric actions by OPES intermediaries that are deemed inappropriate by the content provider. (3.2) Notification

  • The overall OPES framework should assist end users in detecting the

behavior of OPES intermediaries, potentially allowing them to identify imperfect or compromised intermediaries. (3.3) Non-blocking

  • If there exists a "non-OPES" version of content available from the content

provider, the OPES architecture must not prevent users from retrieving this non-OPES" version from the content provider.

slide-10
SLIDE 10

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • IAB Considerations

IAB Considerations

Main IAB Issues (4.1) URI resolution

  • OPES documentation must be clear in describing these services as

being applied to the result of URI resolution, not as URI resolution itself. (4.2) Reference validity

  • All proposed services must define their impact on inter- and intra-

document reference validity (4.3) Any services that cannot be achieved while respecting the above two considerations may be reviewed as potential requirements for Internet application addressing architecture extensions, but must not be undertaken as ad hoc fixes. (5.1) Privacy

  • The overall OPES framework must provide for mechanisms for end

users to determine the privacy policies of OPES intermediaries.

slide-11
SLIDE 11

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • Data Dispatcher Logical View

Data Dispatcher Logical View

OPES OPES service service application application Data dispatcher and /PEP Data dispatcher and /PEP OPES Processor OPES Processor OPES flow OPES flow Call Call-

  • out
  • ut

Server Server OPES flow OPES flow

slide-12
SLIDE 12

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • An OPES flow

An OPES flow

OPES Service Application HTTP TCP/IP Data Consumer Application HTTP TCP/IP

Data Consumer Data Consumer OPES Processor OPES Processor

OPES Service Application HTTP TCP/IP Data Provider Application HTTP TCP/IP

OPES Processor OPES Processor Data Provider Data Provider

OPES Flow

Consumer administrative domain Consumer administrative domain Provider administrative domain Provider administrative domain

slide-13
SLIDE 13

draft draft-

  • ietf

ietf-

  • opes
  • pes-
  • architecture

architecture-

  • 02

02

  • An OPES flow with Callout servers

An OPES flow with Callout servers

OPES Callout Server Protocol OCP Lower Layers Protocols ….. OPES Callout Server Protocol OCP Lower Layers Protocols …

Callout Server Callout Server Data Dispatcher Data Dispatcher

OPES Callout Server Protocol OCP Lower Layers Protocols …

Callout Server Callout Server

OCP is application OCP is application-

  • agnostic

agnostic

  • Unaware of the semantics of the encapsulated application protoco

Unaware of the semantics of the encapsulated application protocol l

  • Must incorporate a service aware vectoring capability

Must incorporate a service aware vectoring capability

  • Parses the data flow according to the

Parses the data flow according to the ruleset ruleset and and

  • Delivers the data to the OPES service application that can be lo

Delivers the data to the OPES service application that can be local cal

  • r remote
  • r remote