Apps Messaging -- A New Approach

Wed May 2 01:50:05 PDT 2007

Hi Doug,
That was also my view back in September when this first surfaced in  
the Plastic group.  Unfortunately when it came to implementing it in  
practice we faced a couple of practical problems:

1) we wanted to support several "transport protocols" and they all  
treated security differently, if at all
2) it pushed complexity into the clients

The nice thing about the solution on the table at the moment is that  
it doesn't complicate the client at all.  One of our design goals has  
always been to make life easier for the client author, even at the  
expense of those of us writing hubs.  Even so, the hub isn't that  
complex a beast.

John

PS
Perhaps we should stop referring to this issue as "security", as it's  
not really so grand.  It's just a rudimentary check that an  
application is who it says it is...we're not talking about encrypting  
messages or non-repudiation here.

On 2 May 2007, at 03:24, Doug Tody wrote:

> The real solution to difficult problems such as security (or  
> guaranteed
> and efficient message delivery, etc.) is to layer an implementation
> of an astronomical messaging abstraction on top of (ideally more
> than one) robust, highly evolved frameworks.  Either that, or keep
> it dead simple, and don't worry about these things.  I would suggest
> assigning responsibility for anything hard like this to the low level
> infrastructure, and not dealing with it at all at the applications  
> layer
> (except maybe at connect time).  I still hear people talking about  
> a "hub"
> which gets more and more complex, to the point where it is reinventing
> basic messaging technology which has been addressed for the past 15-20
> years, and impacts applications.  This is what "separate interface  
> from
> implementation" ultimately means.  It doesn't necessarily mean making
> things more complex, as some fear - it could actually make it simpler
> at the applications level, due to layering.  - Doug
>
>
> On Mon, 30 Apr 2007, John Taylor wrote:
>
>>
>> On 30 Apr 2007, at 10:47, Mike Fitzpatrick wrote:
>>
>>>
>>> Hi Mark,
>>> 	I take your point and applaud your thoughtfullness.  We too have
>>> multi-user machines and students, we also have large heavy objects
>>> that
>>> could be carried into offices to smash hard drives into little tiny
>>> bits
>>> to destroy the same data files.  I consider the likelihood of data
>>> loss
>>> due to msg hacking or heavy objects to be about the same and have as
>>> much time to guard against each equally.
>>> 	Did I freak everyone out with the message spoofing point or has
>>> security been a major deal with PLASTIC for a while?
>>
>> It's something that came up back in September:
>>
>> http://sourceforge.net/mailarchive/message.php?msg_id=Pine.LNX.
>> 4.44.0609150930530.11448-100000%40andromeda.star.bris.ac.uk
>>
>> but we didn't really come to an agreement as to how serious the
>> threat was and whether we should pursue a fix.  I seem to remember
>> that back then I was arguing for the other side to now (ie, against
>> security).  Funny how we get more cautious as we get older.
>>