IPP Mail Archive: Re: [SPAM] RE: IPP> 4 significant proposed

Re: [SPAM] RE: IPP> 4 significant proposed increases in conformance requirem ents for the IPP Document object spec

From: Mike Sweet (mike@easysw.com)
Date: Sat Apr 19 2003 - 23:11:13 EDT

Next message: Mike Sweet: "Re: SM> Re: IPP> 4 significant proposed increases in conformance requirements for the IPP Document object spec"

Previous message: Mike Sweet: "Re: IPP> 2 more significant proposed increases in conformance requirements for the IPP Document object spec"
In reply to: McDonald, Ira: "RE: IPP> 4 significant proposed increases in conformance requirem ents for the IPP Document object spec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

McDonald, Ira wrote:
> ...
> Tom's notes are actually incomplete. A conforming implementation
> MUST support at least one scheme (I suggested we RECOMMEND that
> 'http:'), but an administrator _at_run_time_ may choose to disable
> this feature by reconfiguring "reference-uri-schemes-supported".

Well, then you will likely find very few implementations. We've
been working on Print-URI/Send-URI support for CUPS 1.2 and the
authentication/security/performance issues are a real hassle for a
real-world implementation.

Also, you can be sure that any CUPS implementation of the spec
WILL NOT enable print-by-reference by default for serious security
reasons, and there will be extremely high barriers in place to
limit how and where you can print from.

> I proposed making this operation (Send-URI) mandatory. But only
> if ALL implementations MUST support at least one reference scheme
> and SHOULD support 'http:' (note that PSI servers MUST support
> 'http:' for the AddDocumentByReference method).

Is there any practical reason why PSI can't just require stricter
requirements than the basic IPP mapping? It seems idiotic to
require print-by-reference for IPP whose goals are different than
PSI.

> I contend that the burden of adding a minimal HTTP client to an
> existing IPP-based printer is minimal. That's the question.

For a server that will only handle a single connection at a time,
and for simple accesses without authentication, it can be implemented
fairly easily.

However, for any non-trivial implementation there are authentication,
security, and performance issues that MUST be dealt with. Consider
a typical web application like email which uses HTTP authentication,
cookies, encryption, and probably some sort of host/ip-based session
key; a print-by-reference approach is doomed to fail even if we can
pass all of the required info to the IPP server, since it will somehow
have to re-login and go to the right URL. Assuming it *does* work
somehow, you need to securely manage this authentication information
or risk compromising a remote system.

I don't doubt that there is some minimal functionality that can be
provided by Print-URI and friends, however the cost/benefit ratio is
too high and I believe will hurt adoption of the document object
spec.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike@easysw.com
Printing Software for UNIX                       http://www.easysw.com

Next message: Mike Sweet: "Re: SM> Re: IPP> 4 significant proposed increases in conformance requirements for the IPP Document object spec"
Previous message: Mike Sweet: "Re: IPP> 2 more significant proposed increases in conformance requirements for the IPP Document object spec"
In reply to: McDonald, Ira: "RE: IPP> 4 significant proposed increases in conformance requirem ents for the IPP Document object spec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Apr 19 2003 - 23:19:25 EDT