[Top] [All Lists]

A Java based proxylet API

2001-09-11 02:45:51

I'm currently writing a java API for proxylet execution in a local java 
runtime environment. I have prepared a draft, but would like to get some sort 
of consensus with the community before diving in there and publishing it.

Here's an extract from my draft. I dont include the full API description 
which is far too long for submission here when converted into an Internet 
draft descriptions.

I welcome all comments and criticisms. 

If you wish to review the whole draft ID I could email you it. Its a little 
too long to post in full here.

Andy Walker
Thundercrack Ltd.

   This document describes a Java language binding for proxylets and
   the local java execution environment within which the proxylets will
   Proxylets are plug-in modules to an Open Pluggable Edge Server (OPES)
   device that execute locally within a well defined secure execution
   environment.  Proxylets allow arbitrary modification of messages
   under the authority of either the origin server or the end user.  The
   proxylet sandbox constrains the modifications to messages to be
   within the bounds within which the proxylet has been granted authority.

1. Introduction
   Open Pluggable Edge Servers (OPES) described in
   draft-tomlinson-epsfw-00.txt allows end users
   and origin servers to provision content adaption services at the OPES
   device.  These content adaption services are explicitly authorized to
   perform their content modifications via a policy framework.  The
   authorising party defines a set of configuration rules using IRML.  
   When a request arrives at the OPES device that matches a rule
   an appropriate service is brought into service that can carry out any
   necessary content adaption, or arbitrary processing.  The underlying
   rule processing architecture is described in draft-yang-opes-rule-
   processing-service-execution-00.txt.  There are two types of
   service available: -
   1.  Call out services.  The request and response messages are
       vectored out to a service using a suitable callout protocol.  The
       remote service carries out the processing and returns the
       modified message.
   2.  Local services.  The request and response messages are passed to
       a local proxylet service.  The proxylet service executes within
       its local execution environment, and returns the modified
   This draft examines proxylets, their runtime life-cycle, a possible
   java binding, and the local execution environment security.
   Areas of proxylet management that are beyond the scope of this draft
   and require further analysis are : -

      Proxylet description with OMML.
      Proxylet trigger conditions (IRML etc)
      Proxylet distribution and deployment
      Proxylet configuration
      Proxylet logging
      Proxylet validation, and/or compliance testing.
   This draft focuses on a set of Java interfaces that expose the
   available resources, the message data, and the local configuration,
   to locally executing proxylet services.  The interface allows
   straightforward manipulation of message protocol headers and gives
   direct IOStream access to each message payload.

2. Proxylet binding overview
   Proxylets are small pieces of code that transform messages at an
   intermediary, they are managed and executed by a Proxylet Engine.
   The proxylet engine manages the proxylet's life-cycle from its
   instantiation, through repeated execution of its
   service, to its eventual destruction.
   The proxylet engine is responsible for setting up the proxylet in a
   suitable security sandbox protecting the underlying
   server against malicious resource misuse, protecting the end user
   from irresponsible and undesired content modification and protecting
   the content provider from potential data hijacking.
   The proxylet engine interacts with proxylets via interfaces from the
   org.ietf.opes.proxylet package.  The protocol-specific proxylet
   extensions are found within the a sub package from
   org.ietf.opes.proxylet.  For example, HTTP proxylets use the package
   The base interface for a proxylet is org.ietf.opes.proxy.Proxylet.
   The proxylets must implement the Proxylet interface,
   or an interface that extends Proxylet.  Proxylets alter requests
   using their modRequest method, and responses via their
   modResponse method.  Protocol specific extensions to
   the Proxylet interface may provide a different method for each of the
   protocol message types.  For example, HTTPProxylet
   will have modGetRequest and a modGetResponse methods dealing with the
   adaption of a HTTP GET requests and its subsequent response message.
   The proxylet engine will parse the request message into a
   ProxyletRequest object, and a response into a
   ProxyletResponse object.  The ProxyletRequest and
   ProxyletResponse interfaces manage the collection of protocol headers
   and provide hooks into IO streams representing the message's payload.
   Again, protocol-specific extensions to the Request and Response
   objects will expose protocol-specific attributes of the request and

3. Proxylet runtime life-cycle
   The life-cycle of the proxylet is
   o  instantiation
   o  initialisation
   o  service
   o  destruction
   o  undeployment


4. Overview of Package: org.ietf.opes.proxylet
      Collects together the initialisation properties of the underlying
      server, the proxylet metadata, and the proxylet instantiation data
      specified for the given proxylet URI.
      The ProxyletContext interface describes the set of methods by
      which a proxylet can communicate with its underlying proxylet
      This interface tags the implementing class informing the server
      that there should be a new instantiation of the Proxylet each time
      the server needs to execute the proxylet code.
      The ProxyletSessionData wraps any stateful object that is placed
      on the ProxyletSession object.
      Defines the object that the proxylet engine will pass to the
      proxylet giving information regarding the server's response.

      Cookie represents the access interface for HTTP-like cookies.

      PropertyBasedObject gives access to an object's properties and
      attributes, by indexing the data by a String naming the particular
      property of interest.
      Proxylets are small pieces of code that execute on an intermediary
      at the request of an authorising party.
      Defines the interface through which a proxylet may interact with
      the request message currently being processed by the server.
      The client holds a session with the processing intermediary that
      may retain stateful data pertaining to the client's relationship
      with the proxy, and the client's relationship with any
      appropriately authorised upstream origin servers.
      The ProxyletStatus object represents the possible return values
      from a proxylet.
      ProxyletException is thrown whenever the proxylet encounters
      unusual circumstances and is unable to execute correctly.

5. Overview of Package: org.ietf.opes.proxylet.http
      HTTPCookie overrides the standard proxylet Cookie giving the
      object the HTTP specific facilities that enable the proxylet
      writer to quickly and simply inspect and modify HTTP cookies.
      HTTPProxylet is the HTTP protocol-specific interface enhancing the
      standard proxylet interface.
      HTTPProxyletResponse enhances the standard ProxyletResponse with
      HTTP protocol-specific extensions.
      The HTTPProxyletRequest interface defines the HTTP protocol
      extensions to the org.ietf.opes.proxylet.ProxyletRequest interface.

6. Complete API details 

7. Security Considerations

   Andrew J. Walker
   Thundercrack Ltd.
   17 Rathbone Street
   London, London  W1T 1ND
   Phone: +44 020 7631 1000
   EMail: andrew(_dot_)walker(_at_)thundercrack(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>