[Cosmo-dev] JSON-RPC considered harmful

Travis Vachon travis at osafoundation.org
Thu Dec 7 11:03:16 PST 2006 

Hi folks

After some more chats with Bobby and Brian, we've come to the   
conclusion that the best way to solve this problem is a short term  
hack with a plan for phasing out JSON-RPC in the future.

To that end, the approach we're currently looking at consists of  
allowing all traffic to /cosmo/json-rpc through the Acegi filtering  
level and doing user and ticket authentication/authorization within  
the JSON-RPC service methods.

I'm going to be moving forward with this today, but wanted to make  
sure the results of this discussion were recorded for posterity.

-Travis

On Dec 6, 2006, at 12:19 AM, Travis Vachon wrote:

> Yeah, given the work I've done on CMP, and the way this thing is  
> shaping up, I'm actually inclined to agree with Brian. Doing the  
> authentication stuff within the RPC methods was an option I had  
> kind of put by the wayside because it's an unabashed hack. That  
> said, since we have a clear plan for phasing the hack out, I'm fine  
> with doing this work for 0.6.
>
> Bobby- how well does JSON-RPC handle overriding methods? That is,  
> assuming ScoobyService points at an RPCService which defines both   
> getEvent(calendarPath, eventId) and getEvent(calendarPath, eventId,  
> ticket), will the RPC stuff do the correct thing for both  
> ScoobyService.getEvents(calendarPath, eventID) and  
> ScoobyService.getEvents(calendarPath, eventId, ticket) on the  
> javascript side?
>
> Thanks for all the input!
>
> -Travis
>
> On Dec 5, 2006, at 11:19 PM, Bobby Rullo wrote:
>
>> I'll grant you that I could be overestimating. I don't see where  
>> the work lies, but I do trust your judgement with this stuff.
>>
>>
>>
>> On Dec 5, 2006, at 11:13 PM, Brian Moseley wrote:
>>
>>> On 12/5/06, Bobby Rullo <br at osafoundation.org> wrote:
>>>
>>>> However, if it turns out that this is an incredibly hacky thing  
>>>> which
>>>> requires significant changes on the client and server that we'll  
>>>> just
>>>> have to throw away, I'm more for attempting a more RESTful approach
>>>> which doesn't seem to have a tremendous dev. impact.
>>>
>>> having written a couple of these protocols for cosmo already, i  
>>> think
>>> you might be underestimating the effort to do it in a suitable,
>>> non-hacky way. on the other hand, i think i have a pretty good,
>>> detailed understanding of what needs to happen in the rpc layer to
>>> give us a short term, easy solution to the problem for the next few
>>> months til we have several weeks to put into building the correct
>>> protocol.
>>> _______________________________________________
>>> cosmo-dev mailing list
>>> cosmo-dev at lists.osafoundation.org
>>> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
>>
>> _______________________________________________
>> cosmo-dev mailing list
>> cosmo-dev at lists.osafoundation.org
>> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
>
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev

More information about the cosmo-dev mailing list