[Sis-ams] a design question for us to think about

Krupiarz, Christopher Christopher.Krupiarz at jhuapl.edu
Wed Feb 7 13:22:34 EST 2007


Scott,

To keep processing and traffic down, I'd vote for option 1.  One point
I'm not clear on:  are the messages on subject X sent to the the nodes
in the remote continuum even if there are no nodes in that continuum
subscribed to that message or is it that if there is at least one node
registered to receive that message then all nodes in that continuum
received that message?

Chris

-----Original Message-----
From: sis-ams-bounces at mailman.ccsds.org
[mailto:sis-ams-bounces at mailman.ccsds.org] On Behalf Of Scott Burleigh
Sent: Monday, February 05, 2007 1:10 PM
To: sis-ams at mailman.ccsds.org
Subject: [Sis-ams] a design question for us to think about

Hi, AMS fans.  A small design issue has come up (a couple of times,
actually) that I would like to hear opinions on from the WG.

In a nutshell: because messages that cross continuum boundaries are sent
by the destination continuum's RAMS gateway as enclosures within private
messages on subject zero -- which every node automatically, invisibly
invites at registration time -- it's possible for remotely announced
messages on subject X to be delivered to a node that has never invited
or subscribed to messages on subject X.  That is, the absence of an
invitation or a subscription to messages on a given subject doesn't
prevent reception of messages on that subject sent by nodes in other
continua -- though it *does* prevent reception of messages on that
subject sent by nodes in the local continuum.

This hasn't seemed like a high-priority problem, but it eventually needs
to be resolved somehow: message reception behavior should be consistent,
one way or the other, regardless of whether the sender/announcer is in
the local continuum or a remote continuum.

There are two ways we can go here:

1.	Provide a way for nodes to exclude reception of uninvited
messages 
from remote continua that is as effective as the absence of an
invitation is in excluding reception of uninvited messages from within
the local continuum. [Note that the delivery of *unauthorized* messages
(e.g., a denial-of-service attack) can be prevented already, using
standard AMS mechanisms: there can be a constrained list of authorized
issuers of messages on a given subject, and node authentication at
registration time can be used to assure that a given node is an
authorized issuer.]

2.	Just say that AMS provides ways to receive messages but no way
to 
prevent reception of a message, and provide some sort of automatic
default invitation (issued at registration time) so that locally
sent/announced messages are received even in the absence of an explicit
invitation, just as remotely sent/announced messages are.

We really don't have any requirements from anybody one way or the other
that I can recall.  Is it important to be able to exclude uninvited (as
opposed to unauthorized) messages, or is it important to enable delivery
-- announcement, say -- of messages that haven't been specifically
invited?

Any strong opinions on either side?

Scott



_______________________________________________
Sis-ams mailing list
Sis-ams at mailman.ccsds.org
http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-ams



More information about the Sis-ams mailing list