IF-MAP protocol is a standard client/server protocol for accessing metadata. In a typical Trusted Network Connect (TNC) environment, IF-MAP protocol serves as an interface between elements of Trusted Network Connect (TNC) architecture and a Metadata Access Point (MAP) (i.e. IF-MAP server). Trusted Network Connect (TNC) is an open architecture for Network Access Control promulgated by the Trusted Network Connect Work Group (TNC-WG). Metadata Access Point (MAP) is a TNC element that serves as an information clearinghouse for the TNC architecture. As a part of its function, IF-MAP server stores, correlates, and disseminates state information about net elements such as devices, users and flows in a network such as registered address bindings, authentication status, endpoint policy compliance status, endpoint behavior, and authorization status. IF-MAP uses a publish/subscribe model to collect information from all over the network and links them together to form a single searchable database. All net elements that access to the IF-MAP server (MAP Clients) may publish information to the MAP, search the information in the MAP, and subscribe to notification from the MAP when information stored in the MAP server changes. In addition to managing security related metadata in the TNC environment, IF-MAP can also be applied to manage other kinds of information or metadata, both within and outside of the TNC environment.
FIG. 1 is a block diagram illustrating a current IF-MAP database represented in a graph format. The IF-MAP graph database comprises a set of IF-MAP identifiers (represented as circles), IF-MAP links (represented as lines), and associated metadata (not shown) that are represented as a graph of nodes and links. The actual information for the nodes, links and associated metadata are stored in an information management system or IMS. An IF-MAP identifier is a single, globally unique value within a space of values described by an identifier type specified in an IF-MAP schema. An IF-MAP link is typically a bi-directional binding relationship between two identifiers. IF-MAP metadata are data associated with identifiers or links and are represented as typed values. As shown here, identifiers are linked into disconnected groups (shown here as Group I: I1, I2, I3, and I4; Group II: I5, I6; Group III: I7, I8, I9; Group IV: Ia, Ib, Ic).
Current implementations of IF-MAP servers including Infoblox IBOS require IF-MAP clients to have prior knowledge of specific Identifiers (such a specific IP Address or MAC address) on which subscriptions and searches are defined or based. Queries for carrying out search or subscription operation must include a specific identifier as a starting point. This requirement is a limitation of current specification of IF-MAP and restricts IF-MAP servers from being providers of information for several use cases. Discovery of devices is one such use case where IF-MAP servers need to update subscriptions with results of newly published metadata and associated Identifiers to IF-MAP clients. MAP servers' requirement of prior knowledge of specific starting point identifiers also limits the search capabilities for IF-MAP servers, since if no specific identifier is known, search and subscription cannot be carried out, and in addition, search and subscription currently cannot easily bridge the gap between different groups of identifiers that are not linked together directly or indirectly. For example to retrieve metadata associated with I1, the search and subscription must start from I1 or an identifier directly or indirectly linked to I1 (e.g., I2, I3, or I4), search and subscription cannot start from a node not directly or indirectly linked to I1 (e.g., I5, I6, I7, I8, I9, Ia, Ib, or Ic). As such the entire graph database cannot be easily searched even if a specific starting identifier is known to a client.
Thus an improved method for managing data stored on IF-MAP server is needed.