[MOBY-l] Re: [MOBY-dev] lease versus agent for registry updating

Martin Senger senger at ebi.ac.uk
Wed Aug 17 14:57:47 UTC 2005 

> Actually, there is a minor security problem here. If I call this
> method repeatedly and it really happens *now*
>
   You are exaggerating (how to spell this word?). The agent can be clever
enough not to go really *now" but only in a reasonably but short
intervals (once a minute maximum, for example).

> Not really sure on this one, to be honest. Clearly, you can just set
> up a short lease in the first place.
>
   Yes, that make sense. Or perhaps, I could re-register again with a
different lease, right?

> Alternatively, you pass back some magic cookie when the lease is taken
> out in the first place, that is required for deregistration.
>
   Well, this is exactly what biomoby has now - and nobody seems to like
it. That's why we are talking how to change it.

   Thanks, Phill, for claryfying the issue (at least in my mind). I feel
now that a lease gives me more control (if and only if I can re-register
with a different lease anytime). And an agent plays a role of an
independent observer that can stop my registration if it finds that there
is something wrong with it (not running, not found RDF etc.).
   But the problem is still with the "if and only if" in the previous
paragraph I think. If I can re-register and change the lease, probably
anybody can do it - and to remove/hijack my registration. And we are back
where we started....

   So the above would work only if I can prove who I am. And the only way
how to do it (if we do not want to introduce passwords etc.) is to let
somebody come back to my place (because only I can control such a
place). That means an agent...

   So: if I use a lease I am in charge of registering my services. If it
is a new registration (such service does not exist yet), everything is
fine and nobody needs to go to me (but can, and probably will, but there
is no hurry). If I try to re-register (because I wish to change the lease
period), then an agent must come to me to see that my RDF document is
still there (with a new lease perion inside) - and it must come soon,
because it cannot confirm my re-registration.

   This could work... (not only lease, not only agent, but both)

   Cheers,
   Martin

--
Martin Senger
   email: martin.senger at gmail.com
   skype: martinsenger
International Rice Research Institute
Biometrics and Bioinformatics Unit
DAPO BOX 7777, Metro Manila
Philippines, phone: +63-2-580-5600 (ext.2324)

More information about the moby-l mailing list