3.3.1 Abstract Data Model

Office

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

A relay server provides storage for application data queues that are uniquely identified by a tuple of account URL, device URL, and ResourceURL. The server stores application data sent by clients through inbound sessions to one of the queues, and then creates outbound sessions to forward application data from queues to target clients that have been authenticated. The server distinguishes between device-targeted messages and identity-targeted messages so that it forwards device-targeted messages only to authenticated devices and identity-targeted messages only to identities whose accounts have been authenticated.

To facilitate the implementation of the SSTP Security protocol, the server maintains the following types of metadata records, and creates mapping relationships among them:

Device Record: one for each device that maintains information relevant to the device. It contains the device URL, the secret device key, the device public keys, the list of account URLs on the device, and the list of application data queues that are targeted to the device. The server creates a device record each time it sees a new device, and then populates the record as relevant information becomes available. For example, when the server receives registration information from a device, it stores the secret device key and the public keys object into the device record. The server can index all device records based on device URLs, so that given a device URL, it can quickly look up the device record.

Account Record: one for each account that maintains information relevant to the account. It contains the account URL, the secret account key, the account public keys, the list of devices URLs associated with the account, and the list of identities on the account. The server creates an account record each time it sees a new account, and then populates the record as relevant information becomes available. For example, when the server receives registration information from an account, it stores the secret account key and the account public keys into the account record. The server can index all account records based on account URLs, so that given an account URL, it can quickly look up the account record.

Identity Record: one for each identity that maintains information relevant to the identity. It contains the identity URL, the identity's account URL, and the list of application data queues targeted to the identity. The server creates an identity record each time it sees a new identity, and then populates the record as relevant information becomes available. For example, when the server receives the identity registration information from an account, it stores the account URL into the device record. The server can index all identity records based on identity URLs, so that given an identity URL, it can quickly look up the identity record.

User Record: one for each user created by a management server that maintains information for the user. It contains the user identifier that is used as a pre-authentication token, and the account URL associated with the user identifier. The server creates a user record when it receives the information from the management server. The relay server can index all user records based on the user identifier, so that given a user identifier, it can quickly look up the user record.

The relay server persists these metadata records so that a client only needs to register a device and an account once for each triplet of account URL, device URL, and relay URL.

The relay server authenticates each and every new connection from a client as the authentications are only valid for the duration of an SSTP connection. When a client connects to its assigned relay server, the relay server authenticates the connecting device and every account on that device. When a device is authenticated successfully, the relay server can look up the corresponding device record, and then for each device-targeted queue on the device, opens an outbound session to forward any queued message to the connecting device. When an account on the device is authenticated successfully, the relay server can look up the corresponding account record, and then for each identity on the account, it finds the identity record and then opens an outbound session for each identity-targeted queue to forward any queued message to the identity.

Show: