ietf-openproxy
[Top] [All Lists]

Re: FW: Issues raised in opes-enforcement and opes-threat conference call

2002-08-13 08:12:08

Arumugam,

> There is an advantage in notifying the content provider when the
> data is modified by opes device. The provider will come to know
> which lang. the content is transformed the most. So that the
> provider could keep a copy of the content in the same language.
> Thus he could contribute on avoiding that many opes
> transformations.

While there are clearly advantages in notifying the content provider
about certain services being performed, there are also services the
content provider does not really need to be notified about. Furthermore, default notification to content providers raises privacy issues - I might not want to let every content provider know what exact services I requested...

Notification is one thing, authorization another. Just as with
notification, there are services for which it would make sense to
require authorization from both endpoints (i.e. consumer and provider), but there are also services for which we cannot require authorization from the provider. A stupid simple example is logging, or a charging service - why would a consumer need the consesus of a content provider to use a logging service? On the other hand, of course, legal issues might require provider authorization for certain services (e.g. content transformation). But maybe such authorization will happen in form of SLAs?

In general... In Section 2.2.2 of the scenarios draft, we talk about
"Services *not* intending to modify responses". Are these the services
that do *not* require authorization from content providers, while
"Services intending to modify responses" (as described in Section 2.2.1) would require such authorization? And what about the services operating on requests?

-Markus