Push vs Pull

Drummond Reed drummond.reed at cordance.net
Fri Mar 3 23:33:52 UTC 2006



Push and pull can both support the rights you are describing so eloquently.


Here's my extremely simple-brained view of it:


The Web is Pull.


Email is Push.


No broadly adopted identity system that lets users assert and prove their
identity and share attributes is going to be entirely Push or Pull. It will
support both exactly the way the Internet supports both the Web and Email.


(Notice how I'm competing with Martin already? ;-)





From: yadis-bounces at lists.danga.com [mailto:yadis-bounces at lists.danga.com]
On Behalf Of Jaco Aizenman
Sent: Friday, March 03, 2006 1:32 AM
To: Dick Hardt
Cc: Scott Cantor; Robin Wilton; Brett McDowell; Yadis list; Joaquin Miller
Subject: Re: Push vs Pull


Dick, Joaquin, Drummond and all,

My interest and contribution is less on the technical aspects and more on
the metasystem or human/fundamental rights aspects(*). 

So since (*), read below...(*), specifies that every person can regulate his
virtual personality, my question is if it is possible for a  metasystem to
have both...?, and for every person to choose when using them...?.

Thank you for your time!.            :-)

(*) Proposed Virtual Personality fundamental/human right
"Every person has the right to have or not to have a virtual personality,
where its presence, content and projection is regulated by each one of them.

It can not be used for discriminatory ends harming its bearer.  

The State will guarantee that the information included in the virtual
personality have the adequate juridical and technical security; with the
exclusion of third parties not authorized that pretend to obtain it.  

The State could use the content of the virtual personality of the person,
previous authorization of the person, and always just if it is in the
benefit and advantage of the person."

On 3/2/06, Dick Hardt <dick at sxip.com> wrote:



Here is my clarification between Push and Pull:



            - The user provides the Relying Party with a *user unique*
Repository locator. (URL or XRI) 

            - The Relying Party queries a Repository to get user data.

            - The user may or may not be involved in the transaction.


I consider OpenID, LID and XRI Pull architectures




            - The Relying party advertises what data it wants.

            - The user "Pushes" the data to the Relying Party

            - The repository does not need to be accessible to the Relying
Party. This allows the data to reside on the user's machine. 


I consider Shiboleth, SXIP and WS-* Push architectures




With SXIP, which is a Push architecture, we have a need for protocol
discovery, which lead to my interest in Yadis. Unlike the Pull technologies
where the identifier is for the user, the identifier was for the user agent
so that the Relying Party would know what the user agent was capable of.
This is only needed for zero desktop footprint implementations. Rich Clients
would be able to negotiate capabilities with the Relying Party.


The original Yadis mandate was for identity protocol discovery. I was very
interested in leveraging existing work, if it did not impose excessive
overhead. The current direction of Yadis seems to be exclusively for support
of the Pull technologies. 


Feel free to ask for any clarifications.


-- Dick



On 2-Mar-06, at 4:38 PM, Joaquin Miller wrote:

This might be right (someone who uses the terms might could explain them) 

and it is certainly clear, which is very useful.  

Okay, let me see if I have this Push/Pull distinction straight.  Please
correct me if I'm wrong.

"Pull" protocols are those that put some data out there to be accessible via
a URL.  The data does not change based on who requests the information.
Yadis is such a protocol, since when an Relying Party goes to fetch the
data, there is no specified way to change the data based on who is
requesting it.

"Push" protocols are those that allow the user to modify the data based on
who is requesting it.  OpenID is such a protocol: the data is transmitted by
redirecting the user between the Relying Party and the Identity Provider,
and the user can choose to have the Identity Provider send his or her
authentication information or to cancel the transaction.

Is that right, or is there something I'm missing?

If this is what 'push' and 'pull' mean, then your examples are certainly
right:  According to your distinction Yadis is pull and OpenID and LID are
push.  LID, of course, differs from OpenID; you describe OpenID in your
example of push.

Cordially, Joaquin 


Jaco Aizenman L.
My iname is =jaco (http://xri.net/=jaco)
Virtual Rights Institute - Founder www.virtualrights.org
XDI Board member - www.xdi.org 
Tel/Voicemail: 506-3887222 
Costa Rica

What is an i-name?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20060303/e79e8818/attachment-0001.html

More information about the yadis mailing list