Can you speak to why it would be different than the stream of bytes that existing serialization creates through Object methods to help clarify?
Gregg Sent from my iPhone > On Jan 29, 2021, at 3:46 PM, Peter Firmstone <peter.firmst...@zeus.net.au> > wrote: > > A question came up recently about supporting other serialization protocols. > > JERI currently has three layers to it's protocol stack: > > Invocation Layer, > Object identification layer > Transport layer. > > Java Serialization doesn't have a public API, I think this would be one > reason there is no serialization layer in JERI. > > One might wonder, why does JERI need a serialization layer, people can > implement an Exporter, similar IIOP and RMI. Well the answer is quite > simple, it allows separation of the serialization layer from the transport > layer, eg TLS, TCP, Kerberos or other transport layer people may wish to > implement. Currently someone implementing an Exporter would also require a > transport layer and that may or may not already exist. > > In recent years I re-implemented de-serialization for security reasons, while > doing so, I created a public and explicit de-serialization API, I have not > implemented an explicit serialization API, it, or something similar could > easily be used as a serialization provider interface, which would allow > wrappers for various serialization protocols to be implemented. > > -- > Regards, > Peter Firmstone > 0498 286 363 > Zeus Project Services Pty Ltd. >
