[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem

Karp, Alan H alan.karp at hp.com
Thu Oct 11 14:31:35 EDT 2007 

Jed wrote:
> 
> I'm interested to hear more about the Client Utility/e-speak
> "subscription" mechanism, perhaps some time when we are talking?.
> E.g. "who" was authorized to subscript to which logging events
> and how was that authorization managed.  If you feel such a discussion
> might interest others, feel free to describe it here or just
> point me to any available documentation or wait until we get
> a chance to talk again.
> 
Here There Be Dragons.  What follows is a description of the e-speak
pub/sub system.  I expect most (all?) of you will delete this mail now.

Client Utility and e-speak used a Publish-Distribute-Subscribe system.
Each distributor handled a specific type of event.  We defined "type" in
a particular way that I can go into if you're interested.  Basically,
"type" referred to the representation of the event state.  That meant
that a subscriber knew it could understand the event state from a
publisher because they were using the same distributor.

A publisher needed a capability to publish events to a particular
distributor.  A subscriber needed a capability to subscribe to events
from a particular distributor.  Publishers and subscribers were mutually
anonymous.

A publisher would register with a distributor and receive a capability
to publish events.  A subscriber would do the same.  How that decision
was made was up to the distributor.  The subscriber could specify a
filter on what events it wanted to receive.  The distributor aggregated
these filters into a single filter that it sent to the publisher.  The
publisher could choose to use this filter to decide what events had
subscribers and not publish events if there were none.  This feature
allowed our lowest level publishers to suppress over 90% of the events
they would have otherwise sent.  This feature was less valuable for
higher level publishers, but their publish rate was orders of magnitude
smaller.

Distributors could aggregate events and act as publishers to other
distributors.  Distributors could also subscribe to events from other
distributors.  That allowed David Stephenson to design a complete
management infrastructure based on interlocking distributors.  At the
lowest level, the core potentially published an event on every message.
At the highest level, the distributors published OpenView events.

Part of the registration with the distributor was a specification of
time windows.  A publisher could specify how long the distributor was to
hold events waiting for late subscribers.  A subscription could specify
how far back it wanted to receive events from.

The event system itself had a novel control mechanism based on split
capabilities.  I can provide more detail if anyone is interested.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp

More information about the cap-talk mailing list