ietf-openproxy
[Top] [All Lists]

Re: Service Binding Times (Re: Proxylet Downloading and metadata)

2001-03-28 11:44:04
Lee,

I mentioned this at the interim but only briefly.  It seems to me that we're
getting our service binding times wrong.  

we talked about that in Minneapolis and basically agree on your
observations (thanks for bringing this up!), but it seems that it
might need some clarification and discussion here on the list as well
- sorry for the delayed response.

First, let's describe what we mean by "service binding". Service
binding refers to the process of specifying the exact location (i.e.
server name + path + file name) of the software being called in order
to provide a specific service. In case of a callout service, service
binding also includes specification of the protocol being used for
communication between the OPES device and the callout server.

The question is, when should we do the service binding, i.e. when
should we specify the exact location? And who should specify it?

For example, a user interested in having downloaded files scanned for
viruses probably doesn't care too much about the machine on which the
virus scanner will run on and how the OPES device communicates with
this machine (in case of a callout). This implies that the user, and
therefore the rule author, does NOT want to do the service binding.
Instead, he simply wants to specify the virus scanning service and let
the service binding to the service provider. The user might not even
know about the protocols being supported by the service provider and
about the machines that might offer the virus scanning service.

Now, there are a few options where to do the service binding:

 (1) As discussed (and probably rejected) above, service
     binding could be done at the time we author the rules.

 (2) Service binding could be done by the OPES admin server
     when receiving the rules and before distributing them
     to the OPES devices.

 (3) Service binding could be done by the OPES devices
     themselves when receiving the rules. I.e. it would be
     sort of a static decision - the OPES device decides at
     the time of receiving the rules.

 (4) Service binding could be done "at runtime", i.e. when a 
     message comes in and a certain rules matches, we do 
     binding for the associated action just at this time.

The last option, for example, would allow us to do service binding
based on some runtime variables. Assume, for example, that we could do
the virus scanning either on the OPES device itself or on a remote
callout server. In this case, we might want to decide based on the
current system load when the message comes in, e.g. if system load is
low, do scanning locally, otherwise use the callout server.

There are many more things to consider - any opinions on that?

-Markus