DB User Intf Proposal

This is an excellent idea. Scott and I have talked about this about
using this as front-end to RWhois. RWhois then would be a navigation tool
for a WWW browser. I don't believe that exists yet - or am I wrong?

I'd be happy to help on this.

Thanks,
Mark



> 
> 
> Hi all.  I've been playing with a couple of ideas and wanted to run them past
> you all. 
> 
> We are all concerned with having users update and maintain their own 
> information in various databases; routing registry dbs, contact dbs, etc.
> Along with this desire comes the issue of authentication.  Below are some 
> thoughts on using HTML and a WWW browser such as NCSA Mosaic as a user
> interface to databases.  The users are probably better off in the long run
> if we agree on the same approach and tools.
> 
> I've been investigating the possibility of using HTML+ and an HTML browser
> such as XMosaic as a front end for our routing registry database.  
> 
> For those of you who don't know about World Wide Web stuff, here's a quick
> glossary.
> 
>     HTML stands for HyperText Markup Language.  HTML is a page description 
>     language which allows you to define how pages look; for example, define 
>     sections that should be in bold or italics, etc.  In addition, it also 
>     allows you to create hypertext links between pages.  
> 
>     HTML+ is the follow-on to HTML. A superset of HTML, it also defines 
>     (among other things)_input_forms_.  On a unix workstation running XMosaic, 
>     these forms appear as Motif scrolled lists, text widgets, push buttons, 
>     etc.  Using a well defined application programming interface, data entered 
>     into a form can be passed off to any application you write, turned into a 
>     database query (or anything else for that matter), and then the results 
>     handed back to the user in the form of a new hypertext page.  
>     
>     HTTP is the HyperText Transfer Protocol, the application level protocol 
>     used to serve up HTML(+) docs.  
>     
>     Httpd is the daemon which serves documents on a given machine.
> 
> It's important to understand the HTML(+) & Mosaic are information _browsing_
> _tools_ and not database technologies.  The database technology that sits
> behind HTML(+)/Mosaic is independant from HTML(+)/Mosaic.
> 
> Ok, having said all that, I was thinking that it might be neat to let users 
> enter and/or browse registry info using HTML(+) and Mosaic.  For example, a 
> user could start up XMosaic and load the "Registry Info Browser" page which 
> would prompt them for a name and password. (See paragraphs on authentication 
> below).  The name could then be used to determine the ASs for which the user 
> is the contact, and a screen displayed which would allow them to view their 
> AS's current policy and submit changes if necessary.
> 
> To test the feasability of this approach a bit, I cobbled together a little
> application to basically do the operation described in the paragraph above.
> To run the demo you need to have a Web browser like Mosaic running on your
> machine. (Note that MacMosaic won't work 'cause it doesn't yet handle the
> 'forms' stuff.)  Fire up XMosaic and click "Open..." button at the bottom
> of the "Document View" window.  In the pop-up dialog that appears, enter
> 
> http://shockwave.merit.edu/ala_htdocs/pass.html
> 
> A page with "This is a test" at the top, and 'Name' and 'Password' input
> fields should appear.  In the 'Name' field enter 'bmanning'.  In the
> 'Passwd' field enter 'xyzman'. Then click the 'Submit Query' button.
> 
> A new page should appear which begins 'Access Granted to Bill Manning'.  This
> page should also have a list widget full of the ASs for which Bill Manning has
> authority.  This list is the result of sending off an SQL query to our Informix
> AS Contacts database. Select an AS to modify, say AS 114, and then click 
> 'Submit Query.'
> 
> A new page should appear for which the heading reads "Policy for AS114". The
> policy for AS 114 appears below the heading in an editable text widget.
> The policy is simply the output of a "whois -r rrdb.merit.edu AS114" command.
> Here now you could change the policy, click 'Submit Query' and have the changes
> made to the database. 
> 
> So authentication is definitely an issue here.  I'm still learning about this
> stuff but from what I understand so far, a couple of different levels of
> authentication are possible.  The authentiation used in my little prototype
> above is the simplest and thus, least secure.  The password and user name are
> sent, over the net, to an authentication program I wrote.  The name is looked
> up in a local password file and the supplied passwd is compared with the 
> stored, encrypted password.  This is arguably as secure as telnet.  (Assume
> for a second that putting a Web deamon, httpd, on your machine isn't a big
> security hole in itself.  I don't know how secure httpd is.)  Actually, it
> is arguably slightly more secure than telnet because, if I read the doc
> correctly, the passwd string sent from a password widget is uuencoded.  Thus, 
> anyone running a sniffer would have to explicity look for and decode this.
> 
> For stricter authentication, it appears that the HTTP protocol has constructs
> built in which allow for Kerberos, PGP and PEM.  I don't yet know exaclty how
> to implement a system using these facilities, having only quickly browsed
> the documentation.
> 
> Reasons for using WWW, HTML+ and Mosaic for browse and update registry info.
> 
> (1) Ease of use .... for some operations.  For occasional users and for 
>     operations which don't require a lot of hand editing, a point and click
>     interface might be easier to use.  ftp'ing a large file of network numbers
>     might still be the easiest way to do, say, network additions.
> 
> (2) Software Exists Now on Multiple Platforms
>     HTML is an IETF standard (pretty sure about this) and HTML+ is in IETF
>     Draft form.  NCSA has Mosaic clients that run on nearly all Unix 
>     workstations.  (The Mac client which supports HTML+ forms is rumored to
>     be forthcoming, as is a Window's version.)  This means we need not 
>     distribute client code to handle the user interface.
> 
> 
> Thoughts?
> 
> 
> -Andy
> 


-- 

Mark Kosters              markk at internic.net        +1 703 742 4795
Software Engineer   InterNIC Registration Services



-------- Logged at  Wed May 18 15:56:52 MET DST 1994  ---------