1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D. [email protected].

1

Open Pluggable Edge Open Pluggable Edge ServicesServicesOPESOPES

Abbie Barbir, Ph.D. Abbie Barbir, Ph.D. [email protected]@nortelnetworks.com

2

SummarySummary Presents an overview of OPES model and

architecture Core Model Elements are

OPES Intermediary OPES Admin Server Remote Call-out Server

Introduce Content Services Overlay Networks Current Issues of OPES in IETF

3

Some DefinitionsSome DefinitionsDELEGATEDELEGATE

A 'caching proxy' located near or at the network access point of the 'user agent', delegated the authority to operate on behalf of, and typically working in close co-operation with a group of 'user agents‘.

SURROGATESURROGATE A gateway co-located with an origin server, or at a different point in the

network, delegated the authority to operate on behalf of, and typically working in close co-operation with, one or more origin servers. Responses are typically delivered from an internal cache.

OUT-OF-PATH Out-of-Path Content Services are not natively in the transport path of an

application. In other words, they are not necessarily resident (or co-resident) on entities that are natively in the path of application flows.

In-PATHIn-PATH  In-Path Content Services are naturally within the message path of the

application they are associated with. This may be an application proxy, gateway, or in the extreme case, one of the end-hosts, that is party to the application

4

Some DefinitionsPOLICY DECISION POINTPOLICY DECISION POINT

A logical entity that makes policy decisions for itself or for other network elements that request such decisions.

POLICY ENFORCEMENT POINTPOLICY ENFORCEMENT POINT A logical entity that enforces policy decisions.

CONTENT SERVICE NETWORKCONTENT SERVICE NETWORK An overlay network of 'intermediaries' layered onto an

underlying network that incorporate 'content services' that operate on messages flowing through the 'content path'

CONTENT PATHCONTENT PATH Describes the path that content requests and responses

take through the network. Typically, Requests/Responses flow between a client, an 'OPES

intermediary', and a 'content server‘

5

OPES System ModelOPES System Model

Local Exec.Local Exec. Env.Env.

Remote Exec.Remote Exec. Env.Env.

OPES Engine/PEPOPES Engine/PEP

OPESOPESIntermediaryIntermediary

ClientClientContentContentServerServer

AuthenticationAuthenticationAuthorization/PDPAuthorization/PDP

AccountingAccounting

OPES AdminOPES AdminServerServer

Remote Call-outRemote Call-outServerServer

ProvisionProvisionOPESOPES

ContentContentServicesServices

6

OPES Engine ComponentsOPES Engine Components

Rule ModuleRule Module Rule ModuleRule Module

Rule ProcessorRule ProcessorMessage ParserMessage Parser

ProxyletProxylet ProxyletProxyletProxylet LibraryProxylet Library

RemoteRemoteCall-outCall-out

StubStub

RemoteRemoteCall-outCall-out

StubStubRemote Call-outRemote Call-out

SystemSystem

Local Exec. Env.Local Exec. Env. Remote Exec. Env.Remote Exec. Env.

OPES EngineOPES Engine

Remote Call-out Protocol(s)Remote Call-out Protocol(s)

Proxylet Run-timeProxylet Run-timeSystemSystem

ClientsClientsContentContentServersServers(1)(1)

(4)(4)(2)(2)(3)(3)

7

Surrogate Authoritative DomainSurrogate Authoritative Domain

OPESOPESIntermediaryIntermediary

Remote Call-outRemote Call-outServerServer

OPES AdminOPES AdminServerServer

Origin Origin ServerServer

AuthoritativeAuthoritativeDomainDomain

ClientClient

8

Delegate Authoritative DomainDelegate Authoritative Domain

OPESOPESIntermediaryIntermediary

Remote Call-outRemote Call-outServerServer

OPES AdminOPES AdminServerServer

Origin Origin ServerServer

AuthoritativeAuthoritativeDomainDomain

ClientClient

9

Content Service Overlay NetworksContent Service Overlay Networks

OriginServer

Client

Client

Client

Packet Network

Content Network Overlay

Edge Node

Content Services Network Overlay

OPES Engine

Remote Call-outServer

OPES AdminServer

10

Relation to other WorkRelation to other Work

Proxy cache

iCAP ClientOrigin Server

Client

OPESOPES

iCAP Server

P3PP3PWhat I will letWhat I will letsomeone else someone else do with which infodo with which info

P3PP3PSpecify what I doSpecify what I dowith info I collectwith info I collect

CC/PPCC/PPClient device capabilitiesClient device capabilitiesUser preferences………User preferences………

TCN

iCAP

UPIP

ContentContentEdgeEdge

DIWGDIWGDevice CapabilitiesDevice Capabilities

ESIESIObject Level CacheObject Level Cache

11

OPES Complementary effortsOPES Complementary efforts IETF

Transparent Content Negotiation (TCN)

W3C P3P CC/PP DIWG ESI

ICAP Org ICAP

ITU Content Description

(MPEG-21)

Others DRM Policy Audit, Log, Performance,

Fault mgmt Security

12

OPES Issues in IETFOPES Issues in IETF OPES services should be traceable by the application OPES services should be traceable by the application

endpoints of an OPES-involved transaction, endpoints of an OPES-involved transaction, Both service providers and end-users should detect and Both service providers and end-users should detect and

respond to inappropriate behavior by OPES componentsrespond to inappropriate behavior by OPES components Services provided in the OPES framework should be Services provided in the OPES framework should be

reversible by mutual agreement of the application endpointsreversible by mutual agreement of the application endpoints OPES protocol must include authorization as one if its steps, OPES protocol must include authorization as one if its steps,

and this must be by at least one of the of the application-layer and this must be by at least one of the of the application-layer endpoints (i.e. either the content provider or the content endpoints (i.e. either the content provider or the content consumer).consumer).

13

OPES Status in IETFOPES Status in IETF WG status just approvedWG status just approved New CharterNew Charter

Define a framework and protocols to both authorize and invoke Define a framework and protocols to both authorize and invoke distributed application services while maintaining the network's distributed application services while maintaining the network's robustness and end-to-end data integrityrobustness and end-to-end data integrity

Server-centric (administrative domain that includes Server-centric (administrative domain that includes the origin server)the origin server)

client-centric (administrative domain that includes the client-centric (administrative domain that includes the user agent)user agent)

Investigate whether the developed architecture must be to be compatible Investigate whether the developed architecture must be to be compatible with the use of end-to-end integrity and encryptionwith the use of end-to-end integrity and encryption

May need to examine the requirements for both authorization and May need to examine the requirements for both authorization and invocation of application services inside the networkinvocation of application services inside the network

Create an architecture for OPES services applied to application Create an architecture for OPES services applied to application messages, and specify the protocol for HTTP and RTP/RTSPmessages, and specify the protocol for HTTP and RTP/RTSP

Define methods for specification of policies, as well as the rules that Define methods for specification of policies, as well as the rules that enable application endpoints to control execution of such services enable application endpoints to control execution of such services

14

Q&AQ&A