Re: Some musings.

[Patrik Fältström <paf@cisco.com>]

On Friday, September 27, 2002, at 08:50 AM, Eric Brunner-Williams in 
Portland Maine wrote:

> So, idiot that I am, I've talked (typed actually) my way into thinking
> that the issues that you could be thinking of would be solved if the 
> EPP
> over FOO transport binding (optionally) provides for the following:
>
> 	o a mechanism to provide a UID (or non-wrapped in reasonable time),
> 	o a mechanism to provide for non-repudiation of origin,
> and
> 	o a mechanism to provide for non-repudiation of receipt.
>
> I think that covers [lost,retransmission,ordering].

Well, in my mind, SMTP have some properties which I feel is different 
from TCP:

  - Messages are sent as frames, and not in a stream
  - Messages can arrive in random order
  - Messages can be delayed so much they can be classified as
    lost (or even lost, but my experience is that we talk about
    very-long-delays)

EPP need to have:

  - One open session
  - Messages passed back and fourth between client and server
  - An explicit close of the session
  - Detection of sessions being broken (signaling from transport layer)
  - Messages are not multiplied (by mistake)

The mapping between EPP and SMTP have to implement the missing parts 
between EPP and the protocol itself.

If we now generalize this to do "EPP over SOAP", I see a "simple" 
mapping like the one was proposed only fulfill the requirements EPP has 
on transport on some transport possibilities for SOAP. I.e. SOAP by 
itself doesn't have all of the properties I list above (yes, I think 
that is one of the _BIG_ issues with SOAP -- people have not been 
thinking enough, so SOAP is not as well defined as people might want it 
to be).

> I think "secure" could mean providing for the following:
>
> 	o encrypting data (optionally)
> 	o signing data (optionally)
>
> Naturally, the EPP over FOO transport binding might have something 
> useful
> to say about formats used too.

Yes.

    paf