xml-rpc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Hoegg <rho...@isisnetworks.net>
Subject Re: recent patches
Date Fri, 13 Sep 2002 19:31:36 GMT
Switching to post-quoting.

I think you've sold me... in your particular situation interceptors is 
necessary.  I would just caution you to remember cross-language 
interoperability in your solution.. a .NET XML-RPC server won't be able 
to use your serialized Java Context object.

Ryan Hoegg
ISIS Networks

arh14@cornell.edu wrote:

>Well, unfortunately the XML-RPC spec does not provide any way to pass 
>contextual info :(  Contrast to the SOAP spec which actually provides an 
>"envelope" in which you can stick contextual information.  I don't think 
>there is a way to escape this requirement for passing contextual 
>information.  For example, consider my real-life case: I have to 
>implement Kerberos security for XML-RPC.  What that requires is the 
>ability to pass a Kerberos ticket with an XML RPC request.  As you say, I 
>can pass that as a parameter, or I can use a context-passing mechanism, 
>which is of course *strongly* preferred.  That's all fine and good, and 
>let's just suppose XML-RPC had a way to pass this info in the spec, let's 
>say through a <meta-info></meta-info> tag.
>
>Now say I want to actually encrypt the XML-RPC request by the Kerberos 
>session key, which is obtained through the contextual info I pass.  Now 
>you see a catch-22: I cannot encrypt the XML-RPC request if it contains 
>the contextual info because the contextual info is needed to decrypt 
>the request in the first place!  So the only option is some mechanism 
>which passes the contextual information _outside of the spec_.  This is 
>an example where despite how well designed the spec is itself, there 
>still needs to be a provision by the library designers for scenarios they 
>cannot predict...interceptors allows that flexibility.
>
>But I'll take baby steps and be happy if contextual-information-passing at all is incorporated
:)  I just wanted to explain why I believe "out-of-band" contextual information passing is
desirable.  I don't see this as "bending" the spec any, since it is neither mentioned nor
forbidden by the spec...I see it as an additional feature of the library.  In the end, inclusion
will be determined by whether the majority of XML-RPC library users would find a feature worth
the effort (well, I've already expended the effort myself)...it's my opinion this is a useful
feature (and looks like it could have saved you some work and lots of ugly code on the servers
to handle sessions) :)
>


Mime
View raw message