Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D.

Published byAmberlynn Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D."— Presentation transcript:

1 1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D. abbieb@nortelnetworks.com

2 2 Summary Summary Presents an overview of OPES model and architecture Core Model Elements are OPES Intermediary OPES Admin Server Remote Call-out Server Introduce Content Services Overlay Networks Current Issues of OPES in IETF

3 3 Some Definitions DELEGATE A 'caching proxy' located near or at the network access point of the 'user agent', delegated the authority to operate on behalf of, and typically working in close co-operation with a group of 'user agents‘.SURROGATE A gateway co-located with an origin server, or at a different point in the network, delegated the authority to operate on behalf of, and typically working in close co-operation with, one or more origin servers. Responses are typically delivered from an internal cache. OUT-OF-PATH Out-of-Path Content Services are not natively in the transport path of an application. In other words, they are not necessarily resident (or co- resident) on entities that are natively in the path of application flows. In-PATH In-Path Content Services are naturally within the message path of the application they are associated with. This may be an application proxy, gateway, or in the extreme case, one of the end-hosts, that is party to the application

4 4 Some Definitions POLICY DECISION POINT A logical entity that makes policy decisions for itself or for other network elements that request such decisions. POLICY ENFORCEMENT POINT A logical entity that enforces policy decisions. CONTENT SERVICE NETWORK An overlay network of 'intermediaries' layered onto an underlying network that incorporate 'content services' that operate on messages flowing through the 'content path' CONTENT PATH Describes the path that content requests and responses take through the network. Typically, Requests/Responses flow between a client, an 'OPES intermediary', and a 'content server‘

5 5 OPES System Model Local Exec. Env. Env. Remote Exec. Env. Env. OPES Engine/PEP OPESIntermediary ClientContentServer Authentication Authorization/PDP Accounting OPES Admin Server Remote Call-out Server ProvisionOPES ContentServices

6 6 OPES Engine Components Rule Module Rule Processor Message Parser ProxyletProxylet Proxylet Library RemoteCall-outStubRemoteCall-outStub Remote Call-out System Local Exec. Env. Remote Exec. Env. OPES Engine Remote Call-out Protocol(s) Proxylet Run-time System Clients ContentServers (1) (4) (2) (3)

7 7 Surrogate Authoritative Domain OPESIntermediary Remote Call-out Server OPES Admin Server OriginServer AuthoritativeDomain Client

8 8 Delegate Authoritative Domain OPESIntermediary Remote Call-out Server OPES Admin Server OriginServer AuthoritativeDomain Client

9 9 Content Service Overlay Networks Origin Server Client Packet Network Content Network Overlay Edge Node Content Services Network Overlay OPES Engine Remote Call-out Server OPES Admin Server

10 10 Relation to other Work Proxy cache iCAP Client Origin Server Client OPES iCAP Server P3P What I will let someone else do with which info P3P Specify what I do with info I collect CC/PP Client device capabilities User preferences……… TCN iCAP UPIP ContentEdge DIWG Device Capabilities ESI Object Level Cache

11 11 OPES Complementary efforts IETF Transparent Content Negotiation (TCN) W3C P3P CC/PP DIWG ESI ICAP Org ICAP ITU Content Description (MPEG-21) Others DRM Policy Audit, Log, Performance, Fault mgmt Security

12 12 OPES Issues in IETF OPES services should be traceable by the application endpoints of an OPES-involved transaction, OPES services should be traceable by the application endpoints of an OPES-involved transaction, Both service providers and end-users should detect and respond to inappropriate behavior by OPES components Both service providers and end-users should detect and respond to inappropriate behavior by OPES components Services provided in the OPES framework should be reversible by mutual agreement of the application endpoints Services provided in the OPES framework should be reversible by mutual agreement of the application endpoints OPES protocol must include authorization as one if its steps, and this must be by at least one of the of the application-layer endpoints (i.e. either the content provider or the content consumer). OPES protocol must include authorization as one if its steps, and this must be by at least one of the of the application-layer endpoints (i.e. either the content provider or the content consumer).

13 13 OPES Status in IETF WG status just approved WG status just approved New Charter New Charter Define a framework and protocols to both authorize and invoke distributed application services while maintaining the network's robustness and end-to-end data integrity Define a framework and protocols to both authorize and invoke distributed application services while maintaining the network's robustness and end-to-end data integrity Server-centric (administrative domain that includes the origin server) Server-centric (administrative domain that includes the origin server) client-centric (administrative domain that includes the user agent) client-centric (administrative domain that includes the user agent) Investigate whether the developed architecture must be to be compatible with the use of end-to-end integrity and encryption Investigate whether the developed architecture must be to be compatible with the use of end-to-end integrity and encryption May need to examine the requirements for both authorization and invocation of application services inside the network May need to examine the requirements for both authorization and invocation of application services inside the network Create an architecture for OPES services applied to application messages, and specify the protocol for HTTP and RTP/RTSP Create an architecture for OPES services applied to application messages, and specify the protocol for HTTP and RTP/RTSP Define methods for specification of policies, as well as the rules that enable application endpoints to control execution of such services Define methods for specification of policies, as well as the rules that enable application endpoints to control execution of such services

14 14 Q&A

Download ppt "1 Open Pluggable Edge Services OPES Abbie Barbir, Ph.D."

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept. 2012.

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
1 Introducing the Specifications of the Metro Ethernet Forum.

1 Introducing the Specifications of the Metro Ethernet Forum.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
1 Understanding Web Services Presented By: Woodas Lai.

1 Understanding Web Services Presented By: Woodas Lai.
Arrow color indicates specific subset of Security Service Desk Common Backplane API. is DC Backplane API impledmented by the Backplane Services. Devices.

Arrow color indicates specific subset of Security Service Desk Common Backplane API. is DC Backplane API impledmented by the Backplane Services. Devices.
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Jacob Boston Josh Pfeifer. Definition of HyperText Transfer Protocol How HTTP works How Websites work GoDaddy.com OSI Model Networking.

Jacob Boston Josh Pfeifer. Definition of HyperText Transfer Protocol How HTTP works How Websites work GoDaddy.com OSI Model Networking.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
Streaming Media Protocols Jani Hautakorpi Henry Pohan.

Streaming Media Protocols Jani Hautakorpi Henry Pohan.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Initial slides for Layered Service Architecture

Initial slides for Layered Service Architecture
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Chapter 13 – Network Security

Chapter 13 – Network Security

Similar presentations

Ads by Google