[mdx] Metadata Retrieval From Aggregate Protocol

Chad La Joie chad.lajoie at switch.ch
Sun May 24 08:21:02 PDT 2009 

Sorry, this is later than I wanted, but here are my initial thoughts on 
the protocol for retrieving metadata from an aggregate:

First, I decided to go for a RESTful protocol currently supporting two 
resources. A singular entity descriptor and a collection thereof.

Base URL:
In the following descriptions of HTTP GET retrieval operations a URL 
path format is given.  This path is assumed to be relative to a single 
base URL which MUST include at least a URL scheme and hostname.  A port 
and path are allowed, but not required.  Query parameters and fragements 
are not allowed.  If a path is provided the URL path for operation is 
appended to the end of that path.

Retrieval of Unique Descriptor (RUD) Operation:
   - URL Path Format 'entity/{id}'
      The 'id' is a unique identifier for the entity.  In our case this 
may be either the URL encoded entity ID or the sha1 hash thereof.  All 
IDs starting with an '@' are reserved.

Retrieval of Descriptor Collection (RDC) Operation:
   - URL Path Format 'entity-collection/{id}
      The 'id' is the unique identifier for the collection.  All IDs 
starting with an '@' are reserved.  The id '@all' designates the entire 
collection of entities within the aggregate.

Common Query Parameter:
   - requester - optional - The ID of the requester.  This ID should be 
treated as informational only

Headers:
   - Content-Type - required - Only SAML metadata content type 
(application/samlmetadata+xml) would be supported initially
   - etag - required for RUD, optional for RDC operations - Supports 
intelligent caching and more efficient retrieval given our pull model

Efficient Retrieval:
ETags in conjunction with the 'If-None-Match' header in the request are 
the preferred method for performing conditional retrieval of data.  The 
'Last-Modified' and 'If-Modified-Since' headers provide an additional, 
but less preferred, method of conditional data retrieval.

Caching:
All responses SHOULD carry the header 'Cache-Control: no-cache' such 
that any intermediary, transparent, HTTP caches between the aggregate 
and requester are instructed not cache this information.

Content Encodings:
All aggregate publishers MUST support gzip compression of transfered data

Authentication:
All aggregate published MUST support HTTP BASIC authentication and 
SHOULD support mutual SSL/TLS authentication.

Security Considerations:
  - Any identity claimed by the requester via the 'requester' query 
parameter should not be trusted until it can be verified.  Transport 
level authentication provides one possible mechanism for this verification.
  - A metadata entity, or a collection entities, may be restricted such 
that only a subset of requesters may view them.

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie at switch.ch, http://www.switch.ch

More information about the mdx mailing list