doc/developer/TokenArchitecture

Version 3 (modified by benoitg, 15 years ago)

WIP

Contributor(s): Benoit Grégoire, last modified: 2007-05-03

Token, General model

Currently, connection tokens are very weak entities, directly stored in the connection table. Many stakeholders would like to add features to connections (time limit, persistent token, etc.) to support the different WirelessCommunityModels. To do this without shooting ourselves in the foot, we need a data model that can solve the general problem of connection handling and re-use, not just a specific degenerate case of it (such as selling pre-paid time).

What follows is a first draft at doing so.

Data model

token_templates

  • token_network (Note: Server-wide tokens aren't supported, but the code will look up the tokens of networks you peer with)
  • token_max_data_transfer Ex: Allows capping bandwidth
  • token_max_connection_duration: Ex: Allows limiting the length of a single connection
  • token_max_usage_duration: Ex: Allows selling access by the hour
  • token_max_wallclock_duration: Ex: Allows selling daily, weekly or monthly passes
  • is_reusable: Is the connection reusable? (normally, yes)

tokens

  • token_id
  • token_status
  • token_creation_date
  • token_expiration_date: A computed value
  • token_issuer: A user in the system. User responsable for the creation of the token (not necessarily the same as the one using it)
  • token_owner: The user that can USE the token.

tokens_valid_nodes (Unfortunately, for hotels selling 24h access to their clients, we have to consider that their network may consist of more than one node. If the token has no entry in this table, it's considered valid everywhere on the Network (and it's peers))

  • token_id
  • token_valid_at_node

When a connection is established, the values in the tokens table are used, along with eventual network policies (maximum monthly data transfer, maximum connection time) or node policies (opening hours) to calculate max_data_transfer and expiration_date in the connection table. This calculation is expensive, but once done, all the auth server has to do is validate max_data_transfer and expiration_date which is practically free.

connection (new or redefined field in existing table)

  • token_id Now references the tokens table
  • max_data_transfer (token_max_data_transfer - SUM(data transfer for all connections on this token))
  • expiration_date (MIN(NOW+token_max_connection_duration, NOW+token_max_total_duration-SUM(data transfer for all connections on this token), token_expiration_date))