[MOBY-dev] about service deregistation once again

Martin Senger senger at ebi.ac.uk
Thu Sep 23 14:50:32 UTC 2004 

I like summaries :-) Here is another (subjective) one:

1) There are three needs for deregistration:

   a) A service is registered intentinally temporarily. This is for time
of testing and debugging. Its deregistration is covered by an empty
signatureURL pretty well. The only missing point here is that I would like
to have evn in this phase a possibility to see the service's RDF. At the
moment it si provided by a temporary cgi-bin script. But there should be
more stable way - and Mark is planning to work on it (AFAIK).

   b) A service is registered fully and its service provider decides to
remove the service (actually not the service but a record about the
service in registry, but that we all understand). Here we have a scenario
with removing service's RDF on the service provider side, and waiting for
the agent. It sounds okay - mainly because it is quite probable that the
service itself is defunc now, so the delay with deregistration does not do
much harm.

   c) A service is registered but needs a change (let's call it a
Rebecca's scenario). Here service provider needs a rapid action - because
without a correct record in registry his/her service cannot be used -
because many general clients takes information about services only from
registry. I think here we need improvements in deregistration because it
is too late to wait for any agent. The initiative here should start from
the service provider.

   What can be done for the case ad c)?
   There are (IMO) two general solutions:

   i) Registry can give something to the registrant (a token) that can be
used for authorized deregistration. This was the intention of the ID in
the registration object. We may revive its usage for this option - but it
still have some security implication (e.g. at themoment the moby database
is open, faik, so the IDs can be found).

   ii) Or, registry takes some action going to the service provider side
to confirm the authenticity of the deregistration request (here we
had/have plan with contact-email, and here fits actually also the agent
scenario). The problem is that we still need a mechanism that can trigger
the registry to take the action. And this is missing.
   So (and here is my main suggestion) why not this: A service provider
will still use a deregisterService call, and the registry - when it sees
that the service has a signatureURL, sends agent *now* to this side. Of
course, the service provider must make sure that the RDF is either
updated, or missing (in which case he/she will register again).

   What do you think about this?

   Martin

-- 
Martin Senger

EMBL Outstation - Hinxton                Senger at EBI.ac.uk     
European Bioinformatics Institute        Phone: (+44) 1223 494636      
Wellcome Trust Genome Campus             (Switchboard:     494444)
Hinxton                                  Fax  : (+44) 1223 494468
Cambridge CB10 1SD
United Kingdom                           http://industry.ebi.ac.uk/~senger

More information about the MOBY-dev mailing list