Re: OHP: Who do you see using it?

From: Jim Whitehead (ejw_at_ics.uci.edu)
Date: Tue 10 Jun 1997 - 17:29:26 CDT



At 1:40 PM 6/10/97, Peter J. Nuernberg wrote:
>Jim wrote:
_(fwd link)_>> So, who do you see using OHP clients?
>
>and also:
>> How broad should the OHP be?
>
>I think these are exactly the kinds of question that the scenarios are
>supposed to help us answer. So far, our scenarios have made
>optimistic assumptions about security, etc.

While I agree that scenarios can help us refine our requirements, and can serve as a sanity check for the requirements, scenarios alone cannot _(fwd link)_determine the scope of our activity. For example, if I submit a scenario that shows high-ranking military personnel using OHP clients during a wartime situation, does that immediately mean we have a requirement to support such a use situation? No. Once a scenario has been submitted, there is then a process of determining which of the scenarios will be used to develop the requirements. This can proceed in parallel with discussions about the requirements which are not motivated by scenarios.

_(fwd link)_> This may
>seem like a roundabout way to determine what we are building, but the
>alternative method of (essentially) asserting that a given set of
>features is or is not sufficient/necessary is not very effective.

I disagree. What scenarios do is back the discussion up into assertions over whether a given scenario is representative of our expected use of the technology.

>With that in mind, please feel free to submit scenarios at any time!
>See "http://www.csdl.tamu.edu/ohs/scenarios/" for details.

_(fwd link)__(fwd link)_Actually, I find that adding some context to Jorg's existing scenario makes it pertinent for this discussion. In Jorg's scenario, there are two collaborators, A and B. In this scenario, the collaborators are at different sites, but the network connections between them are not detailed. This scenario can be expanded into two cases:

Case 1: Collaborators A and B are using OHP technology at different sites behind the same firewall (for example, different facilities of the same company)

Case 2: Collaborators A and B are using OHP technology at different sites not behind the same firewall (for example, two researchers from different institutions collaborating on a standards document, or two engineers from different companies working on a cross-company project)

However, having added some extra context to Jorg's scenario, I find we're still faced with the same questions: who do we see using OHP technology? What level of security and authentication should OHP provide?

_(fwd link)_I think OHP should be robust enough to support collaborative activity across the Internet between collaborators from different organizations _(fwd link)_which are not behind the same firewall (Case 2 above). However, this then leads to a need for robust authentication technology, and for dealing with _(fwd link)_the security implications of sending executable content from an OHP server to an OHP client. Since this increases the complexity of making an OHP client and an OHP server, there needs to be a group decision on a) whether to support this use situation, b) to what degree this affects authentication and security.



This archive was generated by hypermail 2.1.5 : Tue 13 Aug 2002 - 07:20:46 CDT