Re: Refresh patterns and ACLs

2008-09-01 Thread Mark Nottingham 


On 29/08/2008, at 11:20 PM, Henrik Nordstrom wrote:


On fre, 2008-08-29 at 10:44 +1000, Mark Nottingham wrote:

I'm not convinced it's a great solution, but something like URISpace
may be appropriate;
  http://www.w3.org/TR/urispace.html


Not very different in function, besides being XML..

However, the URISpace xml tag space is a bit too limited, so it  
needs to

be extended a lot. And it's focus is a little different from what we
need in a general sense (but may fit reasonably well for a reverse  
proxy

or web server).


The whole point is that it's extensible. Being XML makes it portable,  
encourages tool development, etc. (which is what we were looking for  
at Akamai).


Again, I'm not saying that this is the answer -- IMO URISpace is too  
compex (although so is the problem space); I just despair of having  
yet another solution in this space; see


http://www.w3.org/2007/powder/
http://xrds-simple.net/
http://www.sitemaps.org/

ad nauseum...





What's nice about this is that you buy some efficiency by walking  
down

the tree, rather than evaluating a linear set of rules...


Same.

Regards
Henrik


--
Mark Nottingham   [EMAIL PROTECTED]

Re: Refresh patterns and ACLs

2008-08-30 Thread Tres Seaver 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tres Seaver wrote:
 Mark Nottingham wrote:
 I'm not convinced it's a great solution, but something like URISpace  
 may be appropriate;
http://www.w3.org/TR/urispace.html
 
 What's nice about this is that you buy some efficiency by walking down  
 the tree, rather than evaluating a linear set of rules...
 
 Interesting spec:  I can see uses for it elsewhere.  A quick question,
 (since grubbing around shows you to be the author;):  in section 3.3,
 Path Segments, the semantics of path match=foo are to match the
 next element in the current path, right?  Rather than matching any
 random element (CSS style), or (for instance) the last element (which
 would be useful in particular for the empty pattern and filename globs).
 
 Is the spec frozen / dead, or could we suggest additions?  E.g.:
 
  path any=archives
 
 and:
 
  path last=
 
 I can certainly put such extensions into another namespace, but they
 seem reasonably tightly connected to the existing first match semantics.

BTW, I have banged out a Python implementation of a good bit of the
spec, including extensions for last element and any element path
selectors.  I plan to use the library in conjunction with various WSGI
middleware to allow for URI-based selection of things like theme, role
grants, and caching headers:

  http://pypi.python.org/pypi/repoze.urispace

(I'll work on getting the ReStructuredText on that page to render later).


Tres.
- --
===
Tres Seaver  +1 540-429-0999  [EMAIL PROTECTED]
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuZh2+gerLs4ltQ4RAgzmAJ40134AsAKppeA2sI1V9Ms4r67rMACgiGG+
yBJxxO12RBUI5YXmdCORo4E=
=hTI9
-END PGP SIGNATURE-

Re: Refresh patterns and ACLs

2008-08-30 Thread Tres Seaver 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tres Seaver wrote:
 Tres Seaver wrote:
 Mark Nottingham wrote:
 I'm not convinced it's a great solution, but something like URISpace  
 may be appropriate;
http://www.w3.org/TR/urispace.html
 What's nice about this is that you buy some efficiency by walking down  
 the tree, rather than evaluating a linear set of rules...
 Interesting spec:  I can see uses for it elsewhere.  A quick question,
 (since grubbing around shows you to be the author;):  in section 3.3,
 Path Segments, the semantics of path match=foo are to match the
 next element in the current path, right?  Rather than matching any
 random element (CSS style), or (for instance) the last element (which
 would be useful in particular for the empty pattern and filename globs).
 
 Is the spec frozen / dead, or could we suggest additions?  E.g.:
 
  path any=archives
 
 and:
 
  path last=
 
 I can certainly put such extensions into another namespace, but they
 seem reasonably tightly connected to the existing first match semantics.
 
 BTW, I have banged out a Python implementation of a good bit of the
 spec, including extensions for last element and any element path
 selectors.  I plan to use the library in conjunction with various WSGI
 middleware to allow for URI-based selection of things like theme, role
 grants, and caching headers:
 
   http://pypi.python.org/pypi/repoze.urispace
 
 (I'll work on getting the ReStructuredText on that page to render later).

The PyPI page is still unrendered, but cooked versions of the docs are
online here:

 http://static.repoze.org/urispacedocs/


Tres.
- --
===
Tres Seaver  +1 540-429-0999  [EMAIL PROTECTED]
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuZ0O+gerLs4ltQ4RAhZPAJ9q/PKve7pgOkMNkeojd9RRhLJ+zwCgvL1F
iowu4qiHOq8fhgsuomi+fiQ=
=eSDv
-END PGP SIGNATURE-

Re: Refresh patterns and ACLs

2008-08-29 Thread Henrik Nordstrom 
On fre, 2008-08-29 at 10:44 +1000, Mark Nottingham wrote:
 I'm not convinced it's a great solution, but something like URISpace  
 may be appropriate;
http://www.w3.org/TR/urispace.html

Not very different in function, besides being XML..

However, the URISpace xml tag space is a bit too limited, so it needs to
be extended a lot. And it's focus is a little different from what we
need in a general sense (but may fit reasonably well for a reverse proxy
or web server).

 What's nice about this is that you buy some efficiency by walking down  
 the tree, rather than evaluating a linear set of rules...

Same.

Regards
Henrik


signature.asc
Description: This is a digitally signed message part

Re: Refresh patterns and ACLs

2008-08-29 Thread Henrik Nordstrom 
On fre, 2008-08-29 at 08:38 +0800, Adrian Chadd wrote:

 Make sure you can collapse those ACLs down to something sensible for
 software processing before you go down that path!

It's relatively easy to make a unified lookup tree of such structure,
and even if you don't it's still as fast or faster than the current acl
scheme.

Regards
Henrik


signature.asc
Description: This is a digitally signed message part

Re: Refresh patterns and ACLs

2008-08-29 Thread Adrian Chadd 
2008/8/30 Henrik Nordstrom [EMAIL PROTECTED]:

 Make sure you can collapse those ACLs down to something sensible for
 software processing before you go down that path!

 It's relatively easy to make a unified lookup tree of such structure,
 and even if you don't it's still as fast or faster than the current acl
 scheme.

Oh, I'm sure we could beat the current way we're using ACLs, the
question is whether we can dramatically improve complicated ACL
processing in the future.

A big problem with the way we're inlining fast-path ACL lookups is
that they suddenly become impossible to farm out to other threads.



Adrian

Re: Refresh patterns and ACLs

2008-08-28 Thread Amos Jeffries 

Mark Nottingham wrote:
One of the things that came up in Sydney briefly was whether the 
stale-while-revalidate and max-stale refresh_pattern options would be 
better expressed as ACLs.


Taking this a bit further, could/should the same be true of the rest of 
the refresh_pattern options (and perhaps of the patterns themselves)?


E.g., I have a user who wants to ignore-reload selectively based upon 
client IP; surely a good fit for an ACL if there ever were one...


Just food for thought,



Do you mean make a seperate tag? ie, send_stale [acl ...]

Um, I woudn't do all of the refresh_pattern options over, some actually 
do match the logical idea of affecting the keep/replace state of a 
cached object.


But the options that apply to active requests cached or not should be 
moved out to somewhere more understandable.


Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE8

Re: Refresh patterns and ACLs

2008-08-28 Thread Kinkie 
 I vision a nested tree of matches (acl) and operators
 (allow/deny/refresh_pattern/outgoing_ip/tos/no-cache/ignore-xxx/deny_info/logmessage/peergroup/...).

 But it requires a different parser which is not single line oriented as
 you can not express a tree on a single line in a meaningful manner..


 request_access {
if [!]acls.. {
if [!]acls.. {
...
}
...
accept
}
deny
 }

YES please..
I'm quite familiar with the JunOS ACL format and it resembes this
pretty closely, it's very flexible..


-- 
 /kinkie

Re: Refresh patterns and ACLs

2008-08-28 Thread Adrian Chadd 
2008/8/29 Kinkie [EMAIL PROTECTED]:

 YES please..
 I'm quite familiar with the JunOS ACL format and it resembes this
 pretty closely, it's very flexible..

Make sure you can collapse those ACLs down to something sensible for
software processing before you go down that path!




Adrian

Re: Refresh patterns and ACLs

2008-08-28 Thread Mark Nottingham 
I'm not convinced it's a great solution, but something like URISpace  
may be appropriate;

  http://www.w3.org/TR/urispace.html

What's nice about this is that you buy some efficiency by walking down  
the tree, rather than evaluating a linear set of rules...


Cheers,


On 29/08/2008, at 10:38 AM, Adrian Chadd wrote:


2008/8/29 Kinkie [EMAIL PROTECTED]:


YES please..
I'm quite familiar with the JunOS ACL format and it resembes this
pretty closely, it's very flexible..


Make sure you can collapse those ACLs down to something sensible for
software processing before you go down that path!




Adrian


--
Mark Nottingham   [EMAIL PROTECTED]

Re: Refresh patterns and ACLs

2008-08-28 Thread Tres Seaver 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mark Nottingham wrote:
 I'm not convinced it's a great solution, but something like URISpace  
 may be appropriate;
http://www.w3.org/TR/urispace.html
 
 What's nice about this is that you buy some efficiency by walking down  
 the tree, rather than evaluating a linear set of rules...

Interesting spec:  I can see uses for it elsewhere.  A quick question,
(since grubbing around shows you to be the author;):  in section 3.3,
Path Segments, the semantics of path match=foo are to match the
next element in the current path, right?  Rather than matching any
random element (CSS style), or (for instance) the last element (which
would be useful in particular for the empty pattern and filename globs).

Is the spec frozen / dead, or could we suggest additions?  E.g.:

 path any=archives

and:

 path last=

I can certainly put such extensions into another namespace, but they
seem reasonably tightly connected to the existing first match semantics.


Tres.
- --
===
Tres Seaver  +1 540-429-0999  [EMAIL PROTECTED]
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIt3qO+gerLs4ltQ4RAiQoAJ9VCfO8pSohOB8ayLli3LAeymMHswCgiqV7
zrG+JVzw78PRioZqTCyL8T4=
=pQdp
-END PGP SIGNATURE-

Refresh patterns and ACLs

2008-08-27 Thread Mark Nottingham 
One of the things that came up in Sydney briefly was whether the stale- 
while-revalidate and max-stale refresh_pattern options would be better  
expressed as ACLs.


Taking this a bit further, could/should the same be true of the rest  
of the refresh_pattern options (and perhaps of the patterns themselves)?


E.g., I have a user who wants to ignore-reload selectively based upon  
client IP; surely a good fit for an ACL if there ever were one...


Just food for thought,

--
Mark Nottingham   [EMAIL PROTECTED]