1 |
|
2 |
INTERNET-DRAFT |
3 |
draft-ietf-uri-urn-handles-00.txt |
4 |
|
5 |
William Arms |
6 |
David Ely |
7 |
Corporation for National Research Initiatives |
8 |
|
9 |
June 23, 1995 |
10 |
Expires: December 23, 1995 |
11 |
|
12 |
The Handle System |
13 |
|
14 |
Status of this document |
15 |
|
16 |
This document is an Internet-Draft. Internet-Drafts are |
17 |
working documents of the Internet Engineering Task Force |
18 |
(IETF), its areas, and its working groups. Note that other |
19 |
groups may also distribute working documents as Internet- |
20 |
Drafts. |
21 |
|
22 |
Internet-Drafts are draft documents valid for a maximum of |
23 |
six months and may be updated, replaced, or obsoleted by |
24 |
other documents at any time. It is inappropriate to use |
25 |
Internet-Drafts as reference material or to cite them other |
26 |
than as "work in progress." |
27 |
|
28 |
To learn the current status of any Internet-Draft, please |
29 |
check the "1id-abstracts.txt" listing contained in the |
30 |
Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), |
31 |
nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), |
32 |
ds.internic.net (US East Coast), or ftp.isi.edu (US West |
33 |
Coast). |
34 |
|
35 |
[Page 1] |
36 |
|
37 |
Abstract |
38 |
|
39 |
The Handle System provides identifiers for digital objects |
40 |
and other resources in distributed computer systems. These |
41 |
identifiers are known as handles. The system ensures that |
42 |
handles are unique and that they can be retained over long |
43 |
time periods. Since the system makes no assumptions about |
44 |
the characteristics of the items that are identified, handles |
45 |
can be used in a wide variety of systems and applications. |
46 |
|
47 |
The handle system has the following components: naming |
48 |
authorities, handle generators, the global handle server, |
49 |
local handle servers, caching handle servers, client software |
50 |
libraries, proxy servers, and administrative tools. For |
51 |
reasons of performance and availability, the global, local, |
52 |
and caching servers are implemented as distributed systems |
53 |
comprising many server computers. All components, except the |
54 |
local handle server, have been implemented and are available |
55 |
for general use by the research community. |
56 |
|
57 |
The handle system provides all the capabilities listed in RFC |
58 |
1737, K. Sollins, L. Masinter, "Functional Requirements for |
59 |
Uniform Resource Names", 12/20/1994. |
60 |
|
61 |
[Page 2] |
62 |
|
63 |
Contents |
64 |
|
65 |
1 Introduction |
66 |
1.1 Overview |
67 |
1.2 Historical background |
68 |
1.3 The handle system and the Internet Engineering Task |
69 |
Force |
70 |
|
71 |
2. The handle system |
72 |
2.1 System components |
73 |
2.2 Policies and procedures |
74 |
|
75 |
3. Basic Concepts |
76 |
3.1 Handles and handle records |
77 |
3.2 Resolution of handles |
78 |
3.3 Indirect handle |
79 |
3.4 Syntax |
80 |
|
81 |
4. Naming Authorities |
82 |
4.1 The naming authority hierarchy |
83 |
4.2 Creating naming authorities |
84 |
4.3 Primary handle server for a naming authority |
85 |
4.4 Handles for naming authorities |
86 |
|
87 |
5. Handle Servers |
88 |
5.1 The global handle server |
89 |
5.2 Local handle servers |
90 |
5.3 Storing handles |
91 |
|
92 |
6. Resolution of Handles |
93 |
6.1 Clients |
94 |
6.2 Resolution without caches |
95 |
6.3 Resolution with caching |
96 |
|
97 |
7. Administration |
98 |
7.1 Tools for administration of handles |
99 |
7.2 Firewalls |
100 |
|
101 |
8. The Handle System Project |
102 |
|
103 |
9. References |
104 |
|
105 |
10. Authors' Addresses |
106 |
|
107 |
[Page 3] |
108 |
|
109 |
1. Introduction |
110 |
|
111 |
1.1 Overview |
112 |
|
113 |
The Handle System provides identifiers for digital objects |
114 |
and other resources in distributed computer systems on |
115 |
networks, especially the Internet. These identifiers are |
116 |
known as handles. The system ensures that handles are unique |
117 |
and that they can be retained over long time periods. |
118 |
|
119 |
Fundamentally, a handle is an identifier that has associated |
120 |
with it one or more fields of typed data. To resolve a |
121 |
handle is to present a handle to the system and have returned |
122 |
some or all of the associated data. In some applications, |
123 |
this data can be used to locate the item, but the system |
124 |
places no restriction on the types of data that can be stored |
125 |
with the handle. Handle servers are distributed computer |
126 |
systems that store handle data and provide a rapid service to |
127 |
resolve handles. |
128 |
|
129 |
Implementation of the handle system by the Corporation for |
130 |
National Research Initiatives (CNRI) began in mid-1994 and is |
131 |
scheduled for completion by the end of 1995. This paper is |
132 |
an overview of the entire system. |
133 |
|
134 |
1.2 Historical background |
135 |
|
136 |
The design and implementation of the handle system has been |
137 |
part of the Computer Science Technical Reports project, |
138 |
funded by ARPA. One part of this project was to develop an |
139 |
architecture for the underlying infrastructure of the digital |
140 |
library. This defines digital objects with repositories to |
141 |
store them, and describes how handles are used to identify |
142 |
the digital objects. The architecture is described in a |
143 |
paper by Robert Kahn and Robert Wilensky [cnri.dlib/tn95-01]. |
144 |
The Corporation for National Research Initiatives (CNRI) and |
145 |
others are implementing Kahn/Wilensky repositories using the |
146 |
handle system. |
147 |
|
148 |
During 1994/95, a team led by David Ely at CNRI implemented a |
149 |
global handle server, client libraries, and simple management |
150 |
tools. An early application, which is nearing completion, is |
151 |
its use in the deposit of digital objects at the Copyright |
152 |
Office of the Library of Congress. |
153 |
|
154 |
[Page 4] |
155 |
|
156 |
The CNRI handle system is completely general in the types of |
157 |
network-accessible items that can be identified, where they |
158 |
are stored, and how they are accessed. It is not restricted |
159 |
to digital objects stored in repositories. Typical examples |
160 |
of other items that can be identified with handles include |
161 |
World Wide Web pages, e-mail addresses, or public keys. |
162 |
|
163 |
The global handle system has been in operation since mid- |
164 |
1994. During the first six months of 1995, CNRI has added a |
165 |
caching handle server for greater performance, advanced tools |
166 |
for administration of handles and naming authorities, and a |
167 |
proxy server for use with World Wide Web clients. During the |
168 |
second half of 1995, local handle servers are being added to |
169 |
provide a balance between local autonomy in managing handles |
170 |
and global, long-term availability of handles. Local handle |
171 |
servers will also allow excellent performance in resolving |
172 |
very large numbers of handles. |
173 |
|
174 |
1.3 The handle system and the Internet Engineering Task |
175 |
Force |
176 |
|
177 |
While the handle server has been under development, the |
178 |
Internet Engineering Task Force (IETF) has been seeking a |
179 |
system for naming Internet objects. The term used by the |
180 |
IETF is Universal Resource Name (URN). RFC 1737 gives a list |
181 |
of requirements. While the IETF has not yet completed |
182 |
specification of the syntax of URN, the handle system |
183 |
provides all the functions listed in RFC 1737. |
184 |
|
185 |
|
186 |
2. The handle system |
187 |
|
188 |
2.1 System components |
189 |
|
190 |
The handle system contains the following parts. |
191 |
|
192 |
o Naming authorities are entities authorized to create |
193 |
new handles and store them, with their associated handle |
194 |
records, in handle servers. |
195 |
|
196 |
o Handle generators create new handles on behalf of |
197 |
naming authorities. |
198 |
|
199 |
[Page 5] |
200 |
|
201 |
o Handle servers store handles and provide a service to |
202 |
resolve them. There is a single global handle server and |
203 |
many associated local handle servers. |
204 |
|
205 |
o Client software is used for user applications to |
206 |
communicate with handle servers. |
207 |
|
208 |
o Caching servers are used to provide fast resolution of |
209 |
handles for clients and to minimize the frequency with |
210 |
which client software accesses other handle servers. |
211 |
|
212 |
o Proxy servers permit Web browsers and other clients to |
213 |
resolve handles. |
214 |
|
215 |
o Administrative tools are provided to create naming |
216 |
authorities, to create, modify, and delete handle records, |
217 |
and to create and maintain administrative groups. |
218 |
|
219 |
Each handle server is implemented as a distributed computer |
220 |
system, which may have many server computers. |
221 |
|
222 |
2.2 Policies and procedures |
223 |
|
224 |
The long-term value of the handle system depends upon many |
225 |
independent sub-systems, operated by independent |
226 |
organizations and a good balance between local and global |
227 |
servers. The global handle server and well-managed local |
228 |
handle servers can ensure their own integrity, but can not |
229 |
guarantee that other local handle servers are well behaved, |
230 |
maintain acceptable levels of performance, or even continue |
231 |
to exists. |
232 |
|
233 |
The following are planned to maintain the integrity of the |
234 |
system, with the minimal policies and procedures. |
235 |
|
236 |
o The global handle server is designed to be a high |
237 |
performance, highly available system. |
238 |
|
239 |
o Whenever a handle is stored on any handle server, a |
240 |
check for uniqueness is made. In particular, the global |
241 |
handle server ensures uniqueness amongst handles stored at |
242 |
the global level. |
243 |
|
244 |
o It is strongly recommended that all handles should be |
245 |
stored on the global handle server where long term |
246 |
persistence is required or the handle is used to identify |
247 |
valuable or otherwise important items. |
248 |
|
249 |
[Page 6] |
250 |
|
251 |
3. Basic Concepts |
252 |
|
253 |
3.1 Handles and handle records |
254 |
|
255 |
A handle provides a name for an item. A handle record, as |
256 |
stored in a handle server, contains: |
257 |
|
258 |
the handle |
259 |
one or more fields of typed data |
260 |
administrative information |
261 |
|
262 |
Here are some examples: |
263 |
|
264 |
o The item is a digital object stored in one or more |
265 |
repositories, as described by Kahn and Wilensky. The data |
266 |
field contains the identity of a repository or a set of |
267 |
repositories. |
268 |
|
269 |
o The item is an html page, stored on several World Wide Web |
270 |
servers. Each data field contains a URL. |
271 |
|
272 |
Two important types of resource that are identified by |
273 |
handles are naming authorities and handle servers. |
274 |
|
275 |
3.2 Resolution of handles |
276 |
|
277 |
Resolution of handles is carried out by handle servers, at |
278 |
the request of a client. To resolve a handle, a handle |
279 |
server receives as input a handle and returns some or all of |
280 |
the fields of typed data in the corresponding handle record. |
281 |
|
282 |
The client can request that all data fields in the handle |
283 |
record be returned or only those fields that contain data of |
284 |
a given type. |
285 |
|
286 |
The preferred method of transport is by UDP, but some |
287 |
firewalls do not pass UDP packets. Therefore, TCP is |
288 |
provided as an option. |
289 |
|
290 |
[Page 7] |
291 |
|
292 |
3.3 Indirect handle |
293 |
|
294 |
An indirect handle is a special type of data field that can |
295 |
be held in a handle record. The data field contains the |
296 |
address of a handle server, with a specific data type to |
297 |
indicate that this is an indirect handle. A handle server |
298 |
addresses is either an IP address or a domain name. |
299 |
|
300 |
One use of an indirect handle is to allow reorganization of |
301 |
handles amongst handle servers. Indirect handles are left as |
302 |
forwarding addresses. A second important use is described in |
303 |
Section 5.2. |
304 |
|
305 |
3.4 Syntax |
306 |
|
307 |
A handle has the form: |
308 |
|
309 |
n/d |
310 |
|
311 |
Where n is a naming authority and d is an arbitrary string. |
312 |
The string d is unique, for that naming authority. The |
313 |
following are examples of valid handles: |
314 |
|
315 |
berkeley.cs/1994.12.05.23.42.12;7 |
316 |
cnri.dlib.papers/tn95-137 |
317 |
|
318 |
The precise character sets allowed in n and d are still under |
319 |
discussion. All alphanumeric and certain other ASCII |
320 |
characters are allowed. Text is case insensitive. Within n, |
321 |
a period (.) has a special significance. |
322 |
|
323 |
For identification in Internet applications, a handle may be |
324 |
preceded by "hdl:", "hdl://", "x-hdl:", or "x-hdl://" as in |
325 |
the following example: |
326 |
|
327 |
hdl:cnri.dlib/tn95-01 |
328 |
|
329 |
[Page 8] |
330 |
|
331 |
4. Naming Authorities |
332 |
|
333 |
4.1 The naming authority hierarchy |
334 |
|
335 |
The name of a naming authority, n, consists of one or more |
336 |
strings, separated by periods. Examples are: |
337 |
|
338 |
berkeley.cs |
339 |
cnri.cs-tr.technology |
340 |
|
341 |
The high-order part of the name ("berkeley" in the first |
342 |
example) is issued by the global naming authority. |
343 |
|
344 |
Example. The global naming authority issues the name "cnri". |
345 |
Future naming authorities, created by cnri might be "cnri.cs- |
346 |
tr" or "cnri.xiwt". |
347 |
|
348 |
4.2 Creating naming authorities |
349 |
|
350 |
Each naming authority, n, has at least one super- |
351 |
administrator who has full privileges for that naming |
352 |
authority, including permission to create a lower order |
353 |
naming authority, n.n', with its own super-administrator. |
354 |
This super-administrator creates permissions for |
355 |
administration of handles within that naming authority, and |
356 |
can also create new naming authorities, n.n'.n'', and so on. |
357 |
Super-administrators can delegate privileges to other |
358 |
administrators, including the privilege of creating naming |
359 |
authorities. |
360 |
|
361 |
Example. The super-administrator for "cnri.cs-tr" can create |
362 |
a naming authority "cnri.cs-tr.technology". |
363 |
|
364 |
4.3 Primary handle server for a naming authority |
365 |
|
366 |
Every naming authority has associated with it a primary |
367 |
handle server, denoted by P. When a new naming authority is |
368 |
created, the primary handle server is initially set to be the |
369 |
global handle server, G. Thereafter the administrator of |
370 |
the naming authority can designate any handle server as its |
371 |
primary handle server, P. |
372 |
|
373 |
[Page 9] |
374 |
|
375 |
Whenever the naming authority, n, creates a handle, n/d, |
376 |
either the handle, n/d, is stored in P or an indirect handle |
377 |
is stored in P, indicating that n/d exists and pointing to a |
378 |
handle server that holds n/d. Thus the primary handle server |
379 |
of any naming authority has handle records for all naming |
380 |
authorities that the naming authority has created. |
381 |
|
382 |
4.4 Handles for naming authorities |
383 |
|
384 |
When a new naming authority, n.n', is created, it is given a |
385 |
handle. The form of the handle is: n.n'. The data part is |
386 |
null. The data field of the handle record contains the |
387 |
address of the primary handle server, P. |
388 |
|
389 |
The handle for the naming authority is stored both in the |
390 |
global handle server and in the primary handle server of n. |
391 |
Thus the global handle server has records for all naming |
392 |
authorities. |
393 |
|
394 |
|
395 |
5. Handle Servers |
396 |
|
397 |
5.1 The global handle server |
398 |
|
399 |
The global handle server is a distributed system that stores |
400 |
and resolves handles. It is publicly accessible. The system |
401 |
is highly secure, is fault tolerant, and designed to run |
402 |
continuously. The global handle server is denoted by G. |
403 |
|
404 |
One function of G is to store handle records for items that |
405 |
must be retained over very long periods of time, such as |
406 |
copyright registration, or legal records. G also stores |
407 |
handles for all naming authorities and local handle servers. |
408 |
|
409 |
G is a public service and any client can ask G to resolve any |
410 |
handle. Since the handles for all naming authorities and |
411 |
registered handle servers are stored in G, and G is public, |
412 |
the name of every naming authority, n, and its primary handle |
413 |
server, P, are public and available to all clients. |
414 |
|
415 |
[Page 10] |
416 |
|
417 |
5.2 Local handle servers |
418 |
|
419 |
Local handle servers are a local option. They work in |
420 |
conjunction with the global handle server to store and |
421 |
resolve handles locally. They provide increased local |
422 |
control of handles, distribute the computing load between |
423 |
central and locally supplied equipment, and provide simple |
424 |
access controls to handle data. By storing individual |
425 |
handles on both a local and the global handle server, they |
426 |
can be used to back up each other. |
427 |
|
428 |
Local handle servers can be created and operated by naming |
429 |
authorities or repositories. Other organizations, such as |
430 |
service bureaus, can also create and run local handle |
431 |
servers. For a local handle server to |
432 |
become a registered part of the overall handle system, it |
433 |
must be given a handle (by some naming authority). This |
434 |
handle is then stored in G, the global handle server. |
435 |
|
436 |
Local handle servers are not public services. Permissions |
437 |
for a client to use local handle server to resolve a handle |
438 |
are set by the system administrators. Currently, the only |
439 |
such method of access control is by the IP address of the |
440 |
client that makes a query to the handle server. |
441 |
|
442 |
Each local handle server is implemented as a set of one or |
443 |
more server computers. When several computers are used, |
444 |
handles are distributed amongst them using a hash table. |
445 |
For reasons of performance and reliability, data may be |
446 |
replicated across these computers, but this is hidden from |
447 |
client programs. |
448 |
|
449 |
5.3 Storing handles |
450 |
|
451 |
Each naming authority, n, has at least one super- |
452 |
administrator who has full privileges to create handles for |
453 |
that naming authority, and to attach administrative |
454 |
permissions to each handle. The administrative permissions |
455 |
for each handle include the right to modify or delete the |
456 |
handle or some of its handle data. These permissions are |
457 |
stored in the primary handle server. |
458 |
|
459 |
[Page 11] |
460 |
|
461 |
Naming authorities can choose to store the handles that they |
462 |
create on any handle servers for which they have access |
463 |
permissions, local or global. When a handle is stored in |
464 |
several servers, one is declared to be authoritative. This |
465 |
can be the global handle server, G, the primary handle |
466 |
server, P, or another local handle server, subject to the |
467 |
naming authority having administrative permission to store |
468 |
handles on that handle server. |
469 |
|
470 |
G is publicly accessible for handle resolution. If a handle |
471 |
is stored in G, then any client can resolve it. Handles |
472 |
stored on other handles servers can be resolved only by |
473 |
clients that have suitable permissions. |
474 |
|
475 |
Example. The naming authority "cmu.cs.robotics" might choose |
476 |
G as authoritative for the handle to an important object, and |
477 |
also enter the handle in its primary handle server, P, for |
478 |
local use. |
479 |
|
480 |
When n creates a handle, it makes a record in P, the primary |
481 |
handle server of naming authority n, with an indirect handle |
482 |
to each handle server that is able to resolve this handle. |
483 |
This indirect handle indicates that the handle exists and |
484 |
can be resolved by a query to the appropriate handle server. |
485 |
Access controls on P should be set so that any client with |
486 |
permission to query the handle server is able to read this |
487 |
indirect handle. |
488 |
|
489 |
Example. The naming authority "cnri.cs-tr.technology" |
490 |
creates a handle "cnri.cs-tr.technology/d1" which is stored |
491 |
in the global handle server. An indirect handle is stored in |
492 |
the primary handle server indicating that a handle "cnri.cs- |
493 |
tr.technology/d1" is stored in the global handle server. |
494 |
|
495 |
|
496 |
6. Resolution of Handles |
497 |
|
498 |
6.1 Clients |
499 |
|
500 |
The handle system provides a client library of routines, |
501 |
currently written in the C programming language. They |
502 |
interface with the global and local handle servers and with |
503 |
caching servers. They can be included in client programs |
504 |
that wish to contact handle servers. The interface |
505 |
specification for the client library will be documented and |
506 |
made public. |
507 |
|
508 |
[Page 12] |
509 |
|
510 |
Caches are used by clients to reduce the load on the other |
511 |
handle servers, particularly the global handle server, G. |
512 |
Resolution of handles using caches is, in general, faster |
513 |
than resolution without caches. |
514 |
|
515 |
The caching server is a shared cache to be used by a group of |
516 |
clients. The architecture also allows a cache to be |
517 |
incorporated within an individual client. |
518 |
|
519 |
The recommended configuration is for any client, C, to have |
520 |
an assigned cache, C1. This can be integrated into the |
521 |
client or can be caching server shared by several clients. |
522 |
C1, itself, may be connected to a higher order caching |
523 |
server, C2. To avoid resolution involving many steps, the |
524 |
recommended configuration is to have no more than two levels |
525 |
of caches, C1 and C2. |
526 |
|
527 |
A proxy server has been developed that acts as a client to |
528 |
the handle system for use with World Wide Web browsers and |
529 |
other clients. The client passes a handle to the proxy |
530 |
server which attempts to resolve it. If the handle can be |
531 |
resolved into one or more URLs, a URL is returned to the |
532 |
client. |
533 |
|
534 |
The proxy server is configured as a separate server to be |
535 |
used by a group of clients. The recommended configuration is |
536 |
that every organization that wishes to use the handle system |
537 |
should provide both a caching and proxy server for its |
538 |
community. |
539 |
|
540 |
The proxy server has been developed by CNRI in consultation |
541 |
with the National Center for Supercomputing Applications, the |
542 |
developer of Mosaic, but is intended to work with other |
543 |
clients that support proxies. Mosaic will be configured to |
544 |
use the proxy when a handle is specified in place of a URL. |
545 |
The proxy server will be supported by future releases of |
546 |
Mosaic. It is also compatible with the earlier proxy server |
547 |
developed by CERN and will be kept compatible with other |
548 |
proxy servers as they are developed by the World Wide Web |
549 |
community. |
550 |
|
551 |
[Page 13] |
552 |
|
553 |
The rest of this section is an informal description of how a |
554 |
client, C, resolves any handle, h. A detailed description of |
555 |
the resolution algorithm is in preparation. Important |
556 |
details include: (a) each handle server can be implemented as |
557 |
one or more server computers; (b) checks are required to |
558 |
prevent looping through indirect handles; (c) the client may |
559 |
not have access permissions for all local handle servers; |
560 |
(d) the client request may ask for all the data in a handle |
561 |
record or data of specified types only; (e) because the |
562 |
local handle servers are independently managed, the client |
563 |
may encounter inconsistent data or unacceptably poor response |
564 |
from a server. |
565 |
|
566 |
6.2 Resolution without caches |
567 |
|
568 |
If the client, C, is not attached to any caching server, it |
569 |
uses the following steps to resolve a handle, h. |
570 |
|
571 |
1. C sends a query to G. |
572 |
|
573 |
If the handle record for h is stored in G, G resolves h. |
574 |
|
575 |
Otherwise, G returns the address of P, the primary handle |
576 |
server of naming authority, n. |
577 |
|
578 |
2. If h is not yet resolved, C sends h to P. |
579 |
|
580 |
If h is stored in P and C has the correct access |
581 |
permissions, P resolves h. |
582 |
|
583 |
Otherwise, if there is an indirect handle to another |
584 |
handle server, M, which stores h, P sends the client the |
585 |
address of M. |
586 |
|
587 |
3. If h is not yet resolved, the client, C, sends h to M. |
588 |
|
589 |
If the client has the correct access permissions, M |
590 |
resolves h. (If C does not have permission, it should |
591 |
try other handle servers that hold the handle.) |
592 |
|
593 |
[Page 14] |
594 |
|
595 |
6.3 Resolution with caching |
596 |
|
597 |
If the client, C, is connected to a cache, C1, resolution of |
598 |
h follows these steps: |
599 |
|
600 |
1. The client, C, asks C1 to resolve h. |
601 |
|
602 |
If the handle record of h is in the cache, the handle |
603 |
record is returned to C. |
604 |
|
605 |
2. Otherwise, if the identity of P, the primary handle |
606 |
server of naming authority n, is stored in C1, C1 |
607 |
resolves the handle following steps 2 and 3 above in the |
608 |
description of resolution without caching. |
609 |
|
610 |
3. If the handle has not been resolved, and C1 is connected |
611 |
to a higher cache, C2, C1 asks C2 to resolve both h and |
612 |
P, and pass the results to C1 to be saved in C1's cache. |
613 |
|
614 |
If h and P are not in C2's cache, the request is passed |
615 |
to the next higher cache, until the handle is resolved |
616 |
until the highest cache is reached. (The recommended |
617 |
configuration is to have no more than two levels of |
618 |
cache.) |
619 |
|
620 |
4. If there is no higher cache, then the cache sends a |
621 |
request to G asking for the resolution of h and P. The |
622 |
resolution algorithm then continues as in the description |
623 |
of resolution without caching.. |
624 |
|
625 |
|
626 |
7. Administration |
627 |
|
628 |
7.1 Tools for administration of handles |
629 |
|
630 |
Administrative data is stored in each handle record as a |
631 |
special data type. Access to this data is governed by access |
632 |
permissions specified for each handle separately. |
633 |
|
634 |
Administrative tools are provided for creation of naming |
635 |
authorities; for creating, modifying, and deleting handles; |
636 |
for changing access permissions by individual or by group. |
637 |
|
638 |
Two sets of tools are currently provided. The first uses |
639 |
electronic mail. The only security is to check the "from" |
640 |
field in the e-mail header. The second uses Mosaic forms. |
641 |
Security is by ID and password. A third level of security is |
642 |
under development. It is intended to use public key encryption. |
643 |
|
644 |
[Page 15] |
645 |
|
646 |
7.2 Firewalls |
647 |
|
648 |
The handle system is based on the UDP protocol. This enables |
649 |
a large number of transactions to be handled efficiently, but |
650 |
some security firewalls reject UDP packets. Therefore, the |
651 |
choice of UDP or TCP is provided as alternatives for the |
652 |
local handle server, caching server, and client library, but |
653 |
not for the global handle server. |
654 |
|
655 |
|
656 |
8. The Handle System Project |
657 |
|
658 |
During fall 1994, CNRI made the Phase 0 handle system |
659 |
available on the Internet. This included a single-computer |
660 |
global handle server, administration by e-mail, the basic |
661 |
client library and an X-Mosaic client. Phase 1 will be |
662 |
released in July 1995. It includes the distributed global |
663 |
handle server, caching handle server, proxy handle server, |
664 |
administration by e-mail or Mosaic forms, full client , and |
665 |
TCP support for firewalls. Phase 2 is scheduled for release |
666 |
later in 1995. It includes everything in Phase 1, plus the |
667 |
local handle server. The release date for security based on |
668 |
public key encryption is not yet scheduled. |
669 |
|
670 |
The following have contributed to the handle system design |
671 |
and implementation: David Ely (project head), William |
672 |
Arms, Navjeet Chabbewal, Judith Grass, Timothy Kendall, |
673 |
Charles Orth, Ed Overly, John Stewart. We want to |
674 |
acknowledge the contribution on Robert Kahn, Robert Wilensky, |
675 |
and the other members of the Computer Science Technical |
676 |
Reports project. |
677 |
|
678 |
This research was supported in part by the Advanced Research |
679 |
Projects Agency under Grant No. MDA-972-92-J-1029. Its |
680 |
content does not necessarily reflect the position or policy |
681 |
of the Government or CNRI, and no official endorsement |
682 |
should be inferred. |
683 |
|
684 |
[Page 16] |
685 |
|
686 |
9. References |
687 |
|
688 |
hdl:cnri.dlib/tn95-01 Kahn, Robert and Wilensky, Robert. "A |
689 |
framework for distributed digital object services". May, |
690 |
1995. |
691 |
(http://WWW.CNRI.Reston.VA.US/home/cstr/arch/k-w.html) |
692 |
|
693 |
|
694 |
10. Authors' Addresses |
695 |
|
696 |
William Arms (warms@cnri.reston.va.us) |
697 |
David Ely (dely@cnri.reston.va.us) |
698 |
|
699 |
Corporation for National Research Initiatives |
700 |
Suite 100, 1895 Preston White Drive |
701 |
Reston, VA 22091 |
702 |
Tel: (703) 620-8990 |
703 |
|
704 |
[Page 17] |
705 |
|
706 |
|