Capabilities and executables

Login to reply to this topic.
Tue, 2006-05-09 23:03
Fructose
Joined: 2006-05-09
 Forum posts: 78
I have come across a proposed server component A documented by somebody that wishes to make use of another server C. This second server C has an API that requires the use of a system capability.

The design document says that the first server A makes use of an intermediate server B which makes use of the server C. The reason this is stated as being done is so that server A doesn't have to have that system capability.

But this seems flawed to me? Surely if server requires users to have the system capability then something somewhere still needs that capability to use it?
If server B has that system capability but allows server A to call its API without enforcing that A requires that capability then this just sounds like hiding the requirement that C requires its users to have that capability and thus defeats the purpose?

Wed, 2006-05-10 08:15
puterman
Joined: 2005-06-09
 Forum posts: 174
Re: Capabilities and executables
I suppose C feels that it has a good reason to trust A, and that it has a way to check that the request actually comes from A and not from D (which is a very destructive app, intent on destroying the universe). 

http://ptrmobile.blogspot.com/

 
Thu, 2006-05-11 22:15
tote
Forum Nokia Champion
Joined: 2003-10-01
 Forum posts: 721
Re: Capabilities and executables
Fructose,

You're right, server B can hide server C's APIs so that it doesn't enforce those strict capabilities that C does. Please note, though, that it's not trivial to write such a server (B) as holding strong capabilities requires signing the program. And signing means that server B will be reviewed and the author of that component must have good arguments for hiding the system capability enforcement of another component.

Tote

Gabor Torok
Software architect, Agil Eight (http://www.agileight.com/)
Blog: http://mobile-thoughts.blogspot.com/

 
  • Login to reply to this topic.