Trial Balloon: A new DataStore Architecture?
31 Oct 2000 14:53:00 -0500
Jonathan Blandford <firstname.lastname@example.org> writes:
> 84 RPC calls? That's pretty heavy, regardless of the protocol or
> mechanism. But that aside, CORBA has the oneway directive that lets you
> send asynchronous requests.
Yea, I was flabergasted when I heard that, too. It's not something
that M$ is proud of, for obvious reasons.
Thanks for info about the oneway directive; when I asked a supposed
CORBA expert at work he said there was no way to do asynchronous
calls. If that isn't true, then I suppose it might be possible. On
the other hand...
> Yes it can. You can send multiple oneway requests, and let the remote
> object send oneway replies back.
... at this point what added benefit are you getting from CORBA? To
me, at this point you are still defining a protocol, and using CORBA
for object transmission. In that case, why not use something simpler,
like XDR? That's been greatly tested and has been around much longer
than CORBA. It's also a much smaller piece of code, which implies
> > Another potential problem is the security of CORBA.. Namely, there is
> > none.:) I would personally insist on data encryption and strong
> > (kerberos-level or greater) user authentication.
> I'd argue that writing my own protocol is less secure, as there's more
> complexity in the code, more room for error, it's one more dependency on
> the system etc. etc. At least with ORBit, there are a number of other
> people using it. Additionally, ORBit 2.0 has support for SSL built in.
> Authentication is a separate kettle of fish, and needs addressing
> independent of the protocol used.
I suppose the complexity depends on the protocol in question. However
I do believe that it is possible to make a simple protocol which is
much less complex than CORBA. Don't forget that you have to consider
all the parts of CORBA when you consider the complexity of the result.
I don't think you can only talking about your IDL files and the
SSL is nice, but IMHO insufficient for our purposes. At least the
certificate model in SSL is inappropriate. I would also disagree that
Authentication is a "separate kettle of fish." I think it is just as
important as encryption, and the protocol needs to be security-aware.
If you make a protocol without considering security as a part of the
protocol, you will find that adding security after-the-fact is
challenging or impossible, depending on your security considerations.
I say this from personal experience (by day I'm a Network Security and
encryption researcher, as well as protocol architect. Ever heard of
PGP? I wrote it :-)
I'm certainly open to the concept of using CORBA, but I don't think
that we need all the services that CORBA provides. Perhaps as we
flush out the requirements I might be proved wrong.
Anyways, I appreciate the comments. Thanks for your interest.
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
warlord@MIT.EDU PGP key available