[ I've removed IETF. ]
And why would this be? It is recognized by OPES that security is a
fundamental issue to be addressed. Please read the current charter.
[...]
OPES services MUST be authorized by the party they are being provided
for. How can this not be ethical?
[...]
This one is even more puzzling. OPES services acting in behalf of clients
MUST be authorized by them. Such a OPES service may in fact improve
privacy
from those over aggressive cookie trackers.
Gary,
I think the issue is that your MUSTs above are specified, but the only
proposed mechanism of enforcement is requiring compliance; AFAIK there is
not a fundamental design constraint that precludes 'bad' uses.
The fear is that, by simply ignoring a few requirements in the spec, an
implementor (vendor or administrator) can do things percieved as Evil.
Effectively, compliance with these requirements is met by the type of
deployment which is made - "if you're an ISP and you use OPES, you're not
compliant; if you're an Enterprise or CDN and you use OPES, you're
compliant".
A design that ONLY worked for CDNs (wherever they're deployed) -- by its
nature, not words on paper --would probably make many sleep easier.
Unfortunately, the inclusion of a callout protocol makes this difficult (as
a callout protocol can inherently be used by any intermediary, regardless of
its relationship with the origin server). Assuming callout protocols are
central to the OPES vision, the question then becomes whether the IETF
should bless an effort to do this, and what good or harm that would incur,
relative to that if the IETF were'nt involved, and efforts to develop this
technology moved forward anyway.
An area many seem to forget about in these diatribes is the Enterprise
(intranets). These are wholly contained within an Administrative Domain
which renders most if not all the issues raised above irrelevant.
I agree wholeheartedly; Enterprise as well as Internet CDNs are interesting
places to deploy intermediary services. Such situations have an implicit
trust relationship between the publisher and the intermediary, so these
concerns don't apply.
The problem is that OPES mechanisms can be interposed by third parties which
don't represent the interests of either party. While the uses you have in
mind very well may have the best of intents, a mechanism that lends itself
so easily to abuse should be approached cautiously. If I read the e-mails
going be correctly, many are worried about the fact that OPES proposes to
change some of the ways the Web (an already deployed infrastructure) works,
without an intrinsic means of preserving the assumed trust between the
client and the server. While there isn't much merit in this assumtion of
trust, OPES does have the potential to break a lot of things if it helps
wide deployment of services by third parties (access providers).