[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [Handle-info] CNRI Handle Extension for Firefox

Hi John,

Thanks for your message.

While following HTTP links is currently how most end-users view handles and DOIs, there are many other Handle/DOI resolutions that don't involve web browsers and require the scalability built into the "native" resolution. The benefit of the firefox extension is that it provides the needed scalability while being compatible with the http://proxy/identifier style of reference and therefore invisible to end users. While that invisible benefit isn't a great marketing ploy, we are working on ways of making the extension more appealing in more visible ways.

A few reasons to have a native handle client are scalability, reliability, security and performance.

Performance, with the obvious exception of those behind strict firewalls, will be far better (maybe even noticeably!) for clients that are capable of sending/receiving UDP messages. While a native client can resolve a handle in under 50 ms it will take a browser about ten times that long to resolve hdl.handle.net, setup a TCP connection, send the handle/http request to a proxy server, wait for the response, receive the response and break down the connection.

Security is always improved using the native resolution protocol because it avoids the possibility of DNS cache poisoning, DNS messages spoofing, and general interference with the non-SSL hdl.handle.net or dx.doi.org resolutions. A native client can always enable signed handle resolution which will only scale when using the native protocol. SSL/TLS-enabling hdl.handle.net and dx.doi.org is not a practical option.

Reliability... the HTTP protocol has no built-in reliability, making the proxy (or any other HTTP service) subject to more outages than should be necessary. If a web browser resolves a domain name to 10 different IP addresses, the browser (or OS) picks one and then tries to contact it. If that contact fails, then the browser gives up. Native handle resolution, like DNS, will try the next server in the list until one of them responds. This built-in reliability means that servers that go down don't have to mean a loss of service for clients. We go through great effort to make hdl.handle.net and dx.doi.org reliable and accessible 24/7/365 however you can only get so far with a system that doesn't have reliability baked in from the beginning.

As for scalability, as the number of DOIs and handles continue increasing, the proxy system will eventually reach a point where it receives too much traffic and is too costly to maintain. That is, unless at least some of the load can be moved to the distributed native protocol. The Handle System is a distributed name resolution system, designed to be more scalable while allowing a flatter namespace than DNS. Dependence upon the proxies throws out that advantage. Consider that as of around 2004 DNS had about 38 million domains under the com/net/org/info/biz TLDs. If everyone tried to resolve DNS names via an HTTP service, that HTTP service, no matter how tricked out with load balancers and server clusters would be crushed under the load.


Cheers,
Sean


On Mar 11, 2009, at 8:49 AM, John S. Erickson wrote:

The following was asked earlier, but in gentler terms: Could someone please explain to me the point of the native service, if the rollover and default answer in (arguably) the common case (organizations behind firewalls) is http and the proxy?

Given the performance numbers cited in this thread (and if I understand them...), if for some reason I need "native" (quotes intentional) resolution I'll continue to use the iGoogle gadget I wrote a couple years ago (there are now a few others)...which "instantly" resolves and works in all browsers... 




_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info