📄 rfc2729.txt
字号:
Example Application: audio feed - 60mins
Active Time
Total time session is active, not including breaks
Type: Time
Strictest Requirement: equals duration
Scope: per stream
Example Application: Spectator sport transmission
Session Burstiness
Expected level of burstiness of the session
Type: Fraction
Meaning: Variance as a fraction of maximum bandwidth
Strictest Requirement: =bandwidth
Scope: per stream
Example Application: commentary & slide show: 90% of max
Bagnall, et al. Informational [Page 14]
RFC 2729 Taxonomy of Communication Requirements December 1999
Atomic join
Session fails unless a certain proportion of the potential
participants accept an invitation to join. Alternatively, may be
specified as a specific numeric quorum.
Type: Fraction (proportion required) or int
(quorum)
Strictest Requirement: 1.0 (proportion)
Example Application: price list update, committee meeting
Scope: per stream or session
NB: whether certain participants are essential
is application dependent.
Late join allowed ?
Does joining a session after it starts make sense
Type: Boolean
Strictest Requirement: allowed
Scope: per stream or session
Example Application: game - not allowed
NB: An application may wish to define an
alternate session if late join is not
allowed
Temporary leave allowed ?
Does leaving and then coming back make sense for session
Type: Boolean
Strictest Requirement: allowed
Scope: per stream or session
Example Application: FTP - not allowed
Late join with catch-up allowed ?
Is there a mechanism for a late joiner to see what they've missed
Type: Boolean
Strictest Requirement: allowed
Scope: per stream or session
Example Application: sports event broadcast, allowed
NB: An application may wish to define an
alternate session if late join is not
allowed
Bagnall, et al. Informational [Page 15]
RFC 2729 Taxonomy of Communication Requirements December 1999
Potential streams per session
Total number of streams that are part of session, whether being
consumed or not
Type: Integer
Strictest Requirement: No upper limit
Scope: per session
Example Application: football match mcast - multiple camera's,
commentary, 15 streams
Active streams per sessions (i.e. max app can handle)
Maximum number of streams that an application can consume
simultaneously
Type: Integer
Strictest Requirement: No upper limit
Scope: per session
Example Application: football match mcast - 6, one main video,
four user selected, one audio commentary
3.2.6. Session Topology
Note: topology may be dynamic. One of the challenges in designing
adaptive protocol frameworks is to predict the topology before the
first join.
Number of senders
The number of senders is a result the middleware may pass up to
the application
Type: Integer
Strictest Requirement: No upper limit
Scope: per stream
Example Application: network MUD - 100
Number of receivers
The number of receivers is a results the middleware may pass up to
the application
Type: Integer
Strictest Requirement: No upper limit
Scope: per stream
Example Application: video mcast - 100,000
Bagnall, et al. Informational [Page 16]
RFC 2729 Taxonomy of Communication Requirements December 1999
3.2.7. Directory
Fail-over timeout (see Reliability: fail-over time)
Mobility
Defines restrictions on when directory entries may be changed
Type: Enumeration
Meaning: while entry is in use
while entry in unused
never
Strictest Requirement: while entry is in use
Scope: per stream
Example Application: voice over mobile phone, while entry is in
use (as phone gets new address when
changing cell).
3.2.8. Security
The strength of any security arrangement can be stated as the
expected cost of mounting a successful attack. This allows mechanisms
such as physical isolation to be considered alongside encryption
mechanisms. The cost is measured in an abstract currency, such as
1970 UD$ (to inflation proof).
Security is an orthogonal requirement. Many requirements can have a
security requirement on them which mandates that the cost of causing
the system to fail to meet that requirement is more than the
specified amount. In terms of impact on other requirements though,
security does potentially have a large impact so when a system is
trying to determine which mechanisms to use and whether the
requirements can be met security will clearly be a major influence.
Authentication Strength
Authentication aims to ensure that a principal is who they claim
to be. For each role in a communication, (e.g. sender, receiver)
there is a strength for the authentication of the principle who
has taken on that role. The principal could be a person,
organization or other legal entity. It could not be a process
since a process has no legal representation.
Type: Abstract Currency
Meaning: That the cost of hijacking a role is in
excess of the specified amount. Each role
is a different requirement.
Bagnall, et al. Informational [Page 17]
RFC 2729 Taxonomy of Communication Requirements December 1999
Strictest Requirement: budget of largest attacker
Scope: per stream
Example Application: inter-governmental conference
Tamper-proofing
This allows the application to specify how much security will be
applied to ensuring that a communication is not tampered with.
This is specified as the minimum cost of successfully tampering
with the communication. Each non-security requirement has a
tamper-proofing requirement attached to it.
Requirement: The cost of tampering with the communication is in
excess of the specified amount.
Type: {
Abstract Currency,
Abstract Currency,
Abstract Currency
}
Meaning: cost to alter or destroy data,
cost to replay data (successfully),
cost to interfere with timeliness.
Scope: per stream
Strictest Requirement: Each budget of largest attacker
Example Application: stock price feed
Non-repudiation strength
The non-repudiation strength defines how much care is taken to
make sure there is a reliable audit trail on all interactions. It
is measured as the cost of faking an audit trail, and therefore
being able to "prove" an untrue event. There are a number of
possible parameters of the event that need to be proved. The
following list is not exclusive but shows the typical set of
requirements.
1. Time 2. Ordering (when relative to other events) 3. Whom 4.
What (the event itself)
There are a number of events that need to be provable. 1. sender
proved sent 2. receiver proves received 3. sender proves received.
Type: Abstract Currency
Meaning: minimum cost of faking or denying an event
Strictest Requirement: Budget of largest attacker
Scope: per stream
Example Application: Online shopping system
Bagnall, et al. Informational [Page 18]
RFC 2729 Taxonomy of Communication Requirements December 1999
Denial of service
There may be a requirement for some systems (999,911,112 emergency
services access for example) that denial of service attacks cannot
be launched. While this is difficult (maybe impossible) in many
systems at the moment it is still a requirement, just one that
can't be met.
Type: Abstract Currency
Meaning: Cost of launching a denial of service
attack is greater than specified amount.
Strictest Requirement: budget of largest attacker
Scope: per stream
Example Application: web hosting, to prevent individual hackers
stalling system.
Action restriction
For any given communication there are a two actions, send and
receive. Operations like adding to members to a group are done as
a send to the membership list. Examining the list is a request to
and receive from the list. Other actions can be generalized to
send and receive on some communication, or are application level
not comms level issues.
Type: Membership list/rule for each action.
Meaning: predicate for determining permission for
role
Strictest Requirement: Send and receive have different policies.
Scope: per stream
Example Application: TV broadcast, sender policy defines
transmitter, receiver policy is null.
NB: Several actions may share the same
membership policy.
Privacy
Privacy defines how well obscured a principals identity is. This
could be for any interaction. A list of participants may be
obscured, a sender may obscure their identity when they send.
There are also different types of privacy. For example knowing two
messages were sent by the same person breaks the strongest type of
privacy even if the identity of that sender is still unknown. For
each "level" of privacy there is a cost associated with violating
it. The requirement is that this cost is excessive for the
attacker.
Bagnall, et al. Informational [Page 19]
RFC 2729 Taxonomy of Communication Requirements December 1999
Type: {
Abstract Currency,
Abstract Currency,
Abstract Currency,
Abstract Currency
}
Meaning: Level of privacy, expected cost to violate
privacy level for:-
openly identified - this is the unprotected
case
anonymously identified - (messages from
the same sender can be linked)
unadvertised (but traceable) - meaning that
traffic can be detected and traced to
it's source or destination, this is a
breach if the very fact that two
specific principals are communicating
is sensitive.
undetectable
Strictest Requirement: All levels budget of attacker
Scope: per stream
Example Application: Secret ballot voting system
openly identified - budget of any
interested party
anonymously identified - zero
unadvertised - zero
undetectable - zero
Confidentiality
Confidentiality defines how well protected the content of a
communication is from snooping.
Type: Abstract Currency
Meaning: Level of Confidentiality, the cost of
gaining illicit access to the content of a
stream
Strictest Requirement: budget of attacker
Scope: per stream
Example Application: Secure email - value of transmitted
information
Retransmit prevention strength
This is extremely hard at the moment. This is not to say it's not
a requirement.
Bagnall, et al. Informational [Page 20]
RFC 2729 Taxonomy of Communication Requirements December 1999
Type: Abstract Currency
Meaning: The cost of retransmitting a secure piece
of information should exceed the specified
amount.
Strictest Requirement: Cost of retransmitting value of
information
Scope: per stream
Membership Criteria
If a principal attempts to participate in a communication then a
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -