[SPAM] RE: IPP> 4 significant proposed increases in conformance requirem ents for the IPP Document object spec

[SPAM] RE: IPP> 4 significant proposed increases in conformance requirem ents for the IPP Document object spec

Mike Sweet mike at easysw.com
Sat Apr 19 23:11:13 EDT 2003


McDonald, Ira wrote:
> ...
> Tom's notes are actually incomplete.  A conforming implementation
> MUST support at least one scheme (I suggested we RECOMMEND that
> 'http:'), but an administrator _at_run_time_ may choose to disable
> this feature by reconfiguring "reference-uri-schemes-supported".

Well, then you will likely find very few implementations.  We've
been working on Print-URI/Send-URI support for CUPS 1.2 and the
authentication/security/performance issues are a real hassle for a
real-world implementation.

Also, you can be sure that any CUPS implementation of the spec
WILL NOT enable print-by-reference by default for serious security
reasons, and there will be extremely high barriers in place to
limit how and where you can print from.

> I proposed making this operation (Send-URI) mandatory.  But only
> if ALL implementations MUST support at least one reference scheme
> and SHOULD support 'http:' (note that PSI servers MUST support
> 'http:' for the AddDocumentByReference method).  

Is there any practical reason why PSI can't just require stricter
requirements than the basic IPP mapping?  It seems idiotic to
require print-by-reference for IPP whose goals are different than
PSI.

> I contend that the burden of adding a minimal HTTP client to an
> existing IPP-based printer is minimal.  That's the question.

For a server that will only handle a single connection at a time,
and for simple accesses without authentication, it can be implemented
fairly easily.

However, for any non-trivial implementation there are authentication,
security, and performance issues that MUST be dealt with.  Consider
a typical web application like email which uses HTTP authentication,
cookies, encryption, and probably some sort of host/ip-based session
key; a print-by-reference approach is doomed to fail even if we can
pass all of the required info to the IPP server, since it will somehow
have to re-login and go to the right URL.  Assuming it *does* work
somehow, you need to securely manage this authentication information
or risk compromising a remote system.

I don't doubt that there is some minimal functionality that can be
provided by Print-URI and friends, however the cost/benefit ratio is
too high and I believe will hurt adoption of the document object
spec.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com




More information about the Ipp mailing list