Shibboleth Developers

[Scott Cantor <>]

> You'd be surprised how much actually _does_ use RPC; if you 
> run Solaris, it's used for a lot of your daily work.  NFS 
> uses RPC, as does NIS, and even gssd (for krb5-nfs).

Yes, I know.

> My personal feeling is that most programmers today ignore RPC 
> _because_ it's so ubiquitous.  It's not an "interesting" 
> technology to use.  However, you can look at all the other 
> technologies that have tried to reproduce RPC's simplicity 
> (the most recent examples being CORBA and SOAP).

You'd get the argument from those folks that the reason for CORBA is
that RPC isn't object-oriented. They would be resistant to a
characterization that they tried to reproduce RPC. Note that I'm not
disagreeing with you, just pointing out why RPC is unpopular with some
of those folks.

> I think DCE died for other reasons -- I don't think it died 
> because it used or provided an RPC.  The problem with DCE is 
> that the RPC was not easily separable from the rest of the 
> system.

That's false, actually. DCE RPC is easily run without security or naming
or time. Everybody running Windows does it every time they turn on their
machine, and the first port to Linux was RPC only. Whether it has much
real value without security or naming is a good question, but the same
question can be asked of ONC. In this context, it's a good fit because
it's a local abstraction.

> It wasn't a piecemeal thing, you either ran ALL of 
> DCE, or you ran none of it.  You couldn't run the RPC without 
> the Security Service.  You couldn't run the Security Service 
> without the Naming Service.  You couldn't run the Naming 
> Service without the Time Service.  You couldn't run the File 
> Service without all the above.

Saying you can have a useful distributed file system without security,
naming, (and time, if you want to use Kerberos for security) is off, I
think. NFS uses DNS, and sometimes Kerberos (or it uses little or no
security, which is a problem).

> So, saying RPC is bad because 
> DCE failed is actually missing the point (or at least 
> learning the wrong lesson).

No, I meant DCE failed in part because application developers (as
opposed to some systems developers) never embraced RPC, not because RPC
is bad per se. I still think that's true. It failed for lots of other
reasons too, even among developers (complexity, for example), but I
don't think the fact that it provided all the pieces is really a reason
why it failed. The pieces just weren't good enough or modular enough to
be substituted easily.

> Yes, I mean scheme literally.  Yes, as in the LISP-like 
> language.  I envision something like this (for a simplistic example):
> 
'((http://www.mydomain.edu/my/application/ (member:mit-staff
member:cmu-staff))
  (http://www.mydomain.edu/your/app/ (member:mit-student
member:cmu-student))
  (http://www.mydomain.edu/ (any)))

My only comment here would be that we have been looking at XACML as a
potential policy language. You might want to peruse that spec and see
how it might be expressible within your model.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--