Re: WG Review: Open Pluggable Edge Services (opes)

Lily,

I disagree. Both the content requestor and the provider are the end

points.

Why should only the content providers have a say on what adaptation is
allowed? End users are the ultimate content consumers and hence definetely
deserve the right to authorize services on his/her own behalf. It does not
harm to the content on the origin servers and it does not harm to other
users. Why not?


It is arguable that the client has the right to have whatever adpatation
they want performed on the content that they view.  However, it enters into
a troublesome area where we obscure what exactly is being provided by the
content provider, although the identity of the content provider is still
used.

Suppose that there is a group that wants their Web site seen only in French,
say because they are advocating the preservation of French as the primary
language is some part of the world.  A community of users could decide to
ask for English language translation and then view their Web site in
English.

You might ask how anyone could object, since the content is being
transformed only on the request of and for the sole purpose of being viewed
by a single "user".  However, it is an easy thing then for the
English-speaking community to then make invocation of the transformation
standard.  The owner of the Web site, seeing it widely displayed in English,
would feel that their intent had been undermined.

I bring up this example just to illustrate the direction things can go when
we build an infrastructure that transforms content and then displays it in a
manner that is not clearly differentiated from the original.  It "seems to
be" the Web site intended by the provider, but perhaps it is not.  Perhaps
displaying a log of transformations not requested by the content provider
would mitigate the problem.

The antidote is of course end-to-end integrity checking that allows the
provider to ensure that transformations to do occur.  Allowing
transformations that are not approved by the content provider may require
the development of such tools.  Frankly, I'm not sure it's worth it.

/micah

----- Original Message -----
From: "Yang, Lily L" <lily(_dot_)l(_dot_)yang(_at_)intel(_dot_)com>
To: "'Micah Beck'" <mbeck(_at_)cs(_dot_)utk(_dot_)edu>
Cc: <ietf(_at_)ietf(_dot_)org>; <ietf-openproxy(_at_)imc(_dot_)org>
Sent: Wednesday, June 20, 2001 1:27 PM
Subject: RE: WG Review: Open Pluggable Edge Services (opes)


I disagree. Both the content requestor and the provider are the end

points.

Why should only the content providers have a say on what adaptation is
allowed? End users are the ultimate content consumers and hence definetely
deserve the right to authorize services on his/her own behalf. It does not
harm to the content on the origin servers and it does not harm to other
users. Why not?

I agree that the more grey area lies with the service provider. Current
proposal on IRML allows three parties (end users, content providers,

access

providers) to authorize rules for service invocation. Maybe it is a good
idea to only allow two end-point parties (end users and content providers)
to authorize service requests via rule modules. Access Provider can

provide

choices of different services to its subscribers and allow them to sign up
explicitly if they so choose. Those service requests are then still
explicitly authorized by the end users, while the access provider (ISP) is
merely a service provider/facilitator.

Lily

-----Original Message-----
From: Micah Beck [mailto:mbeck(_at_)cs(_dot_)utk(_dot_)edu]
Sent: Tuesday, June 19, 2001 8:14 PM
To: ietf(_at_)ietf(_dot_)org; ietf-openproxy(_at_)imc(_dot_)org
Subject: Re: WG Review: Open Pluggable Edge Services (opes)

Suppose this clause of the proposed OPES WG charter:

"Intermediary services provided in this way are not
transparent: They have to be authorized by either the
content requestor or the provider, corresponding to
who the service being provided for."

Were modified to read

"Intermediary services provided in this way are not
transparent: They have to be authorized by the provider."

This would put control of all content transformations back in
the hands of
the content provider.  If the end user or the ISP wanted a
transformation,
they would have to ask to content provider to authorize it.
This would make
the OPES box purely an extension of the content provider's
server, and would
only rule out transformations that the content provider is
unwilling to
authorize.

With this modification, the end user can only see services
intended by the
provider.  The fact that those services might be provided by
a distributed
system that used intermediaries would not compromise integrity.

This would rule out business models based on selling
intermediary services
that the content provider refuses to authorize.  It would
rule out business
models based on capturing content and transforming it in
unintended ways.
It would not rule out any business model that is based on the
advise and
consent of the content provider.  Automatic mechanisms for
providing such
consent could be used in cases where users are pre-approved
for a class of
transformations.

I encourage everyone who is in Boston attending the Web
Caching and Content
Delivery Workshop to attend the afternoon panel on Thursday
on "Rule-Based
Active Edge Services".

Micah Beck

----- Original Message -----
From: "Keith Moore" <moore(_at_)cs(_dot_)utk(_dot_)edu>
To: "Paul Hoffman / IMC" <phoffman(_at_)imc(_dot_)org>
Cc: <ietf(_at_)ietf(_dot_)org>; <ietf-openproxy(_at_)imc(_dot_)org>
Sent: Tuesday, June 19, 2001 9:47 PM
Subject: Re: WG Review: Open Pluggable Edge Services (opes)

Has everyone who has a reallyreallyreally strong opinion on this
matter actually read the charter? Right there near the

top, it says:

Intermediary services provided in this way are not transparent:
Either the content requestor or provider will be aware that a
tranformation has been performed.


OK, so the spelling is not so great, but it sure is

clear. What some

people seem to be up in arms about is that the IETF would

even think

of helping someone change the content in HTTP. Data

mungers are doing

that already, and it is bad, and it is untraceable. So what should
the IETF do?


the IETF SHOULD NOT pretend that the practice does not exist.
  (*that* would be burying our heads in the sand)
the IETF SHOULD NOT encourage the practice by making it

appear legitimate,

  even by making the endpoints aware of it.
the IETF SHOULD (probably) NOT try to interfere with other

groups that

 might want to standardize this; to do so is to risk getting trapped
 in a herd of lemmings who are bent on jumping off a cliff.

IF, on the other hand, there is a need for pluggable end services
which are *explicitly requested* by one or more end points, the IETF
SHOULD consider doing work in this area, but it SHOULD also clearly
distinguish such work from work that interferes with end-to-end
transparency.

ELSE, IETF should do nothing.  Sometimes refusing to

pretend that your

action can accomplish anything useful really is the best choice.

Data is already being changed, some of in ways that we

should really

be unhappy about, and there is no way for the folks changing it to
tell either end. OPES gives them that capability.


no it won't.  OPES is an application-level mechanism and the folks
who are corrupting data now are doing so at lower layers.

OPES won't

change what they are doing.

Post-OPES, data
will still get changed silently without using OPES, but at least
there can be pressure put on the changers to use OPES so

that someone

sees what is happening. Without OPES, they never will.


I don't think so.
Nor do I think this is a worthwhile use of IETF's energies.

Keith