Re: [DotGNU]Re: Network SEE architecture, v2.0.1

[Stephen Compall]

Eric Altendorf wrote:
> > It requires identification of the server, but not the client. Right
> > now. Crazy huh? ;) Maybe if the auth people define their
> > interoperable protocol, I can drop seeauth in.

(P.S. to auth people: I'm not just bitching here. I sure couldn't define 
an interoperable Virtual Identities system, I wouldn't even know how to 
go about doing one! :)

> In VRS, servers (LDS nodes) have to authenticate to each other for 
> inter-VRS communication.  Exported web services may, of course, 
> require whatever authentication is necessary (maybe none) for the 
> business logic of the web service.  Identifying/authenticating the 
> server to the client (to prevent spoofing) is a very good point, and 
> I'm not sure if we have talked about that yet.  Definitely a good 
> idea.

I'm basing the place of seeauth solely on the fact that the different 
auth systems will be interoperable, as they are supposed to be according 
to dotgnu.org, and also I don't know anything else about what that 
interface is going to be so it's undefined right now.

> Hmmm, this is something I may need to re-research.  Why is this 
> necessary?  For example, if you have a webservice that serves a 
> witty-quote-of-the-minute in HTML over HTTP, would it not be possible 
> to run that webservice in a SEE and have a non-SEE client get the 
> witty quote with a standard web browser?  I must be missing a very 
> basic assumption of the SEE...

No, you are correct, sorry. I was confusing RLS with URLs. For the 
highly favorable RLS-based system (and stubs that depend on its IPC 
style) SEE must be on the client. However, after RLS resolution, the 
only thing the client needs to have is a direct URL--that indicates the 
transport used, eg the case of HTTP, and is the same as the RLS (if 
non-Jabber) except for the scheme--and the PE (in this case it is 
already installed on the machine).

The idea is that RLS is a clean resolution phase: after the resolution 
and PE-getting phase is over, the connection is started through a 
separate see*user/see*port pair, fresh. It's like DNS in that respect: 
if you already have the IP, you don't need to lookuphostbyname again.

The normal PEs won't be passed a URL--because they won't need it.

Also, one of the reasons we need something like SEE is because accessing 
services through web-browsers sucks.

> PS: Sorry for my incoherency, I'm writing this at a late hour....

I'm supposed to be writing a research paper on Greek democracy--so I'm 
completely on topic here. ;)

--
Stephen Compall
Also known as S11001001
DotGNU `Contributor' -- http://dotgnu.org

GNU does not eliminate all the world's problems, only some of them.
        -- RMS, "GNU Manifesto"