[Ndn-interest] Selector Protocol over exact matching

Ignacio.Solis at parc.com Ignacio.Solis at parc.com
Thu Sep 25 03:22:20 PDT 2014

On 9/25/14, 12:04 PM, "christian.tschudin at unibas.ch"
<christian.tschudin at unibas.ch> wrote:

>On Thu, 25 Sep 2014, Ignacio.Solis at parc.com wrote:
>> On 9/25/14, 9:17 AM, "Marc.Mosko at parc.com" <Marc.Mosko at parc.com> wrote:
>>> In the CCNx 1.0 spec, one could also encode this a different way.  One
>>> could use a name like ³/mail/inbox/selector_matching/<hash of payload>²
>>> and in the payload include "exclude_before=(t=version, l=2, v=279) &
>>> sort=right².
>this discussion turns into a thread on how to encode function calls. It
>would be nice if CCNx 1.0 would go ahead and offer a general function
>call schema and apply it itself.
>For example, the CCNx 1.0 spec still has a special field
>"contentObjectHash" just for invoking the compare-the-message-digest
>function, same for "keyIdRestriction". I would like to see them handled
>with a common function call schema and to deal with them at the same
>level as selectors as you propose, namely as a request to the "network
>as a whole" without mandating that each node has to satisfy it.

This is a really good point. Those can, in fact, be described in a general
way.  However, we believe that they are important enough that we can’t
have them be optional.  We use them at every node.  They are part of the
data that identifies the content, but are not used for (FIB) forwarding.

Our network allows to have objects with the same name but different keyId
or different Hash. Every node needs to be able to distinguish this.
Hence, we can’t make these optional.

>Along the line of Marc's notation
>"/mail/inbox/20140925/<hash of payload>"
>and in the payload include "matchObjectHash(h=abcd) & matchKeyId(i=xxx)"
>Of course, in PARC's network each node will honor such function calls;
>but other networks could opt to guarantee that semantics edge-to-edge,
>yet remain interopable (=catenet-friendly).
>This links to your main point, namely which functions have to be
>built-in at each forwarder (as opposed to network-as-a-whole). I agree
>with you that we should examine the requirements for letting people like
>us (using selectors or named-functions) use your substrate.

We believe these are required functions. We used them for various things
(like self-certified names and nameless objects) that are required at
every node.

>Here is one 
>more wish, beyond the generic function-call packet format above:
>- Distinguish the name on which to route from the name of the object.

We agree with this.  But the “name of the object” is out of scope of the
network protocol. The network cares about the network name.  The name of
the object is something that is associated more with manifests (and meta
data).  BTW, this is one reason why we like nameless objects, they can be
used for any name (and any manifest), independently of location and

The name that a user gives an object is NOT the same as the name the
network gives the object.   Otherwise we would be renaming (and
re-signing/re-encrypting) every network object every time you rename a
file, or move a directory or move from one location to another.

>   Another use case are virtualization tricks like label stacks.

We cover some of these with manifests.  They can be used as advanced links.


>> I want to highlight this.
>> There is a role that selectors can play in a network.  However, our
>> biggest issue with selectors is that they are mandated at the forwarder
>> level.  This means that every node must support selectors.
>> We want to make sure that the core protocol is simple and efficient.
>> Exact matching gives us that.  If you¹re interested in selector matching
>> and searching, then create that protocol over exact matching.
>> Marc just described a simple ³Selector Protocol", basically:
>> - Encode selectors (or any query you want) in the interest payload.
>> - Add a name segment to indicate that this is a selector based query
>> - Add a name segment to uniquely identify the query (a hash of the
>> for example)
>> Example:
>> name    = /mail/inbox/list/selector_matching/<hash of interest payload>
>> payload = version > 100
>> Topology:
>> A ‹‹ B ‹‹ C
>> A and C run the Selector Protocol
>> B does not run the Selector Protocol
>> Now:
>> - Any node that does not understand the Selector Protocol (B) forwards
>> normally and does exact matching.
>> - Any node that understands the Selector Protocol (C) can parse the
>> payload to find a match.
>> If no match is found, forward the interest.
>> If a match is found, create a reply.
>> The reply can contain 2 types of data:
>> - Structured data with links to the actual content objects
>> - Encapsulated content objects
>> So, in our example, the Selector Protocol reply could be:
>> name = /mail/inbox/list/selector_matching/<hash of interest payload>
>> payload =
>>  [  matching name = /mail/inbox/list/v101 ]
>>  [  embedded object < name = /mail/inbox/list/v101, payload = list,
>> signature = mail server > ]
>> signature = responding cache
>> A few notes:
>> - Malicious nodes could inject false replies.  So, if C is malicious, it
>> can insert a reply linking to some random object or just return junk.
>> Well, this would be the case with regular selectors as well.  C could
>> reply with random crap or it could reply with a valid answer that is not
>> the optimal answer (so, for example, not the right-most child or
>> something).
>> This is something that we can¹t prevent.
>> In the case of CCN, our fast path does not check signatures, so you
>> wouldn¹t be able to check the signature of the reply no matter what.
>> unsure if NDN is still advocating that every node checks signatures.  If
>> you are, then this approach might not work for you.
>> Nodes that DO understand the Selector Protocol can check the signature
>> the encapsulated reply (if they wanted to).
>> Nodes that DO understand the Selector Protocol can unpack the reply, and
>> add the corresponding object to their cache, effectively enabling them
>> answer other Selector Protocol queries.
>> - The reply from the Selector Protocol enabled node (C), could:
>> ‹  include a list of all valid answers
>> ‹  embed no objects
>> ‹  embed more than 1 object
>> ‹  process complex queries, regex, etc.
>> The Selector Protocol could also:
>> - include a method for authentication
>> - include a cursor or some other state between queries
>> I think this sort of protocol gives you everything you want while still
>> maintaining an exact match protocol as the core protocol.
>> What is this protocol missing to satisfy your needs?
>> Can we create a protocol that will satisfy your needs on top of exact
>> matching?
>> Nacho
>> --
>> Nacho (Ignacio) Solis
>> Protocol Architect
>> Principal Scientist
>> Palo Alto Research Center (PARC)
>> +1(650)812-4458
>> Ignacio.Solis at parc.com
>> _______________________________________________
>> Ndn-interest mailing list
>> Ndn-interest at lists.cs.ucla.edu
>> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest

More information about the Ndn-interest mailing list