The distinction I was making was that there is little difference
between boxes operated on behalf of a content provider, by that
content provider, and those operated by a CDN, on behalf of a content
provider; I wasn't trying to introduce access providers.
I.e., I'm not trying to erase the line between CDNs and access
providers, I'm saying that there is little difference between CDNs
and content provider boxes (e.g., so-called "reverse proxies") from
On Fri, Feb 02, 2001 at 01:14:33PM -0800, Yang, Lily L wrote:
I think whether or not a CDN is involved does make a difference in terms of
helping us undertstand the issues involved in how the rule modules and
proxylets are loaded into the OPES box targets in a secure and manageable
When a CDN is used by the content provider, the issue becomes easier
precisely because there is an explict business contract in place -- A
one-to-one trust relationshp between CDN and CP.
However, when a CDN is not in the end-to-end picture, any content provider
would have to deal with MANY access providers to authorize the loading of
rule modules and proxylets. On the other hand, any access provider would
have to deal with MANY content providers. Here come the questions with such
a MANY-to-MANY relationship:
1)Would the access provider allow its OPES box accepting rule modules from
any CP without explicit business arrangment made in advance?
IMHO: No. I think security concern would override anything else -- so
explicit business relationship (i.e. trust) needs to be in place before any
such loading can take place. That means no automatic, on-the-flight loading
of rule-modules and proxylets to the OPES boxes.
2)Isn't it a management/deployment nightmare for a CP to deal with MANY
access providers to take advantage of the OPES services provided by access
IMHO: Yes. So CDN is a better solution from content providers' point of view
to deploy services offered by OPES framework, assuming that CDN itself would
establish some kind of trust relationship with its access providers on a
In summary, the rule modules and proxylets would only flow through a path
with established trust relationship in place first.
Mark Nottingham, Research Scientist
Akamai Technologies (San Mateo, CA)