Commit: 0751a59f68984b89e
Conceived: Aug 2009
Implemented: Sun, Mar 7 2010
Status: Mature
Cons: Need alternative client code
Branch: trunk-pg84
Pros: Can work transparently, little speed gain
Another experimental, non-obtrusive feature: dispatch the individual XML-RPC calls without per-call credentials. Instead, use the http authentication modes (currently, the Basic one).
The idea is that we separate the authentication procedure from the rpc function calls. That is, the arguments to service functions should no longer include the database, uid and password.
In network terms, this should not help things much. I wouldn't expect more
than 10% improvement (only 2 params get eliminated). But, with xmlrpc2 we pave the way for a more generic authentication API.
Having an authentication API, rather than username, password in each call, is the way to go for a more sophisticated security scheme. We can at any time replace my "Basic" authentication with some One Time Password algoritm (like the one from Cryptocamp) or even Kerberos or OpenID security! And all that, transparently to the netsvc code.
Indeed, this patch has been running for many months now, using the Koo client and the client library of Buildbot. As expected, it doesn't lack any stability of XML-RPCv1. It also fixed the "integer faultCode" infamous issue of XML-RPC, as of commit 0fa7e0d55ee345f75ea (10 Jul 2010). As said, no significant performance gain has been observed so far[1].
[1] but the tests done are still simple, it has not been compared in high
latency environments.
No comments:
Post a Comment