Hi,

IHMO, If we are going to be giving out the option of "locally"
installing Opentox Services then its better if we do not hard code any
sort of automated garbage collection based on DNS / name space
resolution rules.

Also occurence of  "localhost" cannot be considered a "bug" as it is
definitely a possible use case scenario with a local installation (for
example all services running on a single Virtual Machine abstracted
from multiple hardware units).

Regards
Surajit

On 31 January 2011 01:00, Andreas Maunz <andreas at maunz.de> wrote:
> Hi Nina, Martin,
>
> Martin Guetlein wrote on 01/31/2011 09:20 AM:
>>
>> On Mon, Jan 31, 2011 at 9:18 AM, Martin Guetlein
>> <martin.guetlein at googlemail.com>  wrote:
>>>
>>> On Mon, Jan 31, 2011 at 8:30 AM, Nina Jeliazkova
>>> <jeliazkova.nina at gmail.com>  wrote:
>>>>
>>>> Dear Andreas, All,
>>>>
>>>>
>>>> On 31 January 2011 09:02, Andreas Maunz<andreas at maunz.de>  wrote:
>>>>
>>>>> Dear all,
>>>>>
>>>>> I see many of you using A&A facilities for test-driving their local
>>>>> installations.
>>>>> This is apparent through the use of host names without a top-level
>>>>> domain
>>>>> (no fully qualified domain names (FQDN), such as 'localhost').
>>>>> A problem is that people many times seem to throw away their testbeds
>>>>> and
>>>>> forget to clean up the policies they created.
>>>>> This results in a mass of policies taking resources unnecessarily.
>>>>> Thus, I propose a scheduled garbage collection on the policy service
>>>>> that
>>>>> cleans up policies without an FQDN every Sunday (let's say).
>>>>>
>>>>> What do you think about it?
>>>>
>>>> Fully agree.
>>>>
>>>> IMHO,  "localhost" URIs should not be used anywhere in OpenTox services
>>>> (including AA), as this defeats the purpose of OpenTox URIs being
>>>> dereferencable.  Using "localhost" should be considered a bug.
>>>>
>>>> We are also seeing lot of "localhost" URIs in Ambit services and could
>>>> consider similar "garbage collecting".
>>>>
>>>> Best regards,
>>>> Nina
>>>
>>> Agree as well. I would propose to not allow the host "localhost" (on
>>> the SSO servers part, if possible), as this only leads to problems.
>
> Right, host names are evil. "localhost" was also just an example- people use
> other hostnames and have their local name resolution mechanism resolve them
> (aliases for 127.0.0.1).
> Thus, the criterion should indeed be "dereferencability", i.e. DNS
> resolution.
> For IP adresses in URIs, I propose to use a regex that excludes 127.0.0.1
> and known private IPv4 subnets.
> Obviously, for the upcoming IPv6 we will need an elaborate solution.
>
>>> Is there a common test-user that everybody can use? The policies of
>>> this user can be deleted from time to time. I started to use 'test'
>>> and/or 'anonymous' for test runs with Ambit/Ntua/Tum, and I cannot
>>> promise to keep track of all created policies.
>
> A common test user would be great. Indeed, people use "guest", But since
> that name coincides with the public login for human end users, we should
> think about a different solution.
>
> In summary, as a first step I propose to clean up policies based on DNS
> resolution and IP address filtering as described above, starting with an
> extraordinary run tomorrow and then with a weekly schedule on Sundays.
>
> Regards
> Andreas
> _______________________________________________
> Development mailing list
> Development at opentox.org
> http://www.opentox.org/mailman/listinfo/development
>



-- 
Surajit Ray
Partner
www.rareindianart.com