[Sis-ams] a design question for us to think about

Scott Burleigh Scott.Burleigh at jpl.nasa.gov
Wed Feb 7 21:05:56 EST 2007 

Krupiarz, Christopher wrote:
> Scott,
>
> To keep processing and traffic down, I'd vote for option 1.  One point
> I'm not clear on:  are the messages on subject X sent to the the nodes
> in the remote continuum even if there are no nodes in that continuum
> subscribed to that message or is it that if there is at least one node
> registered to receive that message then all nodes in that continuum
> received that message?
>   
Good question, Chris.  Message *publication* really isn't at issue here: 
a message published in one continuum will result in delivery of that 
message to all subscribers -- and nobody else -- in all continua.  The 
question only comes up when a message is *announced* in one continuum 
and destined for (say) all nodes in all continua.

The purpose of announcement (as opposed to publication) is to get the 
message to a set of nodes selected explicitly by the sender rather than 
to a set of nodes self-selected implicitly by the receivers, by virtue 
of their subscriptions.

But it's impossible to get a message to a node that hasn't advertised 
some mechanism by which it is prepared to accept that message (e.g., an 
open socket) -- either by subscription or by invitation.  The tricky 
part is that messages on subject X that are announced locally can't be 
delivered to a node that has neither invited nor subscribed to messages 
on subject X -- but messages on X that were announced remotely *can* be 
delivered to such a node.  This is because remotely announced messages 
are sent privately by the RAMS gateway as the *contents* of "envelope" 
messages whose subject is 0 (zero) rather than X (and all nodes 
automatically invite messages on subject 0 at registration time, 
precisely so that the RAMS gateway can send remotely sourced messages to 
them).

Scott

> -----Original Message-----
> From: sis-ams-bounces at mailman.ccsds.org
> [mailto:sis-ams-bounces at mailman.ccsds.org] On Behalf Of Scott Burleigh
> Sent: Monday, February 05, 2007 1:10 PM
> To: sis-ams at mailman.ccsds.org
> Subject: [Sis-ams] a design question for us to think about
>
> Hi, AMS fans.  A small design issue has come up (a couple of times,
> actually) that I would like to hear opinions on from the WG.
>
> In a nutshell: because messages that cross continuum boundaries are sent
> by the destination continuum's RAMS gateway as enclosures within private
> messages on subject zero -- which every node automatically, invisibly
> invites at registration time -- it's possible for remotely announced
> messages on subject X to be delivered to a node that has never invited
> or subscribed to messages on subject X.  That is, the absence of an
> invitation or a subscription to messages on a given subject doesn't
> prevent reception of messages on that subject sent by nodes in other
> continua -- though it *does* prevent reception of messages on that
> subject sent by nodes in the local continuum.
>
> This hasn't seemed like a high-priority problem, but it eventually needs
> to be resolved somehow: message reception behavior should be consistent,
> one way or the other, regardless of whether the sender/announcer is in
> the local continuum or a remote continuum.
>
> There are two ways we can go here:
>
> 1.	Provide a way for nodes to exclude reception of uninvited
> messages 
> from remote continua that is as effective as the absence of an
> invitation is in excluding reception of uninvited messages from within
> the local continuum. [Note that the delivery of *unauthorized* messages
> (e.g., a denial-of-service attack) can be prevented already, using
> standard AMS mechanisms: there can be a constrained list of authorized
> issuers of messages on a given subject, and node authentication at
> registration time can be used to assure that a given node is an
> authorized issuer.]
>
> 2.	Just say that AMS provides ways to receive messages but no way
> to 
> prevent reception of a message, and provide some sort of automatic
> default invitation (issued at registration time) so that locally
> sent/announced messages are received even in the absence of an explicit
> invitation, just as remotely sent/announced messages are.
>
> We really don't have any requirements from anybody one way or the other
> that I can recall.  Is it important to be able to exclude uninvited (as
> opposed to unauthorized) messages, or is it important to enable delivery
> -- announcement, say -- of messages that haven't been specifically
> invited?
>
> Any strong opinions on either side?
>
> Scott
>
>
>
> _______________________________________________
> Sis-ams mailing list
> Sis-ams at mailman.ccsds.org
> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-ams
>
>

More information about the Sis-ams mailing list