<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Dear Mehran,<div class=""><br class=""></div><div class="">my 2 cents.</div><div class=""><br class=""></div><div class="">I agree with you that we should avoid solution 3 i.e. the mixture that complicates (necessarily in my view) the </div><div class="">binding and its specification.</div><div class=""><br class=""></div><div class="">Regarding the choice between 1 (more conservative) or 2 (more “modern”) and </div><div class="">given the fact that the envisage use of MAL is not from corporate network but from dedicated ones I</div><div class="">would expect in principle that the user (we) is able to specify a network configuration that is “fit for purpose” </div><div class="">and allows the necessary protocol to be used so I would prefer solution 2.</div><div class=""><br class=""></div><div class="">I understand that this might be problematic on legacy networks oron shared network where security </div><div class="">criteria can be stricter or outside the control. In that case then the functionality associated to these </div><div class="">service will not be available. So we might be in situation where some user is able to use all MAL </div><div class="">interaction patterns while some other might not. It is to be assessed if this limitation is acceptable. </div><div class="">As an example today from within ESA Corporate RSTP protocol is not possible so streaming has to be </div><div class="">done differently or is not at all. Since this is acceptable</div><div class="">for our (ESA) operation this is not a problem and the RSTP service is not available) on the other hand </div><div class="">when we needed remote connectivity to our protected Copernicus network to perform test a request </div><div class="">was made to open specific ports/protocols on both corporate and Copernicus GS network and it was granted</div><div class="">(even if it required quite some paperwork..).</div><div class=""><br class=""></div><div class="">I will try to check from our DMZ at ESTEC what is the status.</div><div class=""><br class=""></div><div class="">Michele</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 13 Aug 2015, at 15:52 , <a href="mailto:mehran.sarkarati@esa.int" class="">mehran.sarkarati@esa.int</a> wrote:</div><br class="Apple-interchange-newline"><div class=""><font size="2" face="sans-serif" class="">Dear SM&C WG,</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">As mentioned during the technical meetings
in Pasadena and in the last web-ex, we have started the work on ESA side
to define a binding between MAL and HTTP transport.</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">The main motivation for this binding
is to use mainstream Internet infrastructure on the ground.</font>
<br class=""><font size="2" face="sans-serif" class="">HTTP protocol is based on a request/response
model.</font>
<br class=""><font size="2" face="sans-serif" class="">For all MAL interaction patterns except
for INVOKE, PUBSUB and PROGRESS, there is a simple mapping to the HTTP
Request/Response model.</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">It gets more complicated for the above
mentioned three interaction patterns, when the provider needs to asynchronously
initiate a connection to the consumer for delivering a response (request
in the other direction). This is specially problematic when the consumer/provider
are behind firewalls and also when consumers are dynamically added and
removed (hence the firewalls cannot be configured statically).</font>
<br class=""><font size="2" face="sans-serif" class="">The options we have been discussing
are: </font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">a) implement a mapping to pure HTTP
request/response model for all MAL interaction patterns. For INVOKE, PUSUB
and PROGRESS use active/long poling if the consumer is not addressable
or behind a firewall (the OASIS WS Make Connection specification can be
the model, which uses additional headers to correlate the messages).</font>
<br class=""><font size="2" face="sans-serif" class="">b) implement a mapping to HTTP request/response
for all MAL interaction patterns except for INVOKE, PUBSUB and PROGRESS.
For these use web-sockets. Web-Sockets are a different protocol than HTTP.
It is a message oriented bi-directional protocol on top of tcp/ip. It uses
HTTP for initiating the connection and then establishes a bi-directional
connection, using the tcp/ip channel below, which was opened by the HTTP.</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">Long polling is clearly less elegant
than web-sockets. At the other side for many of our space domain scenarios
the consumer and provider are known to each other and the firewalls must
be configured anyway.</font>
<br class=""><font size="2" face="sans-serif" class="">If I take the example of ESA data distribution
systems (DDS/EDDS) on the DMZ, even for making a simple http request/response
to the DDS, the consumer IP address must to be added to a white list.</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">The scenarios translate therefore to:</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">1. HTTP Request/Response based mapping
to all MAL interaction patterns: This is either when </font>
<br class=""><font size="2" face="sans-serif" class=""> a)
there are no firewalls involved (not very realistic) : <b class=""><u class="">No polling
involved, simple http request/response</u></b></font>
<br class=""><font size="2" face="sans-serif" class=""> b)
consumer and provider are known up front and firewalls are configured accordingly
to allow the traffic pass through in both directions (in my opinion more
likely/realistic case): <b class=""><u class="">no polling involved, simple http request/response</u></b></font>
<br class=""><font size="2" face="sans-serif" class=""> c)
consumers are added and removed dynamically at run-time and firewalls do
not allow out-bound connection initiation from provider side: Only for
this particular case pooling techniques shall be adopted on top of simple
HTTP request/response pattern </font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">2. HTTP Request/Response based mapping
to all MAL interaction patterns except for INVOKE/PROGRESS and PUBSUB for
which web-sockets shall be used: this would use web-sockets for any scenario
(even for scenario a and b, where it would not be necessary and one could
do simple http request/response with no polling)</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">3. A mixture of 1 and 2. Baseline is
(1) but for PUBSUB and PROGRESS the consumer can decide if it wants to
use web-sockets or long polling. This would be indicated with a header
field in the initiating HTTP request (which is needed for both cases).
I am not sure if this 3 option is possible without over complicating the
binding.</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">I would like to ask you to</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">a) check the setup of the DMZ and firewalls
in your organisation and tell us if in your today's setup the firwall/IDS
would let web-socket traffic through or would detect and prevent it for
port that is specified as http port (e.g. port 80)</font>
<br class=""><font size="2" face="sans-serif" class="">b) Which of the three options you think
we should take for MAL to http binding.</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">I would appreciate your feedback by
mid September.</font>
<br class="">
<br class=""><font size="2" face="sans-serif" class="">Kind Regards</font>
<br class=""><font size="2" face="sans-serif" class="">Mehran</font><pre class="">This message and any attachments are intended for the use of the addressee or addressees only.
The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its
content is not permitted.
If you received this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.
Please consider the environment before printing this email.
</pre>_______________________________________________<br class="">Moims-sc mailing list<br class=""><a href="mailto:Moims-sc@mailman.ccsds.org" class="">Moims-sc@mailman.ccsds.org</a><br class="">http://mailman.ccsds.org/mailman/listinfo/moims-sc<br class=""></div></blockquote></div><br class=""><div apple-content-edited="true" class="">
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><div class="">-----------------------------------------</div><div class="">Michele Zundo</div><div class=""><br class=""></div></div></span></div></span></div></span></div></span></div></span><span class="Apple-style-span" style="font-size: 12px; ">Head of Ground System Definition and Verification Office</span><div class=""><span class="Apple-style-span" style="font-size: 12px; ">EOP-PEP</span><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; " class=""><div class="">European Space Agency, ESTEC</div><div class="">e-mail: <a href="mailto:michele.zundo@esa.int" class="">michele.zundo@esa.int</a></div><div class=""><br class=""></div></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline"></div></span><br class="Apple-interchange-newline">
</div>
<br class=""></div><PRE>This message and any attachments are intended for the use of the addressee or addressees only.
The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its
content is not permitted.
If you received this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.
Please consider the environment before printing this email.
</PRE></body></html>