The Internet has grown up based on host-based addressing. A user who wishes to retrieve an information object such as a document, a multimedia file etc over the Internet will typically do this using a domain name that identifies a site from where the desired information object may be retrieved. The domain name entered by the user is converted to an Internet Protocol (IP) address by a domain name server, and this IP address identifies a particular host, such as a server, that can provide the requested information object. The request for the information object is then routed to the host identified by the IP address. In host-based addressing, an information object is essentially tied to a physical location—that is to the physical location of the host that stores that information object.
Information-centric networking (ICN) provides an alternative approach to addressing. Information-centric networking (ICN) is a field which includes a number of approaches such as Named Data Networking (NDN) or Content-Centric Networking (CCN), Network of Information (NetInf), PSIRP/PURSUIT, and Data Oriented Networking (DONA). In ICN, each information object is given a globally unique identifier (or globally unique “name”), and a request for an information object uses this globally unique identifier. All copies of a particular information object stored in a network are identified by the same globally unique identifier, and all copies of an information object identified by the same globally unique identifier are regarded as equally valid. A request for a specific information object will include the unique identifier of the requested information object, and when a network receives the request it needs to locate a copy of the requested information object and set up a path, from the source node (i.e. the node holding the selected copy) to the requesting node, over which the information object can be transported to the requesting node. To be able to do this, the network needs to be able to map the identifier of the information object to a locator of the selected source node. The locator is used for routing in the underlying transport network. Mapping the identifier of the information object to a locator of the selected source node is performed by some type of Name Resolution Server (NRS).
In some cases an entity that provides information objects (such an entity will be referred to as a “publisher”) may wish to enforce access controls, so that a particular information object is available only to specific recipients. For example a publisher may wish to make an information object available only to requestors who have paid the publisher for the information object (for example where the information is a film or other item of entertainment such as an E-book). If a party pays a publisher to obtain a particular information object the party will learn the unique identifier of that information object and, in the absence of access controls, the party could then pass the unique identifier to third parties and so make it possible for the third parties to obtain the information object without making payment to the publisher.
There have been proposals how to implement an access control policy in ICN. One proposal is that an information owner attaches to every information item a pointer to a function that implements the access control policy that protects that item, rather than the policy itself. Any purveyor can challenge an item requestor to invoke that function, and based on the function's output, the purveyor can decide whether or not the requestor is eligible to access the protected item. The use of encryption mechanisms to provide access control has also been proposed.
The “Handle System” as described in IETF Request for Comments RFC 3650 Handle System Overview provides a general purpose global name service that allows secured name resolution and administration over networks such as the Internet. Most handle data stored in the Handle System is publicly accessible, unless otherwise specified by the handle administrator. Handle administrators may choose to mark handle values that contain private information as readable only by the handle administrator(s), or to store these as encrypted handle values so that these values can only be read within a controlled audience. The handle system uses an eight-bit bit-mask for access control of the handle value. This mask is carried with the content. Access control to handle values is defined in terms of read, write, and execute permissions, applicable to either general public or handle administrator(s).
Currently proposed access control methods for ICN are generally not completely satisfactory. As outlined above many existing access control methods are intrinsically based on cryptographic mechanisms and thereby they require associated key management, and distribution of keys to every new party that wishes to retrieve an information object. A further disadvantage of encryption-based access control methods is that different copies of the same information object may be given different identifiers, but this is contrary to the basic principle of ICN that every copy of an information object should have the same identifier.
Access control methods that use passwords involve all the known weaknesses of password-based authentication methods, and also require distribution of access control lists. For example, there is the risk that the passwords can be stolen if someone hacks into a node in which passwords are stored.
Access control methods that use access control lists have the further disadvantage that, when new parties are granted access to an information object, it is necessary to update the access control lists at each node holding a copy of the access control lists. Alternatively, each node needs to be connected to an access control server so that a node can check each request against the current access control list held at the access control server.