|
From: | Stephen Compall |
Subject: | Re: [DotGNU]Re: Network SEE architecture, v2.0.1 |
Date: | Thu, 10 Oct 2002 20:46:06 -0500 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021008 |
Eric Altendorf wrote:
It requires identification of the server, but not the client. Right now. Crazy huh? ;) Maybe if the auth people define their interoperable protocol, I can drop seeauth in.
(P.S. to auth people: I'm not just bitching here. I sure couldn't define an interoperable Virtual Identities system, I wouldn't even know how to go about doing one! :)
In VRS, servers (LDS nodes) have to authenticate to each other for inter-VRS communication. Exported web services may, of course, require whatever authentication is necessary (maybe none) for the business logic of the web service. Identifying/authenticating the server to the client (to prevent spoofing) is a very good point, and I'm not sure if we have talked about that yet. Definitely a good idea.
I'm basing the place of seeauth solely on the fact that the different auth systems will be interoperable, as they are supposed to be according to dotgnu.org, and also I don't know anything else about what that interface is going to be so it's undefined right now.
Hmmm, this is something I may need to re-research. Why is this necessary? For example, if you have a webservice that serves a witty-quote-of-the-minute in HTML over HTTP, would it not be possible to run that webservice in a SEE and have a non-SEE client get the witty quote with a standard web browser? I must be missing a very basic assumption of the SEE...
No, you are correct, sorry. I was confusing RLS with URLs. For the highly favorable RLS-based system (and stubs that depend on its IPC style) SEE must be on the client. However, after RLS resolution, the only thing the client needs to have is a direct URL--that indicates the transport used, eg the case of HTTP, and is the same as the RLS (if non-Jabber) except for the scheme--and the PE (in this case it is already installed on the machine).
The idea is that RLS is a clean resolution phase: after the resolution and PE-getting phase is over, the connection is started through a separate see*user/see*port pair, fresh. It's like DNS in that respect: if you already have the IP, you don't need to lookuphostbyname again.
The normal PEs won't be passed a URL--because they won't need it.Also, one of the reasons we need something like SEE is because accessing services through web-browsers sucks.
PS: Sorry for my incoherency, I'm writing this at a late hour....
I'm supposed to be writing a research paper on Greek democracy--so I'm completely on topic here. ;)
-- Stephen Compall Also known as S11001001 DotGNU `Contributor' -- http://dotgnu.org GNU does not eliminate all the world's problems, only some of them. -- RMS, "GNU Manifesto"
[Prev in Thread] | Current Thread | [Next in Thread] |