COPS: Common Open Policy Service Protocol Overview (RFC 2748)

COPS: Common Open Policy Service

The Common Open Policy Service (COPS) protocol is a simple query and response protocol that can be used to exchange policy information between a policy server (Policy Decision Point or PDP) and its clients (Policy Enforcement Points or PEPs). One example of a policy client is an RSVP router that must exercise policy-based admission control over RSVP usage. At least one policy server exists in each controlled administrative domain. COPS protocol has a simple but extensible design. The main characteristics of the COPS protocol include:

COPS employs a client/server model where the PEP sends requests, updates, and deletes to the remote PDP and the PDP returns decisions back to the PEP.
COPS uses TCP as its transport protocol for reliable exchange of messages between policy clients and a server
COPS is extensible in that it is designed to leverage off self-identifying objects and can support diverse client specific information without requiring modifications to the COPS protocol itself. COPS was created for the general administration, configuration, and enforcement of policies
COPS provides message level security for authentication, replay protection, and message integrity. COPS can also reuse existing protocols for security such as IPSEC or TLS to authenticate and secure the channel between the PEP and the PDP

COPS is stateful in two main aspects: (1) Request/Decision state is shared between client and server and (2) State from various events (Request/Decision pairs) may be inter-associated.
Additionally, COPS is stateful in that it allows the server to push configuration information to the client, and then allows the server to remove such state from the client when it is no longer applicable.

Protocol Structure - COPS Common Open Policy Service Protocol

COPS common header:

4

8

16

32bits

Version

Flags

Op Code

Client-type

Message Length

Message Length

Version - The version field specifies the COPS version number. The current version is 1.
Flags - The defined flag values is 1 a Solicited Message Flag Bit. This flag is set when the message is solicited by another COPS message.(all other flags MUST be set to 0).
Op Code - Code identifying the COPS operations: 1 Request (REQ); 2 Decision (DEC); 3 Report State (RPT); 4 Delete Request State (DRQ); 5 Synchronize State Req (SSQ); 6 Client-Open (OPN); 7 Client-Accept (CAT); 8 Client-Close (CC); 9 Keep-Alive (KA); 10 Synchronize Complete (SSC)
Client-type - The Client-type identifies the policy client. Interpretation of all encapsulated objects is relative to the client-type.
Message length - Size of message in octets, which includes the standard COPS header and all encapsulated objects.

Related Protocols
TCP , RSVP

Sponsor Source

COPS is defined by IETF (http://www.ietf.org ) RFC 2748.

Reference

http://www.javvin.com/protocol/rfc2748.pdf : The COPS (Common Open Policy Service) Protocol.