[discovery] improving the acceptability of the NSD API

Dear all,

Re-reading the security issues brought to this list by Youenn,
I wonder if we should drastically tighten up the security of the NSD API.
Can we not just _remove_ the fields url and config from the 
NetworkService interface ?
This way, the discovering web app would have no direct route to the 
discovered
services: it would have only a handle that is useless for fingerprinting 
or hacking.
One additional field would be a blob for the service description, if any.

Then, to allow communication between the discovering web app and the 
discovered
service, the NSD implementation would offer an _indirect_ communication 
channel(s).
One possibility for the indirect communication channel could be 
Ajax-like, another
could be WebSocket-like, another could be using UPnP messaging 
(HTTP+SOAP...)
What I mean is the API offered by NSD would replace, in the original 
API, any URL or IP
with the handle, and if necessary remove any address from returned 
information.
I have already implemented the last (UPnP-style messaging), have created 
various
examples and never needed to provide to the web apps any direct link to 
the services.

It would be quite a powerful argument against NSD detractors that the url
or IP of the service is never shared with the web app, and that all 
communication
passes through/can be checked by the NSD implementation.
Best regards
JC
-- 
Télécom ParisTech <http://www.telecom-paristech.fr> 	*Jean-Claude 
DUFOURD <http://jcdufourd.wp.mines-telecom.fr>*
Directeur d'études
Tél. : +33 1 45 81 77 33 	37-39 rue Dareau
75014 Paris, France

Site web <http://www.telecom-paristech.fr>Twitter 
<https://twitter.com/TelecomPTech>Facebook 
<https://www.facebook.com/TelecomParisTech>Google+ 
<https://plus.google.com/111525064771175271294>Blog 
<http://jcdufourd.wp.mines-telecom.fr>