Re: Summing up on visibility(?)

On Thu, Jan 09, 2003 at 12:48:14PM -0700, Champion, Mike wrote:
> Hmm, now I recall some previous threads. I understood the visibility issue
> when it was presented concretely (e.g., "firewalls can't filter messages
> unless the information needed to filter is in the IP or HTTP headers").  As
> you imply, I disagree -- <flamebait>saying that web services have to respect
> 1996-vintage firewall technology reminds me of the laws that require
> "horseless carriage" owners to have a man with a red flag walking 100 feet
> ahead to warn pedestrians to stay out of the way :-) </flamebait>. Firewall
> vendors are developting technology that understands the contents of XML and
> SOAP, such is the way of the world.  I can understand why one who doesn't
> have an XML-aware firewall would want to stay away from all SOAP messages
> with methods encoded in the body, but I don't think this is a good
> architectural principle.

You want to have that discussion again? 8-)  XML is just syntax.
There's nothing in XML+namespaces that a firewall can use to make a
security decision.  It needs application level knowledge (see the
message to Miles).

Anyway, it was just an example.  I should have said something less
controversial like "Enables caching". 8-)

> I guess I need to know why I should care about visibility other than as an
> abstract property that REST has that other approaches don't in order to care
> about it.

I can really only quote Roy here;

"Styles can also influence the visibility of interactions within a network-based application by restricting interfaces via generality or providing access to monitoring. Visibility in this case refers to the ability of a component to monitor or mediate the interaction between two other components. Visibility can enable improved performance via shared caching of interactions, scalability through layered services, reliability through reflective monitoring, and security by allowing the interactions to be inspected by mediators (e.g., network firewalls). The mobile agent style is an example where the lack of visibility may lead to security concerns."

So if those things that visibility enables are important to the
architecture you're trying to design, then you should aim to have it.

BTW, lots of other approaches have visibility as a property.  All
standardized systems on the Internet do, that I can think of, as I
think I've said before.

MB
-- 
Mark Baker.   Ottawa, Ontario, CANADA.        http://www.markbaker.ca
Web architecture consulting, technical reports, evaluation & analysis

Received on Thursday, 9 January 2003 15:11:19 UTC