It's pretty.
Did you want technical commentary? :-)
Here's how I'd thought of it, without bringing it down to
a trust template.
We need to know on whose behalf the proxylet operates,
who vouches for its intended operation, and what
resources it requires. Local resources are CPU cycles,
memory, transient and permanent objects, policy rules,
connections, trust credentials, and network information.
After that, it's all policy.
Proxylets can travel along the content path; whether or not they
are accepted depends on the policy of the boxes they pass
through. The boxes are concerned about privacy and
authorization and resource control.
A proxylet, if installed as a resident object, in accordance
with local policy, gets the privileges associated with
more local policy.
A typical kind of policy will be to honor agreements with a
CDN to let proxylets of certain types run as part of the
OPES environment. The CDN signs the proxylet or
provides an authenticated service for verifying a hash
of the proxylet. It gets to run, but with certain restrictions
that local adminstrators set. It can open connections
to sites that are part of the CDN, it can install authenticated
redirection policy to that CDN, it can access hit counts
and byte count information associated with that CDN.
The hit count stuff, etc. is part of the standard API that a
proxy presents to OPES services. So are the redirection
rules. Proxylets can extend the basic services for use
by related proxylets, and URL's provide ways to retrieve
proxylets that have gone missing.
Perhaps we need to define explicit roles and trust
levels. Some proxylets will originate locally and
be fully trusted, others will be from partners with
mutual interests, others will be transient and subject
to low priority/low privilege.
For example, an enterprise might have a contract with
a virus scanning company; the virus company can install
any proxylets on an OPES machine local to the enterprise.
It can install its own policy, as long as it is more restrictive
than some base (like, incoming SMTP). Because the
OPES virus-scanning machine is an appliance, it can
have its own policy, saying that it accepts proxylets only
from a set of trusted virus-scanning companies.
Hilarie
"Erickson, Rob" <rob(_dot_)erickson(_at_)intel(_dot_)com> 02/01/01 01:02PM
I apologize if this is a repeat - I sent out an older version of this
document a couple days ago, but it apparently did not go out the mailing
list. This version is more up-to-date.
A while back, I posted a bit of ASCII art to the group in an effort to get a
further understanding of just where an OPES box would reside and the
services it would run depending on it's location.
Well, my ASCII art met with a resounding silence - so, I've spiffied it up
and rewrote most of the text, and formatted it pretty. Any
comments/discussion would be welcome.
Rob Erickson
Sr. Network Software Engineer
mailto:Rob(_dot_)Erickson(_at_)Intel(_dot_)com
503-712-2016
<<OPES Ownership.pdf>>