forked from LearningRegistry/LearningRegistry
/
spec.txt
4528 lines (3558 loc) · 265 KB
/
spec.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Learning Registry Technical Specification V 0.23.0
Draft in Progress. See the Change Log for links to prior stable versions.
Shading indicates major changes and additions from the prior version (0.22.0). Also indicated with .
Significant deletions are shaded.
Features to be deprecated in a future version are shaded and indicated with.
Learning Registry Technical Specification V 0.23.0
Introduction
Learning Registry Overview
Specification License
Conformance
Technical Specification Overview
Design Principles
Resource Distribution Network Model
Network Nodes and Node Services
Network Topology
Network Data Models
Network Node Description Data Model
Network Node Service Description Data Model
Network Node Connectivity Description Data Model
Network Node Filter Description Data Model
Resource Distribution Network Description Data Model
Resource Distribution Network Policy Data Model
Network Community Description Data Model
Network Description
Resource Data Data Models
Resource Data Description Data Model
Metadata Formats
Paradata Formats
Resource Data
Identity and Digital Signatures
Signing a Resource Data Description Document
Validating the Signature of a Resource Data Description Document
Authorization and Authentication
Authentication
Authorization
Network Communications Security
Network Ports
Trust
Security and Information Assurance
Services and APIs
Resource Data Distribution Service
Resource Data Publish Services
Basic Publish Service
SWORD Publish Service
Retrieve Service Document
Create a Resource
Basic Delete Service
Resource Data Access Services
Basic Obtain Service
Basic Harvest Service
Get Record
List Records
List Identifiers
Identify
List Metadata Formats
List Sets
OAI-PMH Harvest Service
Get Record
List Records
List Identifiers
Identify
List Metadata Formats
List Sets
Basic Query Service
SRU Service
SiteMap Service
Atom Pub Service
Administrative Services
Network Node Status Service
Network Node Description Service
Network Node Services Service
Resource Distribution Network Policy Service
Broker Services
Common Data Model and API Attributes and Behaviors
Data Model Attributes
Identifiers
Strings and Internationalization
Time and Date
API Attributes and Behaviors
Service Instantiation Validation
Transactional Behaviors and Data Consistency
Resource Data Validation and Publication
Resource Data ToS, Signatures and Trust Policy Enforcement
Resource Data Filtering
Operations
Networks and Communities
Building the Network Description
Maintaining Networks and Communities
Network Discovery
Network Design
Resource Data Publication, Distribution and Access
Resource Data Persistence
Network Administration
Glossary
References
Change Log
Working Notes and Placeholder Text
Introduction
This document provides the technical specification for the Learning Registry (LR). It specifies the network model, data models and APIs. It does not specify policy-based operational procedures or the instantiation of the LR. It does not specify internal data models or internal APIs. The specification focuses on the APIs used by external agents and the data models and APIs required for overall operations of a network. While targeted at a document-oriented infrastructure, the specification itself is independent of any particular tool set. The document is currently a work in progress; its structure, organization and content are subject to change. All information is in this single document.
Learning Registry Overview
The LR aims to make learning resources easier to find, easier to access and easier to integrate into learning environments wherever they are stored around the country and the world. [a]Additional information about the LR may be found at http://learningregistry.org. The LR defines a learning resource distribution network model and a set of open APIs and open interoperability standards to provide three fundamental, enabling capabilities:
1. A lightweight mechanism to publish (push) learning resources [b][c](or metadata or paradata describing the resources) to a learning resource distribution network, independent of format or data type.
1. The ability for anyone to consume the published data and then, in turn, publish additional information to the network about the resource's use (e.g., additional paradata), thus amplifying the overall knowledge about the resource.
1. A high latency, loosely connected network of master-master synchronizing brokers distributing resources, metadata and paradata.
There is no central control, central registry, or central repository in the core resource distribution network. Published data can eventually flow to all nodes in the network. The network aims to be self assembling. Edge services can connect to any distribution node to discover what resources and resource sources are: in the network, what’s changed, what’s being used, etc. At the edge nodes organizations may build value-added services to enable: using, finding, sharing, and amplifying resources, metadata and paradata for user communities. The LR provides social networking for metadata (trusted social collaboration around learning resources), enabling a learning layer on the social Web.[d]
Specification License
This specification is being developed under licensing created by the Open Web Foundation Contributor License Agreement (CLA 1.0). The intent is that the final specification will be released under the Open Web Foundation Agreement (OWFa 0.9). Later versions may apply. Both licenses are available on the Open Web Foundation website at http://www.openwebfoundation.org.
Your use of this Specification may be subject to other third party rights. THIS SPECIFICATION IS PROVIDED “AS IS.” The contributors expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the Specification. The entire risk as to implementing or otherwise using the Specification is assumed by the Specification implementer and user. IN NO EVENT WILL ANY PARTY BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS SPECIFICATION OR ITS GOVERNING AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in the Internet Engineering Task Force (IETF) document, Best Current Practice
(RFC 2119) which is available on the IETF website at http://tools.ietf.org/html/rfc2119.
The vocabulary of terms used in describing the LR are listed in the Glossary. Specific terms are set in bold when introduced in context.
Data models are described in a JSON-like[e] notation. It follows JSON syntax, but instead of providing the value for a name, the data model defines the JavaScript data type of the named element. [f] A description of the element, further restrictions on the value space (e.g., if a string is a URL) and if the element is optional or required is described in a comment. This model is used for convenience in early prototyping. A future version of the specification may describe the data models and their implementation binding independently.
Conformance
There is no overall conformance statement for this specification. The LR Test Suite (link TBD)[g] MAY be used to test an implementation. However, passing the Test Suite does not imply conformance to this specification. There is no defined reference implementation (by definition when there is a conflict between this specification and the reference implementation, the reference implementation is considered to be authoritative).
All pseudo code is informative; it is not a normative implementation design. Behaviors defined in pseudo code are normative requirements on an implementation. Behaviors are usually defined in normative text.
An organization MAY place tighter requirements on an implementation than those stated, e.g., it MAY constrain a MAY, SHOULD or OPTIONAL clause to MUST, SHALL or REQUIRED. It MAY NOT relax any constraint.
Technical Specification Overview
The specification is split into several parts:
1. Network: The description of the resource distribution network and its parts. A fixed multilevel structure of network parts is used to support distributing content and to provide policy-based security and operations.
1. Data Models: The data models that are used to describe the network and learning resources data. Data models are document oriented.
1. APIs: The APIs used to publish and consume data and those used to operate the network. The APIs are designed to abstract the logical behaviors of the LR from any particular implementation tools.
1. Operations: Operational procedures that apply to any implementation.
Design Principles
The learning registry design and technical specification is based on several key principles:
1. Decentralized: There are no centralized registries, repositories, or data stores. Thus all core data is replicated across the network.
1. Redundant: There is no single point of failure in the design (an implementation may have single points of failure).
1. Abstracted: Abstraction is critical to layering capabilities, e.g., network content replication is content type agnostic.
1. Minimal: Specify only what is required. Features that are community specific or can be layered on top of the core design are excluded from the specification although essential elements needed to support such modeling are included.
1. Generic: Prefer approaches, models, standards, etc., that have wide uptake beyond just the learning technology and digital repository space.
1. Secure: Security is by design, e.g., default values lock down an implementation and must be explicitly overridden even to do common operations.
1. Trusted: Data and operations need to be authentic and trusted.
1. Document Oriented: The design is targeted at a document-oriented system for implementation using document-oriented databases.
1. RESTful: APIs are RESTful, and use CoolURIs (http://www.w3.org/TR/cooluris/) to return different data representations.
1. Scalable: The design needs to seamlessly scale and perform at scale.
1. Extensible and Enabling: The design is meant to enable new capabilities. Unless explicitly restricted, for example to satisfy security requirements, anything in the design is extensible.
1. Web 2.0 Friendly: The design is based on current, widely implemented Web 2.0 technologies.
Resource Distribution Network Model
The core of the LR is the network of loosely connected master-master synchronizing broker nodes distributing resources, metadata and paradata. Consumers and producers (edge node consumer and producer agents) connect to network nodes to inject information into the network or to extract information for external processing.
The network model is defined in terms of nodes, their services, the assembly of nodes into resource distribution networks, and the structuring of networks into communities. This two-tiered model of networks and communities supports security requirements for partitioning of resource data between different communities.
Network Nodes and Node Services
A node is a server process with network connectivity to either other nodes or to edge services. Nodes process resource data (e.g., network messages about resources, metadata, paradata, etc.).
A node SHALL be described using the network node data model. Only the owner of a node description MAY change the description. Certain attributes of the node description are immutable. NB: These are security constraints.
A node MAY provide five (5) different classes of services (APIs, services protocols and data models are detailed below) :
1. Publish Services: Publish services are used by external agents to push (publish) resource data from the external agent into the distribution network. The data model for publication data is specified below. A node that provides publish services MAY support different publishing APIs, but all SHALL use the publication data model. The definitions of several common publishing APIs are specified below.
2. Access Services: Access services are used by external agents to discover, access and obtain (pull) resource data from the distribution network. A node that provides access services MAY support different access APIs. The definitions of several common access APIs are specified below.
3. Distribution Services: Distribution services are used to transfer, replicate and synchronize resource data from node X to node Y. X is the source node for distribution, Y is the destination node. To support security requirements, distribution is directed from X to Y; independent paired services [X→Y + Y→X] are used for bi-directional synchronization. The distribution services SHALL use the distribution data model specified below.
4. Broker Services: Broker services operate at a node to augment, transform or process resource data held at that node to produce new or updated resource data for access or distribution. A node that provides broker services MAY support different broker processes. The definitions of several common broker processes are specified below.
5. Administrative Services: Administrative services are used to query a node to obtain its status or to trigger node administrative actions. The definitions of several common administrative services and APIs are specified below.
NB: There are no requirements to provision any service at a node. Provisioning requirements MAY be established by the policies of a particular network or community. This specification permits non operational or non accessible networks.
Network Topology
A resource distribution network is a group of one or more connected nodes, with each node providing node services. All nodes in a resource distribution network operate under the same policies. Multiple resource distribution networks MAY be established.
A resource distribution network SHALL be described using the resource distribution network data model. Only the owner of a network description MAY change the description. Certain attributes of the resource distribution network description are immutable. NB: These are security constraints.
Two types of network nodes and connectivity within a network are defined:
1. Common Node: A common node MAY provide any of the node service classes listed. If provided, the distribution services of a common node SHALL be limited to connecting to other nodes in the same network (the distribution service MAY connect to multiple destination nodes). A common node is denoted CN herein.
2. Gateway Node: A gateway node SHALL provide a distribution service. A gateway node MAY connect to one or more common nodes within the same network. A gateway node SHALL connect to and provide resource distribution to a gateway node in another network. A gateway node MAY provide administrative services. A gateway node SHALL NOT provide publish, access or broker services. A gateway node is denoted GN herein. NB: As defined, a gateway is a 1:1 interconnect between two networks. 1:1 is used to simplify topology in support of security requirements; it is not a technical constraint. NB: Multiple gateway nodes between two networks are permitted.
A node SHALL participate in, and be subject to the policies of, only one resource distribution network.
A node SHALL not transition or be moved from one resource distribution network to another. A node MAY only be added to or removed from a distribution network. NB: This is a security constraint.
A gateway node X that participates in some network N1 SHALL connect to a gateway node Y that participates in some other network N2. A gateway node SHALL NOT connect to any other nodes in network N2 or to any node in any other network.
Open Question: Relax the constraint that a gateway cannot connect to multiple networks while keeping the constraint that it connects to only 1 node in another network?
A network community is a collection of interconnected resource distribution networks. A community MAY contain one or more resource distribution networks. A resource network SHALL be a member of only one community. Gateway nodes provide the connectivity between resources networks within a network community and MAY provide connectivity between networks in different communities. NB: A gateway node that provides an intra-community network gateway is undifferentiated from one that provides an inter-community network gateway.
A network community SHALL be described using the network community data model. Only the owner of a network community description MAY change the description. Certain attributes of the network community description are immutable. NB: These are security constraints.
Two types of network communities are defined:
1. Social Community: A social community provides connectivity to other social communities. A network within a social community MAY connect to another network within the same social community or with a network that belongs to a different social community.
2. Closed Community: A closed community provides no connectivity outside of the community. A network within a closed community SHALL NOT connect with another network within a different community.
For example, the LR is a social community; other social communities may connect to the LR community. For security and testing, the Learning Registry Testbed is a closed community, i.e., it consists of different networks (multiple networks to enable testing gateway protocols) but the testbed cannot be connected to the social production community.
The LR community might consist of multiple networks and gateways. One network might be for uncurated OERs (open educational resources). A second network might be for curated OERs. And several others networks could be established for commercial resources (e.g., one per publisher). If the uncurated OER network has a gateway to the curated OER network, and there are gateways to each commercial networks, resource data can flow in only one direction, e.g., resource data for OERs into the commercial networks, but not the reverse.
A network SHALL not transition or be moved from one network community to another. A network MAY only be added to or removed from a network community. NB: This is a security constraint.
The resource network model provides nodes, collections of connected nodes within a network and the interconnection of networks in communities. The network model has this fixed hierarchy of components. Network communities connect to other communities using the same mechanism as networks that connect within a community.
Other network topology restrictions MAY be established by the policies of a particular network or community. This specification is intentionally minimal and does not define or limit other topologies, including degenerate topologies. NB: The model lets one design a network topology that might violate the policy and security constraints of a participating organization.
The diagram illustrates the network model. In the diagram there are three resource distribution networks (A, B, C) and two network communities (X and Y). Resource distribution network A connects to network B; both are part of the same community. Resource distribution network A also connects to network C and network C connects to network B. Resource distribution network C is in a different network community from A and B. If either network community X or Y was a closed community, the inter-network connection would not be permitted.
Network Data Models
The description of a network is maintained in a set of documents that includes:
1. Network Node documents:
1. The description of the node.
2. The description of the connectivity of the node within the network (including gateways).
3. The description of the services provided by the node.
4. The description of the filters applied at a node.
1. Resource Distribution Network documents:
1. The description of the resource distribution network that the node is a part of.
2. The description of the policies that govern the resource distribution network.
1. Network Community documents:
1. The description of the network community that the node is a part of.
All data models MAY be extended with additional elements. The name of any extension element SHALL begin with the characters “X_” designating an extension element. Any document that includes any element that is not in the defined data model or is not an extension element is non conforming and SHALL be rejected by any service.
All data models have a named attribute that is a “type” element (doc_type). The data model description specifies the literal value for this element for all instances of each type of document.
All data models have a named attribute that is a “version” element (doc_version). The data model description specifies the literal value for this element for all document instances.
All data models have a named attribute that indicates if the document instance is in use (active). Network data model document instances are never deleted; they transition from active to not active.
Additional constraints on attributes values are detailed below.
Network Node Description Data Model
The data model describing a node document. Once the data model has been instantiated for a node, the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the node document.
{
"doc_type": “node_description”, // the literal “node_description”
// required, immutable
"doc_version": “0.23.0”, // the literal for the current version -- “0.23.0”
// required, immutable
"doc_scope": “node”, // the literal “node”
// required, immutable
"active": boolean, // is the network node active
// required, mutable from T to F only
"node_id": “string”, // id of the node, required
// unique within scope of the LR
// immutable
"node_name": “string”, // name of the node, optional
"node_description": “string”, // description of the node, optional
"node_admin_identity": “string”, // identity of node admin, optional
"network_id": “string”, // id of the network that this node is a part of
// recommended (required for gateway distribution)
// immutable
"community_id": “string”, // id of the community that this node is a part of
// recommended (required for gateway distribution)
// immutable
"gateway_node": boolean, // T if node is a gateway node
// recommended, F if not present, immutable
"open_connect_source":boolean, // T if node is willing to be the source to
// connect to any other node
// F if node connectivity is restricted
// recommended; F if not present
"open_connect_dest": boolean, // T if node is willing to be the destination
// to connect to any other node
// F if node connectivity is restricted
// recommended; F if not present
“node_policy”:
{
"sync_frequency": integer, // target time between synchronizations in minutes
// optional
“deleted_data_policy”: “string”, // fixed vocabulary [“no”, “persistent”, “transient”]
// see resource data persistence
“TTL”: integer, // minimum time to live for resource data in the node
// in days, optional
// overrides network policy TTL is larger than network TTL
”accepted_version”: ["string”], // list of resource data description document versions
// that the node can process, optional
“accepted_TOS”: [“string”], // list of ToS that the node will accept, optional
“accepts_anon”: boolean, // T if node is willing to take anonymous submissions
// F if all submissions must be identified
// optional, T if not present
“accepts_unsigned”: boolean, // T if node is willing to take unsigned submissions
// F if all data must be signed
// optional, T if not present
“validates_signature”: boolean , // T if node will validate signatures
// F if node does not validate signatures
// optional, F if not present
“check_trust”: boolean, // T if node will evaluate trust of submitter
// F if node does not check trust
// optional, F if not present
”max_doc_size”: integer // maximum size of a document that a node will store
// in bytes
// optional, if not present behavior is not defined
},
“node_key”: “string”, // node public key, optional
"X_xxx": ????? // placeholder for extensibility, optional
}
NB: The node admin identity SHOULD be a URL, e.g., an email address. A deployment MAY specify that the identity be used to look up the node’s public key in a key server.
NB: Synchronization/replication frequency is maintained on a per node basis. This allows each node to sync on a different frequency (versus a network wide sync frequency), but does not allow each connection to a node to sync on a different frequency, which might complicate scheduling.
NB: The deleted data policy is used to support OAI-PMH harvest. It is part of the node description and not the service description since it controls overall node behavior and data persistence.
NB: The node MAY advertise its public key in the data model instance versus requiring key server lookup.
NB: The node MAY advertise its TTL. The value SHALL be ignored if it is smaller than the network policy TTL.
NB: The node MAY advertise the ToS that it will accept.
NB: If the node does not specify the versions of resource data description document that it accepts, it MUST accept all versions (current and future).
NB: A node MAY advertise that it does not accept anonymous submissions, e.g., resource data description documents where the submitter_type is anonymous. By default, anonymous submissions are supported.
NB: A node MAY advertise that it does not accept unsigned submissions. By default, submissions need not be signed.
NB: A node MAY advertise that it validates signatures. By default, all signatures are not validated.
NB: A node MAY advertise that it determines trust of submitter. By default, all trust is not checked.
NB: Signing, trust, etc., are all OPTIONAL. Default policy values imply that the node has a weak security and trust model. A node MUST explicitly state the policies it enforces.
Open Question: Should there be a short cut notation for ranges of accepted document versions?
Open Question: Have a list of accepted document versions, or just make this a filter?
Network Node Service Description Data Model
The data model describing a service description document; one document per service available at a node. Once the data model has been instantiated for a service, the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the node document.
NB: Ownership and control of the node description document and of the node service description document are vested in the same identity.
{
"doc_type": “service_description”, // the literal “node_description”
// required, immutable
"doc_version": “0.20.0”, // the literal for the current version -- “0.20.0”
// required, immutable
"doc_scope": “node”, // the literal “node”
// required, immutable
"active": boolean, // is the service active
// required, mutable from T to F only
"service_id": “string”, // id of the service, required
// unique within scope of the LR
// immutable
"service_type": “string”, // fixed vocabulary [“publish”, “access”,
// “distribute”, “broker”, “administrative”]
// required, immutable
"service_name": “string”, // name of the service, optional
"service_description": “string”, // description of the service, optional
"service_version": “string”, // version number of the service description, required
// version is local to the Learning Registry
// not the version of some underlying spec for the service
"service_endpoint": “string”, // URL of service, required
”service_auth”:
{
"service_authz": [“string”], // fixed vocabulary
// [“none”, “basicauth”, “oauth”, “ssh”, ...]
// required, mutable from ”none” to any stronger auth
“service_key”: boolean, // is a service key required to use the service
// optional, immutable, default F
“service_https”: boolean // does service require https
// optional, immutable, default F
},
"service_data": {someobject}, // service-specific name-value pairs
// optional
"X_xxx": ????? // placeholder for extensibility, optional
}
NB: A service description document is required for each service. Services fail if they do not find a valid, active, service description document.
NB: Whenever a service is modified (e.g., added capabilities, support for different data formats, API changes, …), a new service description document with an updated version number SHOULD be published. The service version and service description document version SHOULD be synchronized.
NB: The service description document enables both automatic discovery of services and management of service configuration data that is needed by clients.
Network Node Connectivity Description Data Model
The data model describing a node connectivity document; one document per connection at a node. Once the data model has been instantiated for a connection, the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the node document.
NB: Ownership and control of the node description document and of the node connectivity description document are vested in the same identity.
{
"doc_type": “connection_description”, // the literal “connection_description”
// required, immutable
"doc_version": “0.10.0”, // the literal for the current version -- “0.10.0”
// required, immutable
"doc_scope": “node”, // the literal “node”
// required, immutable
"active": boolean, // is the connection active
// required, mutable from T to F only
"connection_id": “string”, // id of the connection, required
// unique within scope of the LR
// immutable
"source_node_url": “string”, // URL of the source of the connection
// required, immutable
"destination_node_url": “string”, // URL of the destination of the connection
// required, immutable
"gateway_connection": boolean, // T if this is a connection to a gateway node
// F for a common node
// recommended; F if not present (common node)
// immutable
"X_xxx": ????? // placeholder for extensibility, optional
}
NB: By policy, there SHALL be only one document with an active value of T and gateway_connection value of T per node.
NB: The source URL is not strictly needed. It is present to enable building a network map.
Working Assumption: It is assumed that a vocabulary to describe additional types of connections is not needed.
Network Node Filter Description Data Model
The data model describing a node filter; one document per node. Filters are used to restrict the resource data that is held at a node. Once the data model has been instantiated for a filter, the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the node document.
NB: Ownership and control of the node description document and of the node filter description document are vested in the same identity.
{
"doc_type": “filter_description”, // the literal “filter_description”
// required, immutable
"doc_version": “0.10.0”, // the literal for the current version -- “0.10.0”
// required, immutable
"doc_scope": “node”, // the literal “node”
// required, immutable
"active": boolean, // is the filter active
// required, mutable from T to F only
“filter_name”: “string”, // name of the filter, optional
“custom_filter”: boolean, // is this a custom filter (implemented in code, not rules)
// required, if T, filter rules are ignored
“include_exclude”: boolean, // T if the filters describe what documents to accept
// all others are rejected
// F if the filters describe what documents to reject
// all others are accepted
// optional, T if not present
“filter”:
[
{“filter_key”: “string”, // REGEX that matches names in the
// resource data description
// required
“filter_value”: “string” // REGEX that matches values in the
// resource data description
// optional, if not present, any value matches
}
],
"X_xxx": ????? // placeholder for extensibility, optional
}
NB: Filters are optional.
NB: The same set of filters is applied in both the publication and distribution processes.
Resource Distribution Network Description Data Model
The data model describing a resource distribution network document. Once the data model has been instantiated for a network, the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the network description document.
{
"doc_type": “network_description”, // the literal “network_description”
// required, immutable
"doc_version": “0.20.0”, // the literal for the current version -- “0.20.0”
// required, immutable
"doc_scope": “network”, // the literal “network”
// required, immutable
"active": boolean, // is the resource distribution network active
// required, mutable from T to F only
"network_id": “string”, // id of the network, required
// unique within scope of the LR
// immutable
"network_name": “string”, // name of the network, optional
"network_description": “string”, // description of the network, optional
"network_admin_identity": “string”, // identity of network admin, optional
"community_id": “string”, // id of the community that this node is a part of
// recommended
// immutable
“network_key”: “string”, // network public key, optional
"X_xxx": ????? // placeholder for extensibility, optional
}
NB: The network admin identity SHOULD be a URL, e.g., an email address. A deployment MAY specify that the identity be used to look up the network’s public key in a key server.
NB: The network MAY advertise its public key in the data model instance versus requiring key server lookup.
Resource Distribution Network Policy Data Model
The data model describing the policies of a resource distribution network document. Once the data model has been instantiated for a network, the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the network description document.
NB: Ownership and control of the network description document and of the policy description document are vested in the same identity.
{
"doc_type": “policy_description”, // the literal “policy_description”
// required, immutable
"doc_version": “0.10.0”, // the literal for the current version -- “0.10.0”
// required, immutable
"doc_scope": “network”, // the literal “network”
// required, immutable
"active": boolean, // are the policies active
// required, mutable from T to F only
"network_id": “string”, // id of the network, required
// unique within scope of the LR
// immutable
"policy_id": “string”, // id of the policy description, required
// unique within scope of the LR
// immutable
"policy_version": “string”, // version identifier for the policy
“TTL”: integer, // minimum time to live for resource data in the network
// in days, required
“policy_element_x”:{someobject}, // placeholder for more policy elements
"X_xxx": ????? // placeholder for extensibility, optional
}
NB: The list of policy elements is currently incomplete.
Network Community Description Data Model
The data model describing a network community document. Once the data model has been instantiated for a community description, the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the network community description.
{
"doc_type": “community_description”, // the literal “community_description”
// required, immutable
"doc_version": “0.20.0”, // the literal for the current version -- “0.20.0”
// required, immutable
"doc_scope": “community”, // the literal “community”
// required, immutable
"active": boolean, // is the network community active
// required, mutable from T to F only
"community_id": “string” , // id of the community, required
// unique within scope of the LR
// immutable
“community_name”: “string”, // name of the community, optional
“community_description" : “string”, // description of the community, optional
“community_admin_identity”: “string”, // identity of community admin, optional
“social_community”: boolean , // T if the community is a social community
// F if the community is a closed community
// recommended; F if not present (closed community)
// immutable
“community_key”: “string”, // node public key, optional
"X_xxx": ????? // placeholder for extensibility, optional
}
NB: The community admin identity SHOULD be a URL, e.g., an email address. A deployment MAY specify that the identity be used to look up the community’s public key in a key server.
NB: Policies are described at the node or network level, not the community level.
Network Description
A valid, consistent network SHALL be described through a set of documents stored at each node in the network.
1. Each node SHALL store one instance of the network node description document. A document SHALL be unique per node.
2. Each node SHALL store one instance of the network node services document for each service that it provides. A document SHALL be unique per node.
3. Each node SHALL store one instance of the network node connectivity document for each connection to the node. A document SHALL be unique per node.
4. Each node MAY store one instance of the network node filter document. A document SHALL be unique per node.
5. Each node SHALL store one instance of the resource distribution network description document. This document SHALL describe the network that the node is a part of. The contents of this document SHALL be identical for all nodes in the network.
6. Each node SHALL store one instance of the resource distribution network policy document. This document SHALL describe the policies of the network that the node is a part of. The contents of this document SHALL be identical for all nodes in the network.
7. The node SHALL store one instance of the network community description document. This document SHALL describe the community that the network is a part of. The contents of this document SHALL be identical for all nodes in the community.
Additional types of node and network description documents MAY be defined, but SHALL be defined as either (1) unique per node, (2) identical for nodes in a network or (3) identical for all nodes in a community. Other organizational classifications SHALL NOT be used.
The illustration shows the mapping of documents to nodes and the distribution and synchronization of documents within resource distribution networks and network communities. NB: Filters are not shown.
Resource Data Data Models
The resource distribution network and its nodes process and distribute resource data (e.g., network messages about resources, metadata, paradata, etc.). Producer edge nodes publish resource data to a node of the network; the resource distribution network moves it to other nodes, and consumer edge nodes pull resource data for external use from nodes.
Resource data is described in a different documents that includes:
1. The description of the resource, metadata, paradata, etc.
All data models MAY be extended with additional elements. The name of any extension element SHALL begin with the characters “X_” designating an extension element. Any document that includes any element that is not is the defined data model or is not an extension element is non conforming and SHALL be rejected by any service.
All data models have a named attribute that is a “type” element (doc_type). The data model description specifies the literal value for this element for all instances of each type of document.
All data models have a named attribute that is a “version” element (doc_version). The data model description specifies the literal value for this element for all document instances.
Additional constraints on attributes values are detailed below.
Resource Data Description Data Model
The data model describing resources, metadata, paradata, etc., that is distributed by the resource distribution network. The data model MAY be extended with additional optional, mutable elements that describe a resource and have a character string value space. The name of such an element SHALL begin with the characters “resource_”. Once the data model has been instantiated the value of an immutable element SHALL NOT change. Other values MAY be changed only by the owner of the document.
{
"doc_type": “resource_data”, // the literal “resource_data”
// required, immutable
"doc_version": “0.23.0”, // the literal for the current version -- “0.23.0”
// required, immutable
// general elements about the submission
“doc_ID”: “string”, // unique ID for this resource data description document
// unique within scope of the LR
// immutable
// user optional, required for storage
// system generated when publishing
// the document if not provided
“resource_data_type”: “string”, // open (best practices) vocabulary
// [“metadata”, “paradata”, “resource”, “assertion”, ...]
// required, immutable
"active": boolean, // is the resource data description document active
// required, mutable from T to F only
// information about the submission, independent of the resource data
“identity”:
{
“submitter_type”: “string”, // fixed vocabulary [“anonymous”, “user”, “agent”]
// required, immutable
// “anonymous” -- submitter is unknown
// “user” -- submitter is a user or has a user identity
// “agent” -- submitter is an agent, e.g., a repository, LMS
// or an organization
“submitter”: “string”, // identity of the submitter of the resource data
// required, immutable
// use “anonymous” for type “anonymous”
“curator”: “string”, // identity of the curator of the resource data description
// who manages the resource data description
// optional
“owner”: “string”, // identity of the owner of the resource
// who owns what is referenced in the resource locator
// optional
“signer”: “string” // identity of key owner used to sign the submission
// optional
},
// submission and distribution workflow information
“submitter_timestamp”: “string”, // submitter-created timestamp
// time/date encoding
// optional
“submitter_TTL”: “string”, // submitter statement of TTL of validity of submission
// time/date encoding
// optional
“publishing_node”: “string”, // node_id of node where injected into the network
// required
// provided by the initial publish node (not distribution)
“update_timestamp”: “string”, // timestamp of when published to the network
// of latest update
// time/date encoding
// required
// provided by the initial publishing node
// not by a distribution node
“node_timestamp”: “string”, // timestamp of when received by the current node
// time/date encoding
// required
// provided by the current distribution node
// NOT distributed to other nodes
// Planned to be deprecated after 20110930
“create_timestamp”: “string”, // timestamp of when first published to the network
// independent of updates
// time/date encoding
// required, immutable
// provided by the initial publishing node on first publish
// not by a distribution node or not an update
“TOS”: {
“submission_TOS”: “string”, // agreed terms of service by submitter
// required
“submission_attribution”:”string” // attribution statement from submitter
// optional
},
”do_not_distribute”: “string”, // system provided key-value pair
// optional
“weight”: “integer”, // submitter assigned weight (strength)
// -100:100
“digital_signature”: {
“signature”: “string”, // signature string, required
“key_location”: [“string”], // array of public key locations,, required
“signing_method”: “string”, // fixed vocabulary [“LR-PGP.1.0”]
// required
},
// information about the resource, independent of the resource data
“resource_locator”: “string”, // unique locator for the resource described
// SHALL resolve to a single unique resource
// required
“keys”: [“string”], // array of hashtag, keyword value list used for filtering
// optional
“resource_TTL”: integer, // TTL from resource owner for the resource itself, in days
// optional
// the actual resource data description elements
// these elements are optional as a block if the submission is a resource
“payload_placement”: “string”, // fixed vocabulary [“inline”, “linked”, “attached”]
// “inline” -- resource data is in an object that follows
// “linked” -- resource data is at the link provided
// “attached” -- resource data is in an attachment
// required
“payload_schema”: [“string”], // array of schema description/keywords
// for the resource data
// required
// defined metadata schema values
// defined paradata schema values
“payload_schema_locator”:“string”, // schema locator for the resource data
// optional
“payload_schema_format”:“string”, // schema MIME type
// optional
“payload_locator”: “string”, // locator if payload_placement value is “linked”
// required if “linked”, otherwise ignored
“resource_data”: {someobject}, // the actual inline resource data
// the resource data itself (resource. metadata, paradata)
// maybe a JSON object, or
// a string encoding XML or some other format, or
// a string encoding binary
// required if “inline” otherwise ignored
"X_xxx": ????? // placeholder for extensibility, optional
}
Timestamp values for update_timestamp, node_timestamp, and create_timestamp SHALL be UTC 0.
Open Question: Is there a use case that requires create_timestamp?
Open Question: Is locator sufficient, or do we still need an ID for the resource?
NB: The doc_ID is not required when a user creates a resource data description document. If missing, it SHALL be provided by a publishing service when the document is first published.
NB: Need to agree on the conventions for valid submitter, owner and TOS strings.
NB: Separating owner from submitter enables 3rd party submissions.
NB: If the key owner is not included in the digital signature, the submitter is assumed to be the key owner.
NB: Separating the key owner from the submitter enables 3rd party signing of submissions.
NB: The signing mechanism is described under identity.
NB: Providing the signing method enables different signing algorithms.
NB: The supplied resource_locator SHALL be a unique ID within the scope of the Learning Registry and SHALL resolve to a single resource from which someone may uniquely access the resource. The resource_locator is used to correlate multiple resource data descriptions about a single resource. Thus the locator needs to be specific to the resource.
NB: A resource data description document contains only one set of resource data (metadata, paradata).
NB: The weight is used let the submitter assign a confidence level to the data.
NB: To submit data only for a resource (no metadata or paradata), the payload attributes MAY be omitted.
NB: There is currently no mechanism to update the resource_* attributes without resubmitting the metadata or paradata about the resource. This is consistent with document-oriented transactional atomicity.
NB: There are no restrictions on the actual resource data. The format and encoding are based on the defined payload_schema and payload_schema_format values.
NB: Best practices of how to use the resource_* attributes and how to encode values are not provided.
NB: Some elements MAY be mapped to DC terms or LOM schema elements.
Resource Data Description
Dublin Core
IEEE LOM
resource_data_owner
3.3.2: LifeCycle.Contribute.Entity when
2.3.1: LifeCycle.Contribute.Role has a value of “Submitter.”
resource_description
dc:description
1.4: General.Description
resource_format
dc:format
4.1: Technical.Format
resource_language
dc:language
1.3: General.Language
resource_locator
dc:ID
1.1: General.Identifier
or
4.3: Technical.Location
resource_owner
dc:publisher
2.3.2: LifeCycle.Contribute.Entity when
2.3.1:LifeCycle.Contribute.Role
has a value of “Publisher.”
resource_rights
dc:rights
6.3: Rights.Description
resource_relationship
dc:resource refinement qualifier
7.1: Relation.Kind
resource_subject
dc:subject
1.5: General.Keyword
resource_title
dc:title
1.2: General.Title
resource_TTL
resource_type
dc:type
5.2: Educational.LearningResourceType
related_resource
dc:resource
7.2.1: Relation.Identifier.Identifier
Metadata Formats
The metadata in a resource data description MAY be defined using any metadata standard. Metadata documents SHALL include the reference to the defining standard or schema. The following list of schema values SHALL be used to refer to common schemata. Implementations MAY extend this list.
Metadata Standard
payload_schema value
Dublin Core 1.1
“DC 1.1”
IEEE LOM 2002
“IEEE LOM 2002”
OAI-PMH Dublin Core
“oai_dc”
Attached and linked metadata SHALL include appropriate schema definitions and schema locators in the metadata file.
NB. There is currently no machine-readable list of schemata. Such a list could be defined in additional network description documents.
Inline metadata SHALL be encoded in JSON structure or as a single JSON string wrapping the entire metadata document.
JSON encodings of metadata schemata (primarily for inline resource data) will be provided in a future draft of the specification.
Paradata Formats
The paradata in a resource data description MAY be defined using any paradata standard. Paradata documents SHALL include the reference to the defining standard or schema. The following list of schema values SHALL be used to refer to common schemata. Implementations MAY extend this list.
Paradata Standard
payload_schema value
Attached and linked paradata SHALL include appropriate schema definitions and schema locators in the paradata file.
NB. There is currently no machine-readable list of schemata. Such a list could be defined in additional network description documents.
Inline paradata SHALL be encoded in JSON structure or as a single JSON string wrapping the entire paradata document.
JSON encodings of paradata schemata (primarily for inline resource data) will be provided in a future draft of the specification.
Resource Data
The resource data SHALL be maintained in a set of documents stored at each node in the network.
1. Each node MAY store one or more instances of the resource data description documents. All document instances stored at a node SHALL be unique. A document MAY be replicated at many nodes.
Any resource description document with a “do_not_distribute” key is consdered to be a local document stored only at the node (independent of the value of the key). A document with this key-value pair SHALL be unconditionally rejected during publishing or distribution.
Additional types of resource data documents (documents that differ in purpose from resource data description documents) MAY be defined, but SHALL be defined as unique per node. Other types of resource data description documents SHALL NOT be defined and SHALL NOT be replicated. Other organizational classifications SHALL NOT be used. NB: These constraints are meant to restrict placing resource data in multiple different databases.
Identity and Digital Signatures
Resource data description documents MAY be signed with a digital signatures. The signing and identity approach ensures there can be no imposters. A persona (individual or organization) has a digital identity that can be used to sign a document. Thus two resource data description documents signed by the same identity are both from the same persona (assuming the signer has protected their private data), and the signature is non reputable.
A document’s digital signature provides the means to validate the authenticity of the signer’s identity and the integrity of the signed document. The signature can only be used to verify that the signer controls their digital identify. It does not indicate that the document can be trusted or that the signer’s digital identity maps to any real world identity. Trust and reputation are not provided by identity or digital signatures, but are enabled by them.
Digital signing and validation of resource data description documents is an OPTIONAL feature of the specification. A deployment of the LR MAY require documents be signed and validated. If a resource data description document is to be signed and validated, the following procedures SHALL be used to sign the document and verify the signature.
Signing a Resource Data Description Document
The controller of the identity (persona) that is used to sign the resource data description document MUST have a private/public PKI (public key infrastructure) key pair. A deployment of the LR SHALL specify the digital signature scheme, i.e., how to generate PKI keys and the encryption/signing model, e.g., X.509, OpenPGP/RFC 4048 with 2048bit RSA certificates. That method, along with the algorithm below SHALL be declared as the value of the signing_method key.
The controller of the identity MUST publish their public key at one or more locations where the key can be retrieved by an HTTP GET on the specified location.
The following process SHALL be used to generate the signature:
1. Create the complete UTF-8 JSON form of the resource data description document. The JSON SHALL conform to the JSON definition in RFC4647.
2. Create a canonical document to sign:
1. Make a working copy of the JSON form of the resource data description document.
2. Eliminate all objects that are generated by a node in the LR network, leaving only those objects that are supplied by the user . Objects to be eliminated include: doc_id, publishing_node, update_timestamp, node_timestamp, create_timestamp
3. Eliminate all implementation-specific objects, i.e., in Couch these are the _* objects, e.g., _id, _rev (NB: These will exist only when verifying a signature.)
4. Eliminate all objects where the object is a number. (NB: There are currently no numeric objects.)
5. Eliminate the digital_signature object.
6. For a Boolean object with value true, change the value to a string with the value “true”.
7. For a Boolean object with value false, change the value to a string with the value “false”.
8. For an object with value null, change the value to a string with the value “null”.
9. Encode the resulting JSON object using Bencode. The Bencoded output SHALL conform to the Bittorent Protocol Specification.
10. Hash the Bencoded output using SHA-256.
1. Clear sign the hash using signer’s private key yielding the value for the signature. The signer (key owner) MAY be an identity that is just used to sign the document, or it MAY be the identity of the submitter. Other identities SHALL NOT be used to sign the document.
Insert the digital signature data into the complete, unmodified UTF-8 JSON form of the resource data description document. Insert:
1. The signature value.
1. The designation of one or more key_locations that can be used to obtain the public key of the signer. The value of a key_location designator SHALL be sufficient to obtain the public key by sending an HTTP GET request to the location (URL) value of the key_location.
1. An optional value of the key_owner as the identity of the signer of the document if the submitter is not the signer.
2. The value of signing_method SHALL be “LR-PGP.1.0”.
NB: This specification does not indicate how to obtain keys, the signing method, when to sign documents or specify key locations. A deployment of the LR that requires digital signatures SHALL indicate the approach used for generating and publishing keys and signing documents.
NB: Currently only signing of resource data description documents is specified. A future version of the specification MAY require that other documents be signed. The signing process SHALL be the same; the elements of the data model used in the signature vary by document type.
Validating the Signature of a Resource Data Description Document
Any node or data consumer MAY validate a signature to determine if the signing party did sign the resource data description document and to verify that the document has not been tampered with since being signed.
To validate the signature:
1. Obtain the public key for the signer of the document.
1. Iterate through the list of key_locations in the order provided until you find an acceptable, usable public key.
1. Perform an HTTP GET on the location to get a document containing the public key.
2. Examine the returned document to obtain the public key. (NB: The returned document may include more than the key or the key may be embedded in the document. How to extract the key will depend on the type of certificate [e.g., doing a grep of the file for an ASCII-armored OpenPGP key]. The type of certificate is goverened by the policies of the network and is not part of this specification.)
1. Create a canonical document to verify.
1. Follow the exact procedure that was used to produce the hash of the document that was signed, e.g., eliminate fields, transform fields, encode, hash.
1. Verify the signature value using the obtained public key.
Additional information on identity may be provided in a future version or draft of the specification.
Authorization and Authentication
Each service deployment at a node MAY specify authorization and authentication access controls and secure communications. These three types of controls are defined independently. Values for the controls are specified in the Network Node Service Description Model for the service. Full details of how services implement these controls is not specified.
Authentication
A service MAY require authentication to access the service. The service SHALL declare the authentication methods it supports. The service MAY support multiple authentication methods. Authentication methods are specified in the service_authz element of the service_auth element of the service description model.
The following authentication methods MAY be supported:
1. None (none) -- the service is available without any authentication. If this authentication method is specified, other methods SHALL NOT be specified.
2. Basic access authentication (basicauth) -- the service uses HTTP basic-auth for authentication. User identity and password credentials are included in the HTTP request. NB: A network node connectivity document includes the URL of the source and destination nodes used in content distribution, and a service description includes the URL of the service end point. For security, the URLs in these documents SHOULD NOT include credentials.
3. OAUTH (oauth) -- the service is available through two-legged OAUTH.
4. Secure Shell Protocol (SSH) -- the service is available through an SSH connection with SSH authentication.
NB: The list of authentication methods MAY be extended by a service.
Storage, processing and distribution of authentication credentials and establishing and provisioning OAUTH or SSH connections is out of scope for this specification. A deployment of the LR SHALL specify how to provision authentication.
Authorization
A service MAY require authorization to access the service. The service SHALL declare the authorization methods it supports.
Currently, only one authorization method is supported: a service MAY require an access key be included in the service request. A service that requires an access key specifies that the value of the service_key element of the service_auth element of the service description model is TRUE.
A service that uses an access key authorization SHALL include the access key in the HTTP header of the service call. What solution: Custom HTTP Header element, parameters, ...?
Storage, processing and distribution of access keys is out of scope for this specification. A deployment of the LR SHALL specify how to provision access keys.
Network Communications Security
A service MAY require that service HTTP requests be transmitted over a secure, encrypted communications channel. The service SHALL declare the network security methods it supports.
Currently only one network security method is supported: a service MAY require use of HTTPS. A service that requires a network security specifies that the value of the service_https element of the service_auth element of the service description model is TRUE.
Provisioning of HTTPS connections between clients and services is out of scope for this specification. A deployment of the LR SHALL specify how to provision secure communications.
Network Ports
Sevices may be accessed on specific TCP/IP ports. The service_endpoint element of a service description and the source_node_url and destination_node_url elements of the network node connectivity document SHALL include port numbers.
Additional information on authorization and authentication may be provided in a future version or draft of the specification.
Trust
The section on security and information assurance will be provided in a future version or draft of the specification.
Security and Information Assurance
The section on security and information assurance will be provided in a future version or draft of the specification.
All services SHOULD maintain a secure log of all service actions. Details of logging requirements will be provided in a future version or draft of the specification.
Services and APIs
The services and their APIs provide the functionality that edge node producer and consumer agents use to push resource data into the distribution network and to discover and pull resource data from the network. They also define how to distribute the resource data throughout a network and how to manage and observe resource distribution network behavior.
The defined list of services follows. Any non gateway node MAY provide any of these services. A node MAY provide additional services not specified herein.
NB: There is no mechanism to reserve names for APIs, tag them as authoritative (i.e., they are defined in this specification), etc. A future version of the specification MAY extend the service definition to include tags (e.g., authoritative, experimental, third-party) and other validation or conformance information.