Re: Agent-mediated access (was Re: Criticism of Kidcode...)

On Mon, 19 Jun 1995, Peter Deutsch wrote:
> } I've outlined many of these thoughts in a short paper at
> }
> Got the paper and and the only problem I have with it is
> the assumption that architecturally we want everything
> going through HTTP proxy servers, as these form a natural
> bottleneck and leave the user with a browser that can
> still effectively see the entire world. 

It's not necessarily a bottleneck.  The proxy servers can be very local - 
in the case of the elementary school teacher who wanted to take her 
students to see pages at NASA, the proxy would be at the school itself, 
on their side of their internet link.  For speed this is the optimal 
setup anyways, particularly if the class is visiting many of the same 

If the teacher chose to subscribe to, say, the PTA's list of acceptible 
URL's, then the proxy connections do not have to go through the PTA's 
proxy server - the school's proxy server would just have to fetch the 
PTA's access control list, and keep it updated.

Current browsers do indeed allow you to selectively turn on and off the proxy
settings.  Two solutions: the school's lab machines could be set up behind a
firewall that allowed *only* the proxy server to make outbound connection,
thus students had to go through the proxy server to get to the outside world;
or, you layer the proxy server selectibility one layer beyond obvious (i.e.,
as an environment variable at launch time), though I prefer the former. 

> From our
> perspective, it also is suboptimal since it requires users
> to continue viewing the net in terms of access protocols
> ("http://" indeed). 

Well, proxy servers can support a wide variety of protocols, not just
http-accessible URL's.  Just about every internet-related resource can be
identified by a URL, and can thus be filtered by proxy. 

> I want users selecting items based
> upon names like "Stock Quoter" or "Book Search". Let the
> object figure out how to find the server.

Well, which "user"?  The end user (children) would never have to know 
anything about URL's; in fact the teacher, if they subscribe to a 
third-party filtering service, would never have to know either.  Just one 
person in the chain - the most trusted point - would have to know.  At 
some point the name-to-URL mapping takes place, and until URN's are 
widely deployed there's not much choice.

> I'm happy to use servers to supply a URA to the client for
> execution, but want the executing code to be as close to
> the user as possible. Otherwise we can expect scaling
> problems with proxies being swamped by demand, and
> security problems since users are still essentially armed
> with a generalized browser and can potentially see the
> entire net if your filtering fails.

Right, I agree with all this - I'm envisioning proxy servers that are 
very close to the community they serve.  Sufficiently close proxies 
address all your concerns, I think.

When we talk about "security" in this regard, we need to be careful.  
Nothing we design will deter a determined individual from seeing what 
they want to see.  A 12-year-old armed with Dad's credit card could set 
up a Netcom account and away he goes.  To me, this is acceptible - a 
determined 12-year-old will sneak a peak at Playboys on a rack in a 
bookstore too.  We can only try and ensure that circumvention doesn't 
become trivial.

I think the URC/URN mechanism is indeed the best long-term solution - and you
will not find a more ardent supporter of SOAP's than I - but many people are
clamoring for a solution *NOW*, and URC/URN mechanisms have a lot of
infrastructure to build, as well as a fundamental change in both the tools
and how people building and use the web envision the dataspace.  A filtering
proxy, capable of accepting/subscribing to ACL's from other sites, could be
quickly implemented and doesn't represent a break with the existing WWW
philosophy.  If URCs or URAs can be used to contain and describe the 
ACL's as they are passed around, fantastic. 


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--  http://www.[hyperreal,organic].com/

Received on Tuesday, 20 June 1995 02:54:24 UTC