Apps Messaging -- A New Approach

Fri May 4 09:34:28 PDT 2007

Hi Mark -

Sorry, I was just making a general statement.  I agree that it is nice
to continue to have a simple implementation that does not require
a more complex underlying messaging infrastructure, at least for a
class of applications.  Your token scheme seems a simple approach to
provide basic security.

 	- Doug

On Thu, 3 May 2007, Mark Taylor wrote:

> Doug,
>
> On Tue, 1 May 2007, Doug Tody wrote:
>
>> The real solution to difficult problems such as security (or guaranteed
>> and efficient message delivery, etc.) is to layer an implementation
>> of an astronomical messaging abstraction on top of (ideally more
>> than one) robust, highly evolved frameworks.  Either that, or keep
>> it dead simple, and don't worry about these things.  I would suggest
>> assigning responsibility for anything hard like this to the low level
>> infrastructure, and not dealing with it at all at the applications layer
>> (except maybe at connect time).  I still hear people talking about a "hub"
>> which gets more and more complex, to the point where it is reinventing
>> basic messaging technology which has been addressed for the past 15-20
>> years, and impacts applications.  This is what "separate interface from
>
> Which proposals are you calling "more and more complex"?
> The only thing we're talking about for 'security' here is the hub generating 
> one private token for each application at registration time which that 
> application uses to identify itself in subsequent communications with the 
> hub.  This provides, at low cost,
> very basic protection against application spoofing or applications attempting 
> to participate in a messaging conversation without first registering (I would 
> argue that this kind of enforcement of good practice is a Good Thing in any 
> case, even apart from the security aspect).
> I agree if you want to provide facilities which are hard to do (encryption, 
> guaranteed delivery, protection against determined hackers) the best thing is 
> to defer to an infrastructure
> which can do those hard things.  But if you defer too much to such
> an infrastructure (that is, easy things which you need/want any time
> you're doing messaging) it means that you cannot have an implementation which 
> doesn't sit on top of a complex layer.
>
>> implementation" ultimately means.  It doesn't necessarily mean making
>> things more complex, as some fear - it could actually make it simpler
>> at the applications level, due to layering.  - Doug
>
> If you end up requiring one or other of the robust, highly evolved frameworks 
> in order to do messaging at all then it becomes difficult
> to do messaging in an environment which doesn't have support for any of 
> those.  We are keen that there is a low burden for adoption on application 
> authors working across a range of platforms.
>
> Mark
>
>