IPP Mail Archive: Re: [SPAM] RE: IPP> 4 significant proposed

Re: [SPAM] RE: IPP> 4 significant proposed increases in conformance requirem ents for the IPP Document object spec

From: Mike Sweet (mike@easysw.com)
Date: Sat Apr 19 2003 - 23:11:13 EDT

  • Next message: Mike Sweet: "Re: SM> Re: IPP> 4 significant proposed increases in conformance requirements for the IPP Document object spec"

    McDonald, Ira wrote:
    > ...
    > Tom's notes are actually incomplete. A conforming implementation
    > MUST support at least one scheme (I suggested we RECOMMEND that
    > 'http:'), but an administrator _at_run_time_ may choose to disable
    > this feature by reconfiguring "reference-uri-schemes-supported".

    Well, then you will likely find very few implementations. We've
    been working on Print-URI/Send-URI support for CUPS 1.2 and the
    authentication/security/performance issues are a real hassle for a
    real-world implementation.

    Also, you can be sure that any CUPS implementation of the spec
    WILL NOT enable print-by-reference by default for serious security
    reasons, and there will be extremely high barriers in place to
    limit how and where you can print from.

    > I proposed making this operation (Send-URI) mandatory. But only
    > if ALL implementations MUST support at least one reference scheme
    > and SHOULD support 'http:' (note that PSI servers MUST support
    > 'http:' for the AddDocumentByReference method).

    Is there any practical reason why PSI can't just require stricter
    requirements than the basic IPP mapping? It seems idiotic to
    require print-by-reference for IPP whose goals are different than
    PSI.

    > I contend that the burden of adding a minimal HTTP client to an
    > existing IPP-based printer is minimal. That's the question.

    For a server that will only handle a single connection at a time,
    and for simple accesses without authentication, it can be implemented
    fairly easily.

    However, for any non-trivial implementation there are authentication,
    security, and performance issues that MUST be dealt with. Consider
    a typical web application like email which uses HTTP authentication,
    cookies, encryption, and probably some sort of host/ip-based session
    key; a print-by-reference approach is doomed to fail even if we can
    pass all of the required info to the IPP server, since it will somehow
    have to re-login and go to the right URL. Assuming it *does* work
    somehow, you need to securely manage this authentication information
    or risk compromising a remote system.

    I don't doubt that there is some minimal functionality that can be
    provided by Print-URI and friends, however the cost/benefit ratio is
    too high and I believe will hurt adoption of the document object
    spec.

    -- 
    ______________________________________________________________________
    Michael Sweet, Easy Software Products                  mike@easysw.com
    Printing Software for UNIX                       http://www.easysw.com
    



    This archive was generated by hypermail 2b29 : Sat Apr 19 2003 - 23:19:25 EDT