Internet Engineering Task Force (IETF)                    K. Sankar, Ed.
Request for Comments: 6208                                         Cisco
Category: Informational                                         A. Jones
ISSN: 2070-1721                                                     SNIA
                                                              April 2011
        
Internet Engineering Task Force (IETF)                    K. Sankar, Ed.
Request for Comments: 6208                                         Cisco
Category: Informational                                         A. Jones
ISSN: 2070-1721                                                     SNIA
                                                              April 2011
        

Cloud Data Management Interface (CDMI) Media Types

云数据管理接口(CDMI)媒体类型

Abstract

摘要

This document describes several Internet media types defined for the Cloud Data Management Interface (CDMI) by the Storage Networking Industry Association (SNIA). The media types are:

本文档介绍了存储网络行业协会(SNIA)为云数据管理接口(CDMI)定义的几种互联网媒体类型。媒体类型包括:

o application/cdmi-object

o 应用程序/cdmi对象

o application/cdmi-container

o 应用程序/cdmi容器

o application/cdmi-domain

o 应用程序/cdmi域

o application/cdmi-capability

o 应用程序/cdmi功能

o application/cdmi-queue

o 应用程序/cdmi队列

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6208.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6208.

Copyright Notice

版权公告

Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2011 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................3
      1.1. Requirements Language ......................................3
   2. Cloud Data Management Domain and Its Relevance ..................3
   3. Processing Guidelines ...........................................4
      3.1. Media Type: application/cdmi-object ........................4
      3.2. Media Type: application/cdmi-container .....................4
      3.3. Media Type: application/cdmi-domain ........................5
      3.4. Media Type: application/cdmi-capability ....................5
      3.5. Media Type: application/cdmi-queue .........................5
   4. Transport Considerations ........................................6
   5. IANA Considerations .............................................6
      5.1. Media Type: application/cdmi-object ........................6
      5.2. Media Type: application/cdmi-container .....................7
      5.3. Media Type: application/cdmi-domain ........................8
      5.4. Media Type: application/cdmi-capability ....................9
      5.5. Media Type: application/cdmi-queue ........................10
   6. Security Considerations ........................................11
      6.1. Confidentiality and Integrity .............................11
      6.2. Access Control ............................................11
      6.3. Audit .....................................................12
      6.4. JSON Security Considerations ..............................12
      6.5. Executable/Active Content .................................12
   7. Acknowledgements ...............................................12
   8. References .....................................................12
      8.1. Normative References ......................................12
      8.2. Informative References ....................................13
        
   1. Introduction ....................................................3
      1.1. Requirements Language ......................................3
   2. Cloud Data Management Domain and Its Relevance ..................3
   3. Processing Guidelines ...........................................4
      3.1. Media Type: application/cdmi-object ........................4
      3.2. Media Type: application/cdmi-container .....................4
      3.3. Media Type: application/cdmi-domain ........................5
      3.4. Media Type: application/cdmi-capability ....................5
      3.5. Media Type: application/cdmi-queue .........................5
   4. Transport Considerations ........................................6
   5. IANA Considerations .............................................6
      5.1. Media Type: application/cdmi-object ........................6
      5.2. Media Type: application/cdmi-container .....................7
      5.3. Media Type: application/cdmi-domain ........................8
      5.4. Media Type: application/cdmi-capability ....................9
      5.5. Media Type: application/cdmi-queue ........................10
   6. Security Considerations ........................................11
      6.1. Confidentiality and Integrity .............................11
      6.2. Access Control ............................................11
      6.3. Audit .....................................................12
      6.4. JSON Security Considerations ..............................12
      6.5. Executable/Active Content .................................12
   7. Acknowledgements ...............................................12
   8. References .....................................................12
      8.1. Normative References ......................................12
      8.2. Informative References ....................................13
        
1. Introduction
1. 介绍

The Cloud Data Management Interface (CDMI) [CDMI-1], developed by the Storage Networking Industry Association (SNIA), is the functional interface that applications will use to create, retrieve, update, and delete data elements from the cloud. As part of this interface, the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface.

云数据管理接口(CDMI)[CDMI-1]由存储网络行业协会(SNIA)开发,是应用程序用于从云中创建、检索、更新和删除数据元素的功能接口。作为此接口的一部分,客户机将能够发现云存储产品的功能,并使用此接口管理容器和放置在其中的数据。此外,可以通过此接口在容器及其包含的数据元素上设置元数据。

1.1. Requirements Language
1.1. 需求语言

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。

2. Cloud Data Management Domain and Its Relevance
2. 云数据管理领域及其相关性

A storage cloud is a storage service hosted either on premise or off premise, across a network. An important part of the cloud model, in general, is the concept of a pool of resources that are drawn from, on demand, in small increments (smaller than what one would typically purchase by buying equipment). By abstracting data storage behind a set of service interfaces and delivering it on demand, a wide range of actual offerings and implementations are possible. The only type of storage that is excluded from this definition is that which is delivered based on fixed capacity increments rather than on demand.

存储云是一种存储服务,通过网络托管在内部或外部。通常,云模型的一个重要部分是资源池的概念,这些资源是按需以小增量(比通常通过购买设备购买的资源要小)从中提取的。通过将数据存储抽象到一组服务接口后面并按需交付,可以提供广泛的实际产品和实现。此定义中排除的唯一存储类型是基于固定容量增量而不是按需提供的存储。

The CDMI defines a set of functional interfaces (data paths) and management interfaces (control paths) to create, retrieve, update, and delete data elements from a storage cloud. Another important concept in this standard is that of metadata. When managing large amounts of data with differing requirements, metadata is a convenient mechanism to express those requirements in such a way that underlying data services can differentiate their treatment of the data to meet those requirements. CDMI also defines an extensible metadata system for storage clouds.

CDMI定义了一组功能接口(数据路径)和管理接口(控制路径),用于从存储云创建、检索、更新和删除数据元素。本标准中的另一个重要概念是元数据。在管理具有不同需求的大量数据时,元数据是一种方便的机制,它可以以这样一种方式表达这些需求,即底层数据服务可以区分它们对数据的处理以满足这些需求。CDMI还为存储云定义了一个可扩展的元数据系统。

As part of the CDMI interface, the client will be able to discover the capabilities of the cloud storage offering and to use this interface to manage containers and the data that is placed in them. In addition, system metadata can be added to containers and their contained data elements through this interface.

作为CDMI接口的一部分,客户机将能够发现云存储产品的功能,并使用此接口管理容器和放置在其中的数据。此外,可以通过此接口将系统元数据添加到容器及其包含的数据元素中。

The hierarchy that CDMI defines is as follows:

CDMI定义的层次结构如下:

o The basic element of storage is an object.

o 存储的基本元素是对象。

o Objects are stored in a container hierarchy.

o 对象存储在容器层次结构中。

o CDMI also defines an object, called a queue, which has special properties for in-order, first-in, first-out creation and fetching of queue objects, similar to a container of data objects.

o CDMI还定义了一个称为队列的对象,它具有队列对象的顺序、先进先出创建和获取的特殊属性,类似于数据对象的容器。

o A cloud offering can also support domains, which allow administrative ownership to be associated with stored objects. Domains can also be hierarchical, allowing for corporate domains with multiple children domains for departments or individuals. The domain concept is also used to map Access Control Lists (ACLs) to principals as well as to aggregate usage data that is used to bill, meter, and monitor cloud usage. (Note: The CDMI "domain" defined here is not a DNS domain name as specified in [RFC1076] and [RFC1024]).

o 云产品还可以支持域,域允许管理所有权与存储对象相关联。域也可以是层次结构的,允许企业域具有多个子域,用于部门或个人。域概念还用于将访问控制列表(ACL)映射到主体,以及聚合用于计费、计量和监视云使用情况的使用数据。(注意:此处定义的CDMI“域”不是[RFC1076]和[RFC1024]中指定的DNS域名)。

o Finally, a capabilities resource and associated URI [RFC3986] allows a client to discover the capabilities of the offering and its implementation of CDMI.

o 最后,功能资源和相关URI[RFC3986]允许客户机发现产品的功能及其CDMI实现。

3. Processing Guidelines
3. 处理指南

This section summarizes the processing of each media type. This document provides only the essential information. The CDMI specification [CDMI-1], which has more details and appropriate examples, is the final authority on the processing aspects.

本节总结了每种媒体类型的处理。本文件仅提供基本信息。CDMI规范[CDMI-1]具有更多细节和适当示例,是处理方面的最终权威。

3.1. Media Type: application/cdmi-object
3.1. 媒体类型:应用程序/cdmi对象

A CDMI object is the basic storage element in a CDMI system and is analogous to a file within a filesystem. The object is represented in the CDMI interface in JavaScript Object Notation (JSON) format [RFC4627]. (See the JSON web site at [JSON-1] for general information about JSON). Each data object has a set of well-defined fields that includes a single value and optional metadata. The implementations are free to store the data in any form they choose, but the application/cdmi-object SHOULD be represented in the CDMI interface as defined in Section 8 of the CDMI specification [CDMI-1].

CDMI对象是CDMI系统中的基本存储元素,类似于文件系统中的文件。该对象在CDMI接口中以JavaScript对象表示法(JSON)格式[RFC4627]表示。(有关JSON的一般信息,请参见[JSON-1]上的JSON网站)。每个数据对象都有一组定义良好的字段,其中包括单个值和可选元数据。实现可以自由地以他们选择的任何形式存储数据,但是应用程序/cdmi对象应该在cdmi接口中表示,如cdmi规范[cdmi-1]第8节所定义。

3.2. Media Type: application/cdmi-container
3.2. 媒体类型:应用程序/cdmi容器

A container object is the fundamental grouping of stored data within CDMI and is analogous to a directory within a filesystem. Each container has zero or more child objects and a set of well-defined

容器对象是CDMI中存储数据的基本分组,类似于文件系统中的目录。每个容器都有零个或多个子对象和一组定义良好的

fields that includes standardized and custom metadata. A container can include other containers similar to sub-directories in a filesystem. The implementations are free to represent the container in any form they choose, but the application/cdmi-container SHOULD be represented in the CDMI interface as defined in Section 9 of the CDMI specification [CDMI-1].

包含标准化和自定义元数据的字段。容器可以包括与文件系统中的子目录类似的其他容器。实现可以自由地以其选择的任何形式表示容器,但应用程序/cdmi容器应在cdmi接口中表示,如cdmi规范[cdmi-1]第9节所定义。

3.3. Media Type: application/cdmi-domain
3.3. 媒体类型:应用程序/cdmi域

Domain objects represent the concept of administrative ownership of stored data within a CDMI storage system. A CDMI offering may include a hierarchy of domains that provide access to domain-related information within a CDMI context. This domain hierarchy is a series of CDMI objects that correspond to parent and child domains, with each domain corresponding to logical groupings of objects that are to be managed together. Section 10 of the CDMI specification [CDMI-1] details the information content, representation, and processing of domain objects.

域对象表示CDMI存储系统中存储数据的管理所有权概念。CDMI产品可以包括域的层次结构,这些域在CDMI上下文中提供对域相关信息的访问。此域层次结构是一系列对应于父域和子域的CDMI对象,每个域对应于要一起管理的对象的逻辑分组。CDMI规范[CDMI-1]的第10节详细介绍了域对象的信息内容、表示和处理。

3.4. Media Type: application/cdmi-capability
3.4. 媒体类型:应用程序/cdmi功能

Capability objects form a special class of container objects that allows a CDMI client to discover what subset of the CDMI standard is implemented by a CDMI provider. For each URI in a CDMI system, the set of interactions that the system is capable of performing against that URI is described by the presence of named "capabilities". Each capability present for a given URI indicates what functionality the cloud storage system will allow against that URI. Capabilities are always static. Section 12 of the CDMI specification [CDMI-1] details the representation and processing of capability objects.

能力对象形成了一类特殊的容器对象,它允许CDMI客户机发现CDMI提供者实现了CDMI标准的哪一个子集。对于CDMI系统中的每个URI,系统能够针对该URI执行的交互集由命名的“功能”的存在来描述。给定URI的每个功能都指示云存储系统将针对该URI允许哪些功能。能力总是静态的。CDMI规范[CDMI-1]第12节详细说明了能力对象的表示和处理。

3.5. Media Type: application/cdmi-queue
3.5. 媒体类型:应用程序/cdmi队列

Queues are a special class of container object and are used to provide first-in, first-out access when storing and retrieving data. A queue writer PUTs objects in the queue, and a queue reader GETs objects from the queue, acknowledging the receipt of the last object that it received. Queuing provides a simple mechanism for one or more writers to send data to a single reader in a reliable way. If queues are supported by the cloud storage system, cloud clients create the queue objects by using the same mechanism used to create data objects. Section 11 of the CDMI specification [CDMI-1] details the operations and processing of queue objects.

队列是一类特殊的容器对象,用于在存储和检索数据时提供先进先出的访问。队列编写器将对象放入队列,队列读取器从队列中获取对象,并确认接收到最后一个对象。排队为一个或多个写入程序以可靠的方式向单个读取器发送数据提供了一种简单的机制。如果云存储系统支持队列,则云客户端将使用与创建数据对象相同的机制创建队列对象。CDMI规范[CDMI-1]的第11节详细介绍了队列对象的操作和处理。

4. Transport Considerations
4. 运输考虑

The CDMI operates over HTTP [RFC2616] and does not make sense outside the HTTP realm. We do not expect the CDMI to operate over other protocols nor to use a transport protocol, such as TCP [RFC793], directly.

CDMI在HTTP[RFC2616]上运行,在HTTP领域之外没有意义。我们不希望CDMI通过其他协议运行,也不希望直接使用传输协议,如TCP[RFC793]。

5. IANA Considerations
5. IANA考虑

IANA has registered the following media types:

IANA已注册以下媒体类型:

o application/cdmi-object

o 应用程序/cdmi对象

o application/cdmi-container

o 应用程序/cdmi容器

o application/cdmi-domain

o 应用程序/cdmi域

o application/cdmi-capability

o 应用程序/cdmi功能

o application/cdmi-queue

o 应用程序/cdmi队列

5.1. Media Type: application/cdmi-object
5.1. 媒体类型:应用程序/cdmi对象

Type name: application

类型名称:应用程序

Subtype name: cdmi-object

子类型名称:cdmi对象

Required parameters: none

所需参数:无

Optional parameters: none

可选参数:无

Encoding considerations: Assumes that the representation is always UTF-8 as defined in [RFC3629] and 8bit as defined in [RFC4288]

编码注意事项:假设表示总是[RFC3629]中定义的UTF-8和[RFC4288]中定义的8bit

Security considerations: See Section 6 of RFC 6208

安全注意事项:见RFC 6208第6节

Interoperability considerations: none

互操作性注意事项:无

Published specification: RFC 6208

已发布规范:RFC 6208

Applications that use this media type: Implementations of the Cloud Data Management Interface (CDMI) defined by the Storage Networking Industry Association (SNIA)

使用此媒体类型的应用程序:存储网络行业协会(SNIA)定义的云数据管理接口(CDMI)的实现

Additional information:

其他信息:

      Magic number(s): n/a
        
      Magic number(s): n/a
        

File extension(s): .cdmio

文件扩展名:.cdmio

Macintosh file type code(s): TEXT

Macintosh文件类型代码:文本

Person and email address to contact for further information: Arnold Jones, arnold.jones@snia.org

联系人和电子邮件地址以获取更多信息:Arnold Jones,Arnold。jones@snia.org

Intended usage: COMMON

预期用途:普通

Restrictions on usage: none

使用限制:无

Author: SNIA Cloud Storage Initiative, cloudtwg@snia.org

作者:SNIA云存储计划,cloudtwg@snia.org

Change controller: SNIA Cloud Storage Initiative, cloudtwg@snia.org

变更控制者:SNIA云存储计划,cloudtwg@snia.org

5.2. Media Type: application/cdmi-container
5.2. 媒体类型:应用程序/cdmi容器

Type name: application

类型名称:应用程序

Subtype name: cdmi-container

子类型名称:cdmi容器

Required parameters: none

所需参数:无

Optional parameters: none

可选参数:无

Encoding considerations: Assumes that the representation is always UTF-8 as defined in [RFC3629] and 8bit as defined in [RFC4288]

编码注意事项:假设表示总是[RFC3629]中定义的UTF-8和[RFC4288]中定义的8bit

Security considerations: See Section 6 of RFC 6208

安全注意事项:见RFC 6208第6节

Interoperability considerations: none

互操作性注意事项:无

Published specification: RFC 6208

已发布规范:RFC 6208

Applications that use this media type: Implementations of the Cloud Data Management Interface (CDMI) defined by the Storage Networking Industry Association (SNIA)

使用此媒体类型的应用程序:存储网络行业协会(SNIA)定义的云数据管理接口(CDMI)的实现

Additional information:

其他信息:

      Magic number(s): n/a
        
      Magic number(s): n/a
        

File extension(s): .cdmic

文件扩展名:.cdmic

Macintosh file type code(s): TEXT

Macintosh文件类型代码:文本

Person and email address to contact for further information: Arnold Jones, arnold.jones@snia.org

联系人和电子邮件地址以获取更多信息:Arnold Jones,Arnold。jones@snia.org

Intended usage: COMMON

预期用途:普通

Restrictions on usage: none

使用限制:无

Author: SNIA Cloud Storage Initiative, cloudtwg@snia.org

作者:SNIA云存储计划,cloudtwg@snia.org

Change controller: SNIA Cloud Storage Initiative, cloudtwg@snia.org

变更控制者:SNIA云存储计划,cloudtwg@snia.org

5.3. Media Type: application/cdmi-domain
5.3. 媒体类型:应用程序/cdmi域

Type name: application

类型名称:应用程序

Subtype name: cdmi-domain

子类型名称:cdmi域

Required parameters: none

所需参数:无

Optional parameters: none

可选参数:无

Encoding considerations: Assumes that the representation is always UTF-8 as defined in [RFC3629] and 8bit as defined in [RFC4288]

编码注意事项:假设表示总是[RFC3629]中定义的UTF-8和[RFC4288]中定义的8bit

Security considerations: See Section 6 of RFC 6208

安全注意事项:见RFC 6208第6节

Interoperability considerations: none

互操作性注意事项:无

Published specification: RFC 6208

已发布规范:RFC 6208

Applications that use this media type: Implementations of the Cloud Data Management Interface (CDMI) defined by the Storage Networking Industry Association (SNIA)

使用此媒体类型的应用程序:存储网络行业协会(SNIA)定义的云数据管理接口(CDMI)的实现

Additional information:

其他信息:

      Magic number(s): n/a
        
      Magic number(s): n/a
        

File extension(s): .cdmid

文件扩展名:.cdmid

Macintosh file type code(s): TEXT

Macintosh文件类型代码:文本

Person and email address to contact for further information: Arnold Jones, arnold.jones@snia.org

联系人和电子邮件地址以获取更多信息:Arnold Jones,Arnold。jones@snia.org

Intended usage: COMMON

预期用途:普通

Restrictions on usage: none

使用限制:无

Author: SNIA Cloud Storage Initiative, cloudtwg@snia.org

作者:SNIA云存储计划,cloudtwg@snia.org

Change controller: SNIA Cloud Storage Initiative, cloudtwg@snia.org

变更控制者:SNIA云存储计划,cloudtwg@snia.org

5.4. Media Type: application/cdmi-capability
5.4. 媒体类型:应用程序/cdmi功能

Type name: application

类型名称:应用程序

Subtype name: cdmi-capability

子类型名称:cdmi功能

Required parameters: none

所需参数:无

Optional parameters: none

可选参数:无

Encoding considerations: Assumes that the representation is always UTF-8 as defined in [RFC3629] and 8bit as defined in [RFC4288]

编码注意事项:假设表示总是[RFC3629]中定义的UTF-8和[RFC4288]中定义的8bit

Security considerations: See Section 6 of RFC 6208

安全注意事项:见RFC 6208第6节

Interoperability considerations: none

互操作性注意事项:无

Published specification: RFC 6208

已发布规范:RFC 6208

Applications that use this media type: Implementations of the Cloud Data Management Interface (CDMI) defined by the Storage Networking Industry Association (SNIA)

使用此媒体类型的应用程序:存储网络行业协会(SNIA)定义的云数据管理接口(CDMI)的实现

Additional information:

其他信息:

      Magic number(s): n/a
        
      Magic number(s): n/a
        

File extension(s): .cdmia

文件扩展名:.cdmia

Macintosh file type code(s): TEXT

Macintosh文件类型代码:文本

Person and email address to contact for further information: Arnold Jones, arnold.jones@snia.org

联系人和电子邮件地址以获取更多信息:Arnold Jones,Arnold。jones@snia.org

Intended usage: COMMON

预期用途:普通

Restrictions on usage: none

使用限制:无

Author: SNIA Cloud Storage Initiative, cloudtwg@snia.org

作者:SNIA云存储计划,cloudtwg@snia.org

Change controller: SNIA Cloud Storage Initiative, cloudtwg@snia.org

变更控制者:SNIA云存储计划,cloudtwg@snia.org

5.5. Media Type: application/cdmi-queue
5.5. 媒体类型:应用程序/cdmi队列

Type name: application

类型名称:应用程序

Subtype name: cdmi-queue

子类型名称:cdmi队列

Required parameters: none

所需参数:无

Optional parameters: none

可选参数:无

Encoding considerations: Assumes that the representation is always UTF-8 as defined in [RFC3629] and 8bit as defined in [RFC4288]

编码注意事项:假设表示总是[RFC3629]中定义的UTF-8和[RFC4288]中定义的8bit

Security considerations: See Section 6 of RFC 6208

安全注意事项:见RFC 6208第6节

Interoperability considerations: none

互操作性注意事项:无

Published specification: RFC 6208

已发布规范:RFC 6208

Applications that use this media type: Implementations of the Cloud Data Management Interface (CDMI) defined by the Storage Networking Industry Association (SNIA)

使用此媒体类型的应用程序:存储网络行业协会(SNIA)定义的云数据管理接口(CDMI)的实现

Additional information:

其他信息:

   Magic number(s): n/a
        
   Magic number(s): n/a
        

File extension(s): .cdmiq

文件扩展名:.cdmiq

Macintosh file type code(s): TEXT

Macintosh文件类型代码:文本

Person and email address to contact for further information: Arnold Jones, arnold.jones@snia.org

联系人和电子邮件地址以获取更多信息:Arnold Jones,Arnold。jones@snia.org

Intended usage: COMMON

预期用途:普通

Restrictions on usage: none

使用限制:无

Author: SNIA Cloud Storage Initiative, cloudtwg@snia.org

作者:SNIA云存储计划,cloudtwg@snia.org

Change controller: SNIA Cloud Storage Initiative, cloudtwg@snia.org

变更控制者:SNIA云存储计划,cloudtwg@snia.org

6. Security Considerations
6. 安全考虑

This section was developed with RFC 3552 [RFC3552] as a guide. CDMI is an application interface and the relevant security considerations include confidentiality, integrity, access control, and audit. Transport and endpoint security artifacts like Distributed Denial of Service (DDoS) are orthogonal, and domains like non-repudiation are left to the application that employs this interface.

本节以RFC 3552[RFC3552]为指南编制。CDMI是一个应用程序接口,相关的安全注意事项包括机密性、完整性、访问控制和审核。传输和端点安全工件(如分布式拒绝服务(DDoS))是正交的,不可否认性等域留给使用此接口的应用程序。

6.1. Confidentiality and Integrity
6.1. 机密性和完整性

The confidentiality and integrity of the CDMI exchanges are determined by the application that uses the interface. CDMI does not contain any specific mechanisms and relies on transport mechanisms such as Transport Layer Security (TLS) (see [RFC2818]) for confidentiality and integrity of the messages across the network.

CDMI交换的机密性和完整性由使用接口的应用程序决定。CDMI不包含任何特定机制,并依赖传输机制,如传输层安全性(TLS)(参见[RFC2818])来实现网络上消息的机密性和完整性。

6.2. Access Control
6.2. 访问控制

The access control of the CDMI endpoint URLs are beyond this specification. If required, applications should use appropriate URL authentication and authorization techniques, such as URI routers for different classes of users and restrict access based on URI origin.

CDMI端点URL的访问控制超出此规范。如果需要,应用程序应该使用适当的URL身份验证和授权技术,例如针对不同类别用户的URI路由器,并基于URI来源限制访问。

For fine-grained control of the CDMI objects, the CDMI specification [CDMI-1] contains the Access Control Lists (ACLs) and Access Control Entries (ACEs). These are described fully in Section 16.1 of the CDMI specification [CDMI-1].

对于CDMI对象的细粒度控制,CDMI规范[CDMI-1]包含访问控制列表(ACL)和访问控制条目(ACE)。CDMI规范[CDMI-1]第16.1节对此进行了详细描述。

6.3. Audit
6.3. 审计

The CDMI specification [CDMI-1] has defined a set of metadata fields, as explained in Section 16.3, to facilitate the incorporation of access and other audit markers. The CDMI metadata system is extensible, and the implementations can add more metadata as required by the security posture of the domain.

CDMI规范[CDMI-1]定义了一组元数据字段,如第16.3节所述,以便于合并访问和其他审计标记。CDMI元数据系统是可扩展的,实现可以根据域的安全态势添加更多元数据。

6.4. JSON Security Considerations
6.4. JSON安全注意事项

JSON-related security considerations, described in RFC 4627 [RFC4627], apply.

RFC 4627[RFC4627]中描述的JSON相关安全注意事项适用。

6.5. Executable/Active Content
6.5. 可执行/活动内容

The CDMI interface does not include any directives for active content.

CDMI接口不包括任何活动内容指令。

7. Acknowledgements
7. 致谢

The authors wish to acknowledge the guidance and wisdom of Mark Carlson and Peter Saint-Andre, comments from Patrick Faltstrom, and all the insightful discussions and ideas of the SNIA CDMI Cloud Technical Work Group.

作者希望感谢Mark Carlson和Peter Saint Andre的指导和智慧、Patrick Faltstrom的评论以及SNIA CDMI云技术工作组的所有有见地的讨论和想法。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[CDMI-1] SNIA, "Cloud Data Management Interface Version 1.0", 2010, <http://www.snia.org/tech_activities/standards/ curr_standards/cdmi>.

[CDMI-1]SNIA,“云数据管理接口1.0版”,2010年<http://www.snia.org/tech_activities/standards/ 当前标准/cdmi>。

[JSON-1] JSON, "Introducing JSON", 2006, <http://www.json.org>.

[JSON-1]JSON,“介绍JSON”,2006年<http://www.json.org>.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

[RFC2616]菲尔丁,R.,盖蒂斯,J.,莫卧儿,J.,弗莱斯蒂克,H.,马斯特,L.,利奇,P.,和T.伯纳斯李,“超文本传输协议——HTTP/1.1”,RFC 2616,1999年6月。

[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.

[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.

[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,2005年1月。

[RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and Registration Procedures", BCP 13, RFC 4288, December 2005.

[RFC4288]Freed,N.和J.Klensin,“介质类型规范和注册程序”,BCP 13,RFC 4288,2005年12月。

[RFC4627] Crockford, D., "The application/json Media Type for JavaScript Object Notation (JSON)", RFC 4627, July 2006.

[RFC4627]Crockford,D.,“JavaScript对象表示法(json)的应用程序/json媒体类型”,RFC4627,2006年7月。

8.2. Informative References
8.2. 资料性引用

[RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981.

[RFC793]Postel,J.,“传输控制协议”,标准7,RFC 793,1981年9月。

[RFC1024] Partridge, C. and G. Trewitt, "HEMS variable definitions", RFC 1024, October 1987.

[RFC1024]帕特里奇,C.和G.特雷维特,“HEMS变量定义”,RFC1021987年10月。

[RFC1076] Trewitt, G. and C. Partridge, "HEMS monitoring and control language", RFC 1076, November 1988.

[RFC1076]Trewitt,G.和C.Partridge,“HEMS监测和控制语言”,RFC 1076,1988年11月。

[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

[RFC2818]Rescorla,E.,“TLS上的HTTP”,RFC2818,2000年5月。

[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003.

[RFC3552]Rescorla,E.和B.Korver,“关于安全考虑的RFC文本编写指南”,BCP 72,RFC 3552,2003年7月。

Authors' Addresses

作者地址

Krishna Sankar (editor) Cisco 170 W. Tasman Drive San Jose, CA 95134 USA

Krishna Sankar(编辑)美国加利福尼亚州圣何塞塔斯曼大道西170号,邮编95134

Phone: (408) 853 8475 EMail: ksankar@cisco.com

电话:(408)8538475电子邮件:ksankar@cisco.com

Arnold Jones SNIA 4410 ArrowsWest Drive Colorado Springs, CO 80907 USA

美国科罗拉多州科罗拉多斯普林斯市阿诺德·琼斯·斯尼亚大道4410号,邮编:80907

Phone: (407) 574 7273 EMail: arnold.jones@snia.org

电话:(407)5747273电子邮件:阿诺德。jones@snia.org