Trial Balloon: A new DataStore Architecture?

Derek Atkins warlord@MIT.EDU
31 Oct 2000 14:53:00 -0500 

Jonathan Blandford <jrb@redhat.com> writes:

> 84 RPC calls?  That's pretty heavy, regardless of the protocol or
> mechanism.  But that aside, CORBA has the oneway directive that lets you
> send asynchronous requests.

Yea, I was flabergasted when I heard that, too.  It's not something
that M$ is proud of, for obvious reasons.

Thanks for info about the oneway directive; when I asked a supposed
CORBA expert at work he said there was no way to do asynchronous
calls.  If that isn't true, then I suppose it might be possible.  On
the other hand...

> Yes it can.  You can send multiple oneway requests, and let the remote
> object send oneway replies back.

... at this point what added benefit are you getting from CORBA?  To
me, at this point you are still defining a protocol, and using CORBA
for object transmission.  In that case, why not use something simpler,
like XDR?  That's been greatly tested and has been around much longer
than CORBA.  It's also a much smaller piece of code, which implies
less compexity.

> > Another potential problem is the security of CORBA.. Namely, there is
> > none.:) I would personally insist on data encryption and strong
> > (kerberos-level or greater) user authentication.
> 
> I'd argue that writing my own protocol is less secure, as there's more
> complexity in the code, more room for error, it's one more dependency on
> the system etc. etc.  At least with ORBit, there are a number of other
> people using it.  Additionally, ORBit 2.0 has support for SSL built in.
> Authentication is a separate kettle of fish, and needs addressing
> independent of the protocol used.

I suppose the complexity depends on the protocol in question.  However
I do believe that it is possible to make a simple protocol which is
much less complex than CORBA.  Don't forget that you have to consider
all the parts of CORBA when you consider the complexity of the result.
I don't think you can only talking about your IDL files and the
supporting routines.

SSL is nice, but IMHO insufficient for our purposes.  At least the
certificate model in SSL is inappropriate.  I would also disagree that
Authentication is a "separate kettle of fish."  I think it is just as
important as encryption, and the protocol needs to be security-aware.
If you make a protocol without considering security as a part of the
protocol, you will find that adding security after-the-fact is
challenging or impossible, depending on your security considerations.
I say this from personal experience (by day I'm a Network Security and
encryption researcher, as well as protocol architect.  Ever heard of
PGP?  I wrote it :-)

I'm certainly open to the concept of using CORBA, but I don't think
that we need all the services that CORBA provides.  Perhaps as we
flush out the requirements I might be proved wrong.

Anyways, I appreciate the comments.  Thanks for your interest.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
       warlord@MIT.EDU                        PGP key available