Hi Andrew,
Why should the web service protection be singled out over a virus checker
application running on the end users machine?
I think there are differences between locally executed service
applications and network service applications executed on OPES
intermediaries.
The IAB, for example, argued (in draft-iab-opes-01) that OPES services
are not under the direct control of the end hosts, but locally installed
services are. An end user can easily update or patch his local virus
scanner installation, but a subscriber to an OPES virus scanning service
has only two choices - stay subscribed or unsubscribe from the service.
It's also harder to detect problems and misconfigurations in network
services. Also, OPES network services can be provided to end hosts a lot
easier than services that have to be installed locally. So if a big ISP
offers all of its customers a free advertisement-removal service, then I
bet many content providers will object to this. But they won't (or maybe
can't) object if a company offers a free advertisement-removal
application that users need to download and install on their local
machine.
So I think network services have to be treated differently from local
services and one aspect is to detect conflicts between endhosts and at
least notify endhosts of such conflicts. This does not mean that one
endhost should generally be able to prevent another endhost from
executing services, although there may be special cases where this would
be necessary (e.g. in the ad removal scenario described above).
-Andre