RCA doc, TOC

To: resource Cert List <rescert@apnic.net>
Subject: RCA doc, TOC
From: Andrei Robachevsky <andrei@ripe.net>
Date: Tue, 15 May 2007 17:33:00 +0200
User-agent: Thunderbird 1.5.0.10 (Macintosh/20070221)

Hi,

Before sending this to the ECG I wanted to check with you that the
outline below captures well what we discussed in Tallinn. Please let me
know if you spot something bad.

Thank you again for a productive meeting we had.

Andrei

NRO Resource Certification Architecture Document (v0.1)

0. Objective and scope of this document

1.	Application of Resource Certification
[This section describes application areas of the Resource Certification
System and defines a set of requirements the system must meet.]
1.1.	Validation of Rights to use of a resource in the context of Routing
Security
1.2.	Transfers of Rights to use of a resource


2.	Overall architecture of the global certification system
[ This section describes the architecture of the system and relationship
between the RIRs ]
2.1.	Overall structure
[Trust Anchor (ref Geoff work, maybe present options). Structure for the
ERX space]
2.2.	Common components and their functionality
[ This section provides functional description of all common components ]
2.2.1.	RPKI engine
2.2.2.	IR Backend (aka Registration Database) (stub)
2.2.3.	Repository
2.2.4.	Business PKI
2.3.	Value added services
2.3.1.	Hosted Certification Service
[This subsection presents the basic concepts/principles of the hosted
certification service]
2.3.2.	Validation / Repositories
[This subsection considers repository architecture to support efficient
validation of rights to use of resources]
2.3.3.	Toolkit
[This section describes the toolkit to utilize certification services]


3.	System Operation
[ This section describes basic business use cases and corresponding
information flow in the system]
3.1.	Customer operations
[new customer, delete customer, renew customer]
3.2.	Resource operations
[new resource, return of a resource, reclaiming a resource, resource
transfer (intra-RIR, inter-RIR)]
3.3.	Certificate operations
[Key roll-over, certificate revocation]
3.4.	Signing Operations
[sign roa, sign other stuff
3.5.	Validation Operations
[validate rights of use]



4.	Functional architecture/ Common interfaces
[ This section defines interfaces in terms of data flow model and
exchange primitives ]
4.1.	IR-ISP interface
4.2.	RPKI-Repository interface
4.3.	Repository retrieval interface
[rcynic + manifest or other mechanism to verify completeness]
4.4.	RPKI - IR Backend interface


5.	Common deployment plan
[This section outlines phases necessary for the deployment of the
RIR-wide certification system. This includes agreed milestones, not
necessarily with times attached]
5.1.	Inter-RIR certification trial
[Testing assertion of interoperability, inter-system and with the
toolkit/tools]

Annex A
Terminology

Follow-Ups:
- Re: RCA doc, TOC
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: transfers doco
Next by Date: Re: RCA doc, TOC
Previous by thread: transfers doco
Next by thread: Re: RCA doc, TOC
Index(es):
- Date
- Thread