[Planetlab-devel] opening up GetSliceTicket()

Steve Muir smuir at CS.Princeton.EDU
Fri May 25 11:49:31 EDT 2007 

slices.xml allowed anybody to get information about any slice, but i think 
it was generally agreed, at least at Princeton, that that shouldn't be 
formally made part of the API (i mean that in a broader sense than just 
the XML-RPC API) i.e., it could go away at anytime.  no-one ever 
complained about their slice info being public, but the argument was that 
once you state that it is always publicly available then you are committed 
to making it so, and there may be future circumstances where that is not 
desirable.  on the other hand, enough services used slices.xml that it 
probably became a de facto part of the API and so removing access to it 
would have been practically and/or politically difficult.

prohibiting anonymous calls to GetSliceTicket() only address part of the 
question: can i still get a ticket for anybody's slice or just my own?  is 
there a reason why i should, or need to, be able to get information about 
arbitrary slices?  if you don't support it now i wouldn't add it.



On Fri, 25 May 2007, David E. Eisenstat wrote:

> On Fri, 25 May 2007, Stephen Soltesz wrote:
>
>> Hey, David,
>> 
>> I have questions just for clarification.
>> 
>> What distinguishes a slice that is called 'delegated' from a slice that is 
>> called 'plc-instantiated'?
>
> PLC and NodeManager behave differently depending on a slice's instantiation. 
> If the instantiation is 'plc-instantiated', PLC will advertise the slice only 
> to nodes to which it has been added. If it is delegated, it will tell all 
> nodes about the slice. NodeManager will automatically instantiate all slices 
> with instantiation 'plc-instantiation' that PLC has told it about. It will 
> instantiate slices with instantiation 'delegated' only when someone calls 
> Create() for it.
>
> The reason all nodes find out about a delegated slice is that the new 
> NodeManager must have an indication from PLC that PLC knows about the slice 
> before it will instantiate.
>
>> You say that a ticket doesn't 'allow the bearer to do anything they 
>> couldn't otherwise do.' I understand this as: in both cases there is 
>> existing mechanism for instantiating the slice regardless of how the slice 
>> info gets to NM.
>
> Right, and the ticket grants no rights to control the mechanism, except 
> possibly advancing when it acts by up to 15 minutes (or whatever the polling 
> interval is).
>
>> If there is more to delegation than this, I want to find out more. If this 
>> is the essential distinction, then 'delegated' or 'PLC instantiated' is 
>> just another slice attribute, right?  Is it treated differently than this 
>> today?
>
> Instantiation is actually part of the slice table proper, but yes, what I've 
> said above is the extent of what this attribute controls. Delegation in 
> PlanetLab also covers performing PLC/NodeManager API calls on someone else's 
> behalf, which is not the subject of this thread.
>
>> Does anyone with history have insight into whether anyone complained about 
>> slices.xml (public slice info)?
>
> Killing slices.xml was Mark Huang's idea as much as anyone else's, and I got 
> the impression that his motivation was to have all access to PLC go through 
> the API, rather than a particular security incident/concern.
>
> In any case, Larry vetoed anonymous GetSliceTicket() calls, so this is 
> perhaps a moot point.
>
> -David
>
> _______________________________________________
> Devel mailing list
> Devel at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/devel
>

More information about the Devel mailing list