📄 rfc3340.txt
字号:
administrative domain may choose to treat the two endpoints
identically for the purposes of routing and delivery.
Finally, note that if an APEX endpoint is represented using a
transmission encoding, then, prior to comparison, the encoding is
reversed. For example, if the URL encoding is used, then
"apex:fred@example.com" is identical to "apex:f%72ed@example.com".
3. Service Provisioning
3.1 Connection Establishment
The SRV algorithm [5] is used to determine the IP/TCP addressing
information assigned to the relays for an administrative domain
identified by a FQDN:
service: "apex-edge" (for the endpoint-relay mode), or "apex-mesh"
(for the relay-relay mode);
protocol: "tcp"; and,
domain: the administrative domain.
Rose, et. al. Standards Track [Page 7]
RFC 3340 The Application Exchange Core July 2002
If the administrative domain is identified by a domain-literal, then
the IP address information is taken directly from the literal and the
TCP port number used is assigned by the IANA for the registration in
Section 8.2.
3.2 Authentication
Authentication is a matter of provisioning for each BEEP peer (c.f.,
Section 4.5).
An APEX relay might be provisioned to allow a BEEP peer identity to
coincide with a given endpoint identity. For example, a relay in the
"example.com" administrative domain may be configured to allow a BEEP
peer identified as "fred@example.com" to be authorized to attach as
the APEX endpoint "fred@example.com".
3.3 Authorization
Authorization is a matter of provisioning for each BEEP peer (c.f.,
Section 4.5).
Typically, a relay requires that its BEEP peer authenticate as a
prelude to authorization, but an endpoint usually does not require
the same of its BEEP peer.
3.4 Confidentiality
Confidentiality is a matter of provisioning for each BEEP peer.
Typically, any data considered sensitive by an originating endpoint
will have its content encrypted for the intended recipient
endpoint(s), rather than relying on hop-by-hop encryption.
Similarly, an originating endpoint will sign the content if end-to-
end authentication is desired.
3.5 Relaying Integrity
Data are relayed according to SRV entries in the DNS. Accordingly,
relaying integrity is a function of the DNS and the applications
making use of the DNS. Additional assurance is provided if the BEEP
initiator requires that the BEEP listener authenticate itself.
Rose, et. al. Standards Track [Page 8]
RFC 3340 The Application Exchange Core July 2002
3.6 Traffic Analysis
Hop-by-hop protection of data transmitted through the relaying mesh
(endpoint identities and content) is afforded at the BEEP level
through the use of a transport security profile. Other traffic
characteristics, e.g., volume and timing of transmissions, are not
protected from third-party analysis.
4. The APEX
Section 8.1 contains the BEEP profile registration for APEX.
4.1 Use of XML and MIME
Each BEEP payload exchanged via APEX consists of an XML document and
possibly an arbitrary MIME content.
If only an XML document is sent in the BEEP payload, then the mapping
to a BEEP payload is straight-forward, e.g.,
C: MSG 1 2 . 111 39
C: Content-Type: application/beep+xml
C:
C: <terminate transID='1' />
C: END
Otherwise, if an arbitrary MIME content is present, it is indicated
by a URI-reference [6] in the XML control document. The URI-
reference may contain an absolute-URI (and possibly a fragment-
identifier), or it may be a relative-URI consisting only of a
fragment-identifier. Arbitrary MIME content is included in the BEEP
payload by using a "multipart/related" [7], identified using a "cid"
URL [8], and the XML control document occurs as the start of the
"multipart/related", e.g.,
C: MSG 1 1 . 42 1234
C: Content-Type: multipart/related; boundary="boundary";
C: start="<1@example.com>";
C: type="application/beep+xml"
C:
C: --boundary
C: Content-Type: application/beep+xml
C: Content-ID: <1@example.com>
C:
C: <data content='cid:2@example.com'>
C: <originator identity='fred@example.com' />
C: <recipient identity='barney@example.com' />
C: </data>
Rose, et. al. Standards Track [Page 9]
RFC 3340 The Application Exchange Core July 2002
C: --boundary
C: Content-Type: image/gif
C: Content-Transfer-Encoding: binary
C: Content-ID: <2@example.com>
C:
C: ...
C: --boundary--
C: END
Because BEEP provides an 8bit-wide path, a "transformative" Content-
Transfer-Encoding (e.g., "base64" or "quoted-printable") should not
be used. Further, note that MIME [9] requires that the value of the
"Content-ID" header be globally unique.
If the arbitrary MIME content is itself an XML document, it may be
contained within the control document directly as a "data-content"
element, and identified using a URI-reference consisting of only a
fragment-identifier, e.g.,
C: MSG 1 1 . 42 295
C: Content-Type: application/beep+xml
C:
C: <data content='#Content'>
C: <originator identity='fred@example.com' />
C: <recipient identity='barney@example.com' />
C: <data-content Name='Content'>
C: <statusResponse transID='86'>
C: <destination identity='barney@example.com'>
C: <reply code='250' />
C: </destination>
C: </statusResponse>
C: </data-content>
C: </data>
C: END
4.2 Profile Identification and Initialization
The APEX is identified as
http://iana.org/beep/APEX
in the BEEP "profile" element during channel creation.
No elements are required to be exchanged during channel creation;
however, in the endpoint-relay mode, the BEEP initiator will
typically include an "attach" element during channel creation, e.g.,
Rose, et. al. Standards Track [Page 10]
RFC 3340 The Application Exchange Core July 2002
<start number='1'>
<profile uri='http://iana.org/beep/APEX'>
<![CDATA[<attach endpoint='fred@example.com'
transID='1' />]]>
</profile>
</start>
Similarly, in the relay-relay mode, the BEEP initiator will typically
include an "bind" element during channel creation, e.g.,
<start number='1'>
<profile uri='http://iana.org/beep/APEX'>
<![CDATA[<bind relay='example.com'
transID='1' />]]>
</profile>
</start>
4.3 Message Syntax
Section 9.1 defines the BEEP payloads that are used in the APEX.
4.4 Message Semantics
4.4.1 The Attach Operation
When an application wants to attach to the relaying mesh as a given
endpoint, it sends an "attach" element to a relay, e.g.,
+-------+ +-------+
| | -- attach -----> | |
| appl. | | relay |
| | <--------- ok -- | |
+-------+ +-------+
C: <attach endpoint='fred@example.com' transID='1' />
S: <ok />
or
+-------+ +-------+
| | -- attach -----> | |
| | | |
| | <--------- ok -- | |
| appl. | | relay |
| | -- attach -----> | |
| | | |
| | <--------- ok -- | |
+-------+ +-------+
Rose, et. al. Standards Track [Page 11]
RFC 3340 The Application Exchange Core July 2002
C: <attach endpoint='fred@example.com' transID='1' />
S: <ok />
C: <attach endpoint='wilma@example.com' transID='2' />
S: <ok />
or
+-------+ +-------+
| | -- attach -----> | |
| appl. | | relay |
| | <------ error -- | |
+-------+ +-------+
C: <attach endpoint='fred@example.com' transID='1' />
S: <error code='537'>access denied</error>
The "attach" element has an "endpoint" attribute, a "transID"
attribute, and contains zero or more "option" elements:
o the "endpoint" attribute specifies the endpoint that the
application wants to attach as;
o the "transID" attribute specifies the transaction-identifier
associated with this operation; and,
o the "option" elements, if any, specify additional processing
options (Section 5).
When a relay receives an "attach" element, it performs these steps:
1. If the transaction-identifier refers to a previous, non-terminated
operation on this BEEP channel, an "error" element having code 555
is returned.
2. If the relay is in a different administrative domain than this
endpoint, an "error" element having code 553 is returned.
3. If the application is not authorized to attach as this endpoint
(c.f., Section 4.5.1), an "error" element having code 537 is
returned.
4. If any options are present, they are processed.
5. If another application has already attached as this endpoint, an
"error" element having code 554 is returned.
6. Otherwise, the application is bound as this endpoint, and an "ok"
element is returned.
Rose, et. al. Standards Track [Page 12]
RFC 3340 The Application Exchange Core July 2002
4.4.2 The Bind Operation
When an application wants to identify itself as a relay, it sends a
"bind" element to another relay, e.g.,
+-------+ +-------+
| | -- bind -------> | |
| relay | | relay |
| #1 | <--------- ok -- | #2 |
+-------+ +-------+
C: <bind relay='example.com' transID='1' />
S: <ok />
or
+-------+ +-------+
| | -- bind -------> | |
| | | |
| | <--------- ok -- | |
| relay | | relay |
| #1 | -- bind -------> | #2 |
| | | |
| | <--------- ok -- | |
+-------+ +-------+
C: <bind relay='example.com' transID='1' />
S: <ok />
C: <bind relay='rubble.com' transID='2' />
S: <ok />
or
+-------+ +-------+
| | -- bind -------> | |
| relay | | relay |
| #1 | <------ error -- | #2 |
+-------+ +-------+
C: <bind relay='example.com' transID='1' />
S: <error code='537'>access denied</error>
The "bind" element has a "relay" attribute, a "transID" attribute,
and contains zero or more "option" elements:
o the "relay" attribute specifies the administrative domain on whose
behalf the application wants to serve;
Rose, et. al. Standards Track [Page 13]
RFC 3340 The Application Exchange Core July 2002
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -