Intermediary Architecture

Abstract

 

Background

Motivation

Web clients and servers today leave certain hooks for extensibility:

• client-side browser plug-in APIs - typically these are selected via the MIME type of the resource being downloaded and support object viewing
• client-side composer plug-in APIs - these support data editing
• server side plug-in APIs
• arbitrary CGI operations that return pages and which may have side-effects like page counts
• applets embedded within pages to be interpreted by the client, servlets embedded within pages to be interpreted by the server, and client-side and server-side scripts embedded in the page

• backend ORBs - server-side CGI scripts call ORB clients that access middleware services
• downloading ORB clients as applets - when a Java applet is downloaded, it contains a Java ORB client that then can communicate to an ORB server. Netscape's Visigenic CORBA client is pre-downloaded to optimize the download time.

From a somewhat higher vantage point, we (like others before us) are noticing that Web and ORB architectures are naturally growing into each other's turf.  We are going through an architectural exercise in comparing the two architectures and then performing an operation on architectures by extending one with capabilities of the other by splicing OMG ORB-like service architectures between web client and server, in effect creating URL brokers.

Intermediary Architecture Examples

On the web, most work has focused on single-purpose, hard-wired intermediaries, called proxy servers.  A number of http servers can act as proxy servers to receive a URL from a client and pass it on to a server,  first performing some intermediary operation, then returning a page through the proxy to the client, possibly side-effecting the page transfer.  Common uses for proxies have been page caching mechanisms and security firewalls.  Web platform vendors are increasingly bundling functionality that could have been added by intermediaries, so thin clients are getting fatter:

• client-side caching - a management interface allows some control over cache size and can allow the cache to be cleared
• history mechanism - keeps a record of URLs visited recently; has a management interface.
• bookmarks mechanism  - keeps a record of URLs visited recently; has a management interface.
• multiple views - for instance, the Page Source view that shows/edits the page in html txt mode and the Page Info view that provides some metadata about the page and URLs it references
• SSL-based security
• optional versioning on the server
• internationalization support

In order to better understand the design space for an intermediary architecture, we prototyped some plug-in services and the IA support infrastructure and at present are integrating the services into the infrastructure.  The plug-ins we have built include:

• Annotations Service.  The annotation service allows a third party (which may be the document author or someone else) to author annotations to a document.  The basic architecture of the annotation service involves annotation creation and storage in an annotation metadata repository, and later a URL access which has the side-effect of accessing annotations from the repository, merging annotations with the document being returned, and annotation viewing.  The annotation service can be a personal service if the annotation creator and viewer are the same client.  Then the repository may typically be located on the client.  (The repository could equally be provided as a generic service and still keep separate the personal annotations of different clients.) The service can be a group service if the service is located at an intermediary proxy shared by a group and the annotations are shared by the group.  It can be a public annotation service if the annotations are public and the access knows where to locate them either by being told explicitly or by some registry/trader that associates annotations with URLs.
• Personal Web Performance Monitor Service. This service captures network performance metadata including trend data based on URL accesses.  A URL interceptor overloads the access with a data collection facility that captures route and timing and stores it in a performance metadata repository.  The repository can be federated with other personal weather repositories to provide performance data for a group. This service's structure shows off the idea of service augmentors -- several different network monitor tools can (eventually) be plugged into the framework to collect different sorts of performance metadata.
• Query Service Augmentors. A query service refines a user's query using query augmentors that improve the performance or accuracy of search results. Augmentors can use repository information that captures a user's search preferences and habits. This is currently implemented with CGI access to an ORB which accesses a search engine and thesaurus, not via the IA, but it raises an issue of how to more seamlessly connect IA ORBs, CGI accessible ORBs and downloaded-client ORBs.
• Additionally, as part of the IA infrastructure prototype, we are working on a collaborative authoring environment using a versioning service and stubbed security and compression service pairs.

• shielded pages -- access is blocked for certain users to a certain pages for certain purposes. Pages can be rated with a level of security and compared with the user's security clearance. Alternatively, in rating services, labels are assigned by content providers or by third party rating services and the client "signs up" with a rating service.  It's worth noting that this is exactly what W3C PICS is proposing to do, and PICS will be supported by the major browser vendors. What we're effectively proposing is to extend the general PICS idea to support arbitrary addlet behavior, as opposed to the built-in behavior specified by PICS (access the page's rating, possibly by accessing a separate rating service, compare the rating with what the user has specified the rating should be, and either allow or disallow access). This also emphasizes the role of an appropriate object model for representing the required metadata; a suitably generic model allows customized rating systems to be both defined by rating services and used by browsers, as opposed to the use of built-in rating systems that are hard to change.
• rerouting -- access to a given page is rerouted to another page.  This might be done because the page has been moved.  Or to a mirror site because the target server is overloaded.
• filtering -- e.g., an AI military doctrine filter that checks commands for doctrine compliance
• augmenting or modifying -- e.g., removing, replacing, adding, customizing advertisements for web pages. Also, locating similar pages in background mode.
• logging and system management instrumentation, managing -- e.g., clocking or charging service, micropayments
• disconnected, intermittent access to roving web clients - see Caubweb which supports intermittent web access via caching specified parts of the web for access/update during "low-bandwidth periods"
• tracking URL usage patterns of a community of interest so you can keep trails for others (application to situation awareness)
• background indexing of pages you have seen before so you can find them again (suggested by Murray Mazer)
• virtual private networks - these are usually handled at a lower level of the protocol stack but might be handled here
• indexing of streams of audio or video - other DARPA/ICV projects do this
• translingual translation service that translates pages; closed caption in multiple languages
• augmenting a web page with voice access to URLs
• the list is not at all exhaustive!

Intermediary Architecture Design Overview

The idea of the Intermediary Architecture is conceptually to interpose intermediary middleware plug-in services between the web client and web server. The main components of the architecture are:

• URL interceptor.  The purpose of the URL interceptor is to trap and allow for one or many side-effects at the point before or after of client send, server receive, server send, client receive.
• Composition specifications.   The purpose of composition specifications is to sequence a collection of services so they are executed in a known order.  This is the least well understood component of ours and anyone's similar architecture.
• Service Plug-in API.  This API provides a means of registering and invoking services at run time including the ability to add-remove or turn on-off services.  Services can be dynamically installed and placed on the client, server, or in between for different purposes.   Services can be implemented in Java or C++ or using distributed programming architectures such as CORBA, DCOM, or ActiveX.
• Services.  Services implement some behavior that a third party can specify.  A service itself can be extensible. Services not only implement side-effect behaviors but may optionally modify the client browser or editor.
• Service Support Infrastructure.   Services may or may not share a common service support infrastructure.
• a system management policy governs their behavior.  Guards are needed to avoid backdoor access problems and enforce policies.
• services typically store their metadata in a (local or remote, possibly shared) repository
• traders can be used to discover and federate repositories for scaling.
• security infrastructure is needed to allow trusted third parties to install and maintain support services.
• a management GUI is needed to toggle service policies and parameters
• some intermediary functions benefit from ready access to parsed HTML or XML (e.g., adding in-line annotations).
All these could be provided in service specific ways but they can also be provided in such a way that services can share the common infrastructure.

One of our design goals was to avoid making changes to existing web infrastructure and still install the IA architecture.  We closely examined the Netscape browser client API to locate a hook for URL interceptors but found the API to be pretty minimal and the available hooks to be insufficient.  So in our current prototype (in progress), intermediaries are implemented as proxies.  At first we avoided this solution because proxy servers are generally heavy weight, but a very thin pass-through proxy can server as a URL interceptor. This allows IA to be portable across existing web infrastructure.  Commercial browsers and servers might in the future incorporate IA capabilities or implement extensible protocols like PEP (see below) to allow IA openness supported directly in clients or servers.  But it appears that both might effectively just be incorporating (bundling) IA, and there will still be a need for intermediary  implementations separate from client and server as well as a need for improved client and server APIs.

Intermediaries can be placed on the client, on the server, or in between.  It makes sense to place intermediaries on the

• client if the intermediary (optionally) serves the individual client
• server if the intermediary serves all clients that need to access the requested resource(s)
• in between if the intermediary serves a community

Brief Comparison of IA with PEP

Next Steps

• revise our current prototypes to fit into the emerging IA architecture.
• demonstrate IA accessing ORB services.
• gain experience with the IA architecture style.
• implement additional services to settle on a plug-in API that is rich enough for use by third parties and generic enough so it is not service-specific.
• implement enough services to understand more about common IA infrastructure support services and build them as components. Most interesting to us:
• learn how to distribute these services and how to scale the infrastructure architecture via decentralized, federated services like repositories, traders, policy managers, and negotiators.
• learn how to use IA services to make web servers QoS (generally -ility) aware by inserting new side-effect behaviors (security, monitors, ...) into communication paths.
• demonstrate IA and its services in a DoD application, to be selected.
• continue to work with OMG and W3C to transfer what we learn on this project into wide-spread use.

Conclusion

There remain several unexplored questions about IA architectures:

• Some uses of intermediaries might bring up legal issues like copyright (see the Xanadu notion of  transclusion) since web pages originally authored and copyrighted by one party might appear changed by some third party without the author's permission. This is reasonable in some circumstances, not in others.
• We have not yet considered safety issues. Who can install new services in a users path? IA seems to offer some nice opportunities for separation of roles via third party experts - allowing a security function to install security, a configuration board to manage versioning and deployment, a system management function to monitor bandwidth, and services subscribed to to push, filter, or block information.
• The boundaries of the IA are not yet clear.  Should the IA include access to web browser/editor client and server APIs?  Should the service support  infrastructure be kept separate from the interceptor and service sequencing?
• We don't know all there is to know about composition of services (nor does OMG!).  We have explored sequencing services in series but can see parallel, compositional, or scripted composition as useful too.  In some cases, proxies occur in pairs (e.g., compress-decompress, encode-decode) which means there may be higher level controls.
• We are not sure yet how to generalize IA with other Web-ORB integration architectures, HTTP-NG, and CORBA/IIOP so that all these architectures will tend toward convergence.  For instance, it would be most useful if IA services could plug into ORBs and vice versa; also some IA services might just as well be intermediaries between servers than client and server.  It would seem these might all generalize to end up as one architecture.  But not unless the community can demonstrate a path to convergence. The alternative is industry spending many $B on replicating similar functionality in similar but different infrastructure environments.
• A related problem is the kind of object model that is appropriate for both web and ORB, which we assume will be based on industry developments (XML, Document Object Model) that converge Web and object representations with APIs (IDL, Java) and object services.

Related OBJS papers include OMA-NG, Survivability, Web Object Model, Trader, Annotations Service, Performance Monitor Service, and Query Augmentor Service, and others.

This research is sponsored by the Defense Advanced Research Projects Agency and managed by the U.S. Army Research Laboratory under contract DAAL01-95-C-0112. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied of the Defense Advanced Research Projects Agency, U.S. Army Research Laboratory, or the United States Government.

© Copyright 1997 Object Services and Consulting, Inc. Permission is granted to copy this document provided this copyright statement is retained in all copies. Disclaimer: OBJS does not warrant the accuracy or completeness of the information in this paper.

Last revised: December 8, 1997.  Send comments to Craig Thompson.