[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Request Progress Reporting

To: Ldapext <ldapext@ietf.org>
Subject: Re: [ldapext] Request Progress Reporting
From: Howard Chu <hyc@highlandsun.com>
Date: Thu, 02 Apr 2009 08:02:03 -0700
Delivered-to: ldapext@core3.amsl.com
In-reply-to: <49D4CF35.9040500@highlandsun.com>
References: <49D4CF35.9040500@highlandsun.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b3pre) Gecko/20090317 SeaMonkey/2.0a1pre Firefox/3.0.3

Howard Chu wrote:

This discussion began on the OpenLDAP-Devel mailing list, talking about
returning a progress indicator to a client for a long running search operation.

http://www.openldap.org/lists/openldap-devel/200903/msg00082.html

It was suggested that progress reporting may be useful in general, not just
for search requests. Moving the discussion here to get more input.

The idea currently is to attach a "ProgressReport" control to any request. The
control will specify a time interval to indicate how often progress updates
should be returned.

I forgot to mention - time intervals should probably be in units smaller thanseconds, but probably not smaller than milliseconds. Human factors tells usthat most users don't perceive lag until intervals exceed 100ms.

ProgressReport updates may be attached in Response controls accompanying
Search Response messages, Result messages, and also in Intermediate Response
messages.

The ProgressReport update will contain two integers of arbitrary units: one
representing the total amount of work, and one representing the current amount
already executed.

E.g., for a Search request, the total value may represent the number of
candidate entries to be evaluated in the search, and the current value may
represent the number of entries already evaluated.

Typically a write request should execute quickly, but if a write has other
side-effects, it may take longer. E.g., if a server is configured with
synchronous replication, where the client write does not complete until some
number of replicas have received the update, then the progress report may be
useful to indicate how many replicas have been updated.

There are some security concerns here regarding the control giving out
information that clients wouldn't otherwise have access to. E.g., access
controls may limit a client to seeing only a subset of entries in a directory;
a ProgressReport may allow them to discover the true number of entries. It's
not clear to me that this is critical or useful to an attacker, but it would
make sense for implementations to also control who is authorized to use the
ProgressReport control, and to fudge the units used in the update data so that
they don't correspond 1-to-1 with any actual counts of anything meaningful.

Comments?



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext

Follow-Ups:
- Re: [ldapext] Request Progress Reporting
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: [ldapext] Request Progress Reporting
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

References:
- [ldapext] Request Progress Reporting
  - From: Howard Chu <hyc@highlandsun.com>

Prev by Date: [ldapext] Request Progress Reporting
Next by Date: Re: [ldapext] Request Progress Reporting
Index(es):
- Chronological
- Thread