[DotGNU]Weblinks : Clarens, JTXA, Boxcarring

dotgnu-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DotGNU]Weblinks : Clarens, JTXA, Boxcarring

From:	James Michael DuPont
Subject:	[DotGNU]Weblinks : Clarens, JTXA, Boxcarring
Date:	Fri, 1 Aug 2003 04:03:06 -0700 (PDT)

Check this out 
http://clarens.sourceforge.net/docs/security_protocol.txt
The Clarens web service layer performs user authentication using X509
certificates issued by a certificate authority. It does so within the
confines if the http Basic authentication protocol.

This means that authentication information is passed along in the http
header information using the AUTHORIZATION field. E.g.:
AUTHORIZATION: Basic a80a844c376705cd8ecb8debdae06bcf46037dee

The string following the Basic keyword is a Base64 encoding of some
information that the user wishes to pass to the server, usually the
string
"user:password".

In Clarens usernames and password are not used, but since the Basic
authentication scheme is known by most http client programs and
libraries,
it eases the implementation of new clients to Clarens services.

Note that the following assumes some knowledge of encryption using
public/private keys. Also note that the authentication can be done
without
using an encrypted link ( i.e. using http instead of https), but https
is
recommended if security of transferred data is required. For the
primary HEP
application where Clarens is used http is normally used since the data
is
not ordinarily confidential, and the encryption/decryption slows down
data
transfer significantly.


http://xmlrpc.jxta.org/doc/protocol.html
Allow Boxcarring

Some XML-RPC servers support the boxcarring requests, where multiple
XML-RPC requests can be embedded in a single request to
system.multicall. Nothing in these JXTA implementations should prevent
you from doing this. See http://www.xmlrpc.com/discuss/msgReader$1208
for more info. 

http://www.xmlrpc.com/discuss/msgReader$1208


The Proposal

array system.multicall(array)

Takes an array of XML-RPC calls encoded as structs of the form (in a
Pythonish notation here):

{'methodName': string, 'params': array}

The array of structs may be of any length. In particular, empty lists
are supported, so clients can test for the presence of the function
without performing any actions.

Returns an array of responses. There will be one response for each call
in the original array. The result will either be a one-item array
containing the result value (this mirrors the use of <params> in
<methodResponse>), or a struct of the form found inside the standard
<fault> element. (Please see the example below.)

If some items in the original call array are not valid call structs (as
described above), the implementation must return a
struct-with-fault-information in the corresponding response position.
Under no circumstances may the implementation return a list of the
wrong length.

To prevent stack overflow attacks against compiled XML-RPC servers,
system.multicall MAY refuse to process recursive calls to itself.

Of course, system.multicall may return a fault of its own, using the
normal XML-RPC fault mechanism. This probably means it that
system.multicall isn't implemented, and you'll have to send all your
requests in the normal fashion.

We can add in boxcarring into DGEE transparently.

mike



=====
James Michael DuPont
http://introspector.sourceforge.net/

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

[Prev in Thread]

Current Thread

[Next in Thread]

[DotGNU]Weblinks : Clarens, JTXA, Boxcarring, James Michael DuPont <=

Prev by Date: Re: [DotGNU]DGEE/CSLIB Question about webservices lifetime
Next by Date: [DotGNU]Re: [arch-users] In defense of (the idea of) having an XML-RPC api
Previous by thread: Re: [DotGNU]DGEE/CSLIB Question about webservices lifetime
Next by thread: [DotGNU]Re: [arch-users] In defense of (the idea of) having an XML-RPC api
Index(es):
- Date
- Thread