rfc2651.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   mesh structure like this exists, but is not documented here for
   brevity. See RFC-1913 for more information on the POLLED-BY and
   POLLED-FOR commands.

   It still should be noted that, while these mesh operations are
   important to optimizing the searches that a client should make, the
   client still speaks its native protocol. This information must be
   communicated to the client without causing the client to have to
   understand CIP.








Allen & Mealling            Standards Track                    [Page 13]

RFC 2651                  The CIP Architecture               August 1999


5. Security Considerations

   In this section, we discuss the security considerations necessary
   when making use of this specification. There are at least three
   levels at which security considerations come into play. Indexing
   information can leak undesirable amounts of proprietary information,
   unless carefully controlled. At a more fundamental level, the CIP
   protocol itself requires external security services to operate in a
   safe manner. Lastly, CIP itself can be used to propogate false
   information.

5.1 Secure Indexing

   CIP is designed to index all kinds of data. Some of this data might
   be considered valuable, proprietary, or even highly sensitive by the
   data maintainer. Take, for example, a human resources database.
   Certain bits of data, in moderation, can be very helpful for a
   company to make public. However, the database in its entirety is a
   very valuable asset, which the company must protect. Much experience
   has been gained in the directory service community over the years as
   to how best to walk this fine line between completely revealing the
   database and making useful pieces of it available. There are also
   legal considerations regarding what data can be collected and shared.

   Another example where security becomes a problem is for a data
   publisher who'd like to participate in a CIP mesh. The data that
   publisher creates and manages is the prime asset of the company.
   There is a financial incentive to participate in a CIP mesh, since
   exporting indices of the data will make it more likely that people
   will search your database. (Making profit off of the search activity
   is left as an exercise to the entrepreneur.) Once again, the index
   must be designed carefully to protect the database while providing a
   useful synopsis of the data.

   One of the basic premises of CIP is that data providers will be
   willing to provide indices of their data to peer indexing servers.
   Unless they are carefully constructed, these indices could constitute
   a threat to the security of the database. Thus, security of the data
   must be a prime consideration when developing a new index object
   type. The risk of reverse engineering a database based only on the
   index exported from it must be kept to a level consistent with the
   value of the data and the need for fine-grained indexing.

   Lastly, mesh organizers should be aware that the insertion of false
   data into a mesh can be used as part of an attack. Depending on the
   type of mesh and aggregation algorithms, an index can selectivly
   prune parts of a mesh. Also, since CIP is used to discover




Allen & Mealling            Standards Track                    [Page 14]

RFC 2651                  The CIP Architecture               August 1999


   information, it will be the target for the advertisement of false
   information. CIP does not provide a method for trusting the data that
   it contains.

Acknowledgments

   Thanks to the many helpful members of the FIND working group for
   discussions leading to this specification.

   Specific acknowledgment is given to Jeff Allen formerly of Bunyip
   Information Systems. His original version of these documents helped
   enormously in crystallizing the debate and consensus. Most of the
   actual text in this document was originally authored by Jeff.  Jeff
   is no longer involved with the FIND Working Group or with editing
   this document. His authorship is preserved by a specific decision of
   the current editor.

Authors' Addresses

   Jeff R. Allen
   246 Hawthorne St.
   Palo Alto, CA 94301

   EMail: jeff.allen@acm.org


   Michael Mealling
   Network Solutions, Inc.
   505 Huntmar Park Drive
   Herndon, VA 22070

   Phone: (703) 742-0400
   EMail: michael.mealling@RWhois.net


















Allen & Mealling            Standards Track                    [Page 15]

RFC 2651                  The CIP Architecture               August 1999


References

   [RFC1913]       Weider, C., Fullton, J. and S. Spero, "Architecture
                   of the Whois++Index Service", RFC 1913, February
                   1996.

   [RFC1914]       Faltstrom, P., Schoultz, R. and C. Weider, "How to
                   Interact with a Whois++ Mesh", RFC 1914, February
                   1996.

   [CIP-MIME]      Allen, J. and  M. Mealling, "MIME Object Definitions
                   for the Common Indexing Protocol (CIP)", RFC 2652,
                   August 1999.

   [CIP-TRANSPORT] Allen, J. and  P. Leach, "CIP Transport Protocols",
                   RFC 2653, August 1999.



































Allen & Mealling            Standards Track                    [Page 16]

RFC 2651                  The CIP Architecture               August 1999


Appendix A: Glossary

   application domain:  A problem domain to which CIP is applied which
      has indexing requirements which are not subsumed by any existing
      problem domain. Separate application domains require separate
      index object specifications, and potentially separate CIP meshes.
      See index object specification.

   centroid:  An index object type used with Whois++. In CIP versions
      before version 3, the index was not extensible, and could only
      take the form of a centroid. A centroid is a list of (template
      name, attribute name, token) tuples with duplicate removed.

   dataset:  A collection of data (real or virtual) over which an index
      is created. When a CIP server aggregates two or more indices, the
      resultant index represents the index from a "virtual dataset",
      spanning the previous two datasets.

   Dataset Identifier:  An identifier chosen from any part of the
      ISO/CCITT OID space which uniquely identifies a given dataset
      among all datasets indexed by CIP.

   DSI:  See Dataset Identifier.

   DSI-description:  A human readable string optionally carried along
      with DSI's to make them more user-friendly. See dataset
      Identifier.

   index:  A summary or compressed form of a body of data. Examples
      include a unique list of words, a codified full text analysis, a
      set of keywords, etc.

   index object:  The embodiment of the indices passed by CIP. An index
      object consists of some control attributes and an opaque payload.

   index object specification:  A document describing an index object
      type for use with the CIP system described in this document. See
      index object and payload.

   index pushing:  The act of presenting, unsolicited, an index to a
      peer CIP server.

   MIME:  see Multipurpose Internet Mail Extensions








Allen & Mealling            Standards Track                    [Page 17]

RFC 2651                  The CIP Architecture               August 1999


   Multipurpose Internet Mail Extensions:  A set of rules for encoding
      Internet Mail messages that gives them richer structure. CIP uses
      MIME rules to simplify object encoding issues. MIME is specified
      in RFC-1521 and RFC-1522.

   payload:  The application domain specific indexing information stored
      inside an index object. The format of the payload is specified
      externally to this document, and depends on the type of the
      containing index object.

   polled server:  A CIP server which receives a request to generate and
      pass an index to a peer server.

   polling server:  A CIP server which generates a request to a peer
      server for its index.

   referral chain:  The set of referrals generated by the process of
      routing a query. See query routing.

   query routing:  Based on reference to indexing information,
      redirecting and replicating queries through a distributed database
      system towards the servers holding the actual results.





























Allen & Mealling            Standards Track                    [Page 18]

RFC 2651                  The CIP Architecture               August 1999


6.  Full Copyright Statement

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Allen & Mealling            Standards Track                    [Page 19]