Push vs Pull

Fri Mar 3 18:56:12 UTC 2006

Dag Arneson wrote:
> Okay, let me see if I have this Push/Pull distinction straight.  Please
> correct me if I'm wrong.
> 
> "Pull" protocols are those that put some data out there to be accessible
> via a URL.  The data does not change based on who requests the
> information.  Yadis is such a protocol, since when an Relying Party goes
> to fetch the data, there is no specified way to change the data based on
> who is requesting it.
> 
> "Push" protocols are those that allow the user to modify the data based
> on who is requesting it.  OpenID is such a protocol: the data is
> transmitted by redirecting the user between the Relying Party and the
> Identity Provider, and the user can choose to have the Identity Provider
> send his or her authentication information or to cancel the transaction.
> 
> Is that right, or is there something I'm missing?
> 

I don't know about anything else, but this doesn't fit my idea of what
these words mean.

Imagine a long, thin room with a person standing at each small end. The
first person is Mr Client and the second person is Mr Server.

Mr Server has a box containing a piece of paper that says "Martin's
surname is Atkins".

In the "Pull" situation, Mr Client decides that he wants to know
Martin's surname, so he gets out a rope and makes a lasso. He chucks the
lasso around Mr Server's box and then pulls it to him.

In the "Push" situation, Mr Server decides that Mr Client needs to know
Martin's surname, perhaps because Mr Client is friends with Martin and
Martin's surname has changed recently. Mr Server kicks the box briskly
across the room to Mr Client; Mr Client doesn't know what's in the box
until he recieves it and takes a look inside.

Mr Server knows who Mr Client is in both situations. Responding
differently to differently clients is orthogonal to the notion of "push"
and "pull". The difference is that for "pull" the reciever of the
information actively asks for it, while for "push" the sender just
transmits it to the reciever at an appropriate time without direct
provocation.

------------------

It's hard to pin down what model OpenID uses because there's lots of
to-ing and fro-ing between the three parties, but fundamentally it's a
"pull" protocol because the consumer actively goes out and asks "Is this
person Martin Atkins?" and gets an answer. A push version of OpenID
would involve the identity server somehow contacting the consumer and
saying "That guy over there is Martin Atkins!"

YADIS is likewise a Pull protocol, since the consumer (relying party)
actively asks "What services does this URL support?" (or some question
of that nature)

I'm having trouble thinking of use cases for "push" where Yadis is
concerned. Yadis could be used for capability discovery of a Push
endpoint, but that doesn't change Yadis at all; the capability discovery
step is still a Pull, even if what follows is a push.