O'Reilly NetworkO'Reilly.com
BooksAll ArticlesSafari BookshelfO'Reilly GearFree NewslettersSearch
Web Services DevCenter Tech Jobs | Forum | Articles

O'Reilly Network: Web Services DevCenter


 Topics


ebXML

Hailstorm

JAXx

JXTA

Security

SOAP

Syndication/RSS

UDDI

WSDL

XML-RPC



DevCenters
Subject-specific articles, news, and more:

O'Reilly Network subject-specific sites
LinuxDevCenter.com
MacDevCenter.com
ONJava.com
ONLamp.com
OpenP2P.com
OSDir.com
Perl.com
WebServices.XML.com
WindowsDevCenter.com
XML.com

Subject-specific articles, news, and more
Apache
BSD
Java
Linux
Mac
Mozilla
Open Source
P2P
Perl
Policy
PHP
Python
Web Development
Windows
Wireless
XML


Scrambling the Equations: Potential Trends in Networking
Pages: 1, 2

Everyone Will Adopt Encryption and Digital Signatures

The growing focus on peer-to-peer, and on individual responsibility for security within small groups of individuals who know each other, fits perfectly with the "Web of Trust" approach used in informal PKI systems such as PGP (Pretty Good Privacy, a popular program used to encrypt and decrypt email over the Internet).



Various projections about how people will maintain online identities include fully traceable identities (where you are responsible in your real life for everything your online persona does), the opposite concept of complete anonymity, and a kind of balance called pseudonymity, where you can create multiple identities and each is responsible only for its own behavior.

I think people will increasingly opt for something different from all three systems; something more relaxed and natural.

Some application designers I've talked to suggest that online correspondents often want to know just one important thing about you. For instance, if you are negotiating on behalf of a client, the correspondents want some guarantee that the client really has appointed you as its representative. Once you furnish that, you can join their shared space with validated identities and encrypted communications. Rather than big, centralized, massively bureaucratic certificate authorities, a plethora of smaller organizations may develop which understand how to certify particular people in particular dealings.

Perhaps a hierarchy of certificate authorities will develop, with very general-purpose organizations offering careful accounting procedures at the top, and more informal organizations below. However, the more complex a security system gets, the more subject it is to breaches and abuses.

So download PGP and start developing your Web of Trust today. (I admit I have been laggard in this regard.)

Trust Violations Will Emerge As a New category of Crime

Certificate authorities and digital signatures can't prevent every instance of masquerading or of false claims to authority. The Federal Trade Commission is already heavily involved in prosecuting fraud online; this is a new area they will have to tackle.

I think we'll see instances of people manipulating the online authentication systems described in the previous section. But I have confidence that these violations will be rare enough that most people continue to use the systems in confidence, just as we now use banks and credit cards. Furthermore, authorities like the FTC will recognize and learn how to deal swiftly with the various categories of online trust violations.

DNS Will Be Augmented with Flexible Identification Systems

Some peer-to-peer proponents say that DNS will wither away, or at least prove irrelevant for peer-to-peer applications. These people point to its limitations: the cost of getting a name, the artificial limitations on the namespace, the requirement that a system be up all the time, and the legal shenanigans of ICANN and trademark holders.

But DNS remains a wonderfully adaptive system--and a sterling example of distributed computing--with too many advantages to discard. DNS-identified sites should be the core of new identification systems that serve the intermittently connected and mobile user. These systems will have to feature small footprints and near-zero costs (including the computing cost of a look-up), be replicated and widely distributed, and be protected against spoofing and snooping.

The Application Layer of the Internet Is Widening

The top two layers of the classic ISO seven-layer model are getting crowded. Web services in themselves include half a dozen protocols that interact in complicated ways, all theoretically on the top layer. A conversation I had with Ken Klingenstein, director of the Internet2 Middleware Initiative, revealed many interesting efforts there. Not much "middleware" fits comfortably in the ISO scheme.

The bottom layers of the Internet, while they evolve in fruitful ways, seem to have well-defined roles. The upper layers show more volcanic activity. At some point, it may be useful for the IETF or another organization to issue some conceptual papers so that the protocols on which innovators are working can interoperate and enhance each other.

One possible example I mentioned in my own speech is the addition of a new routing layer that would be aware of both the application and the costs of reaching various points in the network. Several P2P applications include their own specialized versions of such a routing layer, and it would seem worthwhile to extract and formalize the protocol.

Downloads Will Go, Streaming Will Come

Despite the frenzy over KaZaA and other file-sharing systems, among both fans and foes, I really don't see much point to downloading large files. DVDs are cheap (even if inflated in price), legal, and easy to transport. I think more entertainment will move to the Internet, but in streaming form.

Proponents of downloading are enthusiastic about creating your own play list. But would you want to create your own play list of songs all day, every day? Wouldn't you prefer some site that offered a format you like, along with regular exposure to new material--something like a radio station, in effect?

So a song is not convenient to market or transport as a discrete entity (unless it's Mahler's Song of the Earth; playing time approximately one hour). Movies are more viable as discrete entities. But in the come-and-go atmosphere of Internet use, just as with television, streaming entertainment is more appropriate. That way, content producers won't worry as much about people copying and trading shows, particularly if they adopt the current model used by commercial TV: produce shows of such low quality that they have no value except as passing diversions.

Conclusion: A Call to Code

My ideas here are not meant as predictions. I don't write for business leaders and I don't tell people where to invest. Rather, I write in order to influence people who develop new technologies. I try to suggest areas where it may be beneficial to direct their programming skills. So have fun with these ideas, and make new worlds happen.

Andy Oram is an editor for O'Reilly Media, specializing in Linux and free software books, and a member of Computer Professionals for Social Responsibility. His web site is www.praxagora.com/andyo.









Sponsored by:

Get Red Hat training and certification.

Contact UsMedia KitPrivacy PolicyPress NewsJobs @ O'Reilly
Copyright © 2000-2006 O’Reilly Media, Inc. All Rights Reserved.
All trademarks and registered trademarks appearing on the O'Reilly Network are the property of their respective owners.
For problems or assistance with this site, email

Have you seen Meerkat?