DRAFT- InProgress

 Abstract

Commentary:

The  App Directory (AppD) is a service that provides a financial application definition that includes a trusted identifier(s) and associated metadata.  The information registered as part of an application definition supports discovery, launch configuration, intents and context data supporting the use and interoperability of financial applications.  This proposal recommends use of a distributed or detached model to managing application data servicing, where there are (N) AppD services on a network providing information related to a subset of namespace "zones" that align with the financial application identifiers.  This approach encourages independence, scale and responsive provisioning of application definitions. This is modeled from a subset of the public name service "Domain Name System", which has proven reliable and conceptually fit for discovery.

In order to support the discovery of application data stored in a given directory, name space concepts are introduced to both identify the realm of application definitions and AppD service locations that host data.  In simple terms, there has to be a way of discovering the location of the AppD service itself and the associated application definitions that are available from that service.  

This proposal focuses on defining the following key features to support this need:

• Application data discovery through nested namespace approach. (Note: An expanded definition is required outside this proposal)
• AppD service host discovery implementations should support the following requirements;
  1. Discovery through application ID namespace syntax host name resolution 
  2. Discovery through use of DNS SRV record types (RFC2782 ) 
  3. Federated discovery of URI records between AppD services
  4. Statically defined URI records for use within client applications directly

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].

Examples:

AppD service through DNS / SRV records:

AppD Service distribution visual:

Proposal

Application data discovery

For the purposes of this proposal, application data discovery shall be accessible through a unique application identifier (AppId) representing a single application represented by a nested namespace syntax using dot notation (e.g. app.sub.root).  It should be noted that a given AppD service may support multiple application namespace "zones" as part of a standard nested naming hierarchy. 

Example:

getAppData("app.sub.root")  

return 
{
   "guid": "app.sub.root",
   "id":1,
   "name":"app",
   "title":"A really cool app",
   "manifest_url":"https://app.sub.root/app.json",
   "description":"An app that provides really cool financial data",
   "contact_email":"info@app.sub.root",
   "support_email":"support@app.sub.root",
   "signature":"https://app.sub.root",
   "publisher":"foo",
   "icon":"https://app.sub.root/img/1525196540430.jpg",
   "appPage":"/apps/app",
   "images":[
            {
              "url":"https://app.sub.root/img/1525196540315.png"
            }]
}

Host discovery

The following represents the three ways AppD service instances should be discovered over a given network.  Again, the view is that AppD services are distributed/decoupled based on associated application namespace on a given network.  This takes into account the use of the application identifiers described in previous section.  A launcher is required to use a URI (e.g. "https://appd.foo.com/api/appd/app1.appd.foo.com") to query a given directory instance for data.  In order to construct a URI, the host location and port of a given AppD service instance is required.  This proposal focuses on the following approaches to achieve this resolution. 

Application ID namespace syntax host resolution

An application directory URI can be constructed using a fully qualified application ID by recognizing the identifier as a fully qualified domain name, whereby the subdomain of the fully qualified application ID can resolve to the application directory host.  Given an application "app1" with a fully qualified identifier of "app1.appd.foo.com" an application directory host location can be derived by simply extracting the subdomain "appd.foo.com".   The extracted subdomain "app.foo.com" may resolve to the actual host location where the application directory is running.   

A launcher can then easily construct a URI by; 

1. URI protocol is defaulted to https, but can be overridden by the launcher. 
2. URI hostname is the subdomain of the fully qualified application ID. 
3. URI port is default https/443, but can be overridden by the launcher
4. URI url is by default "/api/(service)/(version)" .  It is recommended that we identify service label as "appd" with version being optional.  Calls that are made without version automatically default to latest "/api/appd/app1" vs "/api/appd/v1/app1" 

The resulting URI to retrieve application data for "app1" would be "https://appd.foo.com/api/appd/v1/app1.appd.foo.com"  

 Application identifiers, Shrinking the URI and AppdD defaults

Although the concept of fully qualified application IDs are useful in resolving the actual host of the application directory, there is no requirement for an application directory to use this fully qualified application ID as the resolver for a record.  An  application ID is unique to given application directory, but there is no requirement to use the fully qualified representation.  Taking the prior example, the fully qualified application ID "app1.appd.foo.com" is represented as "app1" within the application directory.  As a result a launcher can use a shortened URI construct "https://appd.foo.com/api/appd/v1/app1" to resolve the application data. 

DNS/SRV Records

Another approach to support AppD service discovery (resolution) is through use of existing domain name service (DNS) implementations that are broadly used on the Internet today (see: RFCs).  Name service implementations can be considered critical infrastructure and are proven stable with over twenty years of use. Name services can be used both through public Internet or locally deployed intranet, which provides optionality to deployment schemes. 

More specifically, resolution of an AppD service instance should be implemented using DNS "service records" (SRV) providing the host instance, protocol and associated port.  The following is a well known description of a SRV record (RFC2782):

zone name {

_service._proto.name. TTL class SRV priority weight port target.

}

• service: the symbolic name of the desired service.  For AppD service, this mus be identified as "_appd"
• proto: the transport protocol of the desired service; this is usually either TCP or UDP.  For AppD service _tcp must be used.
• name: the domain name for which this record is valid, ending in a dot.  For AppD service,  the name should directly map to the application identifier domain. 
• TTL: standard DNS time to live field.
• class: standard DNS class field (this is always IN).
• priority: the priority of the target host, lower value means more preferred.
• weight: A relative weight for records with the same priority, higher value means more preferred.
• port: the TCP or UDP port on which the service is to be found. For AppD service, TCP should always be used. 
• target: the canonical hostname of the machine providing the service, ending in a dot.  This would be the host where the AppD service is running. 

For AppD Service the SRV record must use the following definitions:

• service = _appd
• proto = _tcp
• name = must map to the domain of the application identifier . Example:  the name for application identifier "app1.appd.foo.com" would be "appd.foo.com"

Known domains:

Although SRV records provide the means of resolving the location of an AppD service for a specific domain, there could be a need to know what domains exist in the universe.  This would be a list of domains representing all known directory instances. It is recommended that  the FDC3/FINOS organization publish a list of known domains which support AppD services.  This publication can be handled in multiple ways, such as structured files or API endpoints.  This proposal shall not provide a qualified solution to achieve this, but rather draw attention to a potential requirement.  

Peer-to-Peer Discovery

This type of discovery focuses on the replication of known domain:URI records between AppD services.   A domain:URI records consist of the application identifier or domain and the associated URI (e.g. appd.foo.com : https://appd.foo.com).  This follows the concept of peer-to-peer replication, whereby the following concepts must be supported by a given AppD service must:

1. have one or more peers seeded manually or through centralized source (see above section on Known domains)
2. store AppD service locations as domain:URI record types
3. publish managed (owned) domain:URI records on startup to peers
4. have an accessible endpoint providing list of known domain:URI  
5. on startup, retrieve a list of known domain:URIs from peer(s) 
6. have an accessible endpoint to receive published events from other AppD services. 
7. compare received events/records to known records with any differences triggering record updates to peers.
8. Must verify and refresh discovered domain:URI records

The requirements force almost a complete replication and active refresh of records across a peer-to-peer instances, but increases the development requirements and network traffic. 

Static configuration

As the name implies, a static configuration for the AppD service location is predefined within the launcher following the same domain:URI model mentioned in previous sections.