[ogsa-wg] BES query
Karl Czajkowski
karlcz at univa.com
Wed Aug 31 23:10:32 CDT 2005
On Aug 31, Mark Morgan modulated:
> I have to admit that I am confused as to what makes adding an abstract name
> to an EPR so much of a burden. I know that Andrew and I are talking about
> something very lightweight (perhaps just generating a GUID when the EPR is
> generated). So, in the technical sense, it's extra work that needs to be
> done, but in my mind it's far less honerous then writing good comments for
> your code and I think everyone would agree that the benefits of doing so far
> outweight the burden. In this case, AbstractNames give a potentially huge
> benefit for a line or two of code. Why is this such a big deal?
>
> -Mark
>
Mark:
In reflecting on this a bit, I personally would like to hear comments
from the security crowd. It sounds like the main difference in having
this GUID is, as I tried to summarize earlier, that someone can
compare EPRs or otherwise reason about service identities without
consulting the referenced service.
What are the ramifications for security and system stability? What
happens if someone uses a poor implementation or malicously puts GUIDs
into EPRs such that they alias other services? Do we have signature
validation for EPRs? I guess this depends on the "culture" that would
emerge around consumption and use of these GUIDs...
I wonder if there are unspoken architectural assumptions here that are
at the heart of the debate?
karl
--
Karl Czajkowski
karlcz at univa.com
More information about the ogsa-wg
mailing list