Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 2872

Application and Sub Application Identity Policy Element for Use with RSVP

Pages: 6
Proposed Standard

ToP   noToC   RFC2872 - Page 1
Network Working Group                                        Y. Bernet
Request for Comments: 2872                                  R. Pabbati
Category: Standards Track                                    Microsoft
                                                             June 2000


      Application and Sub Application Identity Policy Element for
                             Use with RSVP

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Abstract

RSVP [RFC 2205] signaling messages typically include policy data objects, which in turn contain policy elements. Policy elements may describe user and/or application information, which may be used by RSVP aware network elements to apply appropriate policy decisions to a traffic flow. This memo details the usage of policy elements that provide application information.

1. Overview

RSVP aware network elements may act as policy enforcement points (PEPs). These work together with policy decision points (PDPs) to enforce QoS policy. Briefly, PEPs extract policy information from RSVP signaling requests and compare the information against information stored by a PDP in a (possibly remotely located) policy database or directory. A policy decision is made based on the results of the comparison.
ToP   noToC   RFC2872 - Page 2
   One type of policy information describes the application on behalf of
   which an RSVP signaling request is generated. When application policy
   information is available, network administrators are able to manage
   QoS based on application type. So, for example, a network
   administrator may establish a policy that prioritizes known mission-
   critical applications over games.

   This memo describes a structure for a policy element that can be used
   to identify application traffic flows. The policy element includes a
   number of attributes, one of which is a policy locator. This policy
   locator includes the following hierarchically ordered sub-elements
   (in descending levels of hierarchy):

      1. identifier that uniquely identifies the application vendor
      2. identifier of the application
      3. version number of the application
      4. sub-application identifier

   An arbitrary number of sub-application identifiers may be included in
   the policy locator. An example of such an identifier is 'print
   transaction'.

   This memo specifies the structure of the application policy element
   and proposes keywords for the sub-elements at each level of the
   hierarchy. It does not enumerate specific values for the sub-
   elements: such an enumeration is beyond the scope of this memo.

2. Simple Application Identity Policy Element Structure

General application identity policy elements are defined in [RFC2752]. These are policy elements with a P-type of AUTH_APP. Following the policy element header is a list of authentication attributes. The first authentication attribute is of the A-type POLICY_LOCATOR. The sub-type of the POLICY_LOCATOR attribute is of type ASCII_DN [RFC1779] or UNICODE_DN. The actual attribute data is formatted as an X.500 distinguished name (DN), representing a globally unique identifier, the application, version number and sub-application in a hierarchical structure. The POLICY_LOCATOR attribute contains keywords as described in section 2. For further details on the format of the POLICY_LOCATOR attribute, see [RFC2752]. The second authentication attribute is of the A-type CREDENTIAL. The sub-type of the CREDENTIAL attribute is of type ASCII_ID or UNICODE_ID. The actual attribute data is an ASCII or Unicode string representing the application name. This structure is illustrated in the following diagram:
ToP   noToC   RFC2872 - Page 3
               0              1               2               3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |    PE Length (8)              |   P-type = AUTH_APP           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |    Attribute Length           |   A-type =    |  Sub-type =   |
      |                               | POLICY_LOCATOR|   ASCII_DN    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      | Application policy locator attribute data in X.500 DN format  |
      |                         (see below)                           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |    Attribute Length           |   A-type =    |  Sub-type =   |
      |                               |   CREDENTIAL  |   ASCII_ID    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                 Application name as ASCII string              |
      |                         (e.g. SAP.EXE)                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following keywords are recommended although others MAY be used:

   Key  Attribute
   --------------
   GUID Globally Unique Identifier (optional)
   APP  Application Name
   VER  Application Version Number
   SAPP Sub Application (optional)

   The following are examples of conformant policy locators:

   "APP=SAP, VER=1.1, SAPP=Print"

   "GUID=http://www.microsoft.com/apps, APP=MyApplication, VER=1.2.3"

   The APP, VER and SAPP attributes SHOULD describe the application to a
   human reader in as unique and unambiguous a way as possible. The GUID
   attribute MAY be used when absolute uniqueness of application
   identification is required and its contents MUST be an identifier
   from a globally-unique source (e.g. domain names as assigned by the
   corresponding registration authorities). Note that publication of the
   chosen identifiers in a suitable format is strongly encouraged.
ToP   noToC   RFC2872 - Page 4

3. Security Considerations

The proposed simple policy element does not guarantee that element is indeed associated with the application it claims to be associated with. In order to provide such guarantees, it is necessary to sign applications. Signed application policy elements may be proposed at a future date. Note that, typically, the application policy element will be included in an RSVP message with an encrypted and authenticated user policy element. A level of security is provided by trusting the application policy element only if the user policy element is trusted. All RSVP integrity considerations apply to the message containing the application policy element.

4. References

[RFC2205] Braden, R., Zhang, L., Berson, L., Herzog, S. and S. Jamin, "Resource Reservation Protocol (RSVP) - Version 1 Functional Specification", RFC 2205, September 1997. [RFC1779] Kille, S., "A String Representation of Distinguished Names", RFC 1779, March 1995. [RFC2752] Yadav, S., Yavatkar, R., Pabbati, R,. Ford, P., Moore, T. and S. Herzog, "Identity Representation for RSVP", RFC 2752, January 2000. [ASCII] Coded Character Set -- 7-Bit American Standard Code for Information Interchange, ANSI X3.4-1986. [UNICODE] The Unicode Consortium, "The Unicode Standard, Version 2.0", Addison-Wesley, Reading, MA, 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

5. Acknowledgments

Thanks to Tim Moore, Shai Mohaban, Andrew Smith, Ulrich Homann and other contributors to the IETF's RAP WG for their input.
ToP   noToC   RFC2872 - Page 5

6. Authors' Addresses

Yoram Bernet Microsoft One Microsoft Way Redmond, WA 98052 Phone: (425) 936-9568 EMail: yoramb@microsoft.com Ramesh Pabbati One Microsoft Way Redmond, WA 98052 EMail: rameshpa@microsoft.com
ToP   noToC   RFC2872 - Page 6

7. Full Copyright Statement

Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.