Alex Rousskov wrote:
I expected you to say that notification goes in opposite direction of
tracing and does not (cannot) be attached to application messages that
it notifies about.
Yup, that's my interpretation of "tracing" and "notification". I would
further assume that "tracing" is always-on, just as "tracing" mail
servers via headers is always-on.
A major concern with notification is scalability. A content provider
certainly is not interested in receiving a notification for every HTTP
response sent out. As such, a mechanism for explicit request of
notification is required. Now, when exactly would a content provider
issue such request? How would such mechanism be used? Randomly, or on
a statistical basis? Or manually? Is such a scheme of practical relevance?
Privacy is another concern. Maybe a user doesn't want to reveal to any
content provider all the OPES services that have been applied on her
behalf. For example, why should every content provider know what exact
virus scanner I'm using? Wouldn't that help hackers, for example?
This opposite-direction, outside-of-message scheme is much more
difficult to support and, frankly, I think it would be a waste of time
developing it. However, it is probably very close to what IAB would
prefer (based on what the Considerations RFC they wrote).
I tend to agree with you that the kind of "opposite-direction,
outside-of-message scheme" is quite tricky, and IMHO not very
practical. Scalability and also privacy are a big concern here.
However, IAB consideration (3.1) suggests a kind of notification along
thos lines:
(3.1) Notification: The overall OPES framework needs to assist
content providers in detecting and responding to client-centric
actions by OPES intermediaries that are deemed inappropriate by the
content provider.
Section 3.1 of RFC3238 provides the motivation for this consideration,
and there are certainly some very valid arguments. However, maybe
there're other means to address these concerns?
Probably best if we check-in with our ADs and the IAB at some point,
but I'd first like to discuss this a little bit further and solicit
input on this very topic from other folks as well. So, please post
your comments on this one!
-Markus