On Oct 25, 2012, at 1255PM, Gregg Wonderly wrote: > On 10/24/2012 10:39 AM, Simon IJskes - QCG wrote: >> Hello, >> >> a small questionaire. i hope anybody wants to participate by answering the >> following questions: >> >> - are you interested in river running on the internet?
At this time I have little interest in pursuing River running on the internet. I think it's a great idea, but until the complexities of the security approach and callbacks get straightened out, I dont think it is sustainable. The semantics of River's security approach is based on the premise of anonymous HTTP codebases, where you can never trust downloaded code. We need to reconsider how trust is established. It would seem that providing an approach where trust is established before hand makes better sense, both the client and the service can authenticate before code is ever downloaded. Then having mobile code installed on a client's machine (perhaps from a trusted app store) would fit into an internet model better (and also a LAN/WAN deployment). Regards Dennis
